HTTP & Friends

Question 1

What is the main issue with FTP

Answer 1

FTP is outdated, lacks security, and uses multiple connections for control and data transfer, which complicates setups. It also doesn’t encrypt data, making it vulnerable to attacks.

Question 2

Why was FTP originally designed

Answer 2

FTP was designed to standardize file transfers between systems with different file structures and character sets. It solved issues with inconsistent and incompatible transfer methods before a universal protocol existed.

Question 3

What is one advantage of FTP

Answer 3

FTP decouples path names, allowing clients to access files without knowing the server’s exact file system layout. This flexibility makes it easier to adapt to different environments and manage files across various systems.

Question 4

How many connections does FTP require at a minimum

Answer 4

FTP requires a minimum of three connections: one for the control channel to send commands, and two for data transfer (one for uploading and one for downloading). This setup ensures commands and data are managed separately, but it increases complexity compared to protocols that use a single connection.

Question 5

What is the key difference between FTP and HTTP

Answer 5

FTP requires multiple connections while HTTP uses a single connection

Question 6

What does the HTTP HEAD method do

Answer 6

It retrieves metadata without downloading the entire file

Question 7

Why is caching used in HTTP

Answer 7

To serve static content faster and reduce server load

Question 8

What does the Accept flag in HTTP specify

Answer 8

The Accept flag in HTTP specifies the content types (e.g., text/html, application/json) that the client can process. This helps the server deliver responses in a format the client supports.

Question 9

What is the purpose of the Content-Length header

Answer 9

The Content-Length header specifies the size of the response body in bytes. This helps the client know when the response ends, ensuring proper parsing of the content.

Question 10

What is HSTS and why is it important

Answer 10

HSTS (HTTP Strict Transport Security) enforces the use of HTTPS by ensuring all connections to a website are encrypted. It protects users from downgrade attacks and prevents unencrypted connections, improving security against man-in-the-middle attacks.

Question 11

Why should JSON and POST be used for remote services

Answer 11

To avoid security issues like length extension attacks.
POST allows securely sending data in the request body, and JSON provides a structured format resistant to injection vulnerabilities.

Question 12

What is the primary role of an HTTP User-Agent

Answer 12

To identify the client software making the request.
This helps the server customise responses based on the client’s capabilities or requirements.

Question 13

What is the purpose of the ETag header

Answer 13

The ETag header uniquely identifies a resource on the server and checks if it has been modified.
It helps optimise caching by allowing clients to determine whether they need to download the resource again.

Question 14

What is the difference between GET and POST in HTTP

Answer 14

GET retrieves data while POST sends data to the server

Question 15

What is HTTP Basic Auth

Answer 15

An insecure method of sending credentials encoded in Base64

Question 16

Why should HTTPS be used instead of HTTP

Answer 16

To encrypt data and ensure secure communication

Question 17

What does the Accept-Encoding header indicate

Answer 17

The compression formats the client can handle

Question 18

Why is Accept-Ranges useful

Answer 18

It allows downloading specific parts of a file

Question 19

What is the main benefit of keep-alive connections

Answer 19

They enable multiple requests over a single connection improving performance

Question 20

What is the significance of HTTP status codes

Answer 20

They indicate the result of an HTTP request

Question 21

What are the categories of HTTP status codes

Answer 21

1xx informational 2xx success 3xx redirection 4xx client error 5xx server error

Question 22

What is the main issue with HTTP Basic Auth

Answer 22

It sends credentials insecurely without encryption

Question 23

Why are cookies considered a security risk

Answer 23

They can be abused to store sensitive client-side data

Question 24

What is the purpose of the Set-Cookie header

Answer 24

To store a key-value pair for future requests to the same domain

Question 25

Why is caching on inbound servers useful

Answer 25

Improves response times, reduces backend load, scales better for high traffic, and avoids redundant processing of identical requests.

Question 26

What is the function of proxy_pass in HTTP servers

Answer 26

To route requests to a specified backend server

Question 27

What is the purpose of the Host header in HTTP

Answer 27

It allows multiple virtual servers to share the same IP address by distinguishing incoming requests based on the Host value

Question 28

Why should cookies only store a session ID

Answer 28

To avoid exposing sensitive information client-side

Question 29

What is the purpose of Content-Type in HTTP

Answer 29

To inform the client how to handle the response content

Question 30

Why should HTTPS always be used when using cookies

Answer 30

To prevent them from being intercepted or altered by plain text attacks

Question 31

What is HTTP POST used for

Answer 31

To send data to the server typically for updates or changes

Question 32

Why is using GET for sensitive data discouraged

Answer 32

GET exposes parameters in URLs and logs

Question 33

What is the role of Accept-Language in HTTP

Answer 33

To specify the client's preferred (human) language for the response

Question 34

Why should compressed files be stored directly on the server

Answer 34

To reduce I/O, CPU, and network usage by avoiding the need to compress files on-the-fly, improving performance and resource efficiency (Pre-compressed files: Use more disk space, save CPU and time. Best for static content. On-the-fly compression: Saves disk space but uses more CPU and increases latency. Best for dynamic content.)

Question 35

What is the main issue with legacy FTP implementations

Answer 35

FTP’s reliance on dynamic ports and multiple connections makes it hard to work with firewalls, leading to security and configuration headaches. (The data connection often uses a random high port, which changes dynamically. Firewalls struggle to predict and allow these connections, making FTP not firewall-friendly. Plaintext Credentials: Traditional FTP sends usernames and passwords in plaintext, making it insecure. (This isn’t directly related to the firewall issue but is another reason FTP is considered outdated.) Complexity: Maintaining two connections increases network complexity compared to modern protocols like SFTP or HTTPS, which use a single secure channel.)

Question 36

What is the role of NAT helpers in FTP

Answer 36

To rewrite FTP payloads and create inbound NAT mappings, enabling dynamic data connections through NAT. Why? NAT (Network Address Translation) translates private IP addresses in a local network to a public IP for internet access. In FTP, NAT helpers modify the control channel to handle dynamic ports and create temporary rules for data connections, making FTP compatible with NAT.

Question 37

What is the Accept-Charset header used for

Answer 37

To indicate the preferred character sets for the response

Question 38

What is the purpose of HTTP DELETE

Answer 38

To remove a specified resource on the server

Question 39

What does the Strict-Transport-Security header enforce

Answer 39

It ensures only HTTPS connections are allowed for a domain

Question 40

What is the purpose of a proxy cache in HTTP

Answer 40

To improve performance by storing frequently accessed content

Question 41

Why is FTP considered inflexible in modern networks

Answer 41

It struggles with NAT firewalls and is simplex

Question 42

What is a common use case for HTTP HEAD

Answer 42

Checking if a file has changed without downloading it

Question 43

What is the main difference between HTTP and HTTPS

Answer 43

HTTPS encrypts the connection using TLS

Question 44

Why is TLS vital in modern networking

Answer 44

It secures data in transit against interception or tampering

Question 45

What is the main limitation of FTP control connections

Answer 45

FTP control connections are limited because they require NAT helpers to modify payloads and manually adjust NAT settings to handle dynamic ports, which complicates compatibility with firewalls and NAT devices. (Dynamic Port Assignment: The FTP server dynamically chooses a random high-numbered port for each data transfer, which isn't fixed or preconfigured. NAT Doesn’t Track FTP Behavior: NAT devices typically translate static ports and IPs. Without additional help (like a NAT helper), they don’t know which dynamic port the FTP server will use, so they can’t set up the necessary mapping automatically. Firewall Blockage: Firewalls block traffic on unapproved ports for security. Since the dynamic port is unpredictable, the firewall might block the data connection unless explicitly configured to allow it.)

Question 46

What is the purpose of the Last-Modified header

Answer 46

To indicate the last time the resource was changed (used to help with caching and efficiency in web communications, server can avoid resending it, saving bandwidth and time)

Question 47

Why is the Universal Firewall Bypass Protocol nickname given to HTTP

Answer 47

HTTP is called the Universal Firewall Bypass Protocol because its flexibility allows it to carry various types of traffic, often disguised as legitimate web traffic. This makes it effective for bypassing firewalls and restrictions that permit HTTP/HTTPS traffic by default. (security concern)

Question 48

What does the Connection header in HTTP control

Answer 48

Whether the connection can be reused or should be closed. (Controlling the connection with the Connection header helps balance performance and resource usage, adapting to different needs and network conditions.)

Question 49

Why should HTTP headers be case-insensitive

Answer 49

To ensure compatibility across implementations

Question 50

What is the purpose of HTTP DELETE

Answer 50

To remove a resource from the server

Question 51

Why is gzip compression beneficial for HTTP responses

Answer 51

It reduces bandwidth usage and improves load times

Question 52

What is the drawback of using cookies for authentication

Answer 52

They can be intercepted and reused if not encrypted

Question 53

What does the Content-Encoding header specify

Answer 53

The encoding used on the response content

Question 54

What is the difference between HTTP 1.1 and HTTP 2

Answer 54

HTTP/2 supports multiple streams by allowing multiple requests and responses to occur simultaneously over a single connection using multiplexing. This eliminates delays caused by blocking in HTTP/1.1 and reduces the need for multiple connections, improving efficiency

Question 55

What is the purpose of caching in HTTP

Answer 55

To reduce server load and improve response times

Question 56

Why is Base64 encoding used in HTTP Basic Auth

Answer 56

To encode username and password into a single string

Question 57

What is a potential risk of passing arguments via GET

Answer 57

They are visible in logs and URLs

Question 58

What is the role of the HTTP Accept header

Answer 58

To indicate acceptable media types for the response

Question 59

Why are inbound caches used in enterprises

Answer 59

To organise systems and centralise certificate management (An inbound cache is like a central store for certain data or processes that handle incoming requests. In the context of certificates: • It helps manage and validate SSL/TLS certificates centrally for a business’s systems. • Instead of every individual system or server repeatedly fetching certificates or handling verification separately, the inbound cache stores them centrally, speeding up operations.)

Question 60

What is the Accept-Ranges header used for

Answer 60

To enable partial downloads by byte range

Question 61

What does the Server header in HTTP reveal

Answer 61

The software and version of the web server

Question 62

What is a common security issue with HTTP Basic Auth

Answer 62

Credentials are sent unencrypted

Question 63

Why is using HTTPS for all operations recommended

Answer 63

To ensure data integrity and prevent eavesdropping

Question 64

What is a key difference between FTP and HTTP paths

Answer 64

FTP paths map directly to server file systems, while HTTP paths are abstract and can represent virtual or dynamic resources.

Question 65

What is the significance of HTTP status code 404

Answer 65

It indicates the requested resource was not found

Question 66

What does HTTP caching rely on

Answer 66

Headers like Last-Modified and ETag for validation

Question 67

What is the purpose of HTTP PUT

Answer 67

To upload or replace a resource on the server

Question 68

Why is NAT problematic for FTP connections

Answer 68

It requires modifying payloads to match IP addresses (FTP dynamically assigns ports for data transfer, but NAT changes IP addresses, causing mismatches. This forces NAT devices to modify FTP payloads to ensure the correct IP and port mappings.)

Question 69

What is the function of the Content-Length header

Answer 69

To specify the size of the HTTP response body

Question 70

What is the main drawback of legacy FTP modes

Answer 70

They are incompatible with modern NAT and firewalls