HOD401 Chapter 13
6. __________ can be used to identify a web server. A. Session hijacking B. Banner grab C. Traversal D. Header analysis
B
9. What could be used to monitor application errors and violations on a web server or application? A. HIDS B. HIPS C. NIDS D. Logs
D
17. Groups and individuals who may hack a web server or web application based on principle or personal beliefs are known as __________. A. White hats B. Black hats C. Script kiddies D. Hacktivists
D
20. A common attack against web servers and web applications is __________. A. Banner grab B. Input validation C. Buffer validations D. Buffer overflow
D
4. Which of the following is used to access content outside the root of a website? A. Brute force B. Port scanning C. SQL injection D. Directory traversal
D
18. The Wayback Machine would be useful in viewing what type of information relating to a web application? A. Get Job postings B. Websites C. Archived versions of websites D. Backup copies of websites
C
8. Which of the following is used to set permissions on content in a website? A. HIDS B. ACE C. ACL D. ALS
C
11. A POODLE attack targets what exactly? A. SSL B. TLS C. VPN D. AES
A
12. What is used to store session information? A. Cookie B. Snoop C. Directory D. File
A
14. Which command would retrieve banner information from a website at port 80? A. nc 192.168.10.27 80 B. nc 192.168.19.27 443 C. nc 192.168.10.27 -p 80 D. nc 192.168.10.27 -p -l 80
A
15. How is a brute-force attack performed? A. By trying all possible combinations of characters B. By trying dictionary words C. By capturing hashes D. By comparing hashes
A
16. What is the command to retrieve header information from a web server using Telnet? A. telnet <website name> 80 B. telnet <website name> 443 C. telnet <website name> -port:80 D. telnet <website name> -port:443
A
19. What may be helpful in protecting the content on a web server from being viewed by unauthorized personnel? A. Encryption B. Permissions C. Redirection D. Firewalls
A
2. __________ is a client-side scripting language. A. JavaScript B. ASP C. ASP.NET D. PHP
A
7. In the field of IT security, the concept of defense in depth is layering more than one control on another. Why would this be helpful in the defense of a system of sessionhijacking? A. To provide better protection B. To build dependency among layers C. To increase logging ability D. To satisfy auditors
A
1. Which of the following best describes a web application? A. Code designed to be run on the client B. Code designed to be run on the server C. SQL code for databases D. Targeting of web services
B
13. Which attack can be used to take over a previous session? A. Cookie snooping B. Session hijacking C. Cookie hijacking D. Session sniffing
B
3. Which of the following is an example of a server-side scripting language? A. JavaScript B. PHP C. SQL D. HTML
B
5. Which of the following can prevent bad input from being presented to an application through a form? A. Request filtering B. Input validation C. Input scanning D. Directory traversing
B
10. Which of the following is an attribute used to secure a cookie? A. Encrypt B. Secure C. HttpOnly D. Domain
BCD
