Module 13 - Hacking Web Servers ( EC Mode ) Flashcards
Which of the following is a web-server component that provides storage on a different machine or disk after the original disk is filled up?
A. Document root
B. Virtual document tree
C. Virtual hosting
D. Server root
Answer: B. Virtual document tree
Which of the following is a type of attack in which the attacker alters or deletes the data of a web server and replaces the data with malware?
A. Website defacement
B. Data tampering
C. Compromise of user accounts
D. Data theft
Answer: A. Website defacement
Which of the following technologies belongs to the application layer and is used to generate dynamic web content?
A. Apache
B. PHP
C. MySQL
D. Linux
Answer: B. PHP
Which of the following techniques makes a web server vulnerable to attacks?
A. Running unhardened applications and servers
B. Blocking unrestricted internal and outbound traffic
C. Using different system administrator credentials everywhere
D. Regularly updating the web server with the latest patches
Answer: A. Running unhardened applications and servers
Which of the following types of damage is caused when attackers access sensitive data such as financial records, future plans, and the source code of a program?
A. Data theft
B. Website defacement
C. Data tampering
D. Damage of the reputation of the company
Answer: A. Data theft
Identify the component of the web server that provides storage on a different machine or a disk after the original disk is filled-up?
A. Document root
B. Virtual hosting
C. Virtual document tree
D. Server root
Answer: C. Virtual document tree
Which of the following stores critical HTML files related to the webpages of a domain name that will be served in response to requests?
A. Document root
B. Virtual document tree
C. Web proxy
D. Server root
Answer: A. Document root
Which of the following stores a server’s configuration, error, executable, and log files?
A. Web proxy
B. Server root
C. Virtual document tree
D. Document root
Answer: B. Server root
Which of the following provides storage on a different machine or disk after the original disk is filled up?
A. Virtual document tree
B. Document root
C. Server root
D. Virtual hosting
Answer: A. Virtual document tree
In which of the following attack types does an attacker exploit the trust of an authenticated user to pass malicious code or commands to a web server?
A. Cross-site request forgery
B. Cross-site scripting
C. Unvalidated input and file injection
D. SQL injection attack
Answer: A. Cross-site request forgery
In which of the following attacks does an attacker attempt to access sensitive information by intercepting and altering communications between an end user and a web server?
A. Website defacement attack
B. HTTP response splitting attack
C. Phishing attack
D. Man-in-the-middle attack
Answer: D. Man-in-the-middle attack
In which of the following attack types does an attacker alter the visual appearance of a web page by injecting code to add image popups or text?
A. Server-side request forgery
B. Website defacement
C. Web-server misconfiguration
D. Web cache poisoning
Answer: B. Website defacement
In which of the following attack types does an attacker flood an application with an excess amount of data so that the application may crash or exhibit vulnerable behavior?
A. Parameter/form tampering
B. Denial-of-service attack
C. Directory traversal
D. Buffer overflow attack
Answer: D. Buffer overflow attack
In which of the following attack types does an attacker modify the content of a web page by examining its HTML code and identifying form fields that lack valid constraints?
A. Cross-site scripting (XSS) attack
B. Buffer overflow attack
C. Command injection attack
D. Directory traversal
Answer: C. Command injection attack
An attacker sends numerous fake requests to the webserver from various random systems that results in the webserver crashing or becoming unavailable to the legitimate users. Which attack did the attacker perform?
A. DNS amplification attack
B. HTTP response splitting attack
C. DNS server hijacking
D. DoS attack
Answer: D. DoS attack
If an attacker compromises a DNS server and changes the DNS settings so that all the requests coming to the target webserver are redirected to his/her own malicious server, then which attack did he perform?
A. DNS server hijacking
B. DoS attack
C. DNS amplification attack
D. HTTP response splitting attack
Answer: A. DNS server hijacking
Which of the following attacks allows an attacker to access sensitive information by intercepting and altering communications between an end user and webservers?
A. Directory traversal attack
B. DoS attack
C. Man-in-the-middle attack
D. HTTP response splitting attack
Answer: C. Man-in-the-middle attack
Which of the following attacks occurs when an intruder maliciously alters the visual appearance of a webpage by inserting or substituting provocative, and frequently, offending data?
A. Directory traversal attack
B. Man-in-the-middle attack
C. Website defacement
D. HTTP response splitting attack
Answer: C. Website defacement
Which of the following is not a session hijacking technique?
A. Session fixation
B. DNS hijacking
C. Cross-site scripting
D. Session sidejacking
Answer: B. DNS hijacking
The security analyst for Danels Company arrives this morning to his office and verifies the primary home page of the company. He notes that the page has the logo of the competition and writings that do not correspond to the true page. What kind of attack do the observed signals correspond to?
A. Phishing
B. DDoS
C. HTTP attack
D. Defacement
Answer: D. Defacement
Which of the following is a lookup database for default passwords, credentials, and ports?
A. Open Sez Me
B. ID Serve
C. Netcraft
D. NCollector Studio
Answer: A. Open Sez Me
Which of the following tools is a simple Internet server identification utility that is capable of performing reverse DNS lookup and HTTP server identification?
A. Dylib Hijack Scanner
B. ID Serve
C. OllyDbg
D. NCollector Studio
Answer: B. ID Serve
Which of the following tools is not used to perform webserver information gathering?
A. Netcraft
B. Whois
C. Wireshark
D. Nmap
Answer: C. Wireshark
Which of the following commands does an attacker use to detect HTTP Trace?
A. nmap -p80 –script http-trace
B. nmap –script hostmap
C. nmap -p80 –script http-userdir -enum localhost
D. nmap –script http-enum -p80
Answer: A. nmap -p80 –script http-trace
Which of the following command does an attacker use to enumerate common web applications?
A. nmap –script http-trace -p80 localhost
B. nmap –script http-enum -p80
C. nmap -p80 –script http-userdir -enum localhost
D. nmap -p80 –script http-trace
Answer: B. nmap –script http-enum -p80
Which of the following tools is used by an attacker to perform website mirroring?
A. Netcraft
B. Hydra
C. Nessus
D. HTTrack
Answer: D. HTTrack
An attacker wants to perform a session hijacking attack. What tool should he use to achieve his objective?
A. Hydra
B. Burp suite
C. Nessus
D. Netcraft
Answer: B. Burp suite
An attacker wants to crack passwords using attack techniques like brute-forcing, dictionary attack, and password guessing attack. What tool should he use to achieve his objective?
A. Burp suite
B. Netcraft
C. THC Hydra
D. Nessus
Answer: C. THC Hydra
Attackers use GET and CONNECT requests to use vulnerable web servers as which of the following?
A. DNS servers
B. None of the above
C. Application servers
D. Proxies
Answer: D. Proxies
Which of the following is a web crawler optimized for searching and analyzing directories, and it can find interesting results if the server has the “index of” mode enabled?
A. Shadowsocks
B. Ettercap
C. Dirhunt
D. Hashcat
Answer: C. Dirhunt
Which of the following is a web security testing tool that can be used by an attacker to predict and use the next possible session ID token to take over a valid session?
A. Burp Suite
B. Netcraft
C. NCollector Studio
D. Nikto2
Answer: A. Burp Suite
Which of the following types of payload modules in the Metasploit framework is self-contained and completely stand-alone?
A. Exploit
B. Stagers
C. Singles
D. Stages
Answer: C. Singles
Which of the following guidelines should be followed by application developers to defend against HTTP response-splitting attacks?
A. Share incoming TCP connections among different clients
B. Allow CR (%0d or \r) and LF (%0a or \n) characters
C. Parse all user inputs or other forms of encoding before using them in HTTP headers
D. Use the same TCP connection with the proxy for different virtual hosts
Answer: C. Parse all user inputs or other forms of encoding before using them in HTTP headers
Which of the following is not a defensive measure for web server attacks?
A. Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL)
B. Configure IIS to accept URLs with “../”
C. Encrypt or restrict intranet traffic
D. Ensure that protected resources are mapped to HttpForbiddenHandler and unused HttpModules are removed
Answer: B. Configure IIS to accept URLs with “../”
Which of the following is NOT a best approach to protect your firm against web server attacks?
A. Remove unnecessary ISAPI filters from the web server
B. Allow remote registry administration
C. Apply restricted ACLs
D. Secure the SAM (Stand-alone Servers Only)
Answer: B. Allow remote registry administration
Choose an ICANN accredited registrar and encourage them to set registrar-lock on the domain name in order to avoid which attack?
A. Denial-of-service attack
B. Session hijacking attack
C. Man-in-the-middle attack
D. DNS hijacking attack
Answer: D. DNS hijacking attack
Which of the following tools is a web-application security scanner that searches for vulnerabilities to attacks such as clickjacking, SQL injection, and XSS?
A. N-Stalker X
B. Immunity Debugger
C. Vindicate
D. Mimikatz
Answer: A. N-Stalker X
Which of the following countermeasures helps administrators in secure update and patch management of web servers?
A. Never make a detailed inventory of all the endpoints, services, and dependencies
B. Make a standardized patch management and security update methodology as part of the SDLC
C. Use default configurations dispatched with web servers
D. Enable all unused script extension mappings
Answer: B. Make a standardized patch management and security update methodology as part of the SDLC
Which of the following practices helps administrators in secure update and patch management of web servers?
A. Reduce exposure to third-party risks by limiting the number of software versions you employ
B. Ensure that service packs, hotfixes, and security patch levels are non-consistent on all domain controllers (DCs)
C. Enable all unused script extension mappings
D. Never make a detailed inventory of all the endpoints, services, and dependencies
Answer: A. Reduce exposure to third-party risks by limiting the number of software versions you employ
Which of the following practices helps administrators secure different protocols over the network?
A. Unblock all unnecessary ports, ICMP traffic, and unnecessary protocols such as NetBIOS and SMB
B. Integrate supporting servers such as LDAP servers from the local subnet
C. Isolate supporting servers such as LDAP servers from the local subnet
D. Ensure that identified FTP servers operate in an innocuous part of the directory tree
Answer: C. Isolate supporting servers such as LDAP servers from the local subnet
Which of the following security practices makes user accounts on a web server vulnerable to various attacks?
A. Disable the Separation of Duties (SoD) feature on the server config settings
B. Disable unused default user accounts
C. Enable the user account locking feature
D. Implement 2FA or MFA for user accounts
Answer: A. Disable the Separation of Duties (SoD) feature on the server config settings
Which of the following practices helps system administrators secure files and directories on a web server?
A. Retain unnecessary files within .jar files
B. Exclude meta characters while processing user inputs
C. Keep sensitive configuration information within the byte code
D. Enable the serving of directory listings
Answer: B. Exclude meta characters while processing user inputs
Which of the following countermeasures should be followed for the secure update and patch management of web servers?
A. Use the default configurations that web servers are dispatched with
B. Never use virtual patches in the organization
C. Apply all updates, regardless of their type, on an “as-needed” basis
D. Enable all unused script extension mappings
Answer: C. Apply all updates, regardless of their type, on an “as-needed” basis
Which of the following techniques is NOT a countermeasure for securing accounts?
A. Enable unused default user accounts
B. Remove all unused modules and application extensions
C. Eliminate unnecessary database users and stored procedures
D. Use secure web permissions, NTFS permissions, and .NET Framework access control mechanisms
Answer: A. Enable unused default user accounts
Which of the following countermeasures should be followed to defend against DNS hijacking?
A. Include DNS hijacking into incident response and business continuity planning
B. Use the default router password included in the factory settings
C. Do not safeguard the registrant account information
D. Download audio and video codecs and other downloaders from untrusted websites
Answer: A. Include DNS hijacking into incident response and business continuity planning
Which of the following is not a defensive measure for web server attacks?
A. Configure IIS to accept URLs with “../”
B. Ensure that protected resources are mapped to HttpForbiddenHandler and unused HttpModules are removed
C. Encrypt or restrict intranet traffic
D. Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL)
Answer: A. Configure IIS to accept URLs with “../”
Which of the following is not a webserver security tool?
A. Retina CS
B. Netcraft
C. Fortify WebInspect
D. NetIQ secure configuration manager
Answer: B. Netcraft
Which of the following teams has the responsibility to check for updates and patches regularly?
A. Vulnerability assessment team
B. Patch management team
C. Red team
D. Security software development team
Answer: B. Patch management team
Which of the following is not a patch management tool?
A. Burp suite
B. Software vulnerability manager
C. GFI LanGuard
D. Symantec client management suite
Answer: A. Burp suite
Which of the following is considered as a repair job to a programming problem?
A. Patch
B. Penetration test
C. Vulnerability
D. Assessment
Answer: A. Patch
Andrew, a software developer in CyberTech organization has released a security update that acts as defensive technique against the vulnerabilities in the software product the company has released earlier. Identify the technique used by Andrew to resolve the software vulnerabilities?
A. Patch Management
B. Vulnerability Management
C. Risk Management
D. Product Management
Answer: A. Patch Management
Which of the following terms refers to a set of hotfixes packed together?
A. Hotfix pack
B. Service pack
C. Repair pack
D. Patch
Answer: B. Service pack
A security administrator is looking for a patch management tool which scans organizational network and manages security and non-security patches. Which of the following patch management tool, he/she can use in order to perform the required task?
A. Nikto
B. Netscan Pro
C. GFI LanGuard
D. Burp suite
Answer: C. GFI LanGuard
Which of the following is true for automated patch management process?
A. Assess -> detect -> acquire -> deploy -> test -> maintain
B. Detect -> assess -> acquire -> test -> deploy -> maintain
C. Acquire -> assess -> detect -> deploy -> test -> maintain
D. Acquire -> assess -> detect -> test -> deploy -> maintain
Answer: B. Detect -> assess -> acquire -> test -> deploy -> maintain
Andrew, a software developer in CyberTech organization has released a security update that acts as defensive technique against the vulnerabilities in the software product the company has released earlier. Identify the technique used by Andrew to resolve the software vulnerabilities?
A. Risk Management
B. Product Management
C. Patch Management
D. Vulnerability Management
Answer: C. Patch Management
