web

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed in the above scenario?

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed in the above scenario? Option …

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

Leave a Comment / CEHv11 / By gayatriv

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario? Option 1 : SOAP API Option 2 : RESET …

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee click on the link, all the sensitive payment details entered in a form are linked to Boney’s account. What is the attack performed by Boney in the above scenario?

Leave a Comment / CEHv11 / By gayatriv

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID link the target employee to Boney ‘s account page without disclosing any information to the victim. When the target employee click on the link, all …

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee click on the link, all the sensitive payment details entered in a form are linked to Boney’s account. What is the attack performed by Boney in the above scenario? Read More »

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server’s ability to make DNS requests to pass data to an attacker?

Leave a Comment / CEHv11 / By gayatriv

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server’s ability to make DNS requests to pass data to an attacker? Option 1 : Union-based SQLi Option 2 : In-band SQLi Option 3 : Out-of-band SQLi Option 4 : Time-based blind SQLi 1. Union-based SQLi Union …

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan?

Leave a Comment / CEHv11 / By gayatriv

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan? Option 1 : RESET API Option 2 : SOAP API Option 3 : Web shells …

Taylor, a security professional, uses a tool to monitor her company’s website, analyze the website’s traffic, and track the geographical location of the users visiting the company’s website. Which of the following tools did Taylor employ in the above scenario?

Leave a Comment / CEHv11 / By gayatriv

Taylor, a security professional, uses a tool to monitor her company’s website, analyze the website’s traffic, and track the geographical location of the users visiting the company’s website. Which of the following tools did Taylor employ in the above scenario? Option 1 : WAFW00F Option 2 : Webroot Option 3 : Web-Stat Option 4 : Website-Watcher 1. WAFW00F WAFW00F identifies and fingerprints web Application Firewall (WAF) products. how will it work? To do its magic, …

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario?

Leave a Comment / CEHv11 / By gayatriv

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario? Option 1 : VoIP footprinting Option 2 : Dark web footprinting Option 3 : Website footprinting Option …

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario?

Leave a Comment / CEHv11 / By gayatriv

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario? Option 1 : Denial of service Option 2 : Cross-site scripting Option 3 : SQL injection Option 4 : Directory traversal 1. Denial of service The Denial of …

Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the profile of the site’s directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?

Leave a Comment / CEHv11 / By gayatriv

Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the profile of the site’s directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information. What is the attack technique employed by Jane in the above scenario? …

Which file is a rich target to discover the structure of website during web-server footprinting?

Leave a Comment / CEHv11 / By gayatriv

Which file is a rich target to discover the structure of website during web-server footprinting? Option 1 : domain.txt Option 2 : Robots.txt Option 3 : index.html Option 4 : Document.root 1. domain.txt File TXT records are a type of Domain Name System (DNS) record that contains text information for sources outside of your domain. You add these records to your domain settings. You can use TXT records for various purposes. Google uses them to verify domain ownership and to ensure email security. You verify your domain …

Which file is a rich target to discover the structure of website during web-server footprinting? Read More »

Taylor, a security professional, uses a tool to monitor her company’s website, analyze the website’s traffic, and track the geographical location of the users visiting the company’s website. Which of the following tools did Taylor employ in the above scenario?

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario?

Course Categories

Quick Menu

Contact us

Recent Posts

Find Us Here