Certified Ethical Hacker Session Hijacking and Evading IDS Firewalls

Question 1

Which type of session hijacking intercepts a session between two parties without requiring prediction of a sequence number?

Accepted Answer

Passive Hijacking

Answer

Blind Hijacking

Answer

Active Hijacking

Answer

UDP Hijacking

Question 2

What is the primary goal of TCP session hijacking?

Accepted Answer

To take over an established TCP connection

Answer

To crash the target server

Answer

To decrypt TLS traffic

Answer

To perform a SYN flood attack

Question 3

Which tool is commonly used for session hijacking and man-in-the-middle attacks on a LAN?

Accepted Answer

Ettercap

Answer

Nmap

Answer

Nikto

Answer

Nessus

Question 4

What countermeasure best prevents session hijacking caused by predictable session tokens?

Accepted Answer

Using long, randomly generated session IDs

Answer

Disabling cookies

Answer

Enforcing password complexity

Answer

Enabling ICMP filtering

Question 5

Which attack technique do attackers use to steal session cookies by injecting a script into a vulnerable web application?

Accepted Answer

Cross-Site Scripting (XSS)

Answer

SQL Injection

Answer

CSRF

Answer

Command Injection

Question 6

What is 'IP spoofing' used for in the context of session hijacking?

Accepted Answer

Masquerading as a trusted host to hijack a TCP session

Answer

Encrypting session data

Answer

Bypassing firewall rules via port forwarding

Answer

Amplifying DoS traffic