CEH - Certified Ethical Hacker Practice Questions: Hacking Web Servers Domain

Published: June 9, 2025 | 5 min read

Test your CEH - Certified Ethical Hacker knowledge with 5 practice questions from the Hacking Web Servers domain. Includes detailed explanations and answers.

CEH - Certified Ethical Hacker Practice Questions

Master the Hacking Web Servers Domain

Test your knowledge in the Hacking Web Servers domain with these 5 practice questions. Each question is designed to help you prepare for the CEH - Certified Ethical Hacker certification exam with detailed explanations to reinforce your learning.

Question 1

You are conducting a penetration test on a web server and find that it is vulnerable to the Heartbleed bug. Which of the following actions should you recommend to rectify this issue?

A) Disable SSL altogether

B) Update OpenSSL to a version patched against Heartbleed

C) Restrict access to the server using IP whitelisting

D) Use a web application firewall to block exploitation attempts

Show Answer & Explanation

Correct Answer: B

Explanation: Updating OpenSSL to a version that is patched against Heartbleed is the correct way to address the vulnerability. Disabling SSL would compromise data security, IP whitelisting doesn't address the root cause, and a web application firewall is not a permanent solution for this vulnerability.

Question 2

You are tasked with testing the security of a web server that may have directory traversal vulnerabilities. What is the best approach to verify this vulnerability?

A) Attempt to upload a malicious script and execute it

B) Use a web proxy to modify requests and attempt to access sensitive files using '../' sequences

C) Use a SQL injection tool to test database security

D) Run a denial-of-service attack to check server resilience

Show Answer & Explanation

Correct Answer: B

Explanation: Using a web proxy to modify requests allows you to test for directory traversal by manually inserting directory traversal sequences (e.g., '../') to access sensitive files. This is a direct way to check for such vulnerabilities. Uploading scripts or performing DoS attacks are not appropriate for this specific test, and SQL injection testing is unrelated.

Question 3

A client reports that their web server is vulnerable to the 'Shellshock' bug. Which component is primarily affected by this vulnerability?

A) Apache HTTP Server

B) Bash Shell

C) OpenSSL

D) PHP Script

Show Answer & Explanation

Correct Answer: B

Explanation: The 'Shellshock' bug is a vulnerability in the Bash shell, which can be exploited via CGI scripts on web servers to execute arbitrary commands.

Question 4

Which of the following measures can help mitigate the risk of cross-site request forgery (CSRF) attacks?

A) Using strong passwords

B) Implementing HTTPS

C) Validating user input

D) Using anti-CSRF tokens

Show Answer & Explanation

Correct Answer: D

Explanation: CORRECT: Anti-CSRF tokens prevent CSRF attacks by ensuring that requests are legitimate and originate from the authenticated user. OPTION A: Strong passwords do not prevent CSRF attacks. OPTION B: Implementing HTTPS secures data in transit but does not prevent CSRF. OPTION C: Validating user input is important but does not specifically prevent CSRF. OPTION D: Using anti-CSRF tokens is correct for mitigating CSRF attacks.

Question 5

Which of the following best describes a zero-day vulnerability?

A) A vulnerability that has been patched by the vendor

B) A vulnerability that is publicly known but not yet patched

C) A vulnerability that is privately known and not yet patched

D) A vulnerability that has been exploited in the wild

Show Answer & Explanation

Correct Answer: C

Explanation: CORRECT: A zero-day vulnerability is a security flaw that is known to attackers but has not been patched by the vendor. OPTION A: A vulnerability that has been patched is not a zero-day. OPTION B: A publicly known vulnerability is not necessarily a zero-day if it has been patched. OPTION D: A vulnerability exploited in the wild may or may not be a zero-day, depending on patch status. OPTION D: A vulnerability exploited in the wild may or may not be a zero-day, depending on patch status.

Ready to Accelerate Your CEH - Certified Ethical Hacker Preparation?

Join thousands of professionals who are advancing their careers through expert certification preparation with FlashGenius.

  • ✅ Unlimited practice questions across all CEH - Certified Ethical Hacker domains
  • ✅ Full-length exam simulations with real-time scoring
  • ✅ AI-powered performance tracking and weak area identification
  • ✅ Personalized study plans with adaptive learning
  • ✅ Mobile-friendly platform for studying anywhere, anytime
  • ✅ Expert explanations and study resources
Start Free Practice Now

Already have an account? Sign in here

About CEH - Certified Ethical Hacker Certification

The CEH - Certified Ethical Hacker certification validates your expertise in hacking web servers and other critical domains. Our comprehensive practice questions are carefully crafted to mirror the actual exam experience and help you identify knowledge gaps before test day.

📘 Looking for the full study guide?
Check out our comprehensive guide: CEH Mock Exam Mastery: Practice Questions & Insights