EMT Practice Test

1. Question Content...


Question List

Question1: A robots.txt file tells the search engine crawlers about the URLs which the crawler can access on your site.
Which of the following is true about robots.txt?

Question2: Which of the following attributes is NOT used to secure the cookie?

Question3: A website administrator forgot to renew the TLS certificate on time and as a result, the application is now displaying a TLS error message. However, on closer inspection, it appears that the error is due to the TLS certificate expiry.
Which of the following is correct?

Question4: Which of the following is considered as a safe password?

Question5: Which of the following is NOT an asymmetric key encryption algorithm?

Question6: In the screenshot below, an attacker is attempting to exploit which vulnerability?
POST /upload.php HTTP/1.1
Host: example.com
Cookie: session=xyz123;JSESSIONID=abc123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW Content-Length: 12345 Connection: keep-alive Content-Disposition: form-data; name="avatar"; filename="malicious.php" Content-Type: image/jpeg
<?php
phpinfo();
?>

Question7: The following request is vulnerable to Cross-Site Request Forgery vulnerability.
POST /changepassword HTTP/2Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0) Gecko/20100101 Firefox/107.0 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec- Fetch-Site: same-origin Cookie: JSESSIONID=38RC5ECV10785B53AF19816E92E2E50 Content-Length: 95 new_password=lov3MyPiano23&confirm_password=lov3MyPiano23

Question8: Based on the screenshot below, which of the following statements is true?
Request
GET /userProfile.php?sessionId=7576572ce164646de967c759643d53031 HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=7576572ce164646de967c759643d53031 Te: trailers Connection: keep-alive PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 200 OK Date: Fri, 09 Dec 2022 11:42:27 GMT Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 12746 Content-Type: text/html; charset=UTF-8 Connection: keep-alive Set-Cookie: JSESSIONID=7576572ce164646de967c759643d53031; Path=/; HttpOnly
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Example Domain</title>
</head>
<body style="background-color:#f0f0f2; margin:0; padding:0; font-family: -apple-system, system-ui, BlinkMacSystemFont, 'Segoe UI', 'Open Sans', 'Helvetica Neue', Helvetica, Arial, sans-serif;">
<p style="...">...</p>
</body>
</html>

Question9: A website administrator forgot to renew the TLS certificate on time and as a result, the application is now displaying a TLS error message. However, on closer inspection, it appears that the error is due to the TLS certificate expiry.
In the scenario described above, which of the following is correct?

Question10: Which of the following is NOT a symmetric key encryption algorithm?

Question11: Which HTTP header is used by the CORS (Cross-origin resource sharing) standard to control access to resources on a server?

Question12: In the context of a Dependency Confusion Attack, which of the following files is analyzed for determining potential private packages?

Question13: Which of the following Google Dorks can be used for finding directory listing on victim-app.com?

Question14: Which of the following is correct?

Question15: After purchasing an item on an e-commerce website, a user can view their order details by visiting the URL:
https://example.com/?order_id=53870
A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id. This attack is known as:

Question16: Based on the below HTTP request, which of the following statements is correct?
POST /changepassword HTTP/2
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50 Content-Length: 95 new_password=usher!@22&confirm_password=usher!@22

Question17: Salt is a cryptographically secure random string that is added to a password before it is hashed. In this context, what is the primary objective of salting?

Question18: Determine the primary defense against a SQL injection vulnerability

Question19: In the context of NoSQL injection, which of the following is correct?
Statement A: NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren't using the traditional SQL syntax.
Statement B: NoSQL database calls are written in the application's programming language, a custom API call, or formatted according to a common convention (such as XML, JSON, LINQ, etc).

Question20: Based on the below request/response, which of the following statements is true?
Send
GET
/dashboard.php?purl=http://attacker.com HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50 Te: trailers Connection: keep-alive PrettyRaw | Hex | php | curl | ln | Pretty HTTP/1.1 302 Found 2022-12-03 17:38:18 GMT Date: Sat, 03 Dec 2022 17:38:18 GMT Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25 X-Powered-By: PHP/8.0.25 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Connection: keep-alive Location:
http://attacker.com
Set-Cookie: JSESSIONID=38C5ECV10785B53AF29816E92E2E50; Path=/; HttpOnly

Question21: The DNS entries forwww.ironman.comandwww.hulk.comboth point to the same IP address i.e., 1.3.3.7. How does the web server know which web application is being requested by the end user's browser?

Question22: Which of the following hashing algorithms is considered to be the most secure amongst these?

Question23: While performing a security audit of a web application, you discovered an exposed docker-compose.yml file.
What is the significance of this file and what data can be found in it?

Question24: After purchasing an item on an e-commerce website, a user can view his order details by visiting the URL:
https://example.com/order_id=53870
A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id.
Which of the following is correct?

Question25: Based on the screenshot above, which of the following is the most true?
Screenshot
![Login Form]
coder@viewer
User does not exist
[Password field]
Forget password?
[Login button]
Not yet member? Sign now

Question26: The payload {{7*7}} can be used for determining which of the following vulnerabilities?

Question27: In the screenshot below, which of the following is incorrect?
Target: https://example.com
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 18:03:49 GMT
Server: Apache
Vary: Cookie
X-Powered-By: PHP/5.4.5-5
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Cookie: JSESSIONID=1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789; secure; HttpOnly; SameSite=None