Logo Light

Web Penetration Testing – Exploiting Web Applications – MCQ Questions

by | Feb 25, 2025

1. What is the most common attack used to exploit SQL Injection vulnerabilities?

  • A) Brute force attack
  • B) Command Injection
  • C) Arbitrary File Upload
  • D) UNION-based query manipulation
  • Answer: D) UNION-based query manipulation
  • Explanation: UNION-based SQL Injection is a common technique where an attacker appends a UNION SELECT statement to extract sensitive database information.

2. Which HTTP header can be manipulated to perform a Host Header Attack?

  • A) User-Agent
  • B) Referrer
  • C) Host
  • D) Content-Type
  • Answer: C) Host
  • Explanation: By modifying the Host header, an attacker can bypass security checks, exploit virtual host misconfigurations, or conduct phishing attacks.

3. What type of XSS attack occurs when the injected script is stored on the server and executed when viewed by users?

  • A) Reflected XSS
  • B) DOM-based XSS
  • C) Stored XSS
  • D) Blind XSS
  • Answer: C) Stored XSS
  • Explanation: Stored XSS occurs when malicious scripts are permanently stored on the server and executed when a user accesses the affected page.

4. What is the primary goal of a Cross-Site Request Forgery (CSRF) attack?

  • A) Execute arbitrary JavaScript
  • B) Trick users into making unauthorized requests
  • C) Exploit weak session cookies
  • D) Inject malicious code into a web page
  • Answer: B) Trick users into making unauthorized requests
  • Explanation: CSRF tricks an authenticated user into performing unwanted actions, such as transferring funds or changing account settings.

5. In a Blind SQL Injection attack, how does an attacker determine if the attack was successful?

  • A) By retrieving database contents directly
  • B) By observing changes in page behavior
  • C) By capturing network traffic
  • D) By brute-forcing passwords
  • Answer: B) By observing changes in page behavior
  • Explanation: Blind SQL Injection relies on Boolean-based or time-based techniques to infer database responses when direct output is not available.

6. What is the purpose of a Web Application Firewall (WAF)?

  • A) Encrypt user data
  • B) Block network-layer attacks
  • C) Filter malicious HTTP requests
  • D) Prevent denial-of-service attacks
  • Answer: C) Filter malicious HTTP requests
  • Explanation: A WAF inspects HTTP/S traffic and blocks malicious requests that match attack patterns like SQL Injection or XSS.

7. Which vulnerability allows an attacker to execute system commands through a web application?

  • A) SQL Injection
  • B) Cross-Site Scripting (XSS)
  • C) Command Injection
  • D) Insecure Direct Object Reference (IDOR)
  • Answer: C) Command Injection
  • Explanation: Command Injection occurs when user inputs are not properly sanitized, allowing execution of system-level commands.

8. What attack exploits weak password reset mechanisms in web applications?

  • A) IDOR
  • B) Clickjacking
  • C) Account Takeover
  • D) Open Redirect
  • Answer: C) Account Takeover
  • Explanation: If a password reset function lacks verification checks, attackers can hijack user accounts by guessing or modifying reset tokens.

9. What is the primary weakness in an Insecure Direct Object Reference (IDOR) attack?

  • A) Weak encryption
  • B) Poor session management
  • C) Lack of access control checks
  • D) Use of outdated TLS versions
  • Answer: C) Lack of access control checks
  • Explanation: IDOR occurs when direct access to objects (files, IDs, records) is not properly restricted, allowing unauthorized data access.

10. Which attack manipulates HTTP request parameters to access unauthorized information?

  • A) Parameter Tampering
  • B) XSS
  • C) Session Fixation
  • D) Broken Authentication
  • Answer: A) Parameter Tampering
  • Explanation: Attackers modify hidden form fields, URL parameters, or cookies to bypass security controls or change data values.

11. What is the primary risk of an Open Redirect vulnerability?

  • A) Session hijacking
  • B) Phishing attacks
  • C) Buffer overflow
  • D) Remote Code Execution
  • Answer: B) Phishing attacks
  • Explanation: Attackers exploit Open Redirects to send users to malicious websites, often used in phishing campaigns.

12. How does Clickjacking work?

  • A) Injecting malicious JavaScript
  • B) Hiding an iframe to trick users into clicking
  • C) Redirecting users to malicious sites
  • D) Exploiting weak session management
  • Answer: B) Hiding an iframe to trick users into clicking
  • Explanation: Clickjacking overlays a hidden iframe to mislead users into clicking buttons or performing unintended actions.

13. What security header helps prevent XSS attacks?

  • A) Content-Type
  • B) X-Frame-Options
  • C) Content Security Policy (CSP)
  • D) Referrer-Policy
  • Answer: C) Content Security Policy (CSP)
  • Explanation: CSP restricts JavaScript execution sources, reducing the impact of XSS attacks.

14. Which OWASP Top 10 vulnerability relates to broken session management?

  • A) A1: Injection
  • B) A2: Broken Authentication
  • C) A4: XML External Entity (XXE)
  • D) A6: Security Misconfiguration
  • Answer: B) A2: Broken Authentication
  • Explanation: Broken authentication issues occur when session tokens are predictable, poorly protected, or reused.

15. What is a major risk in improperly configured CORS policies?

  • A) Denial of Service
  • B) Unauthorized cross-domain requests
  • C) Buffer Overflow
  • D) SQL Injection
  • Answer: B) Unauthorized cross-domain requests
  • Explanation: Misconfigured Cross-Origin Resource Sharing (CORS) allows unauthorized websites to access sensitive data.

16. What is a common defense against SQL Injection?

  • A) Disabling JavaScript
  • B) Using prepared statements
  • C) Encrypting database fields
  • D) Limiting session duration
  • Answer: B) Using prepared statements
  • Explanation: Prepared statements ensure user inputs are properly sanitized, preventing SQL Injection.

17. Which tool is commonly used for automating web vulnerability scanning?

  • A) Nmap
  • B) Wireshark
  • C) Burp Suite
  • D) Metasploit
  • Answer: C) Burp Suite
  • Explanation: Burp Suite is widely used for web penetration testing, including intercepting, modifying, and testing HTTP requests.

18. What is a key indicator of Broken Access Control?

  • A) Use of weak encryption
  • B) Unauthorized access to restricted pages
  • C) Lack of security headers
  • D) Expired SSL certificates
  • Answer: B) Unauthorized access to restricted pages

19. What type of attack involves injecting malicious JavaScript into a web application that is executed within a victim’s browser?

  • A) SQL Injection
  • B) Cross-Site Scripting (XSS)
  • C) Command Injection
  • D) Buffer Overflow
  • Answer: B) Cross-Site Scripting (XSS)
  • Explanation: XSS allows attackers to execute JavaScript in a victim’s browser, often used for stealing cookies or performing malicious actions.

20. Which HTTP method should be restricted to prevent unintended file modifications in a web application?

  • A) GET
  • B) POST
  • C) PUT
  • D) HEAD
  • Answer: C) PUT
  • Explanation: The PUT method allows clients to upload or modify files on the server. If not properly restricted, attackers can overwrite or upload malicious files.

21. What is a common way to exploit a web application’s file upload functionality?

  • A) Uploading a large file to crash the server
  • B) Uploading a script with an executable extension
  • C) Modifying HTML forms
  • D) Sending HTTP requests with a spoofed User-Agent
  • Answer: B) Uploading a script with an executable extension
  • Explanation: Attackers exploit insecure file upload mechanisms to upload malicious scripts (e.g., .php, .jsp, .aspx) for Remote Code Execution (RCE).

22. How can an attacker exploit a web application with weak password policies?

  • A) By performing a SQL Injection
  • B) By performing a brute force attack
  • C) By sending malformed HTTP requests
  • D) By modifying JavaScript in the browser
  • Answer: B) By performing a brute force attack
  • Explanation: Weak password policies enable attackers to brute force login credentials, especially if rate-limiting is not enforced.

23. What is a common misconfiguration that can lead to sensitive data exposure?

  • A) Using short URLs
  • B) Enabling directory listing on the web server
  • C) Disabling error messages
  • D) Using a CDN for content delivery
  • Answer: B) Enabling directory listing on the web server
  • Explanation: If directory listing is enabled, attackers can browse and access sensitive files like config.php, .env, or database.sql.

24. What can be exploited if an application fails to implement proper session expiration?

  • A) Cross-Site Scripting
  • B) Session Hijacking
  • C) DNS Spoofing
  • D) SQL Injection
  • Answer: B) Session Hijacking
  • Explanation: Without proper session expiration, an attacker can reuse stolen session tokens to maintain unauthorized access.

25. What does the “SameSite” cookie attribute help prevent?

  • A) Clickjacking
  • B) Cross-Site Request Forgery (CSRF)
  • C) Cross-Site Scripting (XSS)
  • D) SQL Injection
  • Answer: B) Cross-Site Request Forgery (CSRF)
  • Explanation: The SameSite cookie attribute ensures cookies are not sent with cross-site requests, reducing CSRF attack risk.

26. What attack is possible if user input is improperly handled in XML-based applications?

  • A) XXE Injection
  • B) Broken Authentication
  • C) Cross-Site Scripting
  • D) Remote File Inclusion
  • Answer: A) XXE Injection
  • Explanation: XML External Entity (XXE) attacks exploit improperly processed XML input to read files, perform SSRF, or execute Denial-of-Service (DoS) attacks.

27. What attack exploits trust between a client and server to execute unauthorized actions on behalf of a user?

  • A) CSRF
  • B) IDOR
  • C) DNS Poisoning
  • D) LFI
  • Answer: A) CSRF
  • Explanation: CSRF tricks users into unintentionally submitting a request that performs an action on their behalf.

28. What attack technique is used in HTTP request smuggling?

  • A) Sending malformed HTTP requests
  • B) Injecting JavaScript into HTML
  • C) Overwriting session cookies
  • D) Performing ARP spoofing
  • Answer: A) Sending malformed HTTP requests
  • Explanation: HTTP Request Smuggling manipulates HTTP headers to desynchronize how front-end and back-end servers process requests.

29. What is the impact of an insecure deserialization vulnerability?

  • A) Buffer overflow
  • B) Remote Code Execution (RCE)
  • C) DNS Spoofing
  • D) SQL Injection
  • Answer: B) Remote Code Execution (RCE)
  • Explanation: Insecure deserialization allows attackers to manipulate serialized objects to execute arbitrary code.

30. How can a web application prevent path traversal attacks?

  • A) Disabling JavaScript
  • B) Validating and sanitizing file paths
  • C) Using weak encryption
  • D) Encrypting HTTP requests
  • Answer: B) Validating and sanitizing file paths
  • Explanation: Proper input validation and restricting directory access prevent path traversal attacks like ../../etc/passwd.

31. Which technique helps prevent session fixation attacks?

  • A) Using a CAPTCHA
  • B) Regenerating session IDs after login
  • C) Storing session IDs in cookies
  • D) Using URL-based session IDs
  • Answer: B) Regenerating session IDs after login
  • Explanation: Regenerating session tokens ensures attackers cannot force users to use predefined session IDs.

32. What is the primary purpose of a Content Security Policy (CSP)?

  • A) Preventing SQL Injection
  • B) Mitigating XSS attacks
  • C) Preventing CSRF
  • D) Stopping DoS attacks
  • Answer: B) Mitigating XSS attacks
  • Explanation: CSP restricts JavaScript execution sources, preventing inline or external script injection.

33. How does an attacker exploit a weak JWT (JSON Web Token)?

  • A) By modifying the “alg” field to “none”
  • B) By modifying HTML attributes
  • C) By sending invalid HTTP requests
  • D) By injecting SQL queries
  • Answer: A) By modifying the “alg” field to “none”
  • Explanation: If a JWT uses “none” as the algorithm, an attacker can modify and sign tokens without needing a secret key.

34. Which attack can be prevented by implementing HTTP Strict Transport Security (HSTS)?

  • A) Session Hijacking
  • B) Man-in-the-Middle (MITM)
  • C) SQL Injection
  • D) Command Injection
  • Answer: B) Man-in-the-Middle (MITM)
  • Explanation: HSTS forces HTTPS-only communication, protecting against downgrade attacks and MITM attacks.

35. What is a key security risk of using weak encryption algorithms?

  • A) Vulnerability to brute force attacks
  • B) Excessive server load
  • C) Increased network latency
  • D) Reduced user experience
  • Answer: A) Vulnerability to brute force attacks
  • Explanation: Weak encryption (e.g., MD5, SHA1) is easily cracked via brute force and rainbow table attacks.

36. What is a key method to prevent clickjacking attacks?

  • A) Using HTTPS
  • B) Implementing the X-Frame-Options header
  • C) Encrypting session tokens
  • D) Using a CAPTCHA
  • Answer: B) Implementing the X-Frame-Options header
  • Explanation: The X-Frame-Options header prevents websites from being loaded inside iframes, mitigating clickjacking attacks.

37. What is a critical risk of exposing an administrative interface without authentication?

  • A) Increased page load time
  • B) Unauthorized access and privilege escalation
  • C) Weak encryption
  • D) Reduced database performance
  • Answer: B) Unauthorized access and privilege escalation
  • Explanation: Publicly exposed admin panels can lead to unauthorized access, data breaches, and system takeovers.

38. Which attack allows an attacker to manipulate JSON-based API responses?

  • A) SQL Injection
  • B) Cross-Site Script Inclusion (XSSI)
  • C) CSRF
  • D) Broken Authentication
  • Answer: B) Cross-Site Script Inclusion (XSSI)
  • Explanation: XSSI allows an attacker to steal JSON API responses by injecting scripts that exploit cross-domain vulnerabilities.

39. What is the primary impact of an insecure CORS configuration?

  • A) Remote Code Execution
  • B) Unauthorized cross-origin access
  • C) Buffer Overflow
  • D) Denial of Service
  • Answer: B) Unauthorized cross-origin access
  • Explanation: Misconfigured CORS (Cross-Origin Resource Sharing) allows untrusted domains to access sensitive data via APIs.

40. What is the role of a CAPTCHA in web security?

  • A) Prevents SQL Injection
  • B) Mitigates automated bot attacks
  • C) Encrypts user input
  • D) Blocks network-layer attacks
  • Answer: B) Mitigates automated bot attacks
  • Explanation: CAPTCHAs are designed to differentiate between humans and bots, preventing brute force and credential stuffing attacks.

41. What vulnerability arises when a web app fails to limit repeated login attempts?

  • A) Cross-Site Scripting (XSS)
  • B) Credential Stuffing
  • C) SQL Injection
  • D) Directory Traversal
  • Answer: B) Credential Stuffing
  • Explanation: Attackers use previously leaked credentials in automated login attempts when no rate-limiting or account lockout mechanisms exist.

42. What is a common mistake that leads to sensitive information disclosure in error messages?

  • A) Allowing HTTP methods other than GET and POST
  • B) Displaying stack traces or SQL errors
  • C) Using JavaScript libraries in a CDN
  • D) Implementing multi-factor authentication
  • Answer: B) Displaying stack traces or SQL errors
  • Explanation: Verbose error messages reveal details like database structure, technology stack, or application logic, aiding attackers.

43. What is an effective defense against brute force login attacks?

  • A) Using session-based authentication
  • B) Implementing account lockout after failed attempts
  • C) Disabling password resets
  • D) Enabling auto-login for users
  • Answer: B) Implementing account lockout after failed attempts
  • Explanation: Account lockout prevents brute force attacks by temporarily disabling accounts after multiple incorrect login attempts.

44. Which web security vulnerability allows unauthorized execution of backend system commands?

  • A) File Inclusion
  • B) Command Injection
  • C) XSS
  • D) SQL Injection
  • Answer: B) Command Injection
  • Explanation: Command Injection exploits insufficient input validation to execute operating system commands on the server.

45. What is the best practice to protect against XML External Entity (XXE) attacks?

  • A) Using JSON instead of XML
  • B) Enabling directory listing
  • C) Allowing unrestricted API calls
  • D) Disabling external entity processing in XML parsers
  • Answer: D) Disabling external entity processing in XML parsers
  • Explanation: Disabling external entity processing prevents XXE attacks, which can expose sensitive files or cause denial of service.

46. How does an attacker exploit an open database connection in a web application?

  • A) Sending a large number of API requests
  • B) Running unauthorized SQL queries
  • C) Injecting malicious JavaScript
  • D) Modifying authentication cookies
  • Answer: B) Running unauthorized SQL queries
  • Explanation: Unprotected database connections allow attackers to execute SQL Injection attacks and retrieve or modify data.

47. What is a potential risk of storing passwords in plain text?

  • A) Increased server response time
  • B) Easy password cracking if data is breached
  • C) Improved user experience
  • D) Prevention of brute force attacks
  • Answer: B) Easy password cracking if data is breached
  • Explanation: Plain text passwords are a serious security risk, as attackers can read them directly without decryption.

48. What is an attacker trying to achieve with a buffer overflow attack on a web application?

  • A) Execute arbitrary code
  • B) Modify database schema
  • C) Redirect traffic to another site
  • D) Change CSS styles
  • Answer: A) Execute arbitrary code
  • Explanation: Buffer overflows can allow attackers to inject and execute malicious code on the server or client.

49. What is the key security concern with using outdated third-party libraries in web applications?

  • A) Slower application performance
  • B) Introduction of known vulnerabilities
  • C) Increased maintenance costs
  • D) Lack of user engagement
  • Answer: B) Introduction of known vulnerabilities
  • Explanation: Older libraries often contain unpatched security flaws, making applications vulnerable to exploitation.

50. What is an effective measure against CSRF attacks?

  • A) Using CAPTCHA on login pages
  • B) Implementing CSRF tokens in requests
  • C) Disabling JavaScript
  • D) Encrypting HTTP requests
  • Answer: B) Implementing CSRF tokens in requests
  • Explanation: CSRF tokens ensure that requests originate from legitimate users, preventing forged requests.

51. What is a critical security flaw in allowing users to input unrestricted HTML?

  • A) SQL Injection
  • B) Remote Code Execution
  • C) XSS (Cross-Site Scripting)
  • D) CSRF
  • Answer: C) XSS (Cross-Site Scripting)
  • Explanation: If HTML input is not sanitized, attackers can inject malicious JavaScript into web pages.

52. How can an attacker exploit weak session cookies?

  • A) By forcing a user to re-authenticate
  • B) By predicting or stealing session cookies
  • C) By modifying HTTP headers
  • D) By slowing down the application
  • Answer: B) By predicting or stealing session cookies
  • Explanation: Weak or non-secure session cookies can be stolen or guessed, leading to session hijacking.

53. What security mechanism prevents an attacker from modifying cookies in a browser?

  • A) HttpOnly attribute
  • B) Disabling JavaScript
  • C) Using a stronger encryption algorithm
  • D) Implementing CAPTCHA
  • Answer: A) HttpOnly attribute
  • Explanation: HttpOnly prevents JavaScript from accessing cookies, mitigating XSS-based cookie theft.

54. What vulnerability can arise from using weak password hashing algorithms like MD5 and SHA1?

  • A) Remote Code Execution
  • B) Brute force and rainbow table attacks
  • C) Clickjacking
  • D) Cross-Site Request Forgery (CSRF)
  • Answer: B) Brute force and rainbow table attacks
  • Explanation: Weak hashing algorithms like MD5 and SHA1 are susceptible to rainbow table attacks, making password recovery easy for attackers.

55. What is a potential risk of exposing API keys in client-side JavaScript?

  • A) Increased website load times
  • B) Unauthorized API access by attackers
  • C) Cross-Site Scripting (XSS)
  • D) Secure data encryption
  • Answer: B) Unauthorized API access by attackers
  • Explanation: Exposed API keys can be used by attackers to abuse APIs, access sensitive data, or perform unauthorized actions.

56. Which vulnerability is exploited when an attacker alters the ‘Referer’ header to bypass security checks?

  • A) Open Redirect
  • B) Referer Header Manipulation
  • C) Clickjacking
  • D) Session Fixation
  • Answer: B) Referer Header Manipulation
  • Explanation: Some applications rely on Referer headers for security checks, and attackers can manipulate them to bypass restrictions.

57. What is the primary purpose of implementing multi-factor authentication (MFA)?

  • A) Preventing SQL Injection
  • B) Enhancing user experience
  • C) Strengthening authentication security
  • D) Encrypting user passwords
  • Answer: C) Strengthening authentication security
  • Explanation: MFA adds an extra layer of security by requiring multiple verification factors (e.g., password + OTP).

58. How does an attacker exploit an insecure object reference (IDOR)?

  • A) By modifying URL parameters to access unauthorized data
  • B) By injecting SQL queries
  • C) By executing JavaScript in a victim’s browser
  • D) By brute-forcing login credentials
  • Answer: A) By modifying URL parameters to access unauthorized data
  • Explanation: IDOR occurs when an application exposes object references (like user IDs or file names) without proper access controls.

59. What is a common security risk associated with using hardcoded credentials in source code?

  • A) Improved user experience
  • B) Potential exposure through code leaks
  • C) Slower application performance
  • D) Increased network traffic
  • Answer: B) Potential exposure through code leaks
  • Explanation: Hardcoded credentials can leak via source code repositories (e.g., GitHub) and be exploited by attackers.

60. What type of attack occurs when an attacker injects code into an application’s client-side JavaScript execution?

  • A) SQL Injection
  • B) Cross-Site Scripting (XSS)
  • C) CSRF
  • D) LDAP Injection
  • Answer: B) Cross-Site Scripting (XSS)
  • Explanation: XSS attacks inject malicious JavaScript, allowing attackers to steal cookies, deface sites, or hijack user sessions.

61. What does HTTP Response Splitting exploit?

  • A) Manipulated response headers to inject malicious payloads
  • B) SQL Injection vulnerabilities
  • C) Cross-Site Scripting flaws
  • D) Directory Traversal vulnerabilities
  • Answer: A) Manipulated response headers to inject malicious payloads
  • Explanation: HTTP Response Splitting allows attackers to split server responses, leading to cache poisoning, XSS, or header injection.

62. What is a major risk of improper CORS configuration?

  • A) Unauthorized access from malicious websites
  • B) Increased latency in API responses
  • C) Weak password policies
  • D) Slower database performance
  • Answer: A) Unauthorized access from malicious websites
  • Explanation: A weak CORS policy can allow unauthorized domains to access sensitive data through cross-origin requests.

63. What is the impact of failing to implement rate limiting on API endpoints?

  • A) Increased user experience
  • B) More responsive web applications
  • C) Susceptibility to brute force and denial-of-service attacks
  • D) Improved API security
  • Answer: C) Susceptibility to brute force and denial-of-service attacks
  • Explanation: Without rate limiting, attackers can brute force credentials or overload APIs, causing service disruptions.

64. What does an attacker achieve by exploiting improper error handling?

  • A) Denial of Service
  • B) Information Disclosure
  • C) Cross-Site Scripting (XSS)
  • D) Remote Code Execution
  • Answer: B) Information Disclosure
  • Explanation: Verbose error messages expose database structures, API endpoints, or internal system details, aiding attackers.

65. What type of vulnerability occurs when an application trusts user-controlled input in database queries?

  • A) XSS
  • B) SQL Injection
  • C) CSRF
  • D) XML Injection
  • Answer: B) SQL Injection
  • Explanation: SQL Injection exploits poorly validated user inputs to execute malicious SQL queries.

66. How can a developer mitigate Local File Inclusion (LFI) vulnerabilities?

  • A) Disabling JavaScript
  • B) Restricting file access using allowlists
  • C) Enabling directory listing
  • D) Allowing user-defined file paths
  • Answer: B) Restricting file access using allowlists
  • Explanation: LFI occurs when attackers exploit user-controlled file paths. Allowlisting prevents access to sensitive system files.

67. What is the main purpose of the Secure flag in cookies?

  • A) To encrypt cookies
  • B) To restrict cookies to HTTPS connections
  • C) To prevent SQL Injection
  • D) To disable JavaScript access
  • Answer: B) To restrict cookies to HTTPS connections
  • Explanation: The Secure flag ensures cookies are only transmitted over encrypted (HTTPS) connections, preventing man-in-the-middle (MITM) attacks.

68. What security misconfiguration allows an attacker to take over a subdomain?

  • A) Broken Authentication
  • B) Subdomain Takeover
  • C) Directory Traversal
  • D) DNS Poisoning
  • Answer: B) Subdomain Takeover
  • Explanation: Unused subdomains pointing to deprovisioned cloud services (e.g., AWS, Azure) can be claimed by attackers, leading to subdomain hijacking.

69. What is the primary security risk of exposing .git directories on a web server?

  • A) Slower website performance
  • B) Disclosure of sensitive source code and credentials
  • C) Enabling SQL Injection
  • D) Allowing unauthorized user access
  • Answer: B) Disclosure of sensitive source code and credentials
  • Explanation: Exposed .git directories may contain source code, API keys, or database credentials, leading to data breaches.

70. What is a common defense against web cache poisoning attacks?

  • A) Using JavaScript-based validation
  • B) Enforcing cache control headers
  • C) Disabling SSL/TLS
  • D) Allowing all user input in cacheable responses
  • Answer: B) Enforcing cache control headers
  • Explanation: Proper cache control headers prevent attackers from injecting malicious responses into cached content.

71. What is the primary risk of an insecure OAuth implementation?

  • A) Increased website performance
  • B) Unauthorized access to user accounts
  • C) Faster authentication processing
  • D) Prevention of brute force attacks
  • Answer: B) Unauthorized access to user accounts
  • Explanation: Weak OAuth implementations (e.g., missing token validation) allow attackers to gain unauthorized access to user accounts.

72. What attack is possible when an attacker forces an application to fetch an external malicious resource?

  • A) SSRF (Server-Side Request Forgery)
  • B) SQL Injection
  • C) CSRF
  • D) XSS
  • Answer: A) SSRF (Server-Side Request Forgery)
  • Explanation: SSRF tricks the server into making unintended requests, which can lead to internal network access, data exfiltration, or cloud metadata leaks.

73. What is a key risk of improperly implementing JWT (JSON Web Tokens)?

  • A) Longer session durations
  • B) Token forgery via weak signing mechanisms
  • C) Reduced database load
  • D) Preventing brute force attacks
  • Answer: B) Token forgery via weak signing mechanisms
  • Explanation: Improper JWT implementation (e.g., using “none” as the algorithm) can allow attackers to modify and sign tokens without a secret key.

74. What vulnerability allows an attacker to manipulate JSON-based API responses?

  • A) JSON Web Token Exploitation
  • B) JSON Hijacking
  • C) JSON Request Forgery
  • D) JSON Session Tampering
  • Answer: B) JSON Hijacking
  • Explanation: JSON Hijacking exploits poorly configured APIs to steal sensitive data by tricking a user’s browser into executing unauthorized JSON requests.

75. What is the primary purpose of implementing rate limiting on login attempts?

  • A) Preventing brute force attacks
  • B) Increasing login speed
  • C) Reducing network bandwidth usage
  • D) Encrypting passwords
  • Answer: A) Preventing brute force attacks
  • Explanation: Rate limiting prevents attackers from guessing credentials by restricting the number of failed login attempts.

76. How can an attacker exploit an improperly configured session timeout?

  • A) By keeping a session active indefinitely
  • B) By changing the login URL
  • C) By modifying session cookies
  • D) By altering JavaScript execution
  • Answer: A) By keeping a session active indefinitely
  • Explanation: Without proper session expiration, an attacker can reuse stolen session cookies long after authentication.

77. What security risk is introduced by enabling autocomplete in password fields?

  • A) Enhanced user experience
  • B) Increased risk of credential theft
  • C) Faster form submission
  • D) Stronger authentication security
  • Answer: B) Increased risk of credential theft
  • Explanation: Autocomplete in password fields allows attackers with local access (e.g., malware) to steal stored credentials.

78. What is a major risk of allowing users to input unrestricted URL parameters?

  • A) URL manipulation attacks
  • B) Improved user experience
  • C) Reduced database load
  • D) Faster response times
  • Answer: A) URL manipulation attacks
  • Explanation: Unvalidated URL parameters can lead to Open Redirects, IDOR, or SQL Injection.

79. How can attackers exploit a vulnerable deserialization process?

  • A) By injecting a forged serialized object
  • B) By modifying JavaScript execution
  • C) By altering cookie values
  • D) By intercepting API requests
  • Answer: A) By injecting a forged serialized object
  • Explanation: Insecure deserialization allows attackers to inject malicious objects, often leading to Remote Code Execution (RCE).

80. What HTTP response header helps prevent MIME type sniffing attacks?

  • A) X-Frame-Options
  • B) X-Content-Type-Options: nosniff
  • C) Content-Security-Policy
  • D) Strict-Transport-Security
  • Answer: B) X-Content-Type-Options: nosniff
  • Explanation: The X-Content-Type-Options: nosniff header prevents browsers from misinterpreting content types, reducing MIME-based attacks.

81. What attack can occur if an application fails to sanitize user-generated filenames?

  • A) File Path Injection
  • B) SQL Injection
  • C) CSRF
  • D) Buffer Overflow
  • Answer: A) File Path Injection
  • Explanation: User-controlled filenames can be used to manipulate file paths, leading to Local File Inclusion (LFI) or arbitrary file overwrites.

82. Why is it dangerous to store authentication tokens in local storage?

  • A) They can be accessed by JavaScript, leading to XSS-based theft
  • B) They improve application speed
  • C) They allow cross-device synchronization
  • D) They automatically encrypt user sessions
  • Answer: A) They can be accessed by JavaScript, leading to XSS-based theft
  • Explanation: Storing tokens in local storage makes them vulnerable to XSS attacks, as JavaScript can access and steal them.

83. What is a common impact of an open redirect vulnerability?

  • A) Phishing attacks
  • B) Remote Code Execution
  • C) Slow website performance
  • D) Session expiration issues
  • Answer: A) Phishing attacks
  • Explanation: Open redirects allow attackers to redirect users to malicious phishing sites to steal credentials.

84. What can an attacker do if a web application does not properly validate API requests?

  • A) Perform unauthorized actions via API manipulation
  • B) Execute JavaScript in a victim’s browser
  • C) Modify browser cookies
  • D) Increase session expiration time
  • Answer: A) Perform unauthorized actions via API manipulation
  • Explanation: Weak API validation allows attackers to alter requests, leading to data breaches or privilege escalation.

85. How does an attacker exploit an API with missing authentication controls?

  • A) By sending repeated requests until authentication is bypassed
  • B) By modifying the session ID
  • C) By directly accessing API endpoints without authentication
  • D) By injecting JavaScript
  • Answer: C) By directly accessing API endpoints without authentication
  • Explanation: Missing authentication lets attackers access API data and perform actions without login credentials.

86. What attack can occur if a web server allows wildcard CORS (Access-Control-Allow-Origin: *)?

  • A) Any website can read sensitive data from the API
  • B) Faster API request handling
  • C) Improved caching behavior
  • D) Prevented SQL Injection
  • Answer: A) Any website can read sensitive data from the API
  • Explanation: Wildcard CORS policies allow any origin to make API requests, leading to unauthorized data access.

87. What attack technique involves guessing or brute-forcing session tokens?

  • A) Session Fixation
  • B) Session Prediction
  • C) SQL Injection
  • D) Open Redirect
  • Answer: B) Session Prediction
  • Explanation: Weak session tokens can be guessed by attackers, allowing hijacking of active sessions.

88. What security risk is introduced by hosting sensitive files in publicly accessible directories?

  • A) Exposure of confidential data
  • B) Improved application performance
  • C) Reduced authentication failures
  • D) Stronger password policies
  • Answer: A) Exposure of confidential data
  • Explanation: Exposed directories can reveal source code, credentials, or configuration files, leading to security breaches.

89. What is a major security flaw in using predictable password reset tokens?

  • A) Attackers can guess and reset passwords
  • B) Increased server response times
  • C) Enhanced authentication security
  • D) Stronger encryption
  • Answer: A) Attackers can guess and reset passwords
  • Explanation: Weak password reset tokens allow attackers to reset user passwords and take over accounts.

90. What is a common misconfiguration that can lead to an attacker gaining access to an AWS S3 bucket?

  • A) Using HTTPS instead of HTTP
  • B) Leaving S3 bucket permissions set to public
  • C) Enabling CORS headers
  • D) Using IAM roles for access control
  • Answer: B) Leaving S3 bucket permissions set to public
  • Explanation: If S3 bucket permissions are misconfigured to public, attackers can access, modify, or delete stored files.

91. What is an attack that tricks a user’s browser into executing unauthorized commands on a trusted website?

  • A) Cross-Site Request Forgery (CSRF)
  • B) SQL Injection
  • C) Directory Traversal
  • D) Broken Authentication
  • Answer: A) Cross-Site Request Forgery (CSRF)
  • Explanation: CSRF forces an authenticated user to perform unwanted actions, such as changing account settings or transferring money.

92. What vulnerability allows an attacker to read arbitrary files on the server?

  • A) Local File Inclusion (LFI)
  • B) SQL Injection
  • C) Clickjacking
  • D) XML Injection
  • Answer: A) Local File Inclusion (LFI)
  • Explanation: LFI exploits improper input validation, allowing attackers to access files such as /etc/passwd or application logs.

93. What happens if an application does not implement proper logout mechanisms?

  • A) Session Hijacking
  • B) SQL Injection
  • C) Slow response times
  • D) CAPTCHA failures
  • Answer: A) Session Hijacking
  • Explanation: Without proper session logout, an attacker can reuse an active session token to maintain access to an account.

94. What is a primary risk of exposing .env files on a web server?

  • A) Disclosure of sensitive environment variables
  • B) Slower website performance
  • C) Increased page load times
  • D) Improved caching efficiency
  • Answer: A) Disclosure of sensitive environment variables
  • Explanation: .env files often contain API keys, database credentials, and other secrets, making them a target for attackers.

95. What type of attack occurs when a malicious script is executed as part of an application’s dynamic content?

  • A) Cross-Site Scripting (XSS)
  • B) SQL Injection
  • C) XML Injection
  • D) Remote Code Execution
  • Answer: A) Cross-Site Scripting (XSS)
  • Explanation: XSS allows attackers to inject JavaScript, leading to session hijacking, phishing, or data theft.

96. What is a key security risk in allowing users to upload unrestricted file types?

  • A) Remote Code Execution (RCE)
  • B) Increased storage usage
  • C) Faster file transfers
  • D) Improved website performance
  • Answer: A) Remote Code Execution (RCE)
  • Explanation: Attackers can upload malicious scripts (e.g., PHP, ASPX) and execute them on the server, leading to RCE.

97. What is a primary impact of an insecure file download feature in a web application?

  • A) Arbitrary file retrieval
  • B) Faster download speeds
  • C) Improved caching performance
  • D) User session expiration
  • Answer: A) Arbitrary file retrieval
  • Explanation: If file paths are not validated, attackers can download sensitive files, such as configuration files or source code.

98. What happens if a web application does not enforce session expiration?

  • A) Users remain logged in indefinitely
  • B) Sessions become more secure
  • C) Server performance improves
  • D) Faster response times
  • Answer: A) Users remain logged in indefinitely
  • Explanation: Sessions that do not expire allow attackers to reuse stolen session tokens to maintain unauthorized access.

99. What is the impact of an attacker exploiting a vulnerable deserialization function?

  • A) Remote Code Execution (RCE)
  • B) Brute force login attempts
  • C) Session timeout issues
  • D) Cross-Site Scripting (XSS)
  • Answer: A) Remote Code Execution (RCE)
  • Explanation: Insecure deserialization can allow attackers to inject arbitrary objects into application logic, leading to RCE.

100. What vulnerability allows an attacker to steal authentication tokens through JavaScript?

  • A) Cross-Site Scripting (XSS)
  • B) SQL Injection
  • C) Session Fixation
  • D) Cross-Site Request Forgery (CSRF)
  • Answer: A) Cross-Site Scripting (XSS)
  • Explanation: XSS attacks can steal authentication cookies and tokens by injecting malicious JavaScript into a page.

101. What can happen if a web application stores sensitive data in URL parameters?

  • A) Data can be leaked through browser history or referrer headers
  • B) Sessions become more secure
  • C) Performance improves
  • D) Stronger password protection
  • Answer: A) Data can be leaked through browser history or referrer headers
  • Explanation: Storing sensitive data in URLs can expose API keys, session tokens, or passwords through logs or browser history.

102. What is a primary defense against XML External Entity (XXE) attacks?

  • A) Disabling external entity processing
  • B) Using base64 encoding
  • C) Encrypting XML responses
  • D) Allowing all XML parsing methods
  • Answer: A) Disabling external entity processing
  • Explanation: Disabling external entity processing prevents XXE-based attacks, which can be used for file reading or SSRF.

103. What vulnerability allows attackers to manipulate authentication tokens to gain unauthorized access?

  • A) Weak JWT signing mechanisms
  • B) Cross-Site Request Forgery (CSRF)
  • C) Buffer Overflow
  • D) Denial-of-Service
  • Answer: A) Weak JWT signing mechanisms
  • Explanation: Weak JWT signatures allow attackers to forge authentication tokens, leading to privilege escalation.

104. How does an attacker exploit a Cross-Origin Resource Sharing (CORS) misconfiguration?

  • A) By sending requests from an unauthorized domain
  • B) By modifying the login URL
  • C) By changing JavaScript execution order
  • D) By injecting SQL queries
  • Answer: A) By sending requests from an unauthorized domain
  • Explanation: Poorly configured CORS policies allow attackers to bypass origin restrictions and access sensitive API data.

105. What attack involves sending partial HTTP requests to exhaust server resources?

  • A) Slowloris Attack
  • B) SQL Injection
  • C) Clickjacking
  • D) Cross-Site Scripting (XSS)
  • Answer: A) Slowloris Attack
  • Explanation: The Slowloris attack keeps server connections open indefinitely, exhausting available connections.

106. What is a primary security risk of exposing database error messages to users?

  • A) SQL Injection Information Disclosure
  • B) Faster query execution
  • C) Increased database performance
  • D) Preventing XSS attacks
  • Answer: A) SQL Injection Information Disclosure
  • Explanation: Exposing detailed database errors helps attackers craft SQL Injection payloads.

107. What is a security risk of using predictable session identifiers?

  • A) Session Prediction and Hijacking
  • B) Stronger authentication security
  • C) Improved user experience
  • D) Reduced server load
  • Answer: A) Session Prediction and Hijacking
  • Explanation: Weak session identifiers can be guessed, allowing session hijacking.

108. What type of attack occurs when an attacker manipulates the HTTP Host header to exploit insecure virtual host configurations?

  • A) Host Header Injection
  • B) SQL Injection
  • C) XSS
  • D) Insecure Direct Object Reference (IDOR)
  • Answer: A) Host Header Injection
  • Explanation: Host Header Injection can be used for cache poisoning, password reset poisoning, or SSRF attacks.

109. Which security header helps mitigate clickjacking attacks?

  • A) X-Frame-Options
  • B) Cache-Control
  • C) X-Content-Type-Options
  • D) Expires
  • Answer: A) X-Frame-Options
  • Explanation: The X-Frame-Options header prevents the webpage from being loaded in an iframe, mitigating clickjacking attacks.

110. What is a major risk of not hashing passwords before storing them in a database?

  • A) Attackers can retrieve plaintext passwords if the database is compromised
  • B) Faster authentication processing
  • C) Improved user experience
  • D) Increased website performance
  • Answer: A) Attackers can retrieve plaintext passwords if the database is compromised
  • Explanation: Storing plaintext passwords makes it easy for attackers to steal user credentials in case of a data breach.

111. What can happen if an application does not verify email addresses before password reset?

  • A) Attackers can reset passwords of other users
  • B) Improved user experience
  • C) Faster authentication
  • D) Prevents brute force attacks
  • Answer: A) Attackers can reset passwords of other users
  • Explanation: Without email verification, attackers can request a password reset for any user and take over accounts.

112. What attack can occur if an application does not validate the origin of a request in a REST API?

  • A) Cross-Origin Request Forgery (CSRF)
  • B) SQL Injection
  • C) LDAP Injection
  • D) XML Injection
  • Answer: A) Cross-Origin Request Forgery (CSRF)
  • Explanation: Without origin validation, attackers can force authenticated users to send malicious API requests.

113. How does an attacker exploit an HTTP Parameter Pollution vulnerability?

  • A) By injecting duplicate HTTP parameters to manipulate server logic
  • B) By executing JavaScript code in a victim’s browser
  • C) By brute forcing login credentials
  • D) By modifying browser cookies
  • Answer: A) By injecting duplicate HTTP parameters to manipulate server logic
  • Explanation: HTTP Parameter Pollution (HPP) involves injecting duplicate parameters to bypass security mechanisms or manipulate server responses.

114. What is the impact of weak CORS policies in a web application?

  • A) Attackers can send unauthorized cross-origin requests
  • B) Faster content delivery
  • C) Stronger encryption
  • D) Improved session management
  • Answer: A) Attackers can send unauthorized cross-origin requests
  • Explanation: Weak CORS configurations allow malicious websites to interact with sensitive API endpoints.

115. What is a key risk of allowing HTML input without proper sanitization?

  • A) Cross-Site Scripting (XSS)
  • B) SQL Injection
  • C) Command Injection
  • D) Broken Authentication
  • Answer: A) Cross-Site Scripting (XSS)
  • Explanation: Unsanitized HTML input can be used to inject malicious JavaScript, leading to XSS attacks.

116. What happens when an application relies solely on client-side validation for security?

  • A) Attackers can bypass validation by modifying requests manually
  • B) Enhanced security
  • C) Stronger authentication
  • D) Secure file uploads
  • Answer: A) Attackers can bypass validation by modifying requests manually
  • Explanation: Client-side validation can be bypassed, so server-side validation is necessary for security.

117. What is a common impact of an insecure redirect vulnerability?

  • A) Phishing attacks
  • B) Improved authentication
  • C) Increased server performance
  • D) Secure data transmission
  • Answer: A) Phishing attacks
  • Explanation: Open redirects can be exploited for phishing by redirecting users to malicious domains.

118. How can an attacker exploit a weak session management system?

  • A) By hijacking or replaying session tokens
  • B) By injecting SQL queries
  • C) By modifying HTTP headers
  • D) By brute-forcing login pages
  • Answer: A) By hijacking or replaying session tokens
  • Explanation: Weak session management allows attackers to steal or reuse session tokens for unauthorized access.

119. What attack technique involves exploiting a web server’s ability to process multiple concurrent requests?

  • A) Slowloris Attack
  • B) XSS
  • C) Buffer Overflow
  • D) SQL Injection
  • Answer: A) Slowloris Attack
  • Explanation: Slowloris exhausts server resources by keeping multiple HTTP connections open indefinitely.

120. What is a major security risk of not using HttpOnly cookies?

  • A) JavaScript can access session cookies, leading to XSS attacks
  • B) Faster authentication
  • C) Improved session persistence
  • D) Preventing brute force attacks
  • Answer: A) JavaScript can access session cookies, leading to XSS attacks
  • Explanation: HttpOnly cookies prevent JavaScript from accessing session tokens, mitigating XSS-based session hijacking.

121. What attack can occur if a web application does not properly handle null byte injections?

  • A) Directory Traversal
  • B) SQL Injection
  • C) Broken Authentication
  • D) CSRF
  • Answer: A) Directory Traversal
  • Explanation: Null byte injection can be used to bypass file path validation, leading to directory traversal attacks.

122. What is the primary security risk of exposing a .git directory on a web server?

  • A) Source code leakage
  • B) Increased authentication security
  • C) Improved SEO ranking
  • D) Preventing brute force attacks
  • Answer: A) Source code leakage
  • Explanation: Exposed .git directories can contain source code, credentials, and configuration files, making them a security risk.

123. What is a key risk of using default credentials in web applications?

  • A) Unauthorized access by attackers
  • B) Faster login times
  • C) Improved user authentication
  • D) Secure data transmission
  • Answer: A) Unauthorized access by attackers
  • Explanation: Default credentials (e.g., admin/admin) can be easily guessed, leading to unauthorized access.

124. What is the best way to prevent brute force attacks on login pages?

  • A) Implementing account lockouts and rate limiting
  • B) Using plain text passwords
  • C) Storing passwords in cookies
  • D) Allowing unlimited login attempts
  • Answer: A) Implementing account lockouts and rate limiting
  • Explanation: Rate limiting and account lockouts prevent brute force attacks by limiting login attempts.

125. What security risk arises from not validating file extensions during uploads?

  • A) Remote Code Execution (RCE)
  • B) SQL Injection
  • C) Buffer Overflow
  • D) CSRF
  • Answer: A) Remote Code Execution (RCE)
  • Explanation: Attackers can upload executable scripts (e.g., .php, .jsp) to execute arbitrary code on the server.

126. What attack exploits improper validation of email change requests?

  • A) Account Takeover
  • B) SQL Injection
  • C) XML Injection
  • D) CSRF
  • Answer: A) Account Takeover
  • Explanation: If an email change request is not properly validated, attackers can change the email and take over accounts.

127. What vulnerability arises when an application dynamically loads and executes JavaScript from an untrusted source?

  • A) Cross-Site Script Inclusion (XSSI)
  • B) SQL Injection
  • C) CSRF
  • D) Broken Authentication
  • Answer: A) Cross-Site Script Inclusion (XSSI)
  • Explanation: XSSI allows attackers to inject malicious scripts by manipulating the way JavaScript is loaded from external sources.

128. What is the impact of using eval() with user input in JavaScript?

  • A) Allows execution of arbitrary code
  • B) Increases performance
  • C) Improves security
  • D) Prevents SQL Injection
  • Answer: A) Allows execution of arbitrary code
  • Explanation: The eval() function executes user-provided input as JavaScript, making it vulnerable to arbitrary code execution attacks.

129. What is the most effective way to prevent SQL Injection attacks?

  • A) Using prepared statements and parameterized queries
  • B) Encrypting SQL queries
  • C) Storing SQL queries in session variables
  • D) Using JavaScript validation only
  • Answer: A) Using prepared statements and parameterized queries
  • Explanation: Parameterized queries prevent attackers from injecting malicious SQL by properly separating SQL logic from user inputs.

130. How does an attacker exploit a Directory Traversal vulnerability?

  • A) By navigating outside the webroot to access unauthorized files
  • B) By modifying database queries
  • C) By injecting JavaScript into forms
  • D) By exploiting weak passwords
  • Answer: A) By navigating outside the webroot to access unauthorized files
  • Explanation: Directory Traversal exploits poorly validated file paths, allowing attackers to read sensitive system files.

131. What is the primary risk of exposing an API without authentication?

  • A) Unauthorized access to sensitive data
  • B) Improved user experience
  • C) Increased API performance
  • D) Prevention of SQL Injection
  • Answer: A) Unauthorized access to sensitive data
  • Explanation: APIs without authentication allow attackers to access and manipulate data without restrictions.

132. What happens when a web application fails to use HTTPS for authentication?

  • A) Credentials can be intercepted via a Man-in-the-Middle attack
  • B) Faster login processing
  • C) Improved server response times
  • D) Prevention of SQL Injection
  • Answer: A) Credentials can be intercepted via a Man-in-the-Middle attack
  • Explanation: Without HTTPS, attackers can intercept login credentials through network sniffing.

133. What is a potential risk of exposing API documentation to the public?

  • A) Attackers can discover and exploit undocumented API endpoints
  • B) Reduced security risks
  • C) Faster API response times
  • D) Improved database performance
  • Answer: A) Attackers can discover and exploit undocumented API endpoints
  • Explanation: Public API documentation may expose hidden or unprotected endpoints that attackers can exploit.

134. What is an effective countermeasure against XML Injection?

  • A) Disabling external entity processing in XML parsers
  • B) Encrypting XML data
  • C) Using JSON instead of XML
  • D) Increasing server RAM
  • Answer: A) Disabling external entity processing in XML parsers
  • Explanation: Disabling external entities prevents attackers from injecting malicious XML payloads.

135. What is a major security risk of not implementing password complexity requirements?

  • A) Increased risk of brute force and dictionary attacks
  • B) Improved login speed
  • C) Reduced session expiration issues
  • D) Faster authentication
  • Answer: A) Increased risk of brute force and dictionary attacks
  • Explanation: Weak passwords make it easier for attackers to guess credentials using automated brute force tools.

136. What happens if an application does not validate JWT expiration times?

  • A) Attackers can reuse old tokens indefinitely
  • B) Faster authentication processing
  • C) Improved user session management
  • D) Prevention of brute force attacks
  • Answer: A) Attackers can reuse old tokens indefinitely
  • Explanation: Expired JWT tokens should be rejected to prevent attackers from using stolen or leaked tokens for unauthorized access.

137. What vulnerability arises when a web application allows users to control URL redirects without validation?

  • A) Open Redirect
  • B) Broken Authentication
  • C) SQL Injection
  • D) Remote Code Execution
  • Answer: A) Open Redirect
  • Explanation: Open Redirects can be exploited for phishing attacks, redirecting users to malicious websites.

138. How can an attacker exploit a poorly secured cookie?

  • A) By stealing session tokens and impersonating users
  • B) By modifying the database schema
  • C) By injecting JavaScript
  • D) By brute-forcing login credentials
  • Answer: A) By stealing session tokens and impersonating users
  • Explanation: Unsecured cookies can be stolen or manipulated, leading to session hijacking.

139. What vulnerability can occur if an application allows file uploads without sanitizing filenames?

  • A) Remote Code Execution (RCE)
  • B) SQL Injection
  • C) XSS
  • D) Clickjacking
  • Answer: A) Remote Code Execution (RCE)
  • Explanation: Attackers can upload malicious scripts disguised as legitimate files and execute them.

140. What is the best method to prevent brute force attacks on authentication pages?

  • A) Implement CAPTCHA and rate limiting
  • B) Encrypt passwords
  • C) Store session tokens in local storage
  • D) Disable JavaScript on login pages
  • Answer: A) Implement CAPTCHA and rate limiting
  • Explanation: Rate limiting and CAPTCHA prevent automated brute force attacks.

141. What happens if an application allows unrestricted iframes?

  • A) It becomes vulnerable to Clickjacking
  • B) It improves website performance
  • C) It prevents XSS attacks
  • D) It enhances API security
  • Answer: A) It becomes vulnerable to Clickjacking
  • Explanation: Clickjacking tricks users into performing actions by embedding a page inside an invisible iframe.

142. What security risk is introduced when user authentication tokens are stored in local storage?

  • A) Vulnerability to XSS attacks
  • B) Faster authentication
  • C) Stronger encryption
  • D) Secure API access
  • Answer: A) Vulnerability to XSS attacks
  • Explanation: Local storage can be accessed by JavaScript, making session tokens vulnerable to XSS-based theft.

143. What is a primary way to prevent Cross-Site Request Forgery (CSRF) attacks?

  • A) Using CSRF tokens
  • B) Encrypting passwords
  • C) Disabling JavaScript
  • D) Using GET requests for authentication
  • Answer: A) Using CSRF tokens
  • Explanation: CSRF tokens prevent attackers from forging requests on behalf of authenticated users.

144. What vulnerability allows attackers to execute commands on the server through improperly sanitized input?

  • A) Command Injection
  • B) SQL Injection
  • C) Cross-Site Scripting (XSS)
  • D) Directory Traversal
  • Answer: A) Command Injection
  • Explanation: Command Injection occurs when an attacker injects system commands into an application’s input fields due to improper input validation.

145. What is the best way to prevent an attacker from enumerating valid usernames during login attempts?

  • A) Display a generic error message for incorrect usernames and passwords
  • B) Provide detailed error messages
  • C) Allow unlimited login attempts
  • D) Store usernames in cookies
  • Answer: A) Display a generic error message for incorrect usernames and passwords
  • Explanation: Generic error messages prevent attackers from determining valid usernames, reducing user enumeration risks.

146. What is a security risk of allowing GET requests for actions that modify data?

  • A) Increased exposure to CSRF attacks
  • B) Faster database queries
  • C) Improved authentication security
  • D) Better caching behavior
  • Answer: A) Increased exposure to CSRF attacks
  • Explanation: CSRF attacks exploit GET requests that modify data, as links or scripts can trigger unwanted actions.

147. What attack targets applications that store session identifiers in URLs?

  • A) Session Hijacking
  • B) SQL Injection
  • C) Remote Code Execution
  • D) Open Redirect
  • Answer: A) Session Hijacking
  • Explanation: Session tokens in URLs can be intercepted or leaked, allowing attackers to hijack user sessions.

148. What is the risk of using weak encryption algorithms such as DES and MD5?

  • A) Data can be decrypted easily using modern computing power
  • B) Improved application speed
  • C) Better compression rates
  • D) Reduced database storage requirements
  • Answer: A) Data can be decrypted easily using modern computing power
  • Explanation: Weak encryption algorithms can be brute-forced or cracked using rainbow tables, making them insecure.

149. What vulnerability arises when an application does not check file extensions before executing uploaded files?

  • A) Remote Code Execution (RCE)
  • B) SQL Injection
  • C) Cross-Site Scripting (XSS)
  • D) Clickjacking
  • Answer: A) Remote Code Execution (RCE)
  • Explanation: Unvalidated file uploads allow attackers to upload and execute malicious scripts.

150. What is a major risk of exposing verbose error messages in production environments?

  • A) Information disclosure to attackers
  • B) Faster debugging
  • C) Improved user experience
  • D) Enhanced database performance
  • Answer: A) Information disclosure to attackers
  • Explanation: Verbose error messages reveal sensitive details like database structure, API endpoints, or system configurations.

151. What does the Secure attribute in cookies prevent?

  • A) Cookies from being sent over unencrypted HTTP connections
  • B) Cookies from being accessed by JavaScript
  • C) Cookies from being stored in a database
  • D) Cookies from being modified
  • Answer: A) Cookies from being sent over unencrypted HTTP connections
  • Explanation: The Secure flag ensures that cookies are only transmitted over HTTPS, preventing MITM attacks.

152. How can an attacker exploit a weak JWT (JSON Web Token) implementation?

  • A) By modifying the alg field to none
  • B) By performing SQL Injection
  • C) By modifying the csrf-token header
  • D) By brute-forcing API endpoints
  • Answer: A) By modifying the alg field to none
  • Explanation: If a JWT supports alg: none, attackers can forge JWTs without a valid signature.

153. What vulnerability occurs when an application improperly exposes sensitive information via API responses?

  • A) Information Disclosure
  • B) Clickjacking
  • C) Remote File Inclusion (RFI)
  • D) CSRF
  • Answer: A) Information Disclosure
  • Explanation: Poor API responses may expose user data, credentials, or system details, aiding attackers.

154. What is a common impact of a server-side request forgery (SSRF) attack?

  • A) Internal network scanning
  • B) Improved session management
  • C) Faster HTTP response times
  • D) Increased API rate limits
  • Answer: A) Internal network scanning
  • Explanation: SSRF allows attackers to make requests from the server, potentially exposing internal services and network resources.

155. How can an attacker exploit a website vulnerable to HTML Injection?

  • A) By injecting malicious HTML that alters webpage content
  • B) By brute-forcing login credentials
  • C) By modifying JavaScript execution order
  • D) By manipulating HTTP headers
  • Answer: A) By injecting malicious HTML that alters webpage content
  • Explanation: HTML Injection allows attackers to modify website content, often used for phishing and defacement attacks.

156. What is the risk of using HTTP instead of HTTPS for transmitting login credentials?

  • A) Attackers can intercept and steal login credentials
  • B) Slower authentication processing
  • C) Reduced database query performance
  • D) Increased browser caching efficiency
  • Answer: A) Attackers can intercept and steal login credentials
  • Explanation: Without HTTPS, credentials can be intercepted via packet sniffing or MITM attacks.

157. What is a security risk of exposing the .htaccess file in a web application?

  • A) Attackers can discover server configurations and security rules
  • B) Improved website performance
  • C) Reduced database load
  • D) Prevention of SQL Injection
  • Answer: A) Attackers can discover server configurations and security rules
  • Explanation: Exposing .htaccess can reveal server rules, authentication mechanisms, and security configurations.

158. What is a defense mechanism against automated bot attacks on authentication pages?

  • A) Implementing CAPTCHA
  • B) Allowing unlimited login attempts
  • C) Using plaintext passwords
  • D) Storing session tokens in local storage
  • Answer: A) Implementing CAPTCHA
  • Explanation: CAPTCHA prevents bots from automating brute-force login attempts.

159. What attack exploits web caching mechanisms to deliver malicious responses to users?

  • A) Web Cache Poisoning
  • B) Clickjacking
  • C) CSRF
  • D) SQL Injection
  • Answer: A) Web Cache Poisoning
  • Explanation: Web Cache Poisoning manipulates cached responses, serving malicious content to users.

160. How can an attacker exploit a website vulnerable to unrestricted CORS policies (Access-Control-Allow-Origin: *)?

  • A) By stealing user data from API responses
  • B) By executing server-side commands
  • C) By injecting SQL into database queries
  • D) By modifying HTTP status codes
  • Answer: A) By stealing user data from API responses
  • Explanation: Weak CORS configurations allow malicious websites to read API responses, leading to data theft.

161. What is a primary method to prevent brute-force attacks on authentication mechanisms?

  • A) Implementing account lockout and rate limiting
  • B) Using short passwords for faster authentication
  • C) Allowing unlimited login attempts
  • D) Storing passwords in plaintext
  • Answer: A) Implementing account lockout and rate limiting
  • Explanation: Rate limiting and account lockout prevent brute-force attacks by restricting login attempts.

162. What vulnerability occurs when an attacker manipulates an API to bypass authentication mechanisms?

  • A) Broken Authentication
  • B) XSS
  • C) SQL Injection
  • D) Clickjacking
  • Answer: A) Broken Authentication
  • Explanation: Broken Authentication occurs when attackers exploit weak or missing authentication controls to gain unauthorized access.

163. How can an attacker exploit a web application that relies solely on referrer headers for security?

  • A) By forging HTTP referrer headers
  • B) By injecting SQL queries
  • C) By modifying JavaScript in the browser
  • D) By brute-forcing authentication tokens
  • Answer: A) By forging HTTP referrer headers
  • Explanation: Referrer headers can be manipulated, allowing attackers to bypass security measures relying on them.

164. What vulnerability allows an attacker to execute system commands through a web application’s input fields?

  • A) Command Injection
  • B) SQL Injection
  • C) XSS
  • D) Insecure Direct Object Reference (IDOR)
  • Answer: A) Command Injection
  • Explanation: Command Injection exploits poorly sanitized inputs to execute system-level commands.

165. What security risk does an open GraphQL API introduce if introspection queries are enabled?

  • A) Attackers can enumerate available API endpoints
  • B) Faster API response times
  • C) Secure data transmission
  • D) Improved authentication security
  • Answer: A) Attackers can enumerate available API endpoints
  • Explanation: GraphQL introspection leaks API structure, helping attackers craft targeted API attacks.

166. How does an attacker exploit a web application vulnerable to Log Injection?

  • A) By injecting log entries to manipulate monitoring systems
  • B) By modifying login credentials
  • C) By brute-forcing session cookies
  • D) By injecting JavaScript
  • Answer: A) By injecting log entries to manipulate monitoring systems
  • Explanation: Log Injection allows attackers to alter security logs, potentially hiding malicious activity.

167. What is the impact of an attacker successfully exploiting a CSP (Content Security Policy) bypass?

  • A) Execution of malicious JavaScript on the victim’s browser
  • B) Faster page load times
  • C) Increased SSL security
  • D) Improved user authentication
  • Answer: A) Execution of malicious JavaScript on the victim’s browser
  • Explanation: A CSP bypass allows attackers to inject and execute JavaScript, enabling XSS attacks.

168. What is the primary risk of exposing an unauthenticated file download feature?

  • A) Attackers can download sensitive files
  • B) Improved caching performance
  • C) Increased website traffic
  • D) Stronger encryption
  • Answer: A) Attackers can download sensitive files
  • Explanation: Unauthenticated file downloads allow attackers to steal confidential files.

169. What is the best way to prevent security risks in file upload functionalities?

  • A) Restricting allowed file types and scanning uploaded files
  • B) Allowing unrestricted file uploads
  • C) Using client-side validation only
  • D) Storing uploaded files in the web root directory
  • Answer: A) Restricting allowed file types and scanning uploaded files
  • Explanation: Validating file types and using antivirus scans prevent malicious file uploads.

170. What vulnerability can be exploited if JWT tokens are not properly revoked?

  • A) Attackers can reuse stolen tokens indefinitely
  • B) Faster authentication times
  • C) Improved user experience
  • D) Prevention of SQL Injection
  • Answer: A) Attackers can reuse stolen tokens indefinitely
  • Explanation: Without proper token revocation, attackers can continue using compromised JWTs.

171. How does an attacker exploit an improperly configured API rate limit?

  • A) By launching brute-force attacks on API endpoints
  • B) By injecting SQL queries
  • C) By modifying session cookies
  • D) By disabling HTTPS
  • Answer: A) By launching brute-force attacks on API endpoints
  • Explanation: Without rate limiting, attackers can brute force authentication tokens and exploit APIs.

172. What is a common security risk when storing credentials in JavaScript files?

  • A) Attackers can retrieve credentials by viewing the source code
  • B) Faster authentication processing
  • C) Improved database performance
  • D) Enhanced encryption
  • Answer: A) Attackers can retrieve credentials by viewing the source code
  • Explanation: Credentials in JavaScript files can be exposed if the file is publicly accessible.

173. What attack involves an attacker forcing a vulnerable web application to generate a new session ID without invalidating the old one?

  • A) Session Fixation
  • B) Clickjacking
  • C) SQL Injection
  • D) CSRF
  • Answer: A) Session Fixation
  • Explanation: Session Fixation allows attackers to force users into using a predefined session ID, leading to hijacking.

174. What type of attack involves poisoning a browser cache to serve malicious content?

  • A) Web Cache Poisoning
  • B) XSS
  • C) SQL Injection
  • D) Cross-Site Request Forgery
  • Answer: A) Web Cache Poisoning
  • Explanation: Web Cache Poisoning manipulates cached responses, causing users to receive malicious content.

175. What security risk is introduced by hosting admin interfaces on predictable URLs like /admin or /login?

  • A) Increased exposure to brute-force and enumeration attacks
  • B) Faster authentication times
  • C) Improved performance
  • D) Secure data transmission
  • Answer: A) Increased exposure to brute-force and enumeration attacks
  • Explanation: Predictable admin panel URLs are easy targets for brute-force and enumeration attacks.

176. How does an attacker exploit a Cross-Origin Resource Sharing (CORS) misconfiguration?

  • A) By sending unauthorized requests from a different origin
  • B) By injecting JavaScript into forms
  • C) By modifying database schemas
  • D) By brute-forcing login pages
  • Answer: A) By sending unauthorized requests from a different origin
  • Explanation: CORS misconfigurations allow cross-origin API requests, leading to data leaks.

177. What is the security risk of not implementing strong password hashing?

  • A) Attackers can crack passwords using brute-force or rainbow tables
  • B) Faster authentication processing
  • C) Improved caching behavior
  • D) Increased SSL encryption
  • Answer: A) Attackers can crack passwords using brute-force or rainbow tables
  • Explanation: Weakly hashed passwords can be cracked easily using precomputed hash tables.

178. What is a major security risk when session identifiers are predictable?

  • A) Attackers can guess session IDs and hijack sessions
  • B) Improved performance
  • C) Stronger authentication
  • D) Reduced API latency
  • Answer: A) Attackers can guess session IDs and hijack sessions
  • Explanation: Weak session IDs can be predicted, allowing attackers to take over user sessions.

179. How does an attacker exploit an open redirect vulnerability?

  • A) By redirecting users to malicious websites for phishing attacks
  • B) By injecting SQL queries
  • C) By modifying encryption algorithms
  • D) By brute-forcing login credentials
  • Answer: A) By redirecting users to malicious websites for phishing attacks
  • Explanation: Open Redirects can be abused to direct users to phishing sites.

180. What security measure helps prevent session fixation attacks?

  • A) Regenerating session IDs after login
  • B) Using CAPTCHA on login pages
  • C) Storing sessions in local storage
  • D) Disabling HTTPS
  • Answer: A) Regenerating session IDs after login
  • Explanation: Regenerating session IDs prevents attackers from forcing users into a compromised session.

181. What is the main risk of allowing HTTP methods like PUT and DELETE without proper access controls?

  • A) Attackers can modify or delete resources on the server
  • B) Improved API response times
  • C) Increased browser caching
  • D) Secure authentication
  • Answer: A) Attackers can modify or delete resources on the server
  • Explanation: Unrestricted PUT and DELETE methods allow attackers to modify or remove important data.

182. What type of vulnerability allows attackers to manipulate query strings in URLs to bypass security restrictions?

  • A) Parameter Tampering
  • B) CSRF
  • C) Clickjacking
  • D) API Misconfiguration
  • Answer: A) Parameter Tampering
  • Explanation: Parameter tampering lets attackers modify request parameters to gain unauthorized access or manipulate data.

183. How can an attacker exploit an insecure password reset function?

  • A) By guessing or intercepting the password reset token
  • B) By modifying JavaScript execution
  • C) By using a brute-force attack on login credentials
  • D) By injecting SQL into the reset form
  • Answer: A) By guessing or intercepting the password reset token
  • Explanation: Weak password reset implementations allow attackers to hijack accounts using predictable or stolen tokens.

184. What is the primary purpose of a security HTTP header like Strict-Transport-Security (HSTS)?

  • A) To enforce HTTPS connections and prevent protocol downgrade attacks
  • B) To prevent SQL Injection
  • C) To enhance authentication security
  • D) To block CSRF attacks
  • Answer: A) To enforce HTTPS connections and prevent protocol downgrade attacks
  • Explanation: HSTS forces browsers to use HTTPS, preventing downgrade attacks and MITM attacks.

185. What attack is possible if an application does not validate email ownership before registering an account?

  • A) Account Pre-Hijacking
  • B) Clickjacking
  • C) Buffer Overflow
  • D) LDAP Injection
  • Answer: A) Account Pre-Hijacking
  • Explanation: Attackers can pre-register an email and take over the account when the real owner attempts to register.

186. What is the most secure method of storing user passwords?

  • A) Hashing with a strong algorithm like bcrypt or Argon2
  • B) Storing passwords in plaintext
  • C) Encrypting passwords without salting
  • D) Encoding passwords with Base64
  • Answer: A) Hashing with a strong algorithm like bcrypt or Argon2
  • Explanation: Secure password hashing algorithms make brute-force and rainbow table attacks much harder.

187. What security risk is associated with unrestricted file downloads from a web application?

  • A) Attackers can download sensitive files like .env and config.php
  • B) Improved website performance
  • C) Increased API rate limits
  • D) Secure session management
  • Answer: A) Attackers can download sensitive files like .env and config.php
  • Explanation: Unprotected file downloads may expose configuration files, credentials, or other sensitive data.

188. What is a common indicator of an insecure API key implementation?

  • A) API keys are hardcoded in front-end JavaScript files
  • B) API responses are cached efficiently
  • C) API keys are refreshed every hour
  • D) API uses JSON for responses
  • Answer: A) API keys are hardcoded in front-end JavaScript files
  • Explanation: Hardcoded API keys in publicly accessible files can be extracted and misused by attackers.

189. What is a common attack vector for exploiting a Cross-Origin Resource Sharing (CORS) misconfiguration?

  • A) Stealing user session data from API responses
  • B) Modifying HTML attributes
  • C) Sending automated spam emails
  • D) Buffer overflow
  • Answer: A) Stealing user session data from API responses
  • Explanation: Weak CORS policies allow malicious domains to send API requests, leading to data leakage.

190. What happens if an application does not enforce authorization checks on a PUT request?

  • A) Attackers can modify data they don’t own
  • B) The application prevents SQL Injection
  • C) The application logs out the user
  • D) The application blocks file uploads
  • Answer: A) Attackers can modify data they don’t own
  • Explanation: Missing authorization checks allow attackers to modify or delete any data via API calls.

191. How does an attacker exploit a web application that relies solely on client-side input validation?

  • A) By bypassing validation and submitting malicious input directly
  • B) By modifying CSS properties
  • C) By clearing browser cookies
  • D) By reducing API response times
  • Answer: A) By bypassing validation and submitting malicious input directly
  • Explanation: Client-side validation can be bypassed by directly modifying HTTP requests.

192. What is a key risk of using JWT tokens without expiration?

  • A) Attackers can use stolen tokens indefinitely
  • B) Faster API authentication
  • C) Stronger password security
  • D) Improved user experience
  • Answer: A) Attackers can use stolen tokens indefinitely
  • Explanation: Without expiration, stolen JWTs can be reused indefinitely for unauthorized access.

193. What is a risk of exposing detailed error messages in API responses?

  • A) Attackers can gather information about the backend system
  • B) Faster debugging
  • C) Improved API security
  • D) Preventing brute-force attacks
  • Answer: A) Attackers can gather information about the backend system
  • Explanation: Verbose error messages reveal database structure, authentication methods, and software versions.

194. What vulnerability allows an attacker to execute arbitrary SQL queries against a database?

  • A) SQL Injection
  • B) XSS
  • C) CSRF
  • D) Clickjacking
  • Answer: A) SQL Injection
  • Explanation: SQL Injection allows attackers to manipulate database queries to extract or modify data.

195. What security measure prevents session hijacking through XSS attacks?

  • A) Using HttpOnly cookies
  • B) Using CAPTCHA
  • C) Enabling JavaScript logging
  • D) Increasing session expiration time
  • Answer: A) Using HttpOnly cookies
  • Explanation: HttpOnly cookies prevent JavaScript from accessing session tokens, mitigating XSS attacks.

196. What is a major risk of allowing unrestricted redirection URLs in a login system?

  • A) Attackers can perform phishing attacks using open redirects
  • B) Users experience faster authentication
  • C) Improved caching efficiency
  • D) Enhanced session security
  • Answer: A) Attackers can perform phishing attacks using open redirects
  • Explanation: Open Redirects allow attackers to redirect users to malicious websites, enabling phishing attacks.

197. What happens if session tokens are not invalidated after logout?

  • A) Attackers can reuse session tokens for unauthorized access
  • B) Faster authentication processing
  • C) Improved password security
  • D) Enhanced encryption
  • Answer: A) Attackers can reuse session tokens for unauthorized access
  • Explanation: Failure to invalidate sessions allows attackers to reuse old tokens, keeping unauthorized access.

198. What is a risk of using predictable CSRF tokens?

  • A) Attackers can forge CSRF requests by predicting token values
  • B) Improved API response times
  • C) Secure data transmission
  • D) Enhanced authentication security
  • Answer: A) Attackers can forge CSRF requests by predicting token values
  • Explanation: Weak or predictable CSRF tokens allow attackers to bypass CSRF protection.

199. What is the impact of improper access control in API endpoints?

  • A) Unauthorized users can access or modify restricted data
  • B) Faster API performance
  • C) Improved authentication security
  • D) Reduced encryption overhead
  • Answer: A) Unauthorized users can access or modify restricted data
  • Explanation: Weak access control allows unauthorized users to access or alter sensitive data.

200. What HTTP header can prevent Cross-Site Script Inclusion (XSSI) attacks?

  • A) X-Content-Type-Options: nosniff
  • B) Referrer-Policy
  • C) Strict-Transport-Security
  • D) Cache-Control
  • Answer: A) X-Content-Type-Options: nosniff
  • Explanation: This header prevents browsers from interpreting non-JS files as JavaScript, mitigating XSSI risks.