Ch. 9

Question 1

Indicators of a Web Attack

Answer 1

• Customers being unable to access services
• Suspicious activities in user accounts
• Leakage of sensitive data
• URLs redirecting to incorrect sites
• Web page defacements
• Unusually slow network performance
• Frequent rebooting of the server
• Anomalies in log files
• Error messages such as “internal server error”, “problem processing your request,” and “page not found”

Question 2

Web Application Threats

Answer 2

• Cookie Poisoning
• SQL Injection
• Injection Flaws
• Cross-Site Request Forgery
• Directory Traversal
• Unvalidated Input
• Cross-Site Scripting (XSS)
• Sensitive Data Exposure
• Parameter/Form Tampering
• Denial of Service (DoS)
• Broken Access Control
• Security Misconfiguration
• Information Leakage
• Improper Error Handling
• Buffer Overflow
• Insufficient logging and monitoring
• Broken Authentication
• Log Tampering

Question 3

What web application threat occurs when the application fails to guard memory properly and allows writing beyond maximum size?

Answer 3

Buffer overflow

Question 4

What web application threat refers to the modification of a website’s remnant data for bypassing security measures or gaining unauthorized information?

Answer 4

Cookie poisoning

Question 5

What web application threat occurs when information such as account records, credit card numbers, passwords, or other authenticated information generally stored by web applications either in a database or on a file system are exposed/

Answer 5

Sensitive data exposure

Question 6

What web application threat refers to a drawback in a web application where it unintentionally reveals sensitive data to an unauthorized user?

Answer 6

Information leakage

Question 7

What web application threat arises when a web application is unable to handle technical issues properly and the website returns information, such as database dumps, stack traces, and codes?

Answer 7

Improper error handling

Question 8

What web application threat occurs when attackers exploit HTTP, gain access to unauthorized directories, and execute commands outside the web server’s root directory?

Answer 8

Directory traversal

Question 9

What web application threat occurs when attackers insert commands via input data and are able to tamper with the data?

Answer 9

SQL injection

Question 10

What web application threat occurs when attackers intend to manipulate the communication exchanged between the client and server to make changes in application data?

Answer 10

Parameter tampering

Question 11

What web application threat is a method intended to terminate website or server operations by making resources unavailable to clients?

Answer 11

Denial-of-service

Question 12

What web application threat occurs when attackers tamper with the URL, HTTP requests, headers, hidden fields, form fields, or query strings?

Answer 12

Unvalidated input

Question 13

What web application threat occurs when attackers bypass the client’s ID security mechanisms, gain access privileges, and inject malicious scripts into specific fields in web pages?

Answer 13

Cross-site scripting

Question 14

What web application threat occurs when attackers insert malicious code, commands, or scripts into the input gates of web applications, enabling the applications to interpret and run the newly supplied malicious input?

Answer 14

Injection flaws

Question 15

What web application threat occurs when an authenticated user is forced to perform certain tasks on the web application chosen by an attacker?

Answer 15

Cross-site request forgery

Question 16

What web application threat occurs when attackers identify a flaw, bypass authentication, and compromise the network?

Answer 16

Broken access control

Question 17

What Microsoft-developed server architecture supports HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP.

Answer 17

Internet Information Services

Question 18

In what location are IIS log files stored by default?

Answer 18

%SystemDrive%\inetpub\logsLog files

Question 19

What command is used to find if TCP and UPD ports have unusual listening?

Answer 19

netstat -na

Question 20

The Apache web server follows a modular approach and consists of two major components: the Apache core and the _______________.

Answer 20

Apache modules

Question 21

The elements of the Apache core that address the basic functionalities of the server as http_protocol, https_man, http_request, http_core, alloc, and ____________.

Answer 21

https_config

Question 22

The Apache server generates two types of logs, one that records all the requests processed by the Apache web server and only that contain diagnostic information on errors that the server faced while processing requests. The two types of logs generated are _______________________,

Answer 22

access log and error log

Question 23

What security software or hardware device is used to monitor, detect, and protect networks or systems from malicious activities; it alerts the concerned security personnel immediately upon detecting intrusions?

Answer 23

Intrusion Detection System (IDS)

Question 24

How IDS Detects an Intrusion

Answer 24

• Signature Recognition
• Anomaly Detection
• Protocol Anomaly Detection

Question 25

What compares incoming or outgoing network packets with the binary signatures of known attacks by using simple pattern-matching techniques to detect intrusions?

Answer 25

Signature-based intrusion detection

Question 26

What IDS method detects when an event occurs outside the tolerance threshold of normal traffic?

Answer 26

Anomaly detection

Question 27

What identifies flaws in how vendors deploy the TCP/IP protocols?

Answer 27

Protocol anomaly detection

Question 28

What mostly monitors HTTP conversations (GET and POST requests) by implementing a set of generic rules for the detection of web-based attacks?

Answer 28

Web Application Firewall (WAF)

Question 29

WAFs are designed to protect web applications from a range of web exploits and attacks but do not protect from what kind of attack?

Answer 29

Man-in-the-middle