CEH v13 Domain 5.1 Practice Test 004

By /

This practice test covers Domain 5 (Web Application Hacking) Subdomain 1 (Hacking Web Servers) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 5.1 Practice Test 004
10 questions • 8 single-answer, 2 multi-select
Question 1
Clark targets a corporate Apache host and queries its banner, response headers, and error pages to learn the exact software version. He then maps each disclosed version to known CVEs before launching an exploit. Which activity is Clark performing?
    Question 2
    Jane discovers that a target site accepts requests like /../../etc/passwd and returns system file contents. She realizes the server fails to sanitize dot-dot-slash sequences in the path. Which attack does this represent?
      Question 3
      Select all that apply
      A penetration tester wants to enumerate hidden admin pages, backup files, and config directories on a target web server. He needs a tool that brute-forces common file and folder names against the HTTP service. Which tools fit this goal? (Choose two)
        Question 4
        Kevin finds that an outdated IIS server allows uploading an .aspx file to a writable directory that the engine then executes. He uploads a malicious script and gains remote command execution on the host. Which weakness did Kevin exploit?
          Question 5
          Elijah notices a server returns different responses when he submits a header with a trailing CRLF, letting him inject a second crafted response. Downstream caches then serve his forged content to other users. Which attack is Elijah leveraging?
            Question 6
            A security analyst reviews logs and finds an attacker poisoned a shared proxy so that one malicious page is served to many visitors. The attacker manipulated cache keys to store harmful content under a trusted URL. Which attack does this describe?
              Question 7
              Clark intercepts traffic and replaces legitimate site content by exploiting a server misconfiguration that lets him alter the homepage. The organization later sees its index page replaced with attacker messaging. Which web server attack outcome is this?
                Question 8
                Select all that apply
                A penetration tester wants to harden a web server after assessment and recommends measures that reduce attack surface and information disclosure. The team asks which controls directly counter footprinting and exploitation. Which measures should the tester recommend? (Select all that apply)
                  Question 9
                  Kevin uses a scanner that crawls a target web server and flags outdated software, dangerous default files, and known misconfigurations specific to HTTP services. He chooses a classic open-source tool built for this exact purpose. Which tool is Kevin most likely using?
                    Question 10
                    Jane compromises a server, then deletes entries from the access and error logs to erase evidence of her intrusion. She wants to delay detection and frustrate later forensic review. Which post-attack step is Jane performing?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top