chapter 13 ITN 261 Web servers and Applications
1. Which of the following best describes a web application? Code designed to be run on the server Code designed to be run on the client SQL code for databases Targeting of web services
Code designed to be run on the server
12. What is used to store session information?
Cookie
The following string 'http://beta.canadiens.com/show.asp?view=../../../../../Windows/system.ini' is an example of what type of attack? URL Guessing Path Traversal Directory Traversal Evasion Attack
Directory Traversal
4. Which of the following is used to access content outside the root of a website? A. Brute force B. Port scanning C. SQL injection D. Directory traversal
Directory traversal
What may be helpful in protecting the content on a web server from being viewed by unauthorized personnel? Encryption Permissions Redirection Firewalls
Encryption
14. Which command would retrieve banner information from a website at port 80?
nc 192.168.10.27 80
13. Which attack can be used to take over a previous session?
Session hijacking
7. In this attack, a ping command is sent to an intermediate network where it is amplified and forwarded to the victim. This single ping now becomes a virtual tsunami of traffic. Ping of Death Smurf Attack Fraggle Attack Teardrop Attack
Smurf Attack
8. Which of the following is used to set permissions on content in a website? A. HIDS B. ACE C. ACL D. ALS
ACL
3. Which of the following is an example of a server-side scripting language? JavaScript Python ASP.NET HTML
ASP.NET
Setting this attribute defends against XSS attacks because the cookie can be accessed only via HTTP and not via scripts such as client-side JavaScript Encryption Secure Flag HttpOnly Domain
HttpOnly
5. Which of the following can prevent bad input from being presented to an application through a form? A. Request filtering B. Input validation C. Input scanning D. Directory traversing
Input validation
2. __________ is a client-side scripting language. JavaScript ASP ASP.NET PHP
JavaScript
9. What could be used to monitor application errors and violations on a web server or application? HIDS HIPS NIDS Logs
Logs
15. This attack passes special characters that the scripts may not be designed to handle properly. When this is done, the script may grant access where it should not otherwise be given. Obfuscation Attack Poison Null Byte Attack Crash Override Evasion Attack
Poison Null Byte Attack
11. A POODLE attack targets what exactly? SSL TLS VPN AES
SSL
16. What is the command to retrieve header information from a web server using Telnet?
telnet <website name> 80
6. __________ refers to the fact that the protocol does not keep track of session information from one connection to the next. Connection-oriented Statefull Stateless Connectionless
Stateless