Exploiting Application-Based Vulnerabilities Test Bank Ch.6

CompTIA® PenTest+ Cert Guide

Chapter 6 Exploiting Application-Based Vulnerabilities

1) HTTP status code messages in which range are related to server errors?

A) 100

B) 300

C) 400

D) 500

2) Which of these is not an HTTP method?

A) PUT

B) CREATE

C) GET

D) CONNECT

3) Which of these Linux distros would be a good choice for a web applications security testing environment?

A) Ubuntu

B) Red Hat

C) Parrot

D) Felix

4) ________ vulnerabilities are exploited by forcing an application or system to process invalid data.

A) Code injection

B) Session hijacking

C) Kerberos

D) Redirection

5) When performing SQL injection, what is the purpose of adding a single quote to the field or parameter in a web form?

A) SQL uses it to enter command mode

B) SQL uses it as a string terminator

C) It confuses the server because it has no meaning in SQL

D) It is a shortcut for the UNION operator

6) In an _____ SQL injection, the attacker receives data using a different channel than the one used to inject the SQL code.

A) Out-of-band

B) In-band

C) Blind

D) Inferential

7) Fingerprinting a database means to:

A) Obtain login credentials for the database's server

B) Determine the fields and the number of records

C) Determine what back-end application the database uses

D) Make a copy of the database

8) Which of these is an important step to mitigate SQL injection attacks?

A) Avoiding hosting database on Linux servers

B) Complex passwords

C) Relative paths

D) Immutable queries

9) Command injection attacks are possible when an application does not:

A) Store procedures

B) Validate user input

C) Accept input from external sources

D) Accept HTML-formatted commands

10) Which of these attack types is not related to user authentication?

A) SQL injection

B) Session hijacking

C) Credential brute forcing

D) Exploiting Kerberos

11) Which of these allows attackers to easily crack passwords?

A) Using Kerberos authentication

B) Using the MD5 or DES cryptographic algorithm

C) Using the SHA-256 cryptographic algorithm

D) Failing to use a hardware firewall

12) Which of these can accelerate the process of cracking password hashes?

A) Rainbow tables

B) SQL databases

C) Golden tickets

D) Packet analysis tools

13) You should not include the ____ in a URL because it can lead to session fixation attacks.

A) Server name

B) Default folder

C) Session ID

D) Protocol type

14) HTTP parameter pollution (HPP) vulnerabilities can be introduced if:

A) There is no input validation filter

B) The session ID is set to the default value

C) Direct object references are insecure

D) Multiple HTTP parameters have the same name

15) Which of these is a type of cross-site scripting?

A) DOM-based XSS

B) Temporal XSS

C) Direct XSS

D) Kerberos XSS

16) One of the effects of any type of XSS attack is:

A) There is data loss or corruption in the affected databases

B) The victim does not realize that an attack has taken place

C) The target system becomes infected with malware

D) The connection to the server is lost and must be re-established

17) Which of these is not a way to mitigate XSS attacks?

A) Use the HTTPOnly cookie flag

B) Do not insert untrusted data except in allowed locations

C) Use HTML escape before inserting untrusted data into HTML element content

D) Use multi-factor authentication

18) What type of attack involves using multiple transparent layers to induce a user into clicking on a web button or link?

A) Man-in-the-middle

B) Clickjacking

C) HTML injection

D) Directory traversal exploit

19) Which of these is a way to prevent or mitigate directory traversal vulnerabilities?

A) Do not store sensitive configuration files in the web root directory

B) Prevent users from accessing a command prompt

C) Do not allow cookies to be stored on the local system

D) Disable web page debugging

20) A ______ occurs when an attacker is able to submit input into files or upload files to a server.

A) Remote file inclusion

B) Local file inclusion

C) Man-in-the-middle attack

D) Text injection