Unit 5 - Practice Quiz

INT244 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 What is the primary definition of Session Hijacking?

A. Unauthorized encrypted communication between two servers
B. The exploitation of a valid computer session to gain unauthorized access to information or services
C. Crashing a web server by sending too many requests
D. Phishing a user to obtain their login credentials via email

2 Which of the following is a key difference between Session Hijacking and IP Spoofing?

A. IP Spoofing takes over an active session; Hijacking initiates a new one
B. Session Hijacking only works on UDP; IP Spoofing works on TCP
C. There is no difference; they are synonymous
D. Session Hijacking takes over an ongoing authenticated session; IP Spoofing creates unauthorized packets with a false source IP

3 In the context of TCP Session Hijacking, what must an attacker successfully predict to inject packets?

A. The MAC address
B. The DNS server IP
C. The User ID
D. The Sequence Number (SEQ)

4 What is 'Session Fixation'?

A. A defense mechanism to keep sessions stable
B. An attack where the attacker sets a user's session ID to one known to the attacker before the user logs in
C. An attack where the attacker fixes the server errors
D. A method of fixing a static IP address to a session

5 Which attack vector is commonly used to steal Session IDs stored in cookies?

A. SQL Injection
B. Buffer Overflow
C. Ping of Death
D. Cross-Site Scripting (XSS)

6 Which of the following acts as a countermeasure against Session Hijacking by encrypting data in transit?

A. Disabling cookies
B. Using Telnet
C. Using simple HTTP
D. Using SSL/TLS (HTTPS)

7 What is the purpose of the 'HttpOnly' flag in a Set-Cookie header?

A. To ensure the cookie is only sent over HTTP, not HTTPS
B. To prevent client-side scripts (like JavaScript) from accessing the cookie
C. To ensure the cookie expires immediately
D. To allow the cookie to be shared across different domains

8 In a Man-in-the-Middle (MITM) attack used for session hijacking, what tool is often used to manipulate the ARP cache?

A. Traceroute
B. Ping
C. Nmap
D. ARP Spoofing/Poisoning

9 Passive Session Hijacking involves:

A. Monitoring and capturing traffic without altering it
B. Crashing the server
C. Injecting malicious packets into the stream
D. Resetting the connection

10 A good defensive strategy regarding Session IDs after a successful login is to:

A. Regenerate a new Session ID
B. Make the Session ID static for 24 hours
C. Keep the same Session ID used before login
D. Use the user's username as the Session ID

11 In the Client-Server relationship, which entity is responsible for initiating the request?

A. Firewall
B. Client
C. Database
D. Server

12 Which HTTP method is generally considered less secure for transmitting sensitive data because parameters are shown in the URL?

A. CONNECT
B. HEAD
C. POST
D. GET

13 What is 'Directory Traversal' in the context of web server vulnerabilities?

A. Accessing files outside the web root folder by manipulating input (e.g., ../)
B. Traversing the network topology
C. Indexing the website on a search engine
D. Moving files from one folder to another

14 Which of the following is a common vulnerability where a web application fails to properly filter user input before sending it to a database?

A. DNS Spoofing
B. Session Timeout
C. Denial of Service
D. SQL Injection

15 Web Parameter Tampering involves:

A. Modifying data within form fields, URLs, or cookies to manipulate application behavior
B. Deleting web server logs
C. Updating the web browser version
D. Changing the physical server hardware

16 Which tool is commonly used for vulnerability scanning of web applications?

A. Microsoft Word
B. Windows Media Player
C. Nikto or OWASP ZAP
D. Photoshop

17 Why are hidden form fields dangerous if not validated by the server?

A. They make the HTML code messy
B. Users can view source, modify the hidden values, and submit them
C. They slow down the website
D. They cannot be seen by the browser

18 What does SQL stand for?

A. Structured Question Language
B. Standard Query List
C. Structured Query Language
D. Simple Query Logic

19 The core root cause of SQL Injection vulnerabilities is:

A. Trusting user input and mixing code with data
B. The web server is running Linux
C. The database is too slow
D. Using a firewall

20 In a SQL Injection attack, what is the significance of the single quote (') character?

A. It is used to delimit strings; inserting it can break the query structure
B. It deletes the database
C. It encrypts the password
D. It starts a comment

21 What does the injection OR 1=1 typically achieve in a login bypass attack?

A. It sets the password to 1
B. It causes a syntax error
C. It deletes the user account
D. It creates a condition that is always true, bypassing the password check

22 Which SQL comment symbol is often used to ignore the remainder of the original query in MySQL?

A. //
B. <!-- -->
C. # or --
D. %%

23 What is 'Blind SQL Injection'?

A. An attack where the database does not return data/errors to the screen, so the attacker infers data based on server behavior
B. An attack using invisible ink
C. An attack where the attacker cannot see the screen
D. An attack where the database is offline

24 Which SQL command is most dangerous regarding data loss if injected successfully?

A. SELECT
B. INSERT
C. DROP TABLE
D. UNION

25 What is a UNION-based SQL injection?

A. Injecting into the Union Bank website
B. Creating a labor union for DBAs
C. Using the UNION operator to combine the results of the original query with the results of an injected query
D. Joining two databases physically

26 What is the most effective defense against SQL Injection?

A. Input Sanitization only
B. Parameterized Queries (Prepared Statements)
C. Using complex passwords
D. Hiding the database name

27 How does 'Error-based SQL Injection' help an attacker?

A. It provides details about the database structure via verbose error messages
B. It fixes errors in the code
C. It creates a backup of the database
D. It crashes the server immediately

28 Which technique allows an attacker to evade basic pattern-matching detection systems (IDS) during SQL injection?

A. Using a faster internet connection
B. URL Encoding or Hex Encoding
C. Writing the query in capital letters
D. Sending the query via email

29 What is the 'Principle of Least Privilege' in the context of database security?

A. Ensuring the database application connects with an account that has only the minimum necessary permissions
B. Blocking all users from the database
C. Using the oldest version of SQL
D. Giving every user admin rights

30 What is the role of a Web Application Firewall (WAF) regarding SQL Injection?

A. It encrypts the database
B. It inspects incoming HTTP traffic and blocks patterns that look like SQL injection attacks
C. It fixes the code automatically
D. It creates user backups

31 When testing for SQL injection, what is 'Fuzzing'?

A. Downloading the database
B. Sending random, invalid, or unexpected data to inputs to see how the application reacts
C. Cleaning the screen
D. Encrypting the connection

32 Which of the following represents a 'Time-based' Blind SQL Injection?

A. DROP TABLE Users
B. WAITFOR DELAY '0:0:10'
C. UNION ALL SELECT
D. SELECT * FROM Users

33 In a web application, what is Input Validation?

A. Validating the server license
B. Checking if the user is an admin
C. Ensuring input data meets expected criteria (type, length, format) before processing
D. Validating that the keyboard is connected

34 What is the danger of enabling 'xp_cmdshell' in MS SQL Server?

A. It allows the execution of Operating System commands via SQL
B. It changes the language to Spanish
C. It prevents tables from being created
D. It slows down queries

35 Which character is often used to chain multiple SQL queries together in a single injection (Stacking Queries)?

A. Period (.)
B. Comma (,)
C. Semicolon (;)
D. Colon (:)

36 What is Whitespace Manipulation in the context of evading SQLi detection?

A. Replacing spaces with other whitespace characters (like tabs or newlines) to bypass filters
B. Adding spaces to make the website look better
C. Using a larger monitor
D. Deleting all spaces in the code

37 Which of the following is an example of an 'In-band' SQL Injection?

A. The attack relies solely on time delays
B. The attack is performed over the phone
C. The data is retrieved using the same channel (e.g., displayed on the webpage)
D. The attacker uses a different channel to retrieve data

38 What is a 'stored' SQL injection?

A. The code is stored in the browser cache
B. The injection only happens once
C. The injection is stored on a USB drive
D. The malicious code is permanently stored in the database (e.g., in a forum post) and executes later

39 To secure cookies against session hijacking, the 'Secure' flag should be set to:

A. Ensure cookies are sent only over encrypted (HTTPS) connections
B. Make the cookie invisible
C. Allow the cookie on HTTP only
D. Encrypt the cookie content with ROT13

40 Which of these is NOT a valid method to test for SQL Injection?

A. Physical inspection of the server hard drive
B. Running a vulnerability scanner
C. Inputting a single quote into a search box
D. Inputting 1=1 logic

41 In a client-server architecture, where should security validation be most rigorously applied?

A. Server-side
B. On the router only
C. Neither
D. Client-side only (JavaScript)

42 How can 'Stored Procedures' help prevent SQL Injection?

A. They make the database slower
B. They encapsulate queries and can accept parameters, functioning similarly to parameterized queries
C. They encrypt the hard drive
D. They delete all data periodically

43 What does an attacker typically look for in a URL to attempt SQL Injection?

A. Images (.jpg)
B. Query strings with parameters (e.g., ?id=5)
C. CSS files
D. Static HTML pages

44 Which of the following best describes 'Session Timeout' as a defensive strategy?

A. Slowing down the internet connection
B. Closing the session automatically after a period of inactivity
C. Turning off the server at night
D. Banning the user forever

45 What is the risk of having 'Verbose Error Messages' enabled on a live production server?

A. It looks unprofessional
B. It aids attackers in understanding the technology stack and database structure (Information Leakage)
C. It fills up the hard drive
D. It uses too much bandwidth

46 Why is 'Allow-listing' (White-listing) input validation superior to 'Block-listing' (Black-listing)?

A. Block-listing is illegal
B. Allow-listing accepts everything
C. It is faster to write
D. Block-listing often fails because attackers can find variations or encodings that aren't on the list

47 In network session hijacking, what is 'Ack Storm'?

A. A hacking tool
B. A type of firewall
C. A burst of traffic caused by desynchronized sequence numbers where devices repeatedly try to synchronize
D. A weather condition affecting Wi-Fi

48 Using an ORM (Object-Relational Mapping) framework generally reduces SQL injection risks because:

A. It uses a special firewall
B. It automatically uses parameterized queries under the hood
C. It requires biometric authentication
D. It doesn't use SQL

49 Which header helps protect against clickjacking, which can be related to session manipulation?

A. User-Agent
B. Host
C. X-Frame-Options
D. Content-Type

50 When an attacker uses HAVING 1=1 in an injection, they are often trying to:

A. Login as admin
B. Force an error to reveal the table or column name in the error message
C. Speed up the query
D. Delete the table