CEH v13 Domain 5.1 Practice Test 003

This practice test covers Domain 5 (Web Application Hacking) Subdomain 1 (Hacking Web Servers) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 5.1 Practice Test 003

10 questions • 8 single-answer, 2 multi-select

Question 1

Kevin, a red team operator targeting a mid-sized financial services firm, connects to the target web server on port 80 using Netcat and issues an HTTP HEAD request. The server responds with headers that reveal the software name, version number, and underlying operating system. Which web server attack methodology step is Kevin performing?

A. Banner Grabbing B. Directory Traversal C. HTTP Response Splitting D. Web Cache Poisoning

Question 2

Jane, a penetration tester hired by a mid-sized e-commerce company, notices that the web server fails to properly sanitize user-supplied input in file path parameters. She crafts a request using '../../etc/passwd' sequences to navigate outside the web root and retrieve sensitive system files. Which web server attack technique is Jane exploiting?

A. Web Cache Poisoning B. Directory Traversal C. HTTP Response Splitting D. SSH Brute Force

Question 3

An enterprise web application security team reviewing server logs discovers that an attacker injected carriage return (CR) and line feed (LF) characters into an HTTP response header field. The injected characters allowed the attacker to terminate the first response and craft a second HTTP response containing malicious content. Which web server attack technique describes this behavior?

A. Directory Traversal B. Web Cache Poisoning C. HTTP Response Splitting D. DNS Server Hijacking

Question 4

Elijah, a black-hat attacker, uses Metasploit to exploit an unpatched remote code execution vulnerability in a company's Apache web server and obtains an interactive shell. He then replaces the server's index.html with a politically motivated message visible to all website visitors. Which type of web server attack has Elijah carried out?

A. Web Server Misconfiguration B. DNS Server Hijacking C. Website Defacement D. Session Hijacking

Question 5

A security analyst is assessing a newly deployed IIS web server before it is promoted to production. She runs Nikto against the target and receives findings that include outdated server software, enabled directory browsing, and the presence of default IIS installation files. Which web server attack methodology phase does this activity represent?

A. Vulnerability Scanning B. Banner Grabbing C. Website Mirroring D. Web Server Password Cracking

Question 6

A cloud-hosted Apache web server in a retail company's AWS environment has directory listing enabled and exposes its default server configuration files via a direct HTTP GET request. A threat actor discovers these weaknesses without any special tools and begins mapping the server's internal structure. Which web server vulnerability is being exploited?

A. HTTP Response Splitting B. Web Server Misconfiguration C. DNS Cache Poisoning D. Cross-Site Request Forgery

Question 7

A penetration tester performing a web server assessment uses HTTrack to download a complete local copy of the target organization's public website. He then analyzes the site's directory structure, file naming patterns, and HTML comments offline to identify potential attack vectors. Which web server attack methodology step is being performed?

A. Banner Grabbing B. Website Mirroring C. Vulnerability Scanning D. Session Hijacking

Question 8

Select all that apply

During a red team engagement, the security team identifies two distinct attack vectors targeting the organization's web server infrastructure. The first involves injecting specially crafted HTTP headers to corrupt the shared reverse proxy cache and serve malicious responses to legitimate users, while the second involves altering DNS A records for the web server's domain to silently redirect all traffic to an attacker-controlled host. Which two attack techniques are being described? (Choose two)

A. Directory Traversal B. Web Cache Poisoning C. DNS Server Hijacking D. HTTP Response Splitting E. SSH Brute Force

Question 9

Sophia, a red team operator, has gathered a list of probable credentials during an OSINT phase and identifies that the target web server has its SSH management port exposed to the internet. She uses Hydra to automate systematic login attempts against the SSH service using each credential pair in her list. Which web server attack technique is Sophia employing?

A. Session Hijacking B. SSH Brute Force C. HTTP Response Splitting D. Directory Traversal

Question 10

Select all that apply

A web server hardening team implements two specific controls after a recent penetration test: all HTTP responses are configured to suppress the 'Server' header, and directory browsing is disabled on all virtual hosts. These countermeasures are intended to prevent attackers from collecting specific types of information during the web server attack methodology reconnaissance phase. Which two attack techniques are directly mitigated by these controls? (Choose two)

A. Banner Grabbing B. HTTP Response Splitting C. Directory Listing Exploitation D. Web Cache Poisoning E. DNS Server Hijacking

Related Posts

Leave a Comment Cancel Reply