STURTLE SECURITY


Examinaton Portal

C-VA
Best Of Luck For Exam

RESULT'S
YOUR ANSWER'S

1 .) While testing an application, you notice that the server implements rate limiting based
on the X-Forwarded-For header to restrict the number of requests from a single IP. To
bypass this restriction and test for rate limit vulnerabilities, which feature of Burp Suite
can you use to systematically change the X-Forwarded-For header in each request?

Answer : Sequencer

2 .) Suppose you are testing an application that implements content security policy (CSP)
via the Content-Security-Policy HTTP header. You need to evaluate the policy's
effectiveness against XSS attacks by observing how the application behaves when this
header is modified or removed. Which Burp Suite feature would allow you to intercept and
alter HTTP requests and responses in real-time to remove or alter the Content-Security-
Policy header?

Answer : Intruder

3 .) During a penetration test, you intercept a request in Burp Suite and notice that the
application is vulnerable to XML External Entity (XXE) injection. What potential impact
could exploiting this vulnerability have on the target system?

Answer : Information Disclosure

4 .) During a penetration test, you intercept a request in Burp Suite and notice that the
application is vulnerable to Server-Side Template Injection (SSTI). What potential impact
could exploiting this vulnerability have on the target system?

Answer : Server-Side Request Forgery (SSRF)

5 .) During a penetration test, you successfully exploit a vulnerability in the target system
and gain unauthorized access. What should be your immediate next step?

Answer : Report the vulnerability to the vendor.

6 .) While analyzing traffic in Burp Suite, you identify a parameter that is vulnerable to SQL
injection. What could be an appropriate action to validate this vulnerability?
 STURTLE
Answer : Manually modify the parameter SECURITY
to include SQL injection payloads.

Examinaton Portal
7 .) You conduct an Nmap scan and discover that a target server is running an outdated
version of the Apache web server software. What vulnerability might this expose the
server to?

Answer : Remote Code Execution (RCE)

8 .) During a penetration test, you intercept a request in Burp Suite and notice that the
application is vulnerable to Insecure Direct Object References (IDOR). What potential
impact could exploiting this vulnerability have on the target system?

Answer : Unauthorized access to sensitive data

9 .) After running an Nmap scan, you find that a server has port 22 open. What
vulnerability assessment technique could you use to probe for potential weaknesses on
this port?

Answer : Exploitation

10 .) In Burp Suite scan results, you observe that the web application is vulnerable to
Cross-Site Scripting (XSS) attacks via unsanitized user input. Which type of XSS attack
allows an attacker to steal cookies from authenticated users?

Answer : Stored XSS

11 .) After conducting an Nmap scan, you find that a target system has port 1521 open.
What vulnerability might this indicate?

Answer : Vulnerability to Oracle database attacks

12 .) While analyzing HTTP headers in Burp Suite, you identify that the application is not
setting the X-Content-Type-Options header. What vulnerability does this lack of security
control expose the application to?

Answer : Cross-Site Scripting (XSS)

13 .) While analyzing Burp Suite results, you identify a hidden parameter in a web
application's POST request. What potential security issue could this hidden parameter
present?

Answer : Exposure of sensitive information

14 .) After conducting an Nmap scan, you find that a target system has ports 25, 110, and
143 open. What vulnerability might this indicate?

Answer : Vulnerability to POP3/IMAP brute-force attacks

 STURTLE SECURITY
15 .) During a web application penetration test, you observe that the login page does not
implement any session management controls, allowing
Examinaton Portal users to maintain access without
re-authenticating. What vulnerability does this scenario represent?

Answer : Cross-Site Request Forgery (CSRF)

16 .) After running an Nmap scan on the target network, you identify that several systems
have ports 135, 139, and 445 open. What common vulnerability might be exploited on
these systems?

Answer : Heartbleed

17 .) During a penetration test, you intercept a request in Burp Suite and notice that the
application is vulnerable to Insecure Direct Object References (IDOR). What potential
impact could exploiting this vulnerability have on the target system?

Answer : Unauthorized access to sensitive data

18 .) While examining Burp Suite results, you notice that the application's HTTP response
headers lack security-related flags such as X-Frame-Options and Content-Security-Policy.
What type of attack might this vulnerability expose the application to?

Answer : Cross-Site Scripting (XSS)

19 .) You are tasked with auditing a web application for security issues related to session
management. You notice that the Set-Cookie response header from the login page
contains a Secure flag, but lacks the HttpOnly flag. To systematically test the implications
of this configuration for session hijacking and XSS vulnerabilities, which Burp Suite tool
would you use to automate sending of requests while tracking the session cookies?

Answer : Intruder

20 .) You run an Nmap scan and find that a target system has port 1433 open. What
vulnerability might this indicate?

Answer : Microsoft SQL Server Vulnerability

21 .) While analyzing HTTP responses in Burp Suite, you identify that the application is
vulnerable to Server-Side Request Forgery (SSRF). What could be a potential exploitation
scenario based on this vulnerability?

Answer : Accessing internal resources and sensitive files on the server.

22 .) During a penetration test, you intercept a request in Burp Suite and notice that the
application is vulnerable to Server-Side Request Forgery (SSRF). What could be a potential
exploitation scenario based on this vulnerability?

Answer : Accessing internal resources and sensitive files on the server.

 STURTLE SECURITY
23 .) Imagine you are conducting a penetration test and discover that the application
under test relies on custom encryption for data in
Examinaton a specific HTTP header, X-Encrypted-
Portal
Data, for sensitive operations. You wish to decrypt this data to test for potential
vulnerabilities in how the application processes the decrypted information. Which Burp
Suite tool should you use to decode and analyze the X-Encrypted-Data header value?

Answer : Decoder

24 .) You intercept a request in Burp Suite and notice that the application is vulnerable to
XML External Entity (XXE) injection. What kind of attack can be executed through this
vulnerability?

Answer : Remote Code Execution (RCE)

25 .) You intercept a request in Burp Suite and notice that the application is vulnerable to
SQL injection. What type of SQL injection attack would you perform to retrieve sensitive
information from the database?

Answer : Blind SQL Injection

26 .) During a penetration test, you intercept a request in Burp Suite and notice that the
application is vulnerable to XML External Entity (XXE) injection. What kind of attack can be
executed through this vulnerability?

Answer : Remote Code Execution (RCE)

27 .) After conducting an Nmap scan, you find that a target system has port 3389 open.
What vulnerability might this indicate?

Answer : Vulnerability to Remote Desktop Protocol (RDP) brute-force attacks

28 .) After conducting an Nmap scan, you find that a target system has ports 80, 443, and
8080 open. What potential exploitation scenario could you investigate based on these
findings?

Answer : Exploiting an outdated Apache web server running on port 80.

29 .) After conducting an Nmap scan, you find that a target system has port 3306 open.
What vulnerability might this indicate?

Answer : MySQL Database Vulnerability

30 .) You are assessing a web application that employs a strict same-origin policy with
CORS implemented via the Access-Control-Allow-Origin header. To test for
misconfigurations that might allow unauthorized cross-origin requests, which Burp Suite
tool would be most effective for modifying origin headers in requests and observing the
application's responses?
 Answer : Repeater STURTLE SECURITY
Examinaton Portal
31 .) While analyzing HTTP headers in Burp Suite, you notice that the application is not
setting the Secure and HttpOnly flags on session cookies. What vulnerability does this
lack of security controls expose the application to?

Answer : Session Hijacking

32 .) A multinational corporation, renowned for its proprietary software, experiences a

data breach. Upon investigation, it's revealed that an attacker exploited a vulnerability in
the software's outdated third-party library. What should the vulnerability analyst
recommend to prevent similar incidents in the future?

Answer : Increasing employee awareness through cybersecurity training

33 .) After conducting an Nmap scan, you find that a target system has ports 21, 22, and
23 open. What vulnerability might this indicate?

Answer : Vulnerability to unauthorized access through FTP, SSH, and Telnet services

34 .) After conducting an Nmap scan, you discover that a target server has ports 80, 443,
and 8080 open. What could be a potential exploitation scenario based on these findings?

Answer : Exploiting an outdated Apache web server running on port 80.

35 .) During a penetration test, you identify a web page that reflects user input in HTTP
response headers without proper sanitization. You suspect this behavior could be
exploited to perform HTTP Response Splitting attacks. Which of the following Burp Suite
components would be most effective for testing this hypothesis by crafting payloads that
manipulate response headers?

Answer : Repeater

Score
21 / 35

Percentage
60.00%
 

C-VA
Best Of Luck For Exam

RESULT'S
YOUR ANSWER'S

1 .) After conducting an Nmap scan, you find that a target system has port 3306 open.
What vulnerability might this indicate?

Answer : Remote Desktop Protocol (RDP) Vulnerability

2 .) During a penetration test, you identify a web page that reflects user input in HTTP
response headers without proper sanitization. You suspect this behavior could be
exploited to perform HTTP Response Splitting attacks. Which of the following Burp
Suite components would be most effective for testing this hypothesis by crafting
payloads that manipulate response headers?

Answer : Repeater

3 .) During a penetration test, you intercept a request in Burp Suite and notice that
the application is vulnerable to Server-Side Template Injection (SSTI). What potential
impact could exploiting this vulnerability have on the target system?

Answer : Denial of Service (DoS)

4 .) After conducting an Nmap scan, you find that a target system has port 3389 open.
What vulnerability might this indicate?

Answer : Vulnerability to Remote Desktop Protocol (RDP) brute-force attacks

5 .) After conducting an Nmap scan, you find that a target system has port 1521 open.
What vulnerability might this indicate?

Answer : Vulnerability to Oracle database attacks

6 .) While testing an application, you notice that the server implements rate limiting
based on the X-Forwarded-For header to restrict the number of requests from a single
IP. To bypass this restriction and test for rate limit vulnerabilities, which feature of
Burp Suite can you use to systematically change the X-Forwarded-For header in each
request?

Answer : Intruder
7 .) A multinational corporation, renowned for its proprietary software, experiences a
data breach. Upon investigation, it's revealed that an attacker exploited a
vulnerability in the software's outdated third-party library. What should the
vulnerability analyst recommend to prevent similar incidents in the future?

Answer : Outsourcing software development to trusted vendors

8 .) While performing an analysis of a web application through Burp Suite, you notice
the server returns an unusual HTTP header, X-Custom-IP-Authorization, in responses
to specific requests. To further explore potential vulnerabilities, which feature of Burp
Suite should you primarily use to manipulate and resend modified versions of these
requests with various X-Custom-IP-Authorization header values?

Answer : Repeater

9 .) After conducting an Nmap scan, you find that a target system has ports 21, 22,
and 23 open. What vulnerability might this indicate?

Answer : Vulnerability to unauthorized access through FTP, SSH, and Telnet services

10 .) After running an Nmap scan, you find that a server has port 22 open. What
vulnerability assessment technique could you use to probe for potential weaknesses
on this port?

Answer : Network Sniffing

11 .) While examining Burp Suite results, you notice that the application's HTTP
response headers lack security-related flags such as X-Frame-Options and Content-
Security-Policy. What type of attack might this vulnerability expose the application
to?

Answer : Clickjacking

12 .) While analyzing HTTP headers in Burp Suite, you identify that the application is
not setting the X-Content-Type-Options header. What vulnerability does this lack of
security control expose the application to?

Answer : Cross-Site Scripting (XSS)

13 .) During a penetration test, you successfully exploit a vulnerability in the target

system and gain unauthorized access. What should be your immediate next step?

Answer : Gather information and escalate privileges.

14 .) Imagine you are conducting a penetration test and discover that the application
under test relies on custom encryption for data in a specific HTTP header, X-
Encrypted-Data, for sensitive operations. You wish to decrypt this data to test for
potential vulnerabilities in how the application processes the decrypted information.
Which Burp Suite tool should you use to decode and analyze the X-Encrypted-Data
header value?
Answer : Decoder

15 .) While analyzing traffic in Burp Suite, you identify a parameter that is vulnerable
to SQL injection. What could be an appropriate action to validate this vulnerability?

Answer : Manually modify the parameter to include SQL injection payloads.

16 .) During a penetration test, you intercept a request in Burp Suite and notice that
the application is vulnerable to Insecure Direct Object References (IDOR). What
potential impact could exploiting this vulnerability have on the target system?

Answer : Unauthorized access to sensitive data

17 .) You run an Nmap scan and find that a target system has port 1433 open. What
vulnerability might this indicate?

Answer : Microsoft SQL Server Vulnerability

18 .) During a penetration test, you intercept a request in Burp Suite and notice that
the application is vulnerable to XML External Entity (XXE) injection. What potential
impact could exploiting this vulnerability have on the target system?

Answer : Information Disclosure

19 .) During a penetration test, you intercept a request in Burp Suite and notice that
the application is vulnerable to Server-Side Request Forgery (SSRF). What could be a
potential exploitation scenario based on this vulnerability?

Answer : Accessing internal resources and sensitive files on the server.

20 .) During a web application penetration test, you observe that the login page does
not implement any session management controls, allowing users to maintain access
without re-authenticating. What vulnerability does this scenario represent?

Answer : Session Fixation

21 .) While conducting a vulnerability assessment, you discover that the target system
is vulnerable to a buffer overflow attack due to insufficient input validation. What
type of security vulnerability does this represent?

Answer : Denial of Service (DoS)

22 .) You are assessing a web application that employs a strict same-origin policy with
CORS implemented via the Access-Control-Allow-Origin header. To test for
misconfigurations that might allow unauthorized cross-origin requests, which Burp
Suite tool would be most effective for modifying origin headers in requests and
observing the application's responses?
 Answer : Proxy

23 .) Suppose you are testing an application that implements content security policy
(CSP) via the Content-Security-Policy HTTP header. You need to evaluate the policy's
effectiveness against XSS attacks by observing how the application behaves when this
header is modified or removed. Which Burp Suite feature would allow you to
intercept and alter HTTP requests and responses in real-time to remove or alter the
Content-Security-Policy header?

Answer : Proxy

24 .) While analyzing HTTP headers in Burp Suite, you notice that the application is
not setting the Secure and HttpOnly flags on session cookies. What vulnerability does
this lack of security controls expose the application to?

Answer : Session Hijacking

25 .) During a penetration test, you intercept a request in Burp Suite and notice that
the application is vulnerable to Insecure Direct Object References (IDOR). What
potential impact could exploiting this vulnerability have on the target system?

Answer : Unauthorized access to sensitive data

26 .) You run an Nmap scan and find that a target server has port 21 open. What
vulnerability assessment technique could you use to further investigate potential
weaknesses on this port?

Answer : Exploitation

27 .) During a penetration test, you intercept a request in Burp Suite and notice that
the application is vulnerable to XML External Entity (XXE) injection. What kind of
attack can be executed through this vulnerability?

Answer : Remote Code Execution (RCE)

28 .) While analyzing Burp Suite results, you identify a hidden parameter in a web
application's POST request. What potential security issue could this hidden parameter
present?

Answer : Exposure of sensitive information

29 .) While analyzing HTTP responses in Burp Suite, you identify that the application
is vulnerable to Server-Side Request Forgery (SSRF). What could be a potential
exploitation scenario based on this vulnerability?

Answer : Accessing internal resources and sensitive files on the server.

30 .) You conduct an Nmap scan and discover that a target server is running an
outdated version of the Apache web server software. What vulnerability might this
expose the server to?
Answer : Remote Code Execution (RCE)

31 .) You are tasked with auditing a web application for security issues related to
session management. You notice that the Set-Cookie response header from the login
page contains a Secure flag, but lacks the HttpOnly flag. To systematically test the
implications of this configuration for session hijacking and XSS vulnerabilities, which
Burp Suite tool would you use to automate sending of requests while tracking the
session cookies?

Answer : Intruder

32 .) After conducting an Nmap scan, you discover that a target server has ports 80,
443, and 8080 open. What could be a potential exploitation scenario based on these
findings?

Answer : Exploiting an outdated Apache web server running on port 80.

33 .) After running an Nmap scan on the target network, you identify that several
systems have ports 135, 139, and 445 open. What common vulnerability might be
exploited on these systems?

Answer : EternalBlue (MS17-010)

34 .) You intercept a request in Burp Suite and notice that the application is vulnerable
to SQL injection. What type of SQL injection attack would you perform to retrieve
sensitive information from the database?

Answer : Union-based SQL Injection

35 .) After conducting an Nmap scan, you find that a target system has ports 80, 443,
and 8080 open. What potential exploitation scenario could you investigate based on
these findings?

Answer : Exploiting an outdated Apache web server running on port 80.

Score
27 / 35

Percentage
77.14%