CEH v13 Domain 5.3 Practice Test 001

Welcome to this CEH v13 practice test!

This practice test covers Domain 5 (Web Application Hacking) Subdomain 3 (SQL Injection) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link.

CEH v13 Domain 5.3 Practice Test 001

10 questions • 8 single-answer, 2 multi-select

CEH v13 (312-50v13) • Domain 5: Web Application Hacking — Sub-Domain 5.3: SQL Injection

Question 1

A penetration tester inputs ' OR '1'='1 into a login form and successfully bypasses authentication. What type of SQL injection attack is being performed?

A. Blind SQL injection B. Error-based SQL injection C. Authentication bypass SQL injection D. Union-based SQL injection

Question 2

During an assessment, a tester appends UNION SELECT statements to an input field to extract data from other tables. What type of SQL injection is this?

A. Union-based SQL injection B. Blind SQL injection C. Boolean-based SQL injection D. Time-based SQL injection

Question 3

A tester sends payloads that cause the application to respond differently based on true or false conditions without displaying errors. What type of SQL injection is this?

A. Error-based SQL injection B. Union-based SQL injection C. Boolean-based blind SQL injection D. Out-of-band SQL injection

Question 4

An attacker injects a payload that causes a delay in the database response, such as using SLEEP() or WAITFOR DELAY. What type of SQL injection is this?

A. Time-based blind SQL injection B. Error-based SQL injection C. Union-based SQL injection D. Stacked query injection

Question 5

A tester successfully executes multiple SQL statements in a single query by using a semicolon to terminate the original query. What type of SQL injection is this?

A. Stacked query injection B. Union-based injection C. Blind injection D. Boolean injection

Question 6

Select all that apply

A penetration tester is attempting to identify SQL injection vulnerabilities in a web application. Which TWO techniques are commonly used? (Choose two)

A. Input fuzzing with SQL payloads B. Using prepared statements C. Injecting special characters like ' or -- D. Encrypting database connections E. Using parameterized queries

Question 7

An attacker uses DNS requests to exfiltrate data from a database server during a SQL injection attack. What type of SQL injection is this?

A. Blind SQL injection B. Out-of-band SQL injection C. Union-based SQL injection D. Error-based SQL injection

Question 8

A tester receives detailed database error messages after injecting malformed SQL queries. What type of SQL injection does this indicate?

A. Error-based SQL injection B. Blind SQL injection C. Time-based SQL injection D. Boolean-based SQL injection

Question 9

A developer mitigates SQL injection by using parameterized queries. Why is this effective?

A. It encrypts database queries B. It separates SQL code from user input C. It hides database errors D. It limits database connections

Question 10

Select all that apply

An ethical hacker is reviewing defenses against SQL injection. Which TWO measures are effective in preventing SQL injection attacks? (Choose two)

A. Using prepared statements B. Input validation and sanitization C. Allowing dynamic query building D. Displaying detailed error messages E. Disabling HTTPS

Related Posts

Leave a Comment Cancel Reply