chapter 13 ITN 261 Web servers and Applications

1. Which of the following best describes a web application? Code designed to be run on the server Code designed to be run on the client SQL code for databases Targeting of web services

Code designed to be run on the server

12. What is used to store session information?

Cookie

The following string 'http://beta.canadiens.com/show.asp?view=../../../../../Windows/system.ini' is an example of what type of attack? URL Guessing Path Traversal Directory Traversal Evasion Attack

Directory Traversal

4. Which of the following is used to access content outside the root of a website? A. Brute force B. Port scanning C. SQL injection D. Directory traversal

Directory traversal

What may be helpful in protecting the content on a web server from being viewed by unauthorized personnel? Encryption Permissions Redirection Firewalls

Encryption

14. Which command would retrieve banner information from a website at port 80?

nc 192.168.10.27 80

13. Which attack can be used to take over a previous session?

Session hijacking

7. In this attack, a ping command is sent to an intermediate network where it is amplified and forwarded to the victim. This single ping now becomes a virtual tsunami of traffic. Ping of Death Smurf Attack Fraggle Attack Teardrop Attack

Smurf Attack

8. Which of the following is used to set permissions on content in a website? A. HIDS B. ACE C. ACL D. ALS

ACL

3. Which of the following is an example of a server-side scripting language? JavaScript Python ASP.NET HTML

ASP.NET

Setting this attribute defends against XSS attacks because the cookie can be accessed only via HTTP and not via scripts such as client-side JavaScript Encryption Secure Flag HttpOnly Domain

HttpOnly

5. Which of the following can prevent bad input from being presented to an application through a form? A. Request filtering B. Input validation C. Input scanning D. Directory traversing

Input validation

2. __________ is a client-side scripting language. JavaScript ASP ASP.NET PHP

JavaScript

9. What could be used to monitor application errors and violations on a web server or application? HIDS HIPS NIDS Logs

Logs

15. This attack passes special characters that the scripts may not be designed to handle properly. When this is done, the script may grant access where it should not otherwise be given. Obfuscation Attack Poison Null Byte Attack Crash Override Evasion Attack

Poison Null Byte Attack

11. A POODLE attack targets what exactly? SSL TLS VPN AES

SSL

16. What is the command to retrieve header information from a web server using Telnet?

telnet <website name> 80

6. __________ refers to the fact that the protocol does not keep track of session information from one connection to the next. Connection-oriented Statefull Stateless Connectionless

Stateless