Chapter 3 Quiz CISS 310

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:

b. Session hijacking

A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?

b. drive-by-download

The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?

c. C:\Inetpub\ wwwroot

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?

c. DNS poisoning

Select below the string of characters that can be used to traverse up one directory level from the root directory:

The correct answer is: ../

What language below is for the transport and storage of data, with the focus on what the data is?

The correct answer is: XML

What language below is designed to display data, with a primary focus on how the data looks?

a. HTML

To what specific directory are users generally restricted to on a web server?

a. root

Attacks that take place against web based services are considered to be what type of attack?

a. server-side

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?​

a. ​Privilege escalation