Cyber Security Questions and Answers – Attack Vectors – Web Application Vulnerabilities

«
»

This set of Tough Cyber Security Questions and Answers focuses on “Attack Vectors – Web Application Vulnerabilities”.

1. A _______________ is a program application which is stored on a remote-server & distributed over the Internet when a user uses a browser interface to request for such applications.
a) Android application
b) Web application
c) PC application
d) Cloud application
View Answer

Answer: b
Explanation: A Web application is a program application that is stored on a remote-server & distributed over the Internet when a user uses a browser interface to request for such applications.

2. Which of the following is not an example of web application hacking?
a) Defacing websites
b) Stealing credit card information
c) Reverse engineering PC apps
d) Exploiting server-side scripting
View Answer

Answer: c
Explanation: Reverse engineering PC apps is not an example of web application hacking. Stealing credit card information, reverse engineering PC apps, and exploiting server-side scripting are examples of web application hacking.

3. _______________ hacking refers to mistreatment of applications through HTTP or HTTPS that can be done by manipulating the web application through its graphical web interface or by tampering the Uniform Resource Identifier (URI).
a) Android application
b) Web application
c) PC application
d) Cloud application
View Answer

Answer: b
Explanation: Web application hacking can be defined as the mistreatment of applications through HTTP or HTTPS that can be done by manipulating the web application through its graphical web interface or by tampering the Uniform Resource Identifier (URI).
Note: Join free Sanfoundry classes at Telegram or Youtube
advertisement
advertisement

4. Which of the following is not an appropriate method of web application hacking?
a) XSS
b) CSRF
c) SQLi
d) Brute-force
View Answer

Answer: d
Explanation: The mistreatment of online services and applications that uses HTTP or HTTPS can be done by manipulating the web application through its graphical web interface. Popular hacking methods are XSS, CSRF, SQLi.

5. XSS stands for _________________
a) Crack Site Scripting
b) Cross Site Server
c) Cross Site Scripting
d) Crack Server Scripting
View Answer

Answer: c
Explanation: Cross-site scripting (XSS) is a kind of external injection attack on web-app security where an attacker injects some abnormal data, such as a malicious code/script to harm or lower down the reputation of trusted websites.
Take Cyber Security Mock Tests - Chapterwise!
Start the Test Now: Chapter 1, 2, 3, 4, 5, 6, 7, 8, 9, 10

6. Which of the following is not an example of web application hacking?
a) DNS Attack
b) Dumpster diving
c) Injecting Malicious code
d) Using the shell to destroy web application data
View Answer

Answer: b
Explanation: Domain Name Server (DNS) Attack, injecting Malicious code, using the shell to destroy web application data, exploiting server-side scripting are examples of web application hacking.

7. Which of the following is not a threat of web application?
a) Reverse engineering
b) Command injection
c) DMZ protocol attack
d) Buffer Overflow
View Answer

Answer: a
Explanation: Web applications are mistreated via HTTP or HTTPS for manipulating the web application through its graphical web interface and this technique is called Web application hacking. Web application threats are command injection, DMZ protocol attack, buffer overflow attack etc.
advertisement

8. Which of the following is not a threat of web application?
a) Session poisoning
b) Phishing
c) Cryptographic interception
d) Cookie snooping
View Answer

Answer: b
Explanation: Web application hacking is the mistreatment of online applications and services. Some web application threats are session poisoning, cryptographic interception, cookie snooping etc.

9. ________ Injection attack is a special attack done through character elements “Carriage Return” or “Line Feed.” Exploitation can be done when an attacker is capable to inject a CRLF series in an HTTP stream.
a) XSS
b) CSRF
c) CRLF
d) SQL
View Answer

Answer: c
Explanation: CRLF Injection attack is a special attack done through character elements “Carriage Return” or “Line Feed.” Exploitation can be done when an attacker is capable to inject a CRLF series in an HTTP stream.
advertisement

10. Which of the following scripting language is used for injecting executable malicious code for web-app hacking?
a) C++
b) Tcl
c) Frame-Script
d) JavaScript
View Answer

Answer: d
Explanation: Web application hacking can be defined as the mistreatment of applications through HTTP or HTTPS that can be done by manipulating the web application through its graphical web interface. JavaScript is used for injecting code for web-app hacking.

11. ______________ takes advantage if hidden fields that work as the only security measure in some applications.
a) Parameter tampering
b) Data tampering
c) Tampering of network topology
d) Protocol tampering
View Answer

Answer: a
Explanation: Parameter tampering takes advantage if hidden fields that work as the only security measure in some applications. Modifying this hidden field value will cause the web application to change according to new data incorporated.

12. _____________ is the attack method for decoding user credentials. Using this technique an attacker can log on as a user & gain access to unauthorized data.
a) Cache Snooping
b) Cookie-jacking
c) Cookie Snooping
d) Cache-compromising
View Answer

Answer: c
Explanation: Cookie Snooping is the attack method for decoding user credentials. Using this technique an attacker can log on as a user & gain access to unauthorized data.

13. Which of the following is not an example of web application hacking technique?
a) LDAP injection
b) Cryptanalysis
c) Race condition attack
d) OS command injection.
View Answer

Answer: b
Explanation: Cryptanalysis is the study of cipher-text & cryptosystems keeping in mind to improvise the crypto-algorithm by understanding how they work & finding alternate techniques. The rest three are examples of web application hacking techniques.

Sanfoundry Global Education & Learning Series – Cyber Security.

To practice tough questions and answers on all areas of Cyber Security, here is complete set of 1000+ Multiple Choice Questions and Answers.

advertisement
advertisement
Subscribe to our Newsletters (Subject-wise). Participate in the Sanfoundry Certification contest to get free Certificate of Merit. Join our social networks below and stay updated with latest contests, videos, internships and jobs!

Youtube | Telegram | LinkedIn | Instagram | Facebook | Twitter | Pinterest
Manish Bhojasia - Founder & CTO at Sanfoundry
Manish Bhojasia, a technology veteran with 20+ years @ Cisco & Wipro, is Founder and CTO at Sanfoundry. He lives in Bangalore, and focuses on development of Linux Kernel, SAN Technologies, Advanced C, Data Structures & Alogrithms. Stay connected with him at LinkedIn.

Subscribe to his free Masterclasses at Youtube & technical discussions at Telegram SanfoundryClasses.