This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Attack Vectors – Session Hijacking”.
1. _____________ attack is the exploitation of the web-session & its mechanism that is usually managed with a session token.
a) Session Hacking
b) Session Hijacking
c) Session Cracking
d) Session Compromising
View Answer
Explanation: Session Hijacking attack is the exploitation of the web-session & its mechanism that is usually managed with a session token. Mostly it is called TCP session hijacking that deals with a security attack on any target victim’s session over a protected network.
2. The most commonly used session hijacking attack is the _______________
a) IP hacking
b) IP spooling
c) IP spoofing
d) IP tracking
View Answer
Explanation: Session Hijacking is the utilization of a valid system session which is usually managed with a token. The most commonly used session hijacking attack is IP spoofing.
3. ________________ are required because HTTP uses a lot of diverse TCP connections, so, the web server needs a means to distinguish every user’s connections.
a) Internet
b) Network
c) Hijacking
d) Sessions
View Answer
Explanation: Sessions are required because HTTP uses a lot of diverse TCP connections, so, the web server needs the means to distinguish every user’s connections. Session hijacking attack is the exploitation of the web-session & its mechanism that is usually managed with a session token.
4. Since most _______________________ occur at the very beginning of the TCP session, this allows hackers to gain access to any system.
a) authentications
b) breaches
c) integrations
d) associations
View Answer
Explanation: TCP session hijacking that deals with a security attack on any target victim’s session over a protected network. Since most authentications occur at the very beginning of the TCP session, this allows hackers to gain access to any machine.
5. _______________ is done only after the target user has connected to the server.
a) Server hacking
b) Banner grabbing
c) Cracking
d) Hijacking
View Answer
Explanation: Hijacking is done only after the target user has connected to the server. Session hijacking attack is the misuse of the web-session that is usually handled with a session token.
6. In _______________ attack, the attacker doesn’t actively take over another user to perform the attack.
a) phishing
b) spoofing
c) hijacking
d) vishing
View Answer
Explanation: In a spoofing attack, the attacker doesn’t actively take over another user to perform the attack. The most commonly used session hijacking attack is IP spoofing.
7. There are ___________ types of session hijacking.
a) 2
b) 3
c) 4
d) 5
View Answer
Explanation: The session hijacking is a form of web attack usually managed with a session token. There are two types of session hijacking. These are active and passive session hijacking.
8. With ___________________ attack, an attacker hijacks a session but do not alter anything. They just sit back and watch or record all the traffic and data being sent forth.
a) network session hijacking
b) passive session hijacking
c) active session hijacking
d) social-networking session hijacking
View Answer
Explanation: There are 2 types of session hijacking viz. active and passive session hijacking. With a passive session hijacking attack, an attacker hijacks a session but do not alter anything. They just sit back and watch or record all the traffic and data being sent forth.
9. In an _________________ attack, an attacker finds an active session & takes over that session.
a) network session hijacking
b) passive session hijacking
c) active session hijacking
d) social-networking session hijacking
View Answer
Explanation: There are 2 types of session hijacking. These are active and passive session hijacking. In an active session hijacking attack, an attacker finds an active session & takes over that session.
10. Session hijacking takes place at ____________ number of levels.
a) five
b) four
c) three
d) two
View Answer
Explanation: Session Hijacking works based on the principle of system’s sessions. Session hijacking takes place at two levels. These are network level and application level hijacking.
11. The ______________ hijacking is implemented on the data flow of protocol shared by all web applications.
a) network level
b) physical level
c) application level
d) data level
View Answer
Explanation: TCP session hijacking that deals with a security attack on any target victim’s session over a protected network. The network hijacking is implemented on the data flow of protocol shared by all web applications.
12. Which of the following example do not comes under network level session hijacking.
a) TCP/IP Hijacking
b) RST Hijacking
c) Domain Hijacking
d) Blind Hijacking
View Answer
Explanation: The network hijacking is implemented on the data flow of protocol shared by all web applications. Examples of network level hijacking are TCP/IP hijacking, RST hijacking, blind hijacking UDP hijacking etc.
13. In ___________________ session hijacking, hackers gain session ID for taking control of existing session or even create a new unauthorized session.
a) network level
b) physical level
c) application level
d) data level
View Answer
Explanation: In application level session hijacking, hackers gain session ID for taking control of existing session or even create a new unauthorized session.
14. Which of them is not a session hijacking tool?
a) Juggernaut
b) IP watcher
c) Wireshark
d) Paros HTTP Hijacker
View Answer
Explanation: The session depicts the time period in which communication of 2 computer systems takes place. Some of the sessions hijacking tools are Jiggernaut, IP watcher and Paros HTTP Hijacker.
15. Which of the following is a session hijacking tool?
a) T-Sight
b) Wireshark
c) Maltego
d) Nessus
View Answer
Explanation: The session remains valid up to the ending of any communication. Some of the sessions hijacking tools are T-Sight, Jiggernaut, IP watcher and Paros HTTP Hijacker.
16. Hjksuite Tool is a collection of programs for hijacking. It contains a library called hjklib which can help in implementing TCP/IP stack-over hijacking.
a) True
b) False
View Answer
Explanation: Hjksuite tool is a collection of programs used for session hijacking. It contains a library called hjklib which can help in implementing TCP/IP stack-over hijacking.
Sanfoundry Global Education & Learning Series – Cyber Security.
To practice all areas of Cyber Security, here is complete set of 1000+ Multiple Choice Questions and Answers.
If you find a mistake in question / option / answer, kindly take a screenshot and email to [email protected]
- Practice Cryptography & Network Security MCQ
- Practice Computer Science MCQs
- Check Computer Science Books
- Practice Programming MCQs
- Check Programming Books
