Kali Linux Web Attacks Practice Exam: Questions and Answers, Exams of Technology

A practice exam focused on web attacks using kali linux. It includes multiple-choice questions covering various tools and techniques, such as nmap, burp suite, sql injection, and xss, along with detailed explanations for each answer. This resource is designed to help students and professionals test their knowledge and prepare for certifications in cybersecurity and penetration testing. It covers topics like directory brute-forcing, http methods enumeration, and server-side request forgery, offering a comprehensive review of web security concepts and practical applications. The exam also addresses common vulnerabilities and methods to exploit them, making it a valuable tool for hands-on learning and skill development in the field of cybersecurity.

Typology: Exams

2024/2025

Available from 12/03/2025

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 112

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
WEB 200 Web Attacks with Kali Linux Practice
Exam
**Question 1. Which Kali Linux command is used to update the package list before
installing new tools?**
A) apt-get upgrade
B) apt-get update
C) apt-get install
D) apt-get dist-upgrade
Answer: B
Explanation: `apt-get update` refreshes the local package index, ensuring the
latest versions are available for installation.
**Question 2. In Kali, which file stores static hostname-to-IP mappings for local
resolution?**
A) /etc/resolv.conf
B) /etc/hosts
C) /etc/network/interfaces
D) /etc/hostname
Answer: B
Explanation: `/etc/hosts` maps hostnames to IP addresses without querying DNS.
**Question 3. Which VPN client is preinstalled on Kali for connecting to Offensive
Security labs?**
A) OpenVPN
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Kali Linux Web Attacks Practice Exam: Questions and Answers and more Exams Technology in PDF only on Docsity!

Exam

Question 1. Which Kali Linux command is used to update the package list before installing new tools? A) apt-get upgrade B) apt-get update C) apt-get install D) apt-get dist-upgrade Answer: B Explanation: apt-get update refreshes the local package index, ensuring the latest versions are available for installation. Question 2. In Kali, which file stores static hostname-to-IP mappings for local resolution? A) /etc/resolv.conf B) /etc/hosts C) /etc/network/interfaces D) /etc/hostname Answer: B Explanation: /etc/hosts maps hostnames to IP addresses without querying DNS. Question 3. Which VPN client is pre‑installed on Kali for connecting to Offensive Security labs? A) OpenVPN

Exam

B) WireGuard C) Cisco AnyConnect D) SoftEther Answer: A Explanation: Offensive Security labs provide an OpenVPN configuration file for secure access. Question 4. What is the default port for Burp Suite’s proxy listener? A) 8080 B) 80 C) 8443 D) 8888 Answer: A Explanation: Burp Suite’s proxy listens on 127.0.0.1:8080 unless changed. Question 5. Which Burp Suite tab allows you to modify and resend a single HTTP request repeatedly? A) Intruder B) Repeater C) Scanner D) Decoder

Exam

Question 8. When creating a custom wordlist with Crunch, which option defines the minimum password length? A) - l B) - t C) - m D) - s Answer: A Explanation: -l sets the minimum length; -u sets the maximum. Question 9. Which tool is primarily used for recursive directory brute‑forcing on a target URL? A) Wfuzz B) Gobuster C) Nikto D) sqlmap Answer: B Explanation: Gobuster efficiently enumerates directories and files using wordlists. Question 10. In Dirb, what does the -X option specify? A) Proxy server

Exam

B) Extensions to try (e.g., .php,.html) C) Output format D) Verbose mode Answer: B Explanation: -X allows you to append file extensions to each wordlist entry. Question 11. Which Wfuzz mode is best for fuzzing HTTP POST parameters? A) FUZZURL B) FUZZHEADERS C) FUZZPOSTDATA D) FUZZCOOKIES Answer: C Explanation: FUZZPOSTDATA injects payloads into the body of POST requests. Question 12. Hakrawler is used to discover what type of information? A) Open ports B) Hidden form fields C) Site‑wide URLs and parameters D) Database schema Answer: C

Exam

Question 15. Which JavaScript function is commonly used to steal a victim’s cookies in an XSS payload? A) document.write() B) fetch() C) location.href D) document.cookie Answer: D Explanation: document.cookie returns the cookie string, which can be sent to an attacker’s server. Question 16. The Same‑Origin Policy (SOP) restricts which of the following? A) DNS resolution across domains B) Access to cookies, DOM, and XMLHttpRequest between different origins C) TCP connections to other hosts D) SSL certificate validation Answer: B Explanation: SOP isolates web pages so that scripts from one origin cannot read data from another origin. Question 17. Which attribute on a cookie helps mitigate CSRF attacks?

Exam

A) HttpOnly B) Secure C) SameSite D) Path Answer: C Explanation: SameSite instructs browsers not to send the cookie with cross‑site requests, reducing CSRF risk. Question 18. In a CSRF attack, the malicious request is typically triggered by which user action? A) Clicking a link on the attacker’s site B) Entering credentials on the target site C) Running a local script on the victim’s machine D) Opening an email attachment Answer: A Explanation: The attacker lures the victim to visit a page that automatically sends a forged request to the target. Question 19. Which CORS response header indicates which origins are allowed to access the resource? A) Access-Control-Allow-Methods B) Access-Control-Allow-Origin

Exam

Answer: B Explanation: UNION merges the output of two SELECT queries, allowing an attacker to inject additional rows. Question 22. In error‑based SQL injection, what does the attacker look for? A) HTTP 404 responses B) Database error messages in the page output C) DNS timeout logs D) SSL handshake failures Answer: B Explanation: Database errors often reveal information about the underlying query structure. Question 23. Which sqlmap command option enables enumeration of database tables? A) --tables B) --columns C) --dump D) --search Answer: A Explanation: --tables tells sqlmap to list all tables in the identified database.

Exam

Question 24. When performing a stacked query SQL injection on MySQL, which character separates individual statements? A) ; (semicolon) B) && (double ampersand) C) || (double pipe) D) ## (double hash) Answer: A Explanation: MySQL allows multiple statements in one query when separated by semicolons, provided the server permits it. Question 25. Which HTTP header can be abused to perform a Server‑Side Template Injection (SSTI) in some frameworks? A) User-Agent B) X-Forwarded-For C) Referer D) All of the above Answer: D Explanation: Many template engines render data from any header, so any of these can be a vector for SSTI.

Exam

B) 10.0.0.

C) 169.254.169.

D) 192.168.1.

Answer: C Explanation: 169.254.169.254 hosts metadata services on many cloud providers. Question 29. Which template engine uses the syntax {{ variable }} and is vulnerable to SSTI if user input is rendered directly? A) Mustache B) Twig C) Handlebars D) All of the above Answer: D Explanation: All listed engines use double‑curly braces for variable interpolation and can be abused when rendering untrusted input. Question 30. When exploiting command injection, which of the following payloads safely tests for injection on a Linux system? A) ; id B) && cat /etc/passwd C) | whoami

Exam

D) All of the above Answer: D Explanation: Each payload appends a benign command (id, whoami) to verify command execution. Question 31. In Insecure Direct Object Reference (IDOR), what is the primary flaw? A) Lack of input validation on file uploads B) Direct exposure of internal identifiers without proper authorization checks C) Use of weak encryption keys D) Missing CSRF tokens Answer: B Explanation: IDOR occurs when an application trusts a user‑supplied object identifier without verifying the user’s rights. Question 32. Which Burp Suite feature can automatically compare two HTTP responses to highlight differences? A) Repeater B) Intruder C) Comparer D) Decoder Answer: C

Exam

Question 35. Which of the following is NOT a typical payload type in Burp Intruder? A) Sniper B) Battering ram C) Pitchfork D) Catapult Answer: D Explanation: Burp Intruder provides Sniper, Battering ram, Pitchfork, and Clusterbomb; “Catapult” does not exist. Question 36. Which command disables the proxy intercept in Burp Suite’s Proxy tab? A) Ctrl+I B) Ctrl+R C) Ctrl+U D) Ctrl+Shift+I Answer: A Explanation: Ctrl+I toggles the intercept on/off. Question 37. In sqlmap, the option --risk=3 does what? A) Increases the number of concurrent threads

Exam

B) Enables more aggressive payloads that may be less reliable C) Lowers the timeout for each request D) Forces use of HTTPS only Answer: B Explanation: Higher risk levels allow sqlmap to try more intrusive, potentially unstable payloads. Question 38. Which HTTP method is commonly used to test for unsafe CORS configurations because it can include a pre‑flight request? A) GET B) POST C) HEAD D) OPTIONS Answer: D Explanation: Browsers send an OPTIONS pre‑flight request for non‑simple methods, exposing CORS headers. Question 39. Which Kali tool can be used to generate a reverse shell payload for Windows using PowerShell? A) msfvenom B) setoolkit C) netcat

Exam

Answer: C Explanation: HPP exploits how some back‑ends handle multiple instances of the same parameter, potentially altering logic. Question 42. Which Burp Suite extension helps automate detection of common XSS payload reflections? A) Autorize B) HackBar C) XSS Validator D) Active Scan++ Answer: C Explanation: “XSS Validator” (or similar extensions) automatically injects XSS payloads and checks for reflection. Question 43. In a CORS pre‑flight request, which header indicates the HTTP method the actual request will use? A) Access-Control-Request-Method B) Access-Control-Request-Headers C) Origin D) Referer Answer: A

Exam

Explanation: Access-Control-Request-Method tells the server which method (e.g., PUT, DELETE) the real request intends to use. Question 44. Which of the following is an effective way to bypass a basic authentication prompt using Burp Suite? A) Intercept the request, add Authorization: Basic <base64> header, and forward B) Change the HTTP method to HEAD C) Use a DNS rebinding attack D) Disable JavaScript in the browser Answer: A Explanation: Adding a correctly encoded Authorization header supplies the credentials the server expects. Question 45. Which Nmap timing template provides the fastest scan while still being reliable for most networks? A) - T0 (Paranoid) B) - T2 (Polite) C) - T4 (Aggressive) D) - T5 (Insane) Answer: C Explanation: -T4 balances speed and reliability; -T5 can cause packet loss on many networks.