Skip to content

India
info@praptipatil.com
Tue - Sun | 9:00 AM to 10:00 PM

info@praptpatil.com
India

PRAPTI PATIL

Menu

Home
Blogs
- Case Studies
- News
- Awareness
- Education
Bug Bounty Reports
Events
Contact Us
#PRAPTI

VAPT Intern Test (JD INFOTECH)

Welcome to your VAPT Intern Test (JD INFOTECH)

Name

Email

Phone

What is the main difference between Penetration Testing and Bug Hunting?

Penetration testing is always automated; bug hunting is manual only

Penetration testing is scoped, time-boxed and customer-authorized; bug hunting (bug bounty) is often continuous, incentive-driven and wider in scope.

Bug hunting requires physical access; penetration testing never does.

Penetration testing only targets network devices; bug hunting only targets web apps.

None

Which of the following best describes an SSL/TLS certificate type that validates only the domain ownership?

Extended Validation (EV) certificate

Organization Validated (OV) certificate

Domain Validated (DV) certificate

Self-signed certificate issued by a public CA

None

Heartbleed (OpenSSL heartbeat) primarily allowed an attacker to:

Execute remote code on the server with SYSTEM privileges

Read arbitrary memory from the server process, potentially leaking secrets like private keys

Bypass TLS and force plaintext HTTP responses only

Cause persistent DoS without data disclosure

None

Which behaviour is a strong indicator of an Insecure Password Reset implementation?

Reset token delivered over HTTPS and expires after 15 minutes.

Reset token is single-use and is invalidated after successful reset.

Reset token is sent over HTTP (not TLS) or is never invalidated after use.

Reset requires knowledge of previous password plus email confirmation.

None

Which Burp Suite component is best for detecting blind or OOB-based vulnerabilities?

Repeater

Spider

Collaborator (or Burp Collaborator client)

Decoder

None

Which describes a classic IDOR (Insecure Direct Object Reference) scenario?

User can access /profile?id=234 and changing id returns another user’s private data without authorization checks.

The app uses weak TLS ciphers only.

Multiple cookies are set for the same domain with different names

JavaScript files are minified and hard to read.

None

Which of the following is a common mitigation for Clickjacking?

Remove all JavaScript from the site.

Set the X-Frame-Options: DENY header or use equivalent Content-Security-Policy: frame-ancestors.

Use Access-Control-Allow-Origin: *

Increase session timeout to 1 year.

None

What is a primary risk of XML-RPC endpoints if not properly secured?

They can only serve static images.

They can enable brute-force amplification, SSRF, or remote method invocation leading to unauthorized actions.

They force TLS only and cannot be exploited

They automatically block all requests from scripts

None

Which approach best detects a server-side file include (LFI) without writing files or causing persistent changes?

Attempt to upload a reverse shell immediately.

Read known local files (/etc/passwd, C:\Windows\system32\drivers\etc\hosts)

Delete files to test permissions.

Replace system binaries via LFI

None

Cyber Security L1 test

Contact

info@praptipatil.com
connect@praptipatil.com

Links

Ask Prapti | FAQ
Events
Privacy Policy
Terms & Conditions

Explore cyber security

Case Studies
Explore real-world cybersecurity case studies
Education
Educational cybersecurity content
Awareness
Learn best practices to stay safe online
News
Stay updated with the latest cybersecurity news

Trending

All Posts
Blog

ISO 27001:2022 Clauses and 93 Controls Explained

ISO 27001:2022 Clauses and 93 Controls Explained

What is VAPT? Complete Guide to Vulnerability Assessment & Penetration Testing

Vulnerability Assessment & Penetration Testing (VAPT)

AI-Driven Malware Is Here: The New Frontier of Cyber Threats

AI-Driven Malware Is Here: The New Frontier of Cyber Threats

How to Identify a Phishing Email in 5 Seconds

How to Identify a Phishing Email in 5 Seconds

Copyright © 2026 Prapti Patil | Powered by Prapti Patil

Scroll to Top