1 $What is the primary definition of Session Hijacking?$

A.

Unauthorized encrypted communication between two servers

B.

The exploitation of a valid computer session to gain unauthorized access to information or services

C.

Crashing a web server by sending too many requests

D.

Phishing a user to obtain their login credentials via email

2 $Which of the following is a key difference between Session Hijacking and IP Spoofing?$

A.

IP Spoofing takes over an active session; Hijacking initiates a new one

B.

Session Hijacking takes over an ongoing authenticated session; IP Spoofing creates unauthorized packets with a false source IP

C.

Session Hijacking only works on UDP; IP Spoofing works on TCP

D.

There is no difference; they are synonymous

3 $In the context of TCP Session Hijacking, what must an attacker successfully predict to inject packets?$

A.

The MAC address

B.

The Sequence Number (SEQ)

C.

The User ID

D.

The DNS server IP

4 $What is 'Session Fixation'?$

A.

An attack where the attacker fixes the server errors

B.

An attack where the attacker sets a user's session ID to one known to the attacker before the user logs in

C.

A defense mechanism to keep sessions stable

D.

A method of fixing a static IP address to a session

5 $Which attack vector is commonly used to steal Session IDs stored in cookies?$

A.

SQL Injection

B.

Cross-Site Scripting (XSS)

C.

Buffer Overflow

D.

Ping of Death

6 $Which of the following acts as a countermeasure against Session Hijacking by encrypting data in transit?$

A.

Using Telnet

B.

Using SSL/TLS (HTTPS)

C.

Using simple HTTP

D.

Disabling cookies

7 $What is the purpose of the 'HttpOnly' flag in a Set-Cookie header?$

A.

To ensure the cookie is only sent over HTTP, not HTTPS

B.

To prevent client-side scripts (like JavaScript) from accessing the cookie

C.

To ensure the cookie expires immediately

D.

To allow the cookie to be shared across different domains

8 $In a Man-in-the-Middle (MITM) attack used for session hijacking, what tool is often used to manipulate the ARP cache?$

A.

Nmap

B.

ARP Spoofing/Poisoning

C.

Ping

D.

Traceroute

9 $Passive Session Hijacking involves:$

A.

Injecting malicious packets into the stream

B.

Monitoring and capturing traffic without altering it

C.

Resetting the connection

D.

Crashing the server

10 $A good defensive strategy regarding Session IDs after a successful login is to:$

A.

Keep the same Session ID used before login

B.

Regenerate a new Session ID

C.

Use the user's username as the Session ID

D.

Make the Session ID static for 24 hours

11 $In the Client-Server relationship, which entity is responsible for initiating the request?$

A.

Server

B.

Client

C.

Database

D.

Firewall

12 $Which HTTP method is generally considered less secure for transmitting sensitive data because parameters are shown in the URL?$

A.

POST

B.

GET

C.

HEAD

D.

CONNECT

13 $What is 'Directory Traversal' in the context of web server vulnerabilities?$

A.

Moving files from one folder to another

B.

Accessing files outside the web root folder by manipulating input (e.g., ../)

C.

Indexing the website on a search engine

D.

Traversing the network topology

14 $Which of the following is a common vulnerability where a web application fails to properly filter user input before sending it to a database?$

A.

Denial of Service

B.

SQL Injection

C.

DNS Spoofing

D.

Session Timeout

15 $Web Parameter Tampering involves:$

A.

Modifying data within form fields, URLs, or cookies to manipulate application behavior

B.

Deleting web server logs

C.

Changing the physical server hardware

D.

Updating the web browser version

16 $Which tool is commonly used for vulnerability scanning of web applications?$

A.

Photoshop

B.

Nikto or OWASP ZAP

C.

Microsoft Word

D.

Windows Media Player

17 $Why are hidden form fields dangerous if not validated by the server?$

A.

They slow down the website

B.

They make the HTML code messy

C.

Users can view source, modify the hidden values, and submit them

D.

They cannot be seen by the browser

18 $What does SQL stand for?$

A.

Structured Question Language

B.

Structured Query Language

C.

Simple Query Logic

D.

Standard Query List

19 $The core root cause of SQL Injection vulnerabilities is:$

A.

The database is too slow

B.

The web server is running Linux

C.

Trusting user input and mixing code with data

D.

Using a firewall

20 $In a SQL Injection attack, what is the significance of the single quote (') character?$

A.

It starts a comment

B.

It is used to delimit strings; inserting it can break the query structure

C.

It deletes the database

D.

It encrypts the password

21 $What does the injection OR 1=1 typically achieve in a login bypass attack?$

A.

It causes a syntax error

B.

It creates a condition that is always true, bypassing the password check

C.

It sets the password to 1

D.

It deletes the user account

22 $Which SQL comment symbol is often used to ignore the remainder of the original query in MySQL?$

A.

//

B.

<!-- -->

C.

# or --

D.

%%

23 $What is 'Blind SQL Injection'?$

A.

An attack where the attacker cannot see the screen

B.

An attack where the database does not return data/errors to the screen, so the attacker infers data based on server behavior

C.

An attack where the database is offline

D.

An attack using invisible ink

24 $Which SQL command is most dangerous regarding data loss if injected successfully?$

A.

SELECT

B.

DROP TABLE

C.

UNION

D.

INSERT

25 $What is a UNION-based SQL injection?$

A.

Joining two databases physically

B.

Using the UNION operator to combine the results of the original query with the results of an injected query

C.

Creating a labor union for DBAs

D.

Injecting into the Union Bank website

26 $What is the most effective defense against SQL Injection?$

A.

Input Sanitization only

B.

Parameterized Queries (Prepared Statements)

C.

Hiding the database name

D.

Using complex passwords

27 $How does 'Error-based SQL Injection' help an attacker?$

A.

It crashes the server immediately

B.

It provides details about the database structure via verbose error messages

C.

It fixes errors in the code

D.

It creates a backup of the database

28 $Which technique allows an attacker to evade basic pattern-matching detection systems (IDS) during SQL injection?$

A.

URL Encoding or Hex Encoding

B.

Writing the query in capital letters

C.

Using a faster internet connection

D.

Sending the query via email

29 $What is the 'Principle of Least Privilege' in the context of database security?$

A.

Giving every user admin rights

B.

Ensuring the database application connects with an account that has only the minimum necessary permissions

C.

Blocking all users from the database

D.

Using the oldest version of SQL

30 $What is the role of a Web Application Firewall (WAF) regarding SQL Injection?$

A.

It fixes the code automatically

B.

It inspects incoming HTTP traffic and blocks patterns that look like SQL injection attacks

C.

It encrypts the database

D.

It creates user backups

31 $When testing for SQL injection, what is 'Fuzzing'?$

A.

Cleaning the screen

B.

Sending random, invalid, or unexpected data to inputs to see how the application reacts

C.

Encrypting the connection

D.

Downloading the database

32 $Which of the following represents a 'Time-based' Blind SQL Injection?$

A.

WAITFOR DELAY '0:0:10'

B.

SELECT * FROM Users

C.

DROP TABLE Users

D.

UNION ALL SELECT

33 $In a web application, what is Input Validation?$

A.

Ensuring input data meets expected criteria (type, length, format) before processing

B.

Validating that the keyboard is connected

C.

Checking if the user is an admin

D.

Validating the server license

34 $What is the danger of enabling 'xp_cmdshell' in MS SQL Server?$

A.

It slows down queries

B.

It allows the execution of Operating System commands via SQL

C.

It prevents tables from being created

D.

It changes the language to Spanish

35 $Which character is often used to chain multiple SQL queries together in a single injection (Stacking Queries)?$

A.

Comma (,)

B.

Semicolon (;)

C.

Colon (:)

D.

Period (.)

36 $What is Whitespace Manipulation in the context of evading SQLi detection?$

A.

Deleting all spaces in the code

B.

Replacing spaces with other whitespace characters (like tabs or newlines) to bypass filters

C.

Adding spaces to make the website look better

D.

Using a larger monitor

37 $Which of the following is an example of an 'In-band' SQL Injection?$

A.

The attacker uses a different channel to retrieve data

B.

The data is retrieved using the same channel (e.g., displayed on the webpage)

C.

The attack is performed over the phone

D.

The attack relies solely on time delays

38 $What is a 'stored' SQL injection?$

A.

The malicious code is permanently stored in the database (e.g., in a forum post) and executes later

B.

The injection is stored on a USB drive

C.

The injection only happens once

D.

The code is stored in the browser cache

39 $To secure cookies against session hijacking, the 'Secure' flag should be set to:$

A.

Ensure cookies are sent only over encrypted (HTTPS) connections

B.

Make the cookie invisible

C.

Encrypt the cookie content with ROT13

D.

Allow the cookie on HTTP only

40 $Which of these is NOT a valid method to test for SQL Injection?$

A.

Inputting a single quote into a search box

B.

Inputting 1=1 logic

C.

Running a vulnerability scanner

D.

Physical inspection of the server hard drive

41 $In a client-server architecture, where should security validation be most rigorously applied?$

A.

Client-side only (JavaScript)

B.

Server-side

C.

Neither

D.

On the router only

42 $How can 'Stored Procedures' help prevent SQL Injection?$

A.

They make the database slower

B.

They encapsulate queries and can accept parameters, functioning similarly to parameterized queries

C.

They delete all data periodically

D.

They encrypt the hard drive

43 $What does an attacker typically look for in a URL to attempt SQL Injection?$

A.

Images (.jpg)

B.

CSS files

C.

Query strings with parameters (e.g., ?id=5)

D.

Static HTML pages

44 $Which of the following best describes 'Session Timeout' as a defensive strategy?$

A.

Closing the session automatically after a period of inactivity

B.

Slowing down the internet connection

C.

Banning the user forever

D.

Turning off the server at night

45 $What is the risk of having 'Verbose Error Messages' enabled on a live production server?$

A.

It looks unprofessional

B.

It aids attackers in understanding the technology stack and database structure (Information Leakage)

C.

It uses too much bandwidth

D.

It fills up the hard drive

46 $Why is 'Allow-listing' (White-listing) input validation superior to 'Block-listing' (Black-listing)?$

A.

It is faster to write

B.

Block-listing often fails because attackers can find variations or encodings that aren't on the list

C.

Allow-listing accepts everything

D.

Block-listing is illegal

47 $In network session hijacking, what is 'Ack Storm'?$

A.

A weather condition affecting Wi-Fi

B.

A burst of traffic caused by desynchronized sequence numbers where devices repeatedly try to synchronize

C.

A hacking tool

D.

A type of firewall

48 $Using an ORM (Object-Relational Mapping) framework generally reduces SQL injection risks because:$

A.

It doesn't use SQL

B.

It automatically uses parameterized queries under the hood

C.

It uses a special firewall

D.

It requires biometric authentication

49 $Which header helps protect against clickjacking, which can be related to session manipulation?$

A.

X-Frame-Options

B.

Content-Type

C.

Host

D.

User-Agent

50 $When an attacker uses HAVING 1=1 in an injection, they are often trying to:$

A.

Delete the table

B.

Force an error to reveal the table or column name in the error message

C.

Login as admin

D.

Speed up the query

Unit 5 - Practice Quiz