250+ TOP MCQs on Attack Vectors – Web Application Vulnerabilities

Tough Cyber Security Questions and Answers on “Attack Vectors – Web Application Vulnerabilities”.

1. A _______________ is a program application which is stored on a remote-server & distributed over the Internet when a user uses a browser interface to request for such applications.
a) Android application
b) Web application
c) PC application
d) Cloud application

Answer: b
Clarification: A Web application is a program application that is stored on a remote-server & distributed over the Internet when a user uses a browser interface to request for such applications.

2. Which of the following is not an example of web application hacking?
a) Defacing websites
b) Stealing credit card information
c) Reverse engineering PC apps
d) Exploiting server-side scripting

Answer: c
Clarification: Reverse engineering PC apps is not an example of web application hacking. Stealing credit card information, reverse engineering PC apps, and exploiting server-side scripting are examples of web application hacking.

3. _______________ hacking refers to mistreatment of applications through HTTP or HTTPS that can be done by manipulating the web application through its graphical web interface or by tampering the Uniform Resource Identifier (URI).
a) Android application
b) Web application
c) PC application
d) Cloud application

Answer: b
Clarification: Web application hacking can be defined as the mistreatment of applications through HTTP or HTTPS that can be done by manipulating the web application through its graphical web interface or by tampering the Uniform Resource Identifier (URI).

4. Which of the following is not an appropriate method of web application hacking?
a) XSS
b) CSRF
c) SQLi
d) Brute-force

Answer: d
Clarification: The mistreatment of online services and applications that uses HTTP or HTTPS can be done by manipulating the web application through its graphical web interface. Popular hacking methods are XSS, CSRF, SQLi.

5. XSS stands for _________________
a) Crack Site Scripting
b) Cross Site Server
c) Cross Site Scripting
d) Crack Server Scripting

Answer: c
Clarification: Cross-site scripting (XSS) is a kind of external injection attack on web-app security where an attacker injects some abnormal data, such as a malicious code/script to harm or lower down the reputation of trusted websites.

6. Which of the following is not an example of web application hacking?
a) DNS Attack
b) Dumpster diving
c) Injecting Malicious code
d) Using the shell to destroy web application data

Answer: b
Clarification: Domain Name Server (DNS) Attack, injecting Malicious code, using the shell to destroy web application data, exploiting server-side scripting are examples of web application hacking.

7. Which of the following is not a threat of web application?
a) Reverse engineering
b) Command injection
c) DMZ protocol attack
d) Buffer Overflow

Answer: a
Clarification: Web applications are mistreated via HTTP or HTTPS for manipulating the web application through its graphical web interface and this technique is called Web application hacking. Web application threats are command injection, DMZ protocol attack, buffer overflow attack etc.

8. Which of the following is not a threat of web application?
a) Session poisoning
b) Phishing
c) Cryptographic interception
d) Cookie snooping

Answer: b
Clarification: Web application hacking is the mistreatment of online applications and services. Some web application threats are session poisoning, cryptographic interception, cookie snooping etc.

9. ________ Injection attack is a special attack done through character elements “Carriage Return” or “Line Feed.” Exploitation can be done when an attacker is capable to inject a CRLF series in an HTTP stream.
a) XSS
b) CSRF
c) CRLF
d) SQL

Answer: c
Clarification: CRLF Injection attack is a special attack done through character elements “Carriage Return” or “Line Feed.” Exploitation can be done when an attacker is capable to inject a CRLF series in an HTTP stream.

10. Which of the following scripting language is used for injecting executable malicious code for web-app hacking?
a) C++
b) Tcl
c) Frame-Script
d) JavaScript

Answer: d
Clarification: Web application hacking can be defined as the mistreatment of applications through HTTP or HTTPS that can be done by manipulating the web application through its graphical web interface. JavaScript is used for injecting code for web-app hacking.

11. ______________ takes advantage if hidden fields that work as the only security measure in some applications.
a) Parameter tampering
b) Data tampering
c) Tampering of network topology
d) Protocol tampering

Answer: a
Clarification: Parameter tampering takes advantage if hidden fields that work as the only security measure in some applications. Modifying this hidden field value will cause the web application to change according to new data incorporated.

12. _____________ is the attack method for decoding user credentials. Using this technique an attacker can log on as a user & gain access to unauthorized data.
a) Cache Snooping
b) Cookie-jacking
c) Cookie Snooping
d) Cache-compromising

Answer: c
Clarification: Cookie Snooping is the attack method for decoding user credentials. Using this technique an attacker can log on as a user & gain access to unauthorized data.

13. Which of the following is not an example of web application hacking technique?
a) LDAP injection
b) Cryptanalysis
c) Race condition attack
d) OS command injection.

Answer: b
Clarification: Cryptanalysis is the study of cipher-text & cryptosystems keeping in mind to improvise the crypto-algorithm by understanding how they work & finding alternate techniques. The rest three are examples of web application hacking techniques.

Leave a Reply

Your email address will not be published. Required fields are marked *