Unit 5 - Practice Quiz

INT244 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 What is the primary definition of Session Hijacking?

A. Crashing a web server by sending too many requests
B. Phishing a user to obtain their login credentials via email
C. Unauthorized encrypted communication between two servers
D. The exploitation of a valid computer session to gain unauthorized access to information or services

2 Which of the following is a key difference between Session Hijacking and IP Spoofing?

A. Session Hijacking only works on UDP; IP Spoofing works on TCP
B. There is no difference; they are synonymous
C. IP Spoofing takes over an active session; Hijacking initiates a new one
D. Session Hijacking takes over an ongoing authenticated session; IP Spoofing creates unauthorized packets with a false source IP

3 In the context of TCP Session Hijacking, what must an attacker successfully predict to inject packets?

A. The MAC address
B. The Sequence Number (SEQ)
C. The DNS server IP
D. The User ID

4 What is 'Session Fixation'?

A. An attack where the attacker fixes the server errors
B. A method of fixing a static IP address to a session
C. An attack where the attacker sets a user's session ID to one known to the attacker before the user logs in
D. A defense mechanism to keep sessions stable

5 Which attack vector is commonly used to steal Session IDs stored in cookies?

A. SQL Injection
B. Ping of Death
C. Cross-Site Scripting (XSS)
D. Buffer Overflow

6 Which of the following acts as a countermeasure against Session Hijacking by encrypting data in transit?

A. Using Telnet
B. Disabling cookies
C. Using simple HTTP
D. Using SSL/TLS (HTTPS)

7 What is the purpose of the 'HttpOnly' flag in a Set-Cookie header?

A. To allow the cookie to be shared across different domains
B. To ensure the cookie expires immediately
C. To ensure the cookie is only sent over HTTP, not HTTPS
D. To prevent client-side scripts (like JavaScript) from accessing the cookie

8 In a Man-in-the-Middle (MITM) attack used for session hijacking, what tool is often used to manipulate the ARP cache?

A. Traceroute
B. Nmap
C. ARP Spoofing/Poisoning
D. Ping

9 Passive Session Hijacking involves:

A. Resetting the connection
B. Crashing the server
C. Injecting malicious packets into the stream
D. Monitoring and capturing traffic without altering it

10 A good defensive strategy regarding Session IDs after a successful login is to:

A. Keep the same Session ID used before login
B. Use the user's username as the Session ID
C. Make the Session ID static for 24 hours
D. Regenerate a new Session ID

11 In the Client-Server relationship, which entity is responsible for initiating the request?

A. Database
B. Server
C. Client
D. Firewall

12 Which HTTP method is generally considered less secure for transmitting sensitive data because parameters are shown in the URL?

A. POST
B. GET
C. CONNECT
D. HEAD

13 What is 'Directory Traversal' in the context of web server vulnerabilities?

A. Moving files from one folder to another
B. Indexing the website on a search engine
C. Accessing files outside the web root folder by manipulating input (e.g., ../)
D. Traversing the network topology

14 Which of the following is a common vulnerability where a web application fails to properly filter user input before sending it to a database?

A. Session Timeout
B. DNS Spoofing
C. Denial of Service
D. SQL Injection

15 Web Parameter Tampering involves:

A. Changing the physical server hardware
B. Modifying data within form fields, URLs, or cookies to manipulate application behavior
C. Deleting web server logs
D. Updating the web browser version

16 Which tool is commonly used for vulnerability scanning of web applications?

A. Photoshop
B. Microsoft Word
C. Windows Media Player
D. Nikto or OWASP ZAP

17 Why are hidden form fields dangerous if not validated by the server?

A. Users can view source, modify the hidden values, and submit them
B. They cannot be seen by the browser
C. They make the HTML code messy
D. They slow down the website

18 What does SQL stand for?

A. Standard Query List
B. Simple Query Logic
C. Structured Question Language
D. Structured Query Language

19 The core root cause of SQL Injection vulnerabilities is:

A. Using a firewall
B. The database is too slow
C. The web server is running Linux
D. Trusting user input and mixing code with data

20 In a SQL Injection attack, what is the significance of the single quote (') character?

A. It deletes the database
B. It is used to delimit strings; inserting it can break the query structure
C. It encrypts the password
D. It starts a comment

21 What does the injection OR 1=1 typically achieve in a login bypass attack?

A. It causes a syntax error
B. It creates a condition that is always true, bypassing the password check
C. It deletes the user account
D. It sets the password to 1

22 Which SQL comment symbol is often used to ignore the remainder of the original query in MySQL?

A. //
B. %%
C. # or --
D. <!-- -->

23 What is 'Blind SQL Injection'?

A. An attack where the database is offline
B. An attack using invisible ink
C. An attack where the database does not return data/errors to the screen, so the attacker infers data based on server behavior
D. An attack where the attacker cannot see the screen

24 Which SQL command is most dangerous regarding data loss if injected successfully?

A. DROP TABLE
B. INSERT
C. UNION
D. SELECT

25 What is a UNION-based SQL injection?

A. Creating a labor union for DBAs
B. Injecting into the Union Bank website
C. Joining two databases physically
D. Using the UNION operator to combine the results of the original query with the results of an injected query

26 What is the most effective defense against SQL Injection?

A. Input Sanitization only
B. Using complex passwords
C. Parameterized Queries (Prepared Statements)
D. Hiding the database name

27 How does 'Error-based SQL Injection' help an attacker?

A. It crashes the server immediately
B. It creates a backup of the database
C. It fixes errors in the code
D. It provides details about the database structure via verbose error messages

28 Which technique allows an attacker to evade basic pattern-matching detection systems (IDS) during SQL injection?

A. Sending the query via email
B. Using a faster internet connection
C. Writing the query in capital letters
D. URL Encoding or Hex Encoding

29 What is the 'Principle of Least Privilege' in the context of database security?

A. Ensuring the database application connects with an account that has only the minimum necessary permissions
B. Blocking all users from the database
C. Giving every user admin rights
D. Using the oldest version of SQL

30 What is the role of a Web Application Firewall (WAF) regarding SQL Injection?

A. It creates user backups
B. It fixes the code automatically
C. It inspects incoming HTTP traffic and blocks patterns that look like SQL injection attacks
D. It encrypts the database

31 When testing for SQL injection, what is 'Fuzzing'?

A. Encrypting the connection
B. Downloading the database
C. Sending random, invalid, or unexpected data to inputs to see how the application reacts
D. Cleaning the screen

32 Which of the following represents a 'Time-based' Blind SQL Injection?

A. DROP TABLE Users
B. WAITFOR DELAY '0:0:10'
C. UNION ALL SELECT
D. SELECT * FROM Users

33 In a web application, what is Input Validation?

A. Validating that the keyboard is connected
B. Checking if the user is an admin
C. Ensuring input data meets expected criteria (type, length, format) before processing
D. Validating the server license

34 What is the danger of enabling 'xp_cmdshell' in MS SQL Server?

A. It allows the execution of Operating System commands via SQL
B. It slows down queries
C. It changes the language to Spanish
D. It prevents tables from being created

35 Which character is often used to chain multiple SQL queries together in a single injection (Stacking Queries)?

A. Colon (:)
B. Period (.)
C. Comma (,)
D. Semicolon (;)

36 What is Whitespace Manipulation in the context of evading SQLi detection?

A. Using a larger monitor
B. Deleting all spaces in the code
C. Replacing spaces with other whitespace characters (like tabs or newlines) to bypass filters
D. Adding spaces to make the website look better

37 Which of the following is an example of an 'In-band' SQL Injection?

A. The data is retrieved using the same channel (e.g., displayed on the webpage)
B. The attack relies solely on time delays
C. The attacker uses a different channel to retrieve data
D. The attack is performed over the phone

38 What is a 'stored' SQL injection?

A. The malicious code is permanently stored in the database (e.g., in a forum post) and executes later
B. The injection is stored on a USB drive
C. The injection only happens once
D. The code is stored in the browser cache

39 To secure cookies against session hijacking, the 'Secure' flag should be set to:

A. Encrypt the cookie content with ROT13
B. Make the cookie invisible
C. Allow the cookie on HTTP only
D. Ensure cookies are sent only over encrypted (HTTPS) connections

40 Which of these is NOT a valid method to test for SQL Injection?

A. Physical inspection of the server hard drive
B. Inputting a single quote into a search box
C. Inputting 1=1 logic
D. Running a vulnerability scanner

41 In a client-server architecture, where should security validation be most rigorously applied?

A. Server-side
B. Neither
C. Client-side only (JavaScript)
D. On the router only

42 How can 'Stored Procedures' help prevent SQL Injection?

A. They delete all data periodically
B. They encrypt the hard drive
C. They encapsulate queries and can accept parameters, functioning similarly to parameterized queries
D. They make the database slower

43 What does an attacker typically look for in a URL to attempt SQL Injection?

A. CSS files
B. Images (.jpg)
C. Query strings with parameters (e.g., ?id=5)
D. Static HTML pages

44 Which of the following best describes 'Session Timeout' as a defensive strategy?

A. Banning the user forever
B. Turning off the server at night
C. Slowing down the internet connection
D. Closing the session automatically after a period of inactivity

45 What is the risk of having 'Verbose Error Messages' enabled on a live production server?

A. It fills up the hard drive
B. It uses too much bandwidth
C. It looks unprofessional
D. It aids attackers in understanding the technology stack and database structure (Information Leakage)

46 Why is 'Allow-listing' (White-listing) input validation superior to 'Block-listing' (Black-listing)?

A. Block-listing is illegal
B. Block-listing often fails because attackers can find variations or encodings that aren't on the list
C. It is faster to write
D. Allow-listing accepts everything

47 In network session hijacking, what is 'Ack Storm'?

A. A type of firewall
B. A hacking tool
C. A burst of traffic caused by desynchronized sequence numbers where devices repeatedly try to synchronize
D. A weather condition affecting Wi-Fi

48 Using an ORM (Object-Relational Mapping) framework generally reduces SQL injection risks because:

A. It automatically uses parameterized queries under the hood
B. It doesn't use SQL
C. It requires biometric authentication
D. It uses a special firewall

49 Which header helps protect against clickjacking, which can be related to session manipulation?

A. X-Frame-Options
B. Host
C. Content-Type
D. User-Agent

50 When an attacker uses HAVING 1=1 in an injection, they are often trying to:

A. Delete the table
B. Force an error to reveal the table or column name in the error message
C. Speed up the query
D. Login as admin