CEH Chapter 6 Practice Questions
(p266) A pen test team member uses the following entry at the command line: Which of the following is true regarding the intent of the command? A. The team member is attempting to see which HTTP methods are supported by somesystem.com. B. The team member is attempting XSS againstsomesystem.com. C. The team member is attempting HTTP response splitting against somesystem.com. D. The team member is attempting to site mirror somesystem.com.
A
A tester is attempting a CSPP attack. Which of the following is she most likely to use inconjunction with the attack? A. ; B. : C. ' D. " E. -- F. ~
A
A web application developer is discussing security flaws discovered in a new application prior to production release. He suggests to the team that they modify the software to ensure users are not allowed to enter HTML as input into the application. Which of thefollowing is most likely the vulnerability the developer is attempting to mitigate against? A. Cross-site scripting B. Cross-site request forgery C. Connection string parameter pollution D. Phishing
A
(p144)An attacker is viewing a blog entry showing a news story and asking for comments. In the comment field, the attacker enters the following: What is the attacker attempting to perform? A. A SQL injection attack against the blog's underlying database B. A cross-site scripting attack C. A buffer overflow DoS attack D. A file injection DoS attack
B
A security administrator monitoring logs comes across a user login attempt that reads UserJoe)(&). What can you infer from this username login attempt? A. The attacker is attempting SQL injection. B. The attacker is attempting LDAP injection. C. The attacker is attempting SOAP injection. D. The attacker is attempting directory traversal.
B
An attacker discovers a legitimate username (user1) and enters the following into a webform authentication window: username > user1)(&))password > meh Which of the following is most likely the attack being attempted? A. SQL injection B. LDAP injection C. URL tampering D. DHCP amplification
B
An attacker is looking at a target website and is viewing an account from the store on URL http://www.anybiz.com/store.php?id=2. He next enters the following URL: http://www.anybiz.com/store.php?id=2 and 1=1The web page loads normally. He then enters the following URL: http://www.anybiz.com/store.php?id=2 and 1=2A generic page noting "An error has occurred" appears. Which of the following is a correct statement concerning these actions? A. The site is vulnerable to cross-site scripting. B. The site is vulnerable to blind SQL injection. C. The site is vulnerable to buffer overflows. D. The site is not vulnerable to SQL injection.
B
(p266) You are examining log files and notice several connection attempts to a hosted web server. Many attempts appear as such: What type of attack is in use? A. SQL injection B. Unicode parameter tampering C. Directory traversal D. Cross-site scripting
C
A security administrator sets the HttpOnly flag in cookies. Which of the following is he most likely attempting to mitigate against? A. CSRF B. CSSP C. XSS D. Buffer overflow E. SQL injection
C
An attacker tricks a user into visiting a malicious website via a phishing email. The user clicks the email link and visits the malicious website while maintaining an active, authenticated session with his bank. The attacker, through the malicious website, then instructs the user's web browser to send requests to the bank website. Which of the following best describes this attack? A. CSPP B. XSS C. CSRF D. Hidden form field
C
A web application developer wishes to test a new application for security flaws. Which of the following is a method of testing input variations by using randomly generated invalid input in an attempt to crash the program? A. Insploit B. Finglonger C. Metasplation D. Fuzzing
D
Which character is the best choice to start a SQL injection attempt? A. Colon B. Semicolon C. Double quote D. Single quote
D
Which character is your best option in testing for SQL injection vulnerability? A. The @ symbol B. A double dash C. The + sign D. A single quote
D
Which of the following is a true statement? A. Configuring the web server to send random challenge tokens is the best mitigation for XSS attacks. B. Configuring the web server to send random challenge tokens is the best mitigation for buffer overflow attacks. C. Configuring the web server to send random challenge tokens is the best mitigation for parameter-manipulation attacks. D. Configuring the web server to send random challenge tokens is the best mitigation for CSRF attacks.
D
Which of the following is one of the most common methods for an attacker to exploit the Shellshock vulnerability? A. SSH brute force B. CSRF C. Form field entry manipulation D. Through web servers utilizing CGI (Common Gateway Interface)
D
OWASP, an international organization focused on improving the security of software, produced a "Top Ten Security Priorities" for web applications. Which item is the primary concern on the list? A. XSS B. Injection flaws C. insufficient logging and monitoring D. Broken authentication and session management
B
The source code of software used by your client seems to have a large number of gets() alongside sparsely used fgets(). What kind of attack is this software potentially susceptible to? A. SQL injection B. Buffer overflow C. Parameter tampering D. Cookie manipulation
B
Which MSFconsole command allows you to connect to a host from within the console? A. pivot B. connect C. get D. route
B
An angry former employee of the organization discovers a web form vulnerable toSQL injection. Using the injection string SELECT * FROM Orders_Pend WHERE Location_City = 'Orlando', he is able to see all pending orders from Orlando. If he wanted to delete the Orders_Pend table altogether, which SQL injection string should be used? A. SELECT * FROM Orders_Pend WHERE Location_City = 'Orlando';DROP TABLE Orders_Pend; -- B. SELECT * FROM Orders_Pend WHERE 'Orlando';DROP_TABLE; -- C. DROP TABLE Orders_Pend WHERE ' Orlando = 1'; -- D. WHERE Location_City = Orlando'1 = 1': DROP_TABLE; --
A
An attacker is attempting to elevate privileges on a machine by using Java or other functions, through nonvalidated input, to cause the server to execute a malicious piece of code and provide command-line access. Which of the following best describes this action? A. Shell injection B. File injection C. SQL injection D. URL injection
A
An attacker performs a SQL injection attack but receives nothing in return. She then proceeds to send multiple SQL queries, soliciting TRUE or FALSE responses. Which attack is being carried out? A. Blind SQL injection B. SQL denial of service C. SQL code manipulation D. SQL replay
A
In nmap, the http-methods script can be used to test for potentially risky HTTP options supported by a target. Which of the following methods would be considered risky per the script? A. CONNECT B. GET C. POST D. HEAD
A
SOAP is used to package and exchange information for web services. What does SOAP use to format this information? A. XML B. HTML C. HTTP D. Unicode
A
The accounting department of a business notices several orders that seem to have been made erroneously. In researching the concern, you discover it appears the prices of items on several web orders do not match the listed prices on the public site. You verify the web server and the ordering database do not seem to have been compromised. Additionally, no alerts have displayed in the Snort logs concerning a possible attack on the web application. Which of the following might explain the attack in play? A. The attacker has copied the source code to his machine and altered hidden fields to modify the purchase price of the items. B. The attacker has used SQL injection to update the database to reflect new prices for the items. C. The attacker has taken advantage of a server-side include that altered the price. D. The attacker used Metasploit to take control of the web application.
A
Which of the following is not true regarding WebGoat? A. WebGoat is maintained and made available by OWASP. B. WebGoat can be installed on Windows systems only. C. WebGoat is based on a black-box testing mentality. D. WebGoat can use Java or .NET.
B
An attacker is successful in using a cookie, stolen during an XSS attack, during an invalid session on the server by forcing a web application to act on the cookie's contents. How is this possible? A. A cookie can be replayed at any time, no matter the circumstances. B. Encryption was accomplished using a single key. C. Authentication was accomplished using XML. D. Encryption was accomplished at the network layer.
B
You are examining log files and come across this URL:http://www.example.com/script.ext?template%2e%2e%2e%2e%2e%2f%2e%2f%65%74%63%2f%70%61%73%73%77%64 Which of the following best describes this potential attack? A. This is not an attack but a return of SSL handshakes. B. An attacker appears to be using Unicode. C. This appears to be a buffer overflow attempt. D. This appears to be an XSS attempt.
B
Which of the following are true statements? (Choose two.) A. WebGoat is maintained by the IETF. B. WebGoat is maintained by OWASP. C. WebGoat can be installed on Windows or Linux. D. WebGoat is designed for Apache systems only.
B, C
Efforts to gain information from a target website have produced the following error message: Microsoft OLE DB Provider for ODBC Drivers error '80040e08' [Microsoft]{OBDC SQL Server Driver} Which of the following best describes the error message? A. The site may be vulnerable to XSS. B. The site may be vulnerable to buffer overflow. C. The site may be vulnerable to SQL injection. D. The site may be vulnerable to a malware injection.
C
HTML forms include several methods for transferring data back and forth. Inside a form, which of the following encodes the input into the Uniform Resource Identifier (URI)? A. HEAD B. PUT C. GET D. POST
C
Which of the following is a common SOA vulnerability? A. SQL injection B. XSS C. XML denial of service D. CGI manipulation
C
Which of the following is a standard method for web servers to pass a user's request to an application and receive data back to forward to the user? A. SSI B. SSL C. CGI D. CSI
C
Which of the following is a true statement? A. SOAP cannot bypass a firewall. B. SOAP encrypts messages using HTTP methods. C. SOAP is compatible with HTTP and SMTP. D. SOAP messages are usually bidirectional.
C
Which of the following would be the best choice in the prevention of XSS? A. Challenge tokens B. Memory use controls C. HttpOnly flag in cookies D. Removing hidden form fields
C
Which of the following would be the best protection against XSS attacks? A. Invest in top-of-the-line firewalls. B. Perform vulnerability scans against your systems. C. Configure input validation on your systems. D. Have a pen test performed against your systems.
C
(p267) You are examining IDS logs and come across the following entry: What can you infer from this log entry? A. The attacker, using address 192.168.119.56, is attempting to connect to 64.118.55.64 using a DNS port. B. The attacker, using address 64.118.55.64, is attempting a directory traversal attack. C. The attacker is attempting a known SQL attack against 192.168.119.56. D. The attacker is attempting a buffer overflow against 192.168.119.56.
D
(p268) An attacker inputs the following into the Search text box on an entry form: The attacker then clicks the Search button and a pop-up appears stating, "It Worked." What can you infer from this? A. The site is vulnerable to buffer overflow. B. The site is vulnerable to SQL injection. C. The site is vulnerable to parameter tampering. D. The site is vulnerable to XSS.
D
Which of the following is true regarding n-tier architecture? A. Each tier must communicate openly with every other tier. B. N-tier always consists of presentation, logic, and data tiers. C. N-tier is usually implemented on one server. D. N-tier allows each tier to be configured and modified independently.
D
Which of the following is used by SOAP services to format information? A. Unicode B. HTML entities C. NTFS D. XML
D
You are examining website files and find the following text file: # robots.txt for http://www.anybiz.com/ User-agent: GooglebotDisallow: /tmp/ User-agent: * Disallow: / Disallow: /private.php Disallow: /listing.html Which of the following is a true statement concerning this file? A. All web crawlers are prevented from indexing the listing.html page. B. All web crawlers are prevented from indexing all pages on the site. C. The Googlebot crawler is allowed to index pages starting with /tmp/. D. The Googlebot crawler can access and index everything on the site except for pagesstarting with /tmp/.
D