Module 9 quiz
Which of the following strings in the Apache common log format represents "time" when the server receives the request in the format "[day/month/year:hour:minute:second zone]"? %h %u %t %l
%t
Identify the regular expression that is used to detect meta-characters in an SQL injection attack. /exec(\s|\+)+(s|x)p\w+/ix /((\%27)|(\'))union/ix /((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|(%3B)|(;))/i /\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix
/((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|(%3B)|(;))/i
Jonas, a forensics professional, was tasked with investigating an application hosted on an Apache server running on an Ubuntu machine. As the first step of the investigation, Jonas navigated to the storage location of the log files to view all the access and error logs. Identify the storage location of the log files in Ubuntu where Jonas could find useful information for the investigation. /usr/local/etc/apache22/httpd.conf /etc/apache2/apache2.conf ORACLE_HOME\Apache\Apache\conf /etc/httpd/
/etc/apache2/apache2.conf
Jaxton, a forensics expert, was analyzing the IIS logs in a Windows-based server that was compromised earlier. He initiated the investigation process by extracting the IIS log entries and monitored the "sc-status" field to identify how the attacker's request was fulfilled without error. Which of the following codes represents the "sc-status" in the IIS log entry? 200 80 27 365
200
1. The victim clicks the link and is redirected to the bank website. 2. The attacker logs into the server using the victim's credentials with the same session ID. 3. The attacker visits the bank website and logs in using their credentials. 4. The attacker sends an email to the victim that contains a link with a fixed session ID. 5. The web server sets a session ID on the attacker's machine. 6. The victim logs in to the server using their credentials and fixed session ID. 1 -> 2 -> 3 -> 4 -
3 -> 5 -> 4 -> 1 -> 6 -> 2
Given below is an example of an Apache access log entry in the common log format: "10.10.10.10 - Jason [17/Aug/2019:00:12:34 +0300] "GET/images/content/bg_body_1.jpgHTTP/1.0" 500 1458" From the above log entry, identify the status code indicating that the response was successful. [17/Aug/2019:00:12:34 +0300] 1458 500 10.10.10.10
500
Malcolm, a professional hacker, was attempting to intrude into an organization's network. In this process, he obtained the credentials of an employee using packet sniffers. Using the stolen credentials, Malcolm impersonated the employee to intrude into the organization's network. Identify the type of attack performed by Malcolm in the above scenario. XML external entities Unvalidated redirects and forwards Authentication hijacking Security management exploits
Authentication hijacking
Boney, a forensics officer, was tasked with investigating a Windows Server machine suspected of being used for malicious online activities. He initiated the investigation process by executing a built-in Windows tool that helped him analyze NetBIOS over TCP/IP activity. Identify the command used by Boney in the above scenario. C:\> net use C:\> nbstat -S C:\> eventvwr.msc C:\> schtasks.exe
C:\> nbstat -S
Which of the following commands is used by security specialists to check for any unusual network services? C:\> nbstat -S C:\> net use C:\> net start C:\> schtasks.exe
C:\> net start
Which of the following commands is used to find any unusual listening on TCP and UDP ports? C:\> net use C:\> schtasks.exe C:\> eventvwr.msc C:\> netstat -na
C:\> netstat -na
Which of the following commands is used by investigators to find scheduled and unscheduled tasks on localhost? C:\> dir C:\> net start C:\> schtasks.exe C:\> net use
C:\> schtasks.exe
Which of the following time standards is used by the IIS server to record IIS logs, helping synchronize servers in multiple time zones? India Standard Time (IST) Eastern African Time (EAT) Greenwich Mean Time (GMT) Coordinated Universal Time (UTC)
Coordinated Universal Time (UTC)
In which of the following attacks does the attacker make an authenticated user perform certain tasks on the web application chosen by the attacker? Path/directory traversal Unvalidated input Cross-site scripting (XSS) Cross-site request forgery
Cross-site request forgery
Reid, an attacker, targeted an online COVID survey website, where citizens provide their personal and health-related details. He took advantage of a vulnerability present in the web application and manipulated the communication between the users and the server to make changes to the application data. Identify the type of attack performed by Reid in the above scenario. Path/directory traversal Parameter/form tampering Cookie poisoning Broken access control
Parameter/form tampering
Identify the attack in which the attackers tamper with the URL, HTTP requests, headers, hidden fields, form fields, and query strings to bypass security implementations. Sensitive data exposure Security misconfiguration Denial-of-service Unvalidated input
Unvalidated Input
Tanner, a professional hacker, sent a fake email to Killian describing new offers on his credit card. Killian, without verifying the legitimacy of the email, clicked on the malicious link in the email. As a result, a malicious script was executed on Killian's system, granting backdoor access to Tanner. Identify the type of attack performed by Tanner in the above scenario. Security management exploits Session fixation attack XML external entities Unvalidated redirects and forwards
Unvalidated redirects and forwards
Which of the following fields in the IIS log entry indicates that the user wanted to download a file from a folder? cs-uri-query cs-uri-stem cs(Referer) cs-username
cs-uri-stem
In which of the following URLs did attackers double-encode the input to perform an SQL injection attack? http://www.bank.com/accounts.php?id=1+UNunionION+SEselectLECT+1,2,3--/**/SeLecT/**/1,2,3— http://www.bank.com/accounts.php?id=1+UnioN/**/SeLecT/**/1,2,3-- http://www.bank.com/accounts.phpid=1%252f%252a*/union%252f%252a/select%252f%252a*/ 1,2,3%252f%252a*/from%252f%252a*/users— http://www.bank.com/accounts.php?id=1+uni%Obon+se%Oblect+1,2,3--
http://www.bank.com/accounts.php?id=1%252f%252a*/union%252f%252a/select%252f%252a*/ 1,2,3%252f%252a*/from%252f%252a*/users—
Which of the following elements of Apache core handles server startups and timeouts? http_request http_main http_protocol Alloc.c
http_main
Which of the following elements of Apache core is responsible for managing the routines and interacts with the client and handles all the data exchange and socket connections between the client and the server? http_request http_main http_core http_protocol
http_protocol
