Q.1 HTTP uses which of the following handshake mechanism?
A. Intruder
B. Sequencer
C. TLS Handshake
D. SSL Handshake
Ans : TLS Handshake
Q.2 Which of the following component of Burp Suite enables to test the randomness of session tokens?
A. Sequencer
B. Scanner
C. Analyser
D. Intruder
Ans : Sequencer
Q.3 The Request body can be changed in the “HTTP History Tab”.
A. True
B. False
Ans : False
Q.4 HTTP is a stateless protocol. How does HTTP achieve this?
A. HTTP Cookies
B. Variables
C. URL rewriting
D. Server Side Sessions
E. All the above options
Ans : All the above options
Q.5 Under which subtab of the Proxy tab are proxy details configured to be the same as the browser proxy, so that both request and response can be captured?
A. Options
B. Intercept
C. HTTP History
D. WebSockets History
Ans : Options
Q.6 Which of the following is used to automatically identify flaws?
A. Sequencer
B. Scanner
C. Comparer
D. Target
Ans : Sequencer
Q.7 If there are five payloads with three parameters each, how many requests will a sniper make?
A. Five
B. One
C. Three
D. Fifteen
Ans : Fifteen
Q.8 Intercept can be used to change a request body.
A. True
B. False
Ans : True
Q.9 You can check the response in Intercept tab.
A. True
B. False
Ans : False
Q.10 Which of the following intruder attack uses single payload sets?
A. Sniper and Battering Ram
B. Pitchfork
C. Cluster Bomb and Battering Ram
D. Pitchfork and Cluster Bomb
Ans : Pitchfork and Cluster Bomb
Q.11 Which of the following intruder attack uses a single payload set by enumerating all the parameters in a single request using the same payload?
A. Battering Ram
B. Cluster Bomb
C. Sniper
D. Pitchfork
Ans : Battering Ram
Q.12 Spidering is also known as ____________.
A. Crawling
B. Sequencing
C. Scanning
D. Intruding
Ans : Crawling
Q.13 Which of the following can perform all possible combination of attacks?
A. Sniper
B. Battering Ram
C. Pitchfork
D. Cluster Bomb
Ans : Cluster Bomb
Q.14 Which of the following is used for manual footprinting?
A. Target
B. FalseProxy
C. Spider
D. All of these
Ans : Target
Q.15 Which of the following option is applicable for “Action” control for the panel in intercepting request?
A. It is used to check the proxy history and on the intercepted responses
B. This shows a menu of available actions that can be performed on the currently displayed message
C. It is used to abandon the message so that it is not forwarded
D. It is used to review and edit the message to send the message on to the server or browser
Ans : This shows a menu of available actions that can be performed on the currently displayed message
Q.16 What is the task of the Forward control when intercepting a Burp Suite request?
A. Edits the message
B. Adds a comment to enable easy identification later
C. Displays a menu of available actions that can be performed on the currently displayed message
D. Toggles all interceptions
Ans : Edits the message
Q.17 Where can responses be viewed in Burp Suite?
A. HTTP History
B. Intercept Tab
C. Option Tab
D. None of the options
Ans : Intercept Tab
Q.18 What happens when Intercept is off?
A. The request will hit the Proxy
B. The request will hit the server
C. Hit the proxy
Ans : The request will hit the server
Q.19 Which of the following statement is true about a cluster bomb attack?
A. Cluster bomb attacks iterate through all payload sets simultaneously
B. It uses multiple payload sets, and the total number of requests generated by the attack is the product of the number of payloads
C. It uses multiple payload sets
D. The total number of requests generated by the attack is the product of the number of payloads
Ans : It uses multiple payload sets
Q.20 What is the task of the Comment control when intercepting a Burp Suite request?
A. Adds a comment to enable easy identification later
B. Edits the message
C. Displays a menu of available actions that can be performed on the currently displayed message
D. Toggles all interceptions
Ans : Displays a menu of available actions that can be performed on the currently displayed message
Q.21 Which of the following attacks with a single payload?
A. Cluster Bomb
B. Pitchfork
C. Battering Ram
D. None of the options
Ans : Battering Ram
Q.22 The ”HTTP History Tab” captures all host URLs.
A. True
B. False
Ans : True
Q.23 A site map helps to capture a specified URL.
A. True
B. False
Ans : True
Q.24 What is the role of a Sequencer in request manipulation in Burp Suite?
A. Check the strength of random values
B. Check the strength of random values, and define the application’s status in terms of sessions
C. Define the application’s status in terms of sessions
D. Maintain the application performance for virus security
Ans : Define the application’s status in terms of sessions
Q.25 Which of the following option enables to identify flaws automatically?
A. Sequencer
B. Scanner
C. Comparer
D. Target
Ans : Sequencer
Q.26 When Intercept is on, the request will hit the _______.
A. Server
B. Burp Proxy
C. None of the options
Ans : Burp Proxy
Q.27 What are the steps to be taken when Burp does not intercept HTTPS requests?
A. Check browser configuration
B. Request additional memory for Burp by starting Burp from the command line using the -Xmx argument
C. Install Burp’s CA certificate in the browser
D. Run the Burp scanner multiple times
Ans : Install Burp’s CA certificate in the browser
Q.28 comparer can be used to compare both words and bytes.
A. True
B. False
Ans : True
Q.29 When intercept is on you can?
A. drop a request
B. forward a request
C. both option A & B
D. none of the above
Ans : both option A & B
Q.30 The request body can be changed in the http history tab.
A. True
B. False
Ans : False
Q.31 The “s” in https stands for:
A. security
B. surety
C. secure
D. safety
Ans : security
Q.32 Which of the following component of burp suite is used to inspect and modify traffic between a browser and the target applications?
A. Spider
B. Proxy
C. Intruder
D. Scanner
Ans : Proxy
Q.33 Which of the following intruder attack uses multiple payload sets?
A. Sniper and Battering Ram
B. Pitchfork
C. Cluster Bomb and Battering Ram
D. Pitchfork and Cluster Bomb
Ans : Pitchfork and Cluster Bomb
Q.34 Which of the following application is about extending burp proxy?
A. for testing multiple extensions
B. it is used to modify the http request easily
C. it is better to be used in web application hacking
D. all of the above
Ans : all of the above
Q.35 The session and token id can be changed by using sequencer.
A. True
B. False
Ans : False
Q.36 Which of the following burp suite tool is used for web application mapping?
A. Scanner
B. Proxy
C. Spider
D. None
Ans : Spider
Q.37 If there are eight payloads with two parameters each how many requests will a battering ram make?
A. 24
B. 1
C. 2
D. 8
Ans : 8
Q.38 What is the role of the do intercept command for http messages?
A. It displays the HTTP status code of the current request
B. It is responsible for interception of the request
C. It enables to quickly add an interception rule and prevent future interception of messages
D. none of the above
Ans : It is responsible for interception of the request
Q.39 ssl handshake is used in http.
A. True
B. False
Ans : False
