HTTP & Friends

Question 1

What is the main issue with FTP

Answer 1

FTP is outdated, lacks security, and uses multiple connections for control and data transfer, which complicates setups. It also doesn’t encrypt data, making it vulnerable to attacks.

Question 2

Why was FTP originally designed

Answer 2

FTP was designed to standardize file transfers between systems with different file structures and character sets. It solved issues with inconsistent and incompatible transfer methods before a universal protocol existed.

Question 3

What is one advantage of FTP

Answer 3

FTP decouples path names, allowing clients to access files without knowing the server’s exact file system layout. This flexibility makes it easier to adapt to different environments and manage files across various systems.

Question 4

How many connections does FTP require at a minimum

Answer 4

FTP requires a minimum of three connections: one for the control channel to send commands, and two for data transfer (one for uploading and one for downloading). This setup ensures commands and data are managed separately, but it increases complexity compared to protocols that use a single connection.

Question 5

What is the key difference between FTP and HTTP

Answer 5

FTP requires multiple connections while HTTP uses a single connection

Question 6

What does the HTTP HEAD method do

Answer 6

It retrieves metadata without downloading the entire file

Question 7

Why is caching used in HTTP

Answer 7

To serve static content faster and reduce server load

Question 8

What does the Accept flag in HTTP specify

Answer 8

The Accept flag in HTTP specifies the content types (e.g., text/html, application/json) that the client can process. This helps the server deliver responses in a format the client supports.

Question 9

What is the purpose of the Content-Length header

Answer 9

The Content-Length header specifies the size of the response body in bytes. This helps the client know when the response ends, ensuring proper parsing of the content.

Question 10

What is HSTS and why is it important

Answer 10

HSTS (HTTP Strict Transport Security) enforces the use of HTTPS by ensuring all connections to a website are encrypted. It protects users from downgrade attacks and prevents unencrypted connections, improving security against man-in-the-middle attacks.

Question 11

Why should JSON and POST be used for remote services

Answer 11

To avoid security issues like length extension attacks.
POST allows securely sending data in the request body, and JSON provides a structured format resistant to injection vulnerabilities.

Question 12

What is the primary role of an HTTP User-Agent

Answer 12

To identify the client software making the request.
This helps the server customise responses based on the client’s capabilities or requirements.

Question 13

What is the purpose of the ETag header

Answer 13

The ETag header uniquely identifies a resource on the server and checks if it has been modified.
It helps optimise caching by allowing clients to determine whether they need to download the resource again.

Question 14

What is the difference between GET and POST in HTTP

Answer 14

GET retrieves data while POST sends data to the server

Question 15

What is HTTP Basic Auth

Answer 15

An insecure method of sending credentials encoded in Base64

Question 16

Why should HTTPS be used instead of HTTP

Answer 16

To encrypt data and ensure secure communication

Question 17

What does the Accept-Encoding header indicate

Answer 17

The compression formats the client can handle

Question 18

Why is Accept-Ranges useful

Answer 18

It allows downloading specific parts of a file

Question 19

What is the main benefit of keep-alive connections

Answer 19

They enable multiple requests over a single connection improving performance

Question 20

What is the significance of HTTP status codes

Answer 20

They indicate the result of an HTTP request

Question 21

What are the categories of HTTP status codes

Answer 21

1xx informational 2xx success 3xx redirection 4xx client error 5xx server error

Question 22

What is the main issue with HTTP Basic Auth

Answer 22

It sends credentials insecurely without encryption

Question 23

Why are cookies considered a security risk

Answer 23

They can be abused to store sensitive client-side data

Question 24

What is the purpose of the Set-Cookie header

Answer 24

To store a key-value pair for future requests to the same domain

Question 25

Why is caching on inbound servers useful

Answer 25

Improves response times, reduces backend load, scales better for high traffic, and avoids redundant processing of identical requests.

Question 26

What is the function of proxy_pass in HTTP servers

Answer 26

To route requests to a specified backend server

Question 27

What is the purpose of the Host header in HTTP

Answer 27

It allows multiple virtual servers to share the same IP address by distinguishing incoming requests based on the Host value

Question 28

Why should cookies only store a session ID

Answer 28

To avoid exposing sensitive information client-side

Question 29

What is the purpose of Content-Type in HTTP

Answer 29

To inform the client how to handle the response content

Question 30

Why should HTTPS always be used when using cookies

Answer 30

To prevent them from being intercepted or altered by plain text attacks

Question 31

What is HTTP POST used for

Answer 31

To send data to the server typically for updates or changes

Question 32

Why is using GET for sensitive data discouraged

Answer 32

GET exposes parameters in URLs and logs

Question 33

What is the role of Accept-Language in HTTP

Answer 33

To specify the client’s preferred language for the response

Question 34

Why should compressed files be stored directly on the server

Answer 34

To save I/O CPU and network resources

Question 35

What is the main issue with legacy FTP implementations

Answer 35

They require complex connections and are not firewall-friendly

Question 36

What is the role of NAT helpers in FTP

Answer 36

To modify payloads and set up inbound NAT mappings

Question 37

What is the Accept-Charset header used for

Answer 37

To indicate the preferred character sets for the response

Question 38

What is the purpose of HTTP DELETE

Answer 38

To remove a specified resource on the server

Question 39

What does the Strict-Transport-Security header enforce

Answer 39

It ensures only HTTPS connections are allowed for a domain

Question 40

What is the purpose of a proxy cache in HTTP

Answer 40

To improve performance by storing frequently accessed content

Question 41

Why is FTP considered inflexible in modern networks

Answer 41

It struggles with NAT firewalls and is simplex

Question 42

What is a common use case for HTTP HEAD

Answer 42

Checking if a file has changed without downloading it

Question 43

What is the main difference between HTTP and HTTPS

Answer 43

HTTPS encrypts the connection using TLS

Question 44

Why is TLS vital in modern networking

Answer 44

It secures data in transit against interception or tampering

Question 45

What is the main limitation of FTP control connections

Answer 45

They require manual NAT adjustments and payload modifications

Question 46

What is the purpose of the Last-Modified header

Answer 46

To indicate the last time the resource was changed

Question 47

Why is the Universal Firewall Bypass Protocol nickname given to HTTP

Answer 47

It is flexible and often used to bypass restrictions

Question 48

What does the Connection header in HTTP control

Answer 48

Whether the connection can be reused or should be closed

Question 49

Why should HTTP headers be case-insensitive

Answer 49

To ensure compatibility across implementations

Question 50

What is the purpose of HTTP DELETE

Answer 50

To remove a resource from the server

Question 51

Why is gzip compression beneficial for HTTP responses

Answer 51

It reduces bandwidth usage and improves load times

Question 52

What is the drawback of using cookies for authentication

Answer 52

They can be intercepted and reused if not encrypted

Question 53

What does the Content-Encoding header specify

Answer 53

The encoding used on the response content

Question 54

What is the difference between HTTP 1.1 and HTTP 2

Answer 54

HTTP 2 supports multiple streams and optimisations

Question 55

What is the purpose of caching in HTTP

Answer 55

To reduce server load and improve response times

Question 56

Why is Base64 encoding used in HTTP Basic Auth

Answer 56

To encode username and password into a single string

Question 57

What is a potential risk of passing arguments via GET

Answer 57

They are visible in logs and URLs

Question 58

What is the role of the HTTP Accept header

Answer 58

To indicate acceptable media types for the response

Question 59

Why are inbound caches used in enterprises

Answer 59

To organise systems and centralise certificate management

Question 60

What is the Accept-Ranges header used for

Answer 60

To enable partial downloads by byte range

Question 61

What does the Server header in HTTP reveal

Answer 61

The software and version of the web server

Question 62

What is a common security issue with HTTP Basic Auth

Answer 62

Credentials are sent unencrypted

Question 63

Why is using HTTPS for all operations recommended

Answer 63

To ensure data integrity and prevent eavesdropping

Question 64

What is a key difference between FTP and HTTP paths

Answer 64

HTTP paths are flexible and do not depend on file systems

Question 65

What is the significance of HTTP status code 404

Answer 65

It indicates the requested resource was not found

Question 66

What does HTTP caching rely on

Answer 66

Headers like Last-Modified and ETag for validation

Question 67

What is the purpose of HTTP PUT

Answer 67

To upload or replace a resource on the server

Question 68

Why is NAT problematic for FTP connections

Answer 68

It requires modifying payloads to match IP addresses

Question 69

What is the function of the Content-Length header

Answer 69

To specify the size of the HTTP response body

Question 70

What is the main drawback of legacy FTP modes

Answer 70

They are incompatible with modern NAT and firewalls