CEH v13 Domain 4.4 Practice Test 002

Question 1

A penetration tester assessing a retail web application discovers that the application generates session tokens using a predictable algorithm based on the username concatenated with a Unix timestamp. The tester can compute valid session tokens for other authenticated users and impersonate them without knowing their passwords. Which session hijacking technique is the tester exploiting?

A. Cross-Site Request Forgery (CSRF) B. Session Token Prediction C. Session Fixation D. Man-in-the-Middle (MITM) Attack

Question 2

Clark is conducting a black-box web application assessment and injects a malicious JavaScript payload into a vulnerable comment field that reads document.cookie and transmits the value to an external server he controls. Once a victim administrator logs in and views the page, Clark receives the admin's session cookie in his collection server's log and uses it to authenticate as the admin. Which attack type did Clark perform?

A. Session Fixation B. Clickjacking C. Cross-Site Scripting (XSS) for Session Hijacking D. SQL Injection

Question 3

Select all that apply

A security analyst is demonstrating network-level session hijacking during an enterprise red team exercise on a flat, unsegmented LAN where ARP-based traffic interception is feasible. The analyst needs to capture and replay valid TCP session tokens traversing the wire to illustrate the risk to the security team. Which TWO tools would be MOST appropriate for capturing and exploiting active network-level sessions in this scenario? (Choose two)

A. Hamster and Ferret B. Metasploit Framework C. Nmap D. Ettercap with ARP poisoning E. Burp Suite Intruder

Question 4

Elijah discovers that a banking web application does not regenerate the session ID upon successful authentication, allowing a pre-authentication session token to remain valid post-login. He tricks a victim into clicking a crafted URL that pre-sets a known session ID, then waits for the victim to authenticate before using that same session ID to access the victim's account. Which attack technique did Elijah execute?

A. Cross-Site Request Forgery (CSRF) B. Session Sidejacking C. Session Fixation D. Cookie Poisoning

Question 5

During a wireless security assessment at a coffee shop, a security analyst positions herself on the open Wi-Fi network and uses Ferret to sniff traffic and Hamster to replay captured cookies, successfully intercepting HTTP session tokens transmitted by a nearby user's browser. She replays the captured cookies in her own browser and gains full access to the victim's webmail account without knowing the user's password. Which session hijacking technique is being demonstrated?

A. Network-Level TCP Sequence Number Hijacking B. Session Fixation C. Session Sidejacking D. Man-in-the-Browser (MitB) Attack

Question 6

A cloud-based SaaS application's development team is reviewing their session management implementation after a penetration test revealed that session cookies were accessible via JavaScript and were transmitted over both HTTP and HTTPS connections. The security team wants to implement two cookie attributes that prevent client-side script access to the cookie and ensure it is only sent over encrypted connections. Which combination of cookie attributes should the team configure?

A. SameSite=Strict and Path=/ B. HttpOnly and Secure C. Domain=.example.com and Max-Age=3600 D. Expires and SameSite=Lax

Question 7

Jane is performing an advanced red team exercise on an internal corporate network where she intercepts a Telnet session between a system administrator and a legacy router using Ettercap to perform ARP poisoning and become the man-in-the-middle. She analyzes the TCP sequence and acknowledgment numbers of the ongoing session and injects crafted packets with the correct sequence numbers to send unauthorized commands to the legacy router. Which type of session hijacking is Jane performing?

A. Application-Level Session Hijacking via Cookie Theft B. Network-Level TCP Session Hijacking C. Session Fixation Attack D. Cross-Site Scripting (XSS) Session Theft

Question 8

Select all that apply

An enterprise security architect is reviewing countermeasures to prevent session hijacking attacks against the organization's internal web applications after a red team successfully hijacked multiple admin sessions using both network sniffing and XSS techniques. The architect wants to implement controls that protect session tokens both in transit and against client-side JavaScript theft while also limiting the exposure window of any compromised token. Which TWO countermeasures would MOST effectively reduce session hijacking risk in this environment? (Choose two)

A. Enforcing HTTPS with HTTP Strict Transport Security (HSTS) B. Using long-lived, non-expiring session tokens to avoid frequent re-authentication C. Implementing short session token expiration with automatic regeneration after authentication D. Setting HttpOnly and Secure flags on all session cookies E. Allowing concurrent sessions from multiple geographic locations without restriction

Question 9

A web application penetration tester uses Burp Suite's Sequencer tool to analyze the randomness of session tokens issued by a healthcare portal that stores sensitive patient records. The Sequencer captures thousands of tokens and performs statistical entropy analysis, revealing that the tokens contain only 32 bits of effective entropy instead of the recommended 128 bits. Which attack is this low entropy level MOST likely to facilitate?

A. Cross-Site Request Forgery (CSRF) B. Brute-Force Session Token Prediction C. SQL Injection via Session Parameters D. XML External Entity (XXE) Injection

Question 10

A threat actor compromises a victim's workstation by installing a malicious browser extension that hooks into the browser process, monitoring all HTTP requests and responses to automatically extract session tokens and authentication cookies as the victim browses their online banking portal. Unlike traditional network sniffing, this attack intercepts data within the browser process after TLS decryption has already occurred, rendering HTTPS and certificate pinning ineffective as defenses. Which session hijacking technique does this represent?

A. Session Sidejacking via Wireless Sniffing B. Man-in-the-Browser (MitB) Attack C. Cross-Site Scripting (XSS) Cookie Theft D. SSL Stripping Attack

ByThe Test Master

Related Post

CEH v13 Domain 4.5 Practice Test 002

CEH v13 Domain 4.3 Practice Test 002

CEH v13 Domain 4.1 Practice Test 002