Module 10 Quiz - Ethical Hacking
What element is used in an HTML document to allow customers to submit information to the web server?
<form>
What is the main difference between HTML pages and Active Server Pages (ASP)?
ASP uses scripting languages, such as JScript (Microsoft's version of JavaScript) or VBScript to create dynamic webpages.
Which of the following is not a security tool that can be used for web application testing?
ActiveX
Why should security professionals have at least a little knowledge about the Apache Web Server?
Apache Web Server is said to run more Web servers than IIS.
Which of the following is the interface that determines how a Web server passes data to a Web browser?
CGI
How do CGI and ASP.NET differ?
CGI can be implemented with a scripting language such as Perl to create dynamic webpages.
Exploits posted on the Packet Storm website and Exploit Database website are often added to which plug-ins?
Metasploit
Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?
ODBC
Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows?
PHP
An application can be tested using two main techniques: Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). How do these two techniques differ?
SAST is a reliable way to enumerate most application vulnerabilities that result from coding errors.
Which type of XSS vulnerability is especially harmful?
Stored because it can be delivered to subsequent users of the application.
How can developer tools be accessed in Firefox or Chrome?
These tools can be accessed through the Tools menu in Firefox and Chrome.
Why is creating a virtual directory recommended?
Virtual directories enhance security.
To keep attackers from knowing the directory structure you create on an IIS web server, an individual should create what?
Virtual directory
Which web application vulnerability scanner uses a black box approach?
Wapiti
How can new tools for hacking web applications be installed to Kali Linux?
apt-get install packagename
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
authorization
Wapiti is a web application vulnerability scanner that uses a ______ approach and inspects a website by searching from the outside for ways to take advantage of XSS, SQL, PHP, JSP, and file-handling vulnerabilities.
black box
To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?
cgi-bin
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
injection
Which of the following results from poorly configured technologies that a Web application runs on top of?
security misconfigurations
SQL injections capitalize on input validation vulnerabilities. Why shouldn't you test for this vulnerability by attempting SQL injections on websites?
SQL injection attacks are considered intrusive.
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
developer tools
To embed PHP, an open-source server scripting language, into an HTML webpage, which tags should be used?
<?php and ?>
What tool included with Kali Linux allows you to intercept traffic between the web browser and the server so you can inspect and manipulate requests before sending them to the server?
Burp Suite
Which of the following application tests analyzes a running application for vulnerabilities?
Dynamic Application Security Testing
