C702 - CHFI CH9

In which location are IIS log files stored by default?

%SystemDrive%\inetpub\logs\LogFiles Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 940.

Which IDS method detects when an event occurs outside the tolerance threshold of normal traffic?

Anomaly detection Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 961.

The Apache web server follows a modular approach and consists of two major components: the Apache core and the ________.

Apache modules Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 946.

Which web application threat occurs when attackers identify a flaw, bypass authentication, and compromise the network?

Broken access control Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 930.

Which web application threat occurs when the application fails to guard memory properly and allows writing beyond maximum size?

Buffer overflow Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 930.

Which web application threat refers to the modification of a website's remnant data for bypassing security measures or gaining unauthorized information?

Cookie poisoning Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 930.

Which is a threat to web applications?

Cookie poisoning Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 pages 929-930.

Which web application threat occurs when an authenticated user is forced to perform certain tasks on the web application chosen by an attacker?

Cross-site request forgery Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 930.

Which web application threat occurs when attackers bypass the client's ID security mechanisms, gain access privileges, and inject malicious scripts into specific fields in web pages?

Cross-site scripting Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 929.

Which web application threat is a method intended to terminate website or server operations by making resources unavailable to clients?

Denial-of-service Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 931.

Which web application threat occurs when attackers exploit HTTP, gain access to unauthorized directories, and execute commands outside the web server's root directory?

Directory traversal Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 931.

Which web application threat arises when a web application is unable to handle technical issues properly and the website returns information, such as database dumps, stack traces, and codes?

Improper error handling Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 931.

Which web application threat refers to a drawback in a web application where it unintentionally reveals sensitive data to an unauthorized user?

Information leakage Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 931.

Which web application threat occurs when attackers insert malicious code, commands, or scripts into the input gates of web applications, enabling the applications to interpret and run the newly supplied malicious input?

Injection flaws Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 929.

Which Microsoft-developed server architecture supports HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP?

Internet Information Services (IIS) Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 938

Which security software or hardware device is used to monitor, detect, and protect networks or systems from malicious activities; it alerts the concerned security personnel immediately upon detecting intrusions?

Intrusion Detection System (IDS) Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 958.

Which is not an indication of a web attack?

Logs found to have no known anomalies Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 928.

WAFs are designed to protect web applications from a range of web exploits and attacks but do not protect from what kind of attack?

Man-in-the-middle Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 967.

Which web application threat occurs when attackers intend to manipulate the communication exchanged between the client and server to make changes in application data?

Parameter tampering Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 931.

Which identifies flaws in how vendors deploy the TCP/IP protocols?

Protocol anomaly detection Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 pages 960-961.

Which web application threat occurs when attackers insert commands via input data and are able to tamper with the data?

SQL injection Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 929.

Which web application threat occurs when information such as account records, credit card numbers, passwords, or other authenticated information generally stored by web applications either in a database or on a file system are exposed?

Sensitive data exposure Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 930.

Which is not a method an IDS uses to detect intrusions in a network?

Session recognition Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 pages 960-961.

Which compares incoming or outgoing network packets with the binary signatures of known attacks by using simple pattern-matching techniques to detect intrusions?

Signature-based intrusion detection Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 pages 960-961.

Which web application threat occurs when attackers tamper with the URL, HTTP requests, headers, hidden fields, form fields, or query strings?

Unvalidated input Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 932.

Which mostly monitors HTTP conversations (GET and POST requests) by implementing a set of generic rules for the detection of web-based attacks?

Web Application Firewall (WAF) Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 967.

The Apache server generates two types of logs, one that records all the requests processed by the Apache web server and one that contains diagnostic information on errors that the server faced while processing requests. The two types of logs generated are ________.

access log and error log Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 948.

The elements of the Apache core that address the basic functionalities of the server are http_protocol, http_main, http_request, http_core, alloc, and ________.

http_config Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 947.

Which command is used to find if TCP and UDP ports have unusual listening?

netstat -na Correct. For more information on this topic see Computer Hacking Forensics Investigator Module 9 page 981.