Cyber Security Questions and Answers – Attack Vectors – Session Hijacking

This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack Vectors – Session Hijacking”.

1. _____________ attack is the exploitation of the web-session & its mechanism that is usually managed with a session token.
a) Session Hacking
b) Session Hijacking
c) Session Cracking
d) Session Compromising
View Answer

Answer: b
Explanation: Session Hijacking attack is the exploitation of the web-session & its mechanism that is usually managed with a session token. Mostly it is called TCP session hijacking that deals with a security attack on any target victim’s session over a protected network.

2. The most commonly used session hijacking attack is the _______________
a) IP hacking
b) IP spooling
c) IP spoofing
d) IP tracking
View Answer

Answer: c
Explanation: Session Hijacking is the utilization of a valid system session  which is usually managed with a token. The most commonly used session hijacking attack is IP spoofing.

3. ________________ are required because HTTP uses a lot of diverse TCP connections, so, the web server needs a means to distinguish every user’s connections.
a) Internet
b) Network
c) Hijacking
d) Sessions
View Answer

Answer: d
Explanation: Sessions are required because HTTP uses a lot of diverse TCP connections, so, the web server needs the means to distinguish every user’s connections. Session hijacking attack is the exploitation of the web-session & its mechanism that is usually managed with a session token.
advertisement
advertisement

4. Since most _______________________ occur at the very beginning of the TCP session, this allows hackers to gain access to any system.
a) authentications
b) breaches
c) integrations
d) associations
View Answer

Answer: a
Explanation: TCP session hijacking that deals with a security attack on any target victim’s session over a protected network. Since most authentications occur at the very beginning of the TCP session, this allows hackers to gain access to any machine.

5. _______________ is done only after the target user has connected to the server.
a) Server hacking
b) Banner grabbing
c) Cracking
d) Hijacking
View Answer

Answer: d
Explanation: Hijacking is done only after the target user has connected to the server. Session hijacking attack is the misuse of the web-session that is usually handled with a session token.

6. In _______________ attack, the attacker doesn’t actively take over another user to perform the attack.
a) phishing
b) spoofing
c) hijacking
d) vishing
View Answer

Answer: b
Explanation: In a spoofing attack, the attacker doesn’t actively take over another user to perform the attack. The most commonly used session hijacking attack is IP spoofing.

7. There are ___________ types of session hijacking.
a) 2
b) 3
c) 4
d) 5
View Answer

Answer: a
Explanation: The session hijacking is a form of web attack usually managed with a session token. There are two types of session hijacking. These are active and passive session hijacking.
advertisement

8. With ___________________ attack, an attacker hijacks a session but do not alter anything. They just sit back and watch or record all the traffic and data being sent forth.
a) network session hijacking
b) passive session hijacking
c) active session hijacking
d) social-networking session hijacking
View Answer

Answer: b
Explanation: There are 2 types of session hijacking viz. active and passive session hijacking. With a passive session hijacking attack, an attacker hijacks a session but do not alter anything. They just sit back and watch or record all the traffic and data being sent forth.

9. In an _________________ attack, an attacker finds an active session & takes over that session.
a) network session hijacking
b) passive session hijacking
c) active session hijacking
d) social-networking session hijacking
View Answer

Answer: c
Explanation: There are 2 types of session hijacking. These are active and passive session hijacking. In an active session hijacking attack, an attacker finds an active session & takes over that session.
advertisement

10. Session hijacking takes place at ____________ number of levels.
a) five
b) four
c) three
d) two
View Answer

Answer: d
Explanation: Session Hijacking works based on the principle of system’s sessions. Session hijacking takes place at two levels. These are network level and application level hijacking.

11. The ______________ hijacking is implemented on the data flow of protocol shared by all web applications.
a) network level
b) physical level
c) application level
d) data level
View Answer

Answer: a
Explanation: TCP session hijacking that deals with a security attack on any target victim’s session over a protected network. The network hijacking is implemented on the data flow of protocol shared by all web applications.

12. Which of the following example do not comes under network level session hijacking.
a) TCP/IP Hijacking
b) RST Hijacking
c) Domain Hijacking
d) Blind Hijacking
View Answer

Answer: c
Explanation: The network hijacking is implemented on the data flow of protocol shared by all web applications. Examples of network level hijacking are TCP/IP hijacking, RST hijacking, blind hijacking UDP hijacking etc.

13. In ___________________ session hijacking, hackers gain session ID for taking control of existing session or even create a new unauthorized session.
a) network level
b) physical level
c) application level
d) data level
View Answer

Answer: c
Explanation: In application level session hijacking, hackers gain session ID for taking control of existing session or even create a new unauthorized session.

14. Which of them is not a session hijacking tool?
a) Juggernaut
b) IP watcher
c) Wireshark
d) Paros HTTP Hijacker
View Answer

Answer: c
Explanation: The session depicts the time period in which communication of 2 computer systems takes place. Some of the sessions hijacking tools are Jiggernaut, IP watcher and Paros HTTP Hijacker.

15. Which of the following is a session hijacking tool?
a) T-Sight
b) Wireshark
c) Maltego
d) Nessus
View Answer

Answer: a
Explanation: The session remains valid up to the ending of any communication. Some of the sessions hijacking tools are T-Sight, Jiggernaut, IP watcher and Paros HTTP Hijacker.

16. Hjksuite Tool is a collection of programs for hijacking. It contains a library called hjklib which can help in implementing TCP/IP stack-over hijacking.
a) True
b) False
View Answer

Answer: a
Explanation: Hjksuite tool is a collection of programs used for session hijacking. It contains a library called hjklib which can help in implementing TCP/IP stack-over hijacking.

Sanfoundry Global Education & Learning Series – Cyber Security.

To practice all areas of Cyber Security, here is complete set of 1000+ Multiple Choice Questions and Answers.

advertisement
advertisement
Subscribe to our Newsletters (Subject-wise). Participate in the Sanfoundry Certification contest to get free Certificate of Merit. Join our social networks below and stay updated with latest contests, videos, internships and jobs!

Youtube | Telegram | LinkedIn | Instagram | Facebook | Twitter | Pinterest
Manish Bhojasia - Founder & CTO at Sanfoundry
Manish Bhojasia, a technology veteran with 20+ years @ Cisco & Wipro, is Founder and CTO at Sanfoundry. He lives in Bangalore, and focuses on development of Linux Kernel, SAN Technologies, Advanced C, Data Structures & Alogrithms. Stay connected with him at LinkedIn.

Subscribe to his free Masterclasses at Youtube & discussions at Telegram SanfoundryClasses.