1 $What is the primary definition of Session Hijacking?$

A.

Crashing a web server by sending too many requests

B.

The exploitation of a valid computer session to gain unauthorized access to information or services

C.

Unauthorized encrypted communication between two servers

D.

Phishing a user to obtain their login credentials via email

2 $Which of the following is a key difference between Session Hijacking and IP Spoofing?$

A.

IP Spoofing takes over an active session; Hijacking initiates a new one

B.

Session Hijacking takes over an ongoing authenticated session; IP Spoofing creates unauthorized packets with a false source IP

C.

There is no difference; they are synonymous

D.

Session Hijacking only works on UDP; IP Spoofing works on TCP

3 $In the context of TCP Session Hijacking, what must an attacker successfully predict to inject packets?$

A.

The Sequence Number (SEQ)

B.

The DNS server IP

C.

The User ID

D.

The MAC address

4 $What is 'Session Fixation'?$

A.

A method of fixing a static IP address to a session

B.

An attack where the attacker fixes the server errors

C.

A defense mechanism to keep sessions stable

D.

An attack where the attacker sets a user's session ID to one known to the attacker before the user logs in

5 $Which attack vector is commonly used to steal Session IDs stored in cookies?$

A.

SQL Injection

B.

Buffer Overflow

C.

Ping of Death

D.

Cross-Site Scripting (XSS)

6 $Which of the following acts as a countermeasure against Session Hijacking by encrypting data in transit?$

A.

Using simple HTTP

B.

Disabling cookies

C.

Using SSL/TLS (HTTPS)

D.

Using Telnet

7 $What is the purpose of the 'HttpOnly' flag in a Set-Cookie header?$

A.

To ensure the cookie is only sent over HTTP, not HTTPS

B.

To ensure the cookie expires immediately

C.

To allow the cookie to be shared across different domains

D.

To prevent client-side scripts (like JavaScript) from accessing the cookie

8 $In a Man-in-the-Middle (MITM) attack used for session hijacking, what tool is often used to manipulate the ARP cache?$

A.

ARP Spoofing/Poisoning

B.

Traceroute

C.

Nmap

D.

Ping

9 $Passive Session Hijacking involves:$

A.

Injecting malicious packets into the stream

B.

Crashing the server

C.

Resetting the connection

D.

Monitoring and capturing traffic without altering it

10 $A good defensive strategy regarding Session IDs after a successful login is to:$

A.

Use the user's username as the Session ID

B.

Regenerate a new Session ID

C.

Keep the same Session ID used before login

D.

Make the Session ID static for 24 hours

11 $In the Client-Server relationship, which entity is responsible for initiating the request?$

A.

Database

B.

Client

C.

Firewall

D.

Server

12 $Which HTTP method is generally considered less secure for transmitting sensitive data because parameters are shown in the URL?$

A.

GET

B.

POST

C.

CONNECT

D.

HEAD

13 $What is 'Directory Traversal' in the context of web server vulnerabilities?$

A.

Accessing files outside the web root folder by manipulating input (e.g., ../)

B.

Traversing the network topology

C.

Moving files from one folder to another

D.

Indexing the website on a search engine

14 $Which of the following is a common vulnerability where a web application fails to properly filter user input before sending it to a database?$

A.

Denial of Service

B.

SQL Injection

C.

Session Timeout

D.

DNS Spoofing

15 $Web Parameter Tampering involves:$

A.

Updating the web browser version

B.

Deleting web server logs

C.

Changing the physical server hardware

D.

Modifying data within form fields, URLs, or cookies to manipulate application behavior

16 $Which tool is commonly used for vulnerability scanning of web applications?$

A.

Microsoft Word

B.

Windows Media Player

C.

Photoshop

D.

Nikto or OWASP ZAP

17 $Why are hidden form fields dangerous if not validated by the server?$

A.

They slow down the website

B.

Users can view source, modify the hidden values, and submit them

C.

They cannot be seen by the browser

D.

They make the HTML code messy

18 $What does SQL stand for?$

A.

Structured Question Language

B.

Simple Query Logic

C.

Structured Query Language

D.

Standard Query List

19 $The core root cause of SQL Injection vulnerabilities is:$

A.

The web server is running Linux

B.

The database is too slow

C.

Trusting user input and mixing code with data

D.

Using a firewall

20 $In a SQL Injection attack, what is the significance of the single quote (') character?$

A.

It is used to delimit strings; inserting it can break the query structure

B.

It deletes the database

C.

It encrypts the password

D.

It starts a comment

21 $What does the injection OR 1=1 typically achieve in a login bypass attack?$

A.

It creates a condition that is always true, bypassing the password check

B.

It causes a syntax error

C.

It deletes the user account

D.

It sets the password to 1

22 $Which SQL comment symbol is often used to ignore the remainder of the original query in MySQL?$

A.

<!-- -->

B.

//

C.

%%

D.

# or --

23 $What is 'Blind SQL Injection'?$

A.

An attack where the database is offline

B.

An attack where the database does not return data/errors to the screen, so the attacker infers data based on server behavior

C.

An attack using invisible ink

D.

An attack where the attacker cannot see the screen

24 $Which SQL command is most dangerous regarding data loss if injected successfully?$

A.

INSERT

B.

UNION

C.

DROP TABLE

D.

SELECT

25 $What is a UNION-based SQL injection?$

A.

Creating a labor union for DBAs

B.

Injecting into the Union Bank website

C.

Joining two databases physically

D.

Using the UNION operator to combine the results of the original query with the results of an injected query

26 $What is the most effective defense against SQL Injection?$

A.

Using complex passwords

B.

Hiding the database name

C.

Input Sanitization only

D.

Parameterized Queries (Prepared Statements)

27 $How does 'Error-based SQL Injection' help an attacker?$

A.

It creates a backup of the database

B.

It crashes the server immediately

C.

It fixes errors in the code

D.

It provides details about the database structure via verbose error messages

28 $Which technique allows an attacker to evade basic pattern-matching detection systems (IDS) during SQL injection?$

A.

Using a faster internet connection

B.

Sending the query via email

C.

URL Encoding or Hex Encoding

D.

Writing the query in capital letters

29 $What is the 'Principle of Least Privilege' in the context of database security?$

A.

Using the oldest version of SQL

B.

Giving every user admin rights

C.

Blocking all users from the database

D.

Ensuring the database application connects with an account that has only the minimum necessary permissions

30 $What is the role of a Web Application Firewall (WAF) regarding SQL Injection?$

A.

It fixes the code automatically

B.

It encrypts the database

C.

It creates user backups

D.

It inspects incoming HTTP traffic and blocks patterns that look like SQL injection attacks

31 $When testing for SQL injection, what is 'Fuzzing'?$

A.

Downloading the database

B.

Encrypting the connection

C.

Sending random, invalid, or unexpected data to inputs to see how the application reacts

D.

Cleaning the screen

32 $Which of the following represents a 'Time-based' Blind SQL Injection?$

A.

UNION ALL SELECT

B.

WAITFOR DELAY '0:0:10'

C.

SELECT * FROM Users

D.

DROP TABLE Users

33 $In a web application, what is Input Validation?$

A.

Checking if the user is an admin

B.

Ensuring input data meets expected criteria (type, length, format) before processing

C.

Validating that the keyboard is connected

D.

Validating the server license

34 $What is the danger of enabling 'xp_cmdshell' in MS SQL Server?$

A.

It slows down queries

B.

It changes the language to Spanish

C.

It allows the execution of Operating System commands via SQL

D.

It prevents tables from being created

35 $Which character is often used to chain multiple SQL queries together in a single injection (Stacking Queries)?$

A.

Period (.)

B.

Comma (,)

C.

Semicolon (;)

D.

Colon (:)

36 $What is Whitespace Manipulation in the context of evading SQLi detection?$

A.

Replacing spaces with other whitespace characters (like tabs or newlines) to bypass filters

B.

Deleting all spaces in the code

C.

Using a larger monitor

D.

Adding spaces to make the website look better

37 $Which of the following is an example of an 'In-band' SQL Injection?$

A.

The attacker uses a different channel to retrieve data

B.

The attack is performed over the phone

C.

The data is retrieved using the same channel (e.g., displayed on the webpage)

D.

The attack relies solely on time delays

38 $What is a 'stored' SQL injection?$

A.

The injection only happens once

B.

The malicious code is permanently stored in the database (e.g., in a forum post) and executes later

C.

The code is stored in the browser cache

D.

The injection is stored on a USB drive

39 $To secure cookies against session hijacking, the 'Secure' flag should be set to:$

A.

Allow the cookie on HTTP only

B.

Make the cookie invisible

C.

Ensure cookies are sent only over encrypted (HTTPS) connections

D.

Encrypt the cookie content with ROT13

40 $Which of these is NOT a valid method to test for SQL Injection?$

A.

Physical inspection of the server hard drive

B.

Inputting 1=1 logic

C.

Running a vulnerability scanner

D.

Inputting a single quote into a search box

41 $In a client-server architecture, where should security validation be most rigorously applied?$

A.

On the router only

B.

Server-side

C.

Client-side only (JavaScript)

D.

Neither

42 $How can 'Stored Procedures' help prevent SQL Injection?$

A.

They encrypt the hard drive

B.

They encapsulate queries and can accept parameters, functioning similarly to parameterized queries

C.

They make the database slower

D.

They delete all data periodically

43 $What does an attacker typically look for in a URL to attempt SQL Injection?$

A.

Static HTML pages

B.

CSS files

C.

Images (.jpg)

D.

Query strings with parameters (e.g., ?id=5)

44 $Which of the following best describes 'Session Timeout' as a defensive strategy?$

A.

Turning off the server at night

B.

Closing the session automatically after a period of inactivity

C.

Slowing down the internet connection

D.

Banning the user forever

45 $What is the risk of having 'Verbose Error Messages' enabled on a live production server?$

A.

It looks unprofessional

B.

It uses too much bandwidth

C.

It aids attackers in understanding the technology stack and database structure (Information Leakage)

D.

It fills up the hard drive

46 $Why is 'Allow-listing' (White-listing) input validation superior to 'Block-listing' (Black-listing)?$

A.

Block-listing often fails because attackers can find variations or encodings that aren't on the list

B.

It is faster to write

C.

Allow-listing accepts everything

D.

Block-listing is illegal

47 $In network session hijacking, what is 'Ack Storm'?$

A.

A weather condition affecting Wi-Fi

B.

A type of firewall

C.

A burst of traffic caused by desynchronized sequence numbers where devices repeatedly try to synchronize

D.

A hacking tool

48 $Using an ORM (Object-Relational Mapping) framework generally reduces SQL injection risks because:$

A.

It doesn't use SQL

B.

It automatically uses parameterized queries under the hood

C.

It uses a special firewall

D.

It requires biometric authentication

49 $Which header helps protect against clickjacking, which can be related to session manipulation?$

A.

User-Agent

B.

Host

C.

Content-Type

D.

X-Frame-Options

50 $When an attacker uses HAVING 1=1 in an injection, they are often trying to:$

A.

Speed up the query

B.

Login as admin

C.

Delete the table

D.

Force an error to reveal the table or column name in the error message

Unit 5 - Practice Quiz