Ethical Hacking

Which of the following is a web-server component that provides storage on a different machine or disk after the original disk is filled up?

- Document root

- Server root

- Virtual hosting

- Virtual document tree

Virtual document tree

Which of the following is a type of attack in which the attacker alters or deletes the data of a web server and replaces the data with malware?

- Data theft

- Compromise of user accounts

- Data tampering

- Website defacement

Data tampering

Which of the following is the root file directory of a web server that stores critical HTML files related to web pages of a domain name that will be sent in response to requests?

- Virtual hosting

- Document root

- Web proxy

- Server root

Document Root

Which of the following technologies belongs to the application layer and is used to generate dynamic web content?

- Apache

- Linux

- MySQL

- PHP

PHP

Which of the following techniques makes a web server vulnerable to attacks?

- Blocking unrestricted internal and outbound traffic

- Running unhardened applications and servers

- Regularly updating the web server with the latest patches

- Using different system administrator credentials everywhere

Running unhardened applications and servers

Which of the following types of damage is caused when attackers access sensitive data such as financial records, future plans, and the source code of a program?

- Website defacement

- Data theft

- Damage of the reputation of the company

- Data tampering

Data theft

Identify the component of the web server that provides storage on a different machine or a disk after the original disk is filled-up?

- Virtual document tree

- Server root

- Virtual hosting

- Document root

Virtual document tree

Which of the following stores critical HTML files related to the webpages of a domain name that will be served in response to requests?

- Document root

- Virtual document tree

- Server root

- Web proxy

Document root

Which of the following stores a server's configuration, error, executable, and log files?

- Document root

- Virtual document tree

- Server root

- Web proxy

Server root

Which of the following provides storage on a different machine or disk after the original disk is filled up?

- Virtual Hosting

- Document root

- Virtual document tree

- Server root

Virtual document tree

In which of the following attack types does an attacker exploit the trust of an authenticated user to pass malicious code or commands to a web server?

- SQL injection attack

- Unvalidated input and file injection

- Cross-site scripting

- Cross-site request forgery

Cross-site request forgery

In which of the following attacks does an attacker attempt to access sensitive information by intercepting and altering communications between an end user and a web server?

- Man-in-the-middle attack

- HTTP response splitting attack

- Phishing attack

- Website defacement attack

Man-in-the-middle attack

In which of the following attack types does an attacker alter the visual appearance of a web page by injecting code to add image popups or text?

- Web cache poisoning

- Server-side request forgery

- Website defacement

- Web-server misconfiguration

Website defacement

In which of the following attack types does an attacker flood an application with an excess amount of data so that the application may crash or exhibit vulnerable behavior?

- Directory traversal

- Denial-of-service attack

- Buffer overflow attack

- Parameter/form tampering

Buffer overflow attack

An attacker sends numerous fake requests to the webserver from various random systems that results in the webserver crashing or becoming unavailable to the legitimate users. Which attack did the attacker perform?

- HTTP response splitting attack

- DNS server hijacking

- DoS attack

- DNS amplification attack

DoS attack

If an attacker compromises a DNS server and changes the DNS settings so that all the requests coming to the target webserver are redirected to his/her own malicious server, then which attack did he perform?

- DNS amplification attack

- HTTP response splitting attack

- DoS attack

- DNS server hijacking

DNS server hijacking

Which of the following attacks allows an attacker to access sensitive information by intercepting and altering communications between an end user and webservers?

- Man-in-the-middle attack

- HTTP response splitting attack

- Directory traversal attack

- DoS attack

Man-in-the-middle attack

Which of the following attacks occurs when an intruder maliciously alters the visual appearance of a webpage by inserting or substituting provocative, and frequently, offending data?

- Directory traversal attack

- Website defacement

- Man-in-the-middle attack

- HTTP response splitting attack

Website defacement

Which of the following is not a session hijacking technique?

- Cross-site scripting

- DNS hijacking

- Session fixation

- Session sidejacking

DNS hijacking

The security analyst for Danels Company arrives this morning to his office and verifies the primary home page of the company. He notes that the page has the logo of the competition and writings that do not correspond to the true page. What kind of attack do the observed signals correspond to?

- DDoS

- Defacement

- Phishing

- HTTP attack

Defacement

Which of the following is a lookup database for default passwords, credentials, and ports?

- NetcraftN

- Collector Studio

- Open Sez Me

- ID Serve

Open Sez Me

Which of the following tools is a simple Internet server identification utility that is capable of performing reverse DNS lookup and HTTP server identification?

- OllyDbg

- ID Serve

- Dylib Hijack Scanner

- NCollector Studio

ID Serve

Which of the following is a web security testing tool that can be used by an attacker to predict and use the next possible session ID token to take over a valid session?

- Burp Suite

- Nikto2

- NCollector Studio

- Netcraft

Burp Suite

Which of the following commands does an attacker use to detect HTTP Trace?

- nmap -p80 --script http-userdir -enum localhost

- nmap --script http-enum -p80

- nmap --script hostmap

- nmap -p80 --script http-trace

nmap -p80 --script http-trace

Which of the following command does an attacker use to enumerate common web applications?

- nmap -p80 --script http-userdir -enum localhost

- nmap --script http-trace -p80 localhost

- nmap --script http-enum -p80

- nmap -p80 --script http-trace

nmap --script http-enum -p80

Which of the following tools is used by an attacker to perform website mirroring?

- HTTrack

- Hydra

- Netcraft

- Nessus

HTTrack

An attacker wants to perform a session hijacking attack. What tool should he use to achieve his objective?

- Netcraft

- Nessus

- Burp suite

- Hydra

Burp suite

An attacker wants to crack passwords using attack techniques like brute-forcing, dictionary attack, and password guessing attack. What tool should he use to achieve his objective?

- Netcraft

- Nessus

- Burp suite

- Hydra

Hydra

Attackers use GET and CONNECT requests to use vulnerable web servers as which of the following?

- Application servers

- DNS servers

- None of the above

- Proxies

Proxies

Which of the following types of payload modules in the Metasploit framework is self-contained and completely stand-alone?

- Stages

- Exploit

- Singles

- Stagers

Singles

Which of the following tools is not used to perform webserver information gathering?

- Nmap

- Netcraft

- Wireshark

- Whois

Wireshark

Which of the following techniques is NOT a countermeasure for securing accounts?

- Remove all unused modules and application extensions

- Use secure web permissions, NTFS permissions, and .NET Framework access control mechanisms

- Enable unused default user accounts

- Eliminate unnecessary database users and stored procedures

Enable unused default user accounts

Which of the following techniques is NOT a countermeasure for securing files and directories on a web server?

- Map virtual directories between two different servers or over a network

- Disable the serving of directory listings

- Eliminate unnecessary files within.jar files

- Eliminate sensitive configuration information within the byte code

Map virtual directories between two different servers or over a network

Which of the following countermeasures should be followed to defend against DNS hijacking?

- Do not safeguard the registrant account information

- Use the default router password included in the factory settings

- Download audio and video codecs and other downloaders from untrusted websites

- Include DNS hijacking into incident response and business continuity planning

Include DNS hijacking into incident response and business continuity planning

Which of the following guidelines should be followed by application developers to defend against HTTP response-splitting attacks?

- Use the same TCP connection with the proxy for different virtual hosts

- Allow CR (%0d or \r) and LF (%0a or \n) characters

- Parse all user inputs or other forms of encoding before using them in HTTP headers

- Share incoming TCP connections among different clients

Parse all user inputs or other forms of encoding before using them in HTTP headers

Which of the following is NOT a best approach to protect your firm against web server attacks?

- Apply restricted ACLs

- Allow remote registry administration

- Remove unnecessary ISAPI filters from the web server

- Secure the SAM (Stand-alone Servers Only)

Allow remote registry administration

Choose an ICANN accredited registrar and encourage them to set registrar-lock on the domain name in order to avoid which attack?

- Man-in-the-middle attack

- Denial-of-service attack

- Session hijacking attack

- DNS hijacking attack

DNS hijacking attack

Which of the following technique defends servers against blind response forgery?

- UDP source port randomization

- Disallow carriage return (%0d or \r) and line feed (%0a or \n) characters

- Removal of carriage returns (CRs) and linefeeds (LFs)

- Restriction of web application access to unique IPs

UDP source port randomization

Which of the following is NOT a best approach to protect your firm against web server files and directories?

- Enable serving of directory listings

- Avoid mapping virtual directories between two different servers, or over a network

- Eliminate unnecessary files within the .jar files

- Disable serving certain file types by creating a resource mapping

Enable serving of directory listings

Which of the following tools is employed by a pen tester to find vulnerabilities in an organization's web server and evaluate its security posture by using the same techniques as those currently employed by cybercriminals?

- Pupy

- Netcraft

- CORE Impact

- NetVizor

CORE Impact

Which of the following is not a webserver security tool?

- Fortify Web

- InspectNetIQ secure configuration manager

- Netcraft

- Retina CS

Netcraft

Which of the following techniques is NOT a countermeasure for securing accounts?

- Enable unused default user accounts

- Use secure web permissions, NTFS permissions, and .NET Framework access control mechanisms

- Eliminate unnecessary database users and stored procedures

- Remove all unused modules and application extensions

Enable unused default user accounts

Which of the following techniques is NOT a countermeasure to defend against web server attacks?

- Use a dedicated machine as a web server

- Secure the SAM

- Install IIS server on a domain controller

- Relocate sites and virtual directories to non-system partitions

Install IIS server on a domain controller

Which of the following techniques is NOT a countermeasure for securing files and directories on a web server?

- Eliminate sensitive configuration information within the byte code

- Disable the serving of directory listings

- Eliminate unnecessary files within.jar files

- Map virtual directories between two different servers or over a network

Map virtual directories between two different servers or over a network

Which of the following countermeasures should be followed to defend against DNS hijacking?

- Include DNS hijacking into incident response and business continuity planning

- Do not safeguard the registrant account information

- Use the default router password included in the factory settings

- Download audio and video codecs and other downloaders from untrusted websites

Include DNS hijacking into incident response and business continuity planning

Which of the following is not a defensive measure for web server attacks while implementing Machine.config?

- Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL)

- Ensure that tracing is enabled and debug compiles are turned on

- Encrypt or restrict intranet traffic

- Restrict code access security policy settings

Ensure that tracing is enabled and debug compiles are turned on

Which of the following is NOT a best approach to protect your firm against web server attacks?

- Remove unnecessary ISAPI filters from the web server

- Allow remote registry administration

- Apply restricted ACLs

- Secure the SAM (Stand-alone Servers Only)

Allow remote registry administration

Which of the following technique defends servers against blind response forgery?

- UDP source port randomization

- Removal of carriage returns (CRs) and linefeeds (LFs)

- Disallow carriage return (%0d or \r) and line feed (%0a or \n) characters

- Restriction of web application access to unique IPs

UDP source port randomization

Which of the following is NOT a best approach to protect your firm against web server files and directories?

- Enable serving of directory listings

- Avoid mapping virtual directories between two different servers, or over a network

- Eliminate unnecessary files within the .jar files

- Disable serving certain file types by creating a resource mapping

Enable serving of directory listings

Which of the following tools is a web-application security scanner that searches for vulnerabilities to attacks such as clickjacking, SQL injection, and XSS?

- Vindicate

- Immunity Debugger

- Mimikatz

- N-Stalker X

N-Stalker X

Which of the following tools is employed by a pen tester to find vulnerabilities in an organization's web server and evaluate its security posture by using the same techniques as those currently employed by cybercriminals?

- Netcraft

- NetVizor

- CORE Impact

- Pupy

CORE Impact

Which of the following countermeasures should be followed for the secure update and patch management of web servers?

- Apply all updates, regardless of their type, on an "as-needed" basis

- Use the default configurations that web servers are dispatched with

- Never use virtual patches in the organization

Enable all unused script extension mappings

Apply all updates, regardless of their type, on an "as-needed" basis

Which of the following teams has the responsibility to check for updates and patches regularly?

- Vulnerability assessment team

- Red team

- Patch management team

- Security software development team

Patch management team

A security administrator is looking for a patch management tool which scans organizational network and manages security and non-security patches. Which of the following patch management tool, he/she can use in order to perform the required task?

- Netscan Pro

- Nikto

- Burp suite

- GFI LanGuard

GFI LanGuard

Which of the following is not a patch management tool?

- GFI LanGuard

- Software vulnerability manager

- Burp suite

- Symantec client management suite

Burp suite

Andrew, a software developer in CyberTech organization has released a security update that acts as defensive technique against the vulnerabilities in the software product the company has released earlier. Identify the technique used by Andrew to resolve the software vulnerabilities?

- Patch Management

- Product Management

- Risk Management

- Vulnerability Management

Patch Management

Which of the following terms refers to a set of hotfixes packed together?

- Service pack

- Repair pack

- Hotfix pack

- Patch

Service pack

Which of the following is considered as a repair job to a programming problem?

- Assessment

- Penetration test

- Patch

- Vulnerability

Patch

A network administrator has observed that the computers in his network have Windows 7 operating system. The administrator has learned that the WannaCry ransomeware is affecting Windows 7 Systems across the globe. Which of the following is the best option that the network administrator has to provide efficient security and defend his network?

- Remove all Windows 7 machines from the network

- Update security patches and fixes provided by Microsoft

- Conduct vulnerability assessment of all the machines in the network

- Perform penetration testing on all the machines in the network

Update security patches and fixes provided by Microsoft

Which of the following layers in the web application architecture contains various components such as a firewall, an HTTP request parser, a proxy caching server, an authentication and login handler, a resource handler, and a hardware component?

- Web-server logic layer

- Business logic layer

- Client or presentation layer

- Database layer

Web-server logic layer

Which of the following components of the web service architecture is an extension of SOAP and can be used to maintain the integrity and confidentiality of SOAP messages?

- WS-Security

- WS-Policy

- WSDL

- UDDI

WS-Security

In which layer of the web application vulnerability stack does an attacker exploit business-logic flaws and technical vulnerabilities to perform input validation attacks such as XSS?

- Layer 4

- Layer 5

- Layer 7

- Layer 6

Layer 7

Which of the following is an operation in the web service architecture that involves obtaining the service interface description at the time of development as well as the binding and location description calls at run time?

- Find

- Bind

- Publish

- Service

Find

Which technology do SOAP services use to format information?

- XML

- SATA

- PCI

- ISDN

XML

In which layer of the web-application vulnerability stack does an attacker scan an operating system to find open ports and vulnerabilities and develop viruses/backdoors to exploit them?

- Layer 3

- Layer 2

- Layer 5

- Layer 7

Layer 3

Which of the following provides an interface between end-users and webservers?

- Firewall

- Database

- Demilitarized zone

- Web applications

Web applications

Which of the following is a security risk due to the incorrect implementation of applications, allowing attackers to compromise passwords, keys, session tokens, and exploit user identity?

- Security misconfiguration

- Sensitive data exposure

- Broken authentication

- Injection

Broken authentication

In which of the following types of injection attacks does an attacker exploit vulnerable form inputs, inject HTML code into a webpage, and change the website appearance?

- Shell injection

- File injection

- HTML injection

- HTML embedding

HTML injection

Which of the following security misconfigurations supports weak algorithms and uses expired or invalid certificates, resulting in data exposure and account theft?

- Improper error handling

- Parameter/form tampering

- Unvalidated inputs

- Insufficient transport layer protection

Insufficient transport layer protection

Which of the following attacks allows an attacker to encode portions of the attack with Unicode, UTF-8, Base64, or URL encoding to hide their attacks and avoid detection?

- Network access attack

- Cookie snooping

- Obfuscation application

- Authentication hijacking

Obfuscation application

One of the following is a clickjacking technique in which an attacker creates an iframe of 1 × 1 pixels containing malicious content placed secretly under the mouse cursor. When the user clicks on this cursor, it will be registered on a malicious page. Which is this clickjacking technique?

- Click event dropping

- Hidden overlay

- Complete transparent overlay

- Rapid content replacement

Hidden overlay

Which of the following is an application security threat that occurs when an application includes untrusted data in a new web page without proper validation or escaping or when an application updates an existing web page with user-supplied data?

- Security misconfiguration

- Components with known vulnerabilities

- Cross-site scripting (XSS)

- XML external entity (XXE)

Cross-site scripting (XSS)

Which of the following is an attack that can majorly affect web applications, including the basic level of service, and allows a level of privilege that standard HTTP application methods cannot grant?

- Platform exploits

- CAPTCHA attacks

- Buffer overflow

- Network access attacks

Network access attacks

Which of the following is a web application attack that is also known as a one-click attack and occurs when a hacker instructs a user's web browser to send a request to a vulnerable website through a malicious web page?

- Cross-site request forgery

- Web service attack

- Hidden field manipulation

- Cookie snooping

Cross-site request forgery

In which of the following attacks does an attacker load the target website inside a low-opacity iframe?

- DNS rebinding attack

- RC4 NOMORE attack

- Clickjacking attack

- JavaScript hijacking

- Clickjacking attack

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

- A security certification for hardened web applications

- Web application patches

- A list of flaws and how to fix them

- An extensible security framework named COBIT

A list of flaws and how to fix them

Which of the following involves injection of malicious html code through a web application?

- LDAP injection

- Shell injection

- SQL injection

- Command injection

Command injection

Which of the following attacks can take place due to flaws such as insecure cryptographic storage and information leakage?

- SQL injection

- Shell injection

- Sensitive data exposure

- Command injection

- Sensitive data exposure

If a threat detection software installed in any organization network either does not record the malicious event or ignores the important details about the event, then what kind of vulnerability is it?

- Security misconfiguration

- Broken access control

- Insufficient logging and monitoring

- Sensitive data exposure

- Insufficient logging and monitoring

During a penetration test, a tester finds that the web application being analyzed is vulnerable to XSS. Which of the following conditions must be met to exploit this vulnerability?

- The web application does not have the secure flag set.

- The victim's browser must have ActiveX technology enabled.

- The victim user should not have an endpoint security solution.

- The session cookies do not have the HttpOnly flag set.

The session cookies do not have the HttpOnly flag set.

An attacker has been successfully modifying the purchase price of items purchased on the company's website. The security administrators verify the webserver and Oracle database have not been compromised directly. They have also verified the intrusion detection system (IDS) logs and found no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price?

- By changing hidden form values

- By using SQL injection

- By using cross site scripting

- By utilizing a buffer overflow attack

By changing hidden form values

Which of the following conditions must be given to allow a tester to exploit a cross-site request forgery (CSRF) vulnerable web application?

- The victim user must open a malicious link with an Internet Explorer prior to version 8.

- The session cookies generated by the application do not have the HttpOnly flag set.

- The victim user must open a malicious link with Firefox prior to version 3.

- The web application should not use random tokens.

The web application should not use random tokens.

An attacker identifies the kind of websites a target company/individual is frequently surfing and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim's machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of an attack is this?

- Phishing attack

- Jamming attack

- Water hole attack

- Denial-of-service attack

- Water hole attack

Which of the following is a clickjacking technique that overlays only the selected controls from a transparent page and involves masking buttons with hyperlinks and text labels containing false information?

- Complete transparent overlay

- Rapid content replacement

- Cropping

- Click event dropping

Cropping

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the applications search form and introduces the following code in the search input field:"IMG SRC = vbscript:msgbox (Vulnerable" When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable". Which web applications vulnerability did the analyst discover?

- Cross-site request forgery

- Command injection

- Cross-site scripting

- SQL injection

Cross-site scripting

An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access. Which type of vulnerability did the attacker exploit?

- Security misconfiguration

- SQL injection

- Sensitive data exposure

- Broken access control

Security misconfiguration

Which of the following is a timing attack performed by measuring the approximate time taken by a server to process a POST request so that the existence of a username can be deduced?

- Cache storage timing attack

- Cross-site timing attack

- Browser-based timing attack

- Direct timing attack

Direct timing attack

Which of the following attacks exploits vulnerabilities in dynamically generated webpages, which enables malicious attackers to inject client-side scripts into webpages viewed by other users?

- Cross-site scripting

- Broken access control

- Security misconfiguration

- Sensitive data exposure

Cross-site scripting

Which of the following HTTP service port numbers is used for connecting to a remote network server system?

- Port 384

- Port 81

- Port 80

- Port 88

Port 384

Which of the following is a DNS interrogation tool that allows an attacker to retrieve information about the location and type of servers related to the target web infrastructure?

- Halberd

- Vega

- WAFW00F

- Professional Toolset

Professional Tool-set

Which of the following techniques allows an attacker to inject unusual characters into HTML code to bypass client-side controls?

- Source-code review

- Attack hidden form fields

- Evade XSS filters

- Attack browser extensions

Evade XSS filters

Which of the following techniques is used by an attacker to enumerate usernames from a target web application?

- Verbose failure message

- Dictionary attack

- Cookie poisoning

- Bypass SAML-based SSO

Verbose failure message

Which of the following is a built-in tool of Burp Suite that is used for inspecting and modifying traffic between a browser and target application?

- Sequencer tool

- Application-aware

- Intruder tool

- Intercepting proxy

Intercepting proxy

Which of the following vulnerabilities occurs when an application adds files without the proper validation of inputs, thereby enabling an attacker to modify the input and embed path traversal characters?

- Security misconfiguration

- File fingerprinting

- Local file inclusion

- Fileless malware

Local file inclusion

Which of the following techniques does an attacker use to replace the value of the data source parameter with that of a rogue Microsoft SQL server?

- Hash stealing

- Connection pool DoS

- Port scanning

- Hijacking web credentials

Hash stealing

In which of the following attack techniques does an attacker lure victims via email or a link that is constructed such that the loopholes of remote execution code become accessible, allowing the attacker to obtain access privileges equal to those of authorized users?

- ActiveX attack

- Session fixation

- Frame injection

- Request forgery attack

ActiveX attack

Which of the following attacks allows an attacker to inject malicious content, modify the user´s online experience, and obtain unauthorized information?

- Session prediction

- Session poisoning

- Cross-site request forgery

- Session brute-forcing

Session poisoning

Which of the following built-in tools of Burp Suite is used for testing the randomness of session tokens?

- Application-aware spider

- Sequencer tool

-Intruder tool

- Intercepting proxy

Sequencer tool

In which of the following cookie exploitation attacks does an attacker modify the cookie contents to obtain unauthorized information about a user and thereby perform identity theft?

- Cookie sniffing

- Cookie replay

- Session brute-forcing

- Cookie poisoning

Cookie poisoning

What technique is used to perform a connection stream parameter pollution (CSPP) attack?

- Injecting parameters into a connection string using semicolons as a separator

- Adding multiple parameters with the same name in HTTP requests

- Setting a user's session identifier (SID) to an explicit known value

- Inserting malicious Javascript code into input parameters

Injecting parameters into a connection string using semicolons as a separator