Module 13 - Hacking Web Servers ( EC Mode )

Question 1

Which of the following is a web-server component that provides storage on a different machine or disk after the original disk is filled up?

A. Document root
B. Virtual document tree
C. Virtual hosting
D. Server root

Answer 1

Answer: B. Virtual document tree

Question 2

Which of the following is a type of attack in which the attacker alters or deletes the data of a web server and replaces the data with malware?

A. Website defacement
B. Data tampering
C. Compromise of user accounts
D. Data theft

Answer 2

Answer: A. Website defacement

Question 3

Which of the following technologies belongs to the application layer and is used to generate dynamic web content?

A. Apache
B. PHP
C. MySQL
D. Linux

Answer 3

Answer: B. PHP

Question 4

Which of the following techniques makes a web server vulnerable to attacks?

A. Running unhardened applications and servers
B. Blocking unrestricted internal and outbound traffic
C. Using different system administrator credentials everywhere
D. Regularly updating the web server with the latest patches

Answer 4

Answer: A. Running unhardened applications and servers

Question 5

Which of the following types of damage is caused when attackers access sensitive data such as financial records, future plans, and the source code of a program?

A. Data theft
B. Website defacement
C. Data tampering
D. Damage of the reputation of the company

Answer 5

Answer: A. Data theft

Question 6

Identify the component of the web server that provides storage on a different machine or a disk after the original disk is filled-up?

A. Document root
B. Virtual hosting
C. Virtual document tree
D. Server root

Answer 6

Answer: C. Virtual document tree

Question 7

Which of the following stores critical HTML files related to the webpages of a domain name that will be served in response to requests?

A. Document root
B. Virtual document tree
C. Web proxy
D. Server root

Answer 7

Answer: A. Document root

Question 8

Which of the following stores a server’s configuration, error, executable, and log files?

A. Web proxy
B. Server root
C. Virtual document tree
D. Document root

Answer 8

Answer: B. Server root

Question 9

Which of the following provides storage on a different machine or disk after the original disk is filled up?

A. Virtual document tree
B. Document root
C. Server root
D. Virtual hosting

Answer 9

Answer: A. Virtual document tree

Question 10

In which of the following attack types does an attacker exploit the trust of an authenticated user to pass malicious code or commands to a web server?

A. Cross-site request forgery
B. Cross-site scripting
C. Unvalidated input and file injection
D. SQL injection attack

Answer 10

Answer: A. Cross-site request forgery

Question 11

In which of the following attacks does an attacker attempt to access sensitive information by intercepting and altering communications between an end user and a web server?

A. Website defacement attack
B. HTTP response splitting attack
C. Phishing attack
D. Man-in-the-middle attack

Answer 11

Answer: D. Man-in-the-middle attack

Question 12

In which of the following attack types does an attacker alter the visual appearance of a web page by injecting code to add image popups or text?

A. Server-side request forgery
B. Website defacement
C. Web-server misconfiguration
D. Web cache poisoning

Answer 12

Answer: B. Website defacement

Question 13

In which of the following attack types does an attacker flood an application with an excess amount of data so that the application may crash or exhibit vulnerable behavior?

A. Parameter/form tampering
B. Denial-of-service attack
C. Directory traversal
D. Buffer overflow attack

Answer 13

Answer: D. Buffer overflow attack

Question 14

In which of the following attack types does an attacker modify the content of a web page by examining its HTML code and identifying form fields that lack valid constraints?

A. Cross-site scripting (XSS) attack
B. Buffer overflow attack
C. Command injection attack
D. Directory traversal

Answer 14

Answer: C. Command injection attack

Question 15

An attacker sends numerous fake requests to the webserver from various random systems that results in the webserver crashing or becoming unavailable to the legitimate users. Which attack did the attacker perform?

A. DNS amplification attack
B. HTTP response splitting attack
C. DNS server hijacking
D. DoS attack

Answer 15

Answer: D. DoS attack

Question 16

If an attacker compromises a DNS server and changes the DNS settings so that all the requests coming to the target webserver are redirected to his/her own malicious server, then which attack did he perform?

A. DNS server hijacking
B. DoS attack
C. DNS amplification attack
D. HTTP response splitting attack

Answer 16

Answer: A. DNS server hijacking

Question 17

Which of the following attacks allows an attacker to access sensitive information by intercepting and altering communications between an end user and webservers?

A. Directory traversal attack
B. DoS attack
C. Man-in-the-middle attack
D. HTTP response splitting attack

Answer 17

Answer: C. Man-in-the-middle attack

Question 18

Which of the following attacks occurs when an intruder maliciously alters the visual appearance of a webpage by inserting or substituting provocative, and frequently, offending data?

A. Directory traversal attack
B. Man-in-the-middle attack
C. Website defacement
D. HTTP response splitting attack

Answer 18

Answer: C. Website defacement

Question 19

Which of the following is not a session hijacking technique?

A. Session fixation
B. DNS hijacking
C. Cross-site scripting
D. Session sidejacking

Answer 19

Answer: B. DNS hijacking

Question 20

The security analyst for Danels Company arrives this morning to his office and verifies the primary home page of the company. He notes that the page has the logo of the competition and writings that do not correspond to the true page. What kind of attack do the observed signals correspond to?

A. Phishing
B. DDoS
C. HTTP attack
D. Defacement

Answer 20

Answer: D. Defacement

Question 21

Which of the following is a lookup database for default passwords, credentials, and ports?

A. Open Sez Me
B. ID Serve
C. Netcraft
D. NCollector Studio

Answer 21

Answer: A. Open Sez Me

Question 22

Which of the following tools is a simple Internet server identification utility that is capable of performing reverse DNS lookup and HTTP server identification?

A. Dylib Hijack Scanner
B. ID Serve
C. OllyDbg
D. NCollector Studio

Answer 22

Answer: B. ID Serve

Question 23

Which of the following tools is not used to perform webserver information gathering?

A. Netcraft
B. Whois
C. Wireshark
D. Nmap

Answer 23

Answer: C. Wireshark

Question 24

Which of the following commands does an attacker use to detect HTTP Trace?

A. nmap -p80 –script http-trace
B. nmap –script hostmap
C. nmap -p80 –script http-userdir -enum localhost
D. nmap –script http-enum -p80

Answer 24

Answer: A. nmap -p80 –script http-trace

Question 25

Which of the following command does an attacker use to enumerate common web applications?

A. nmap –script http-trace -p80 localhost
B. nmap –script http-enum -p80
C. nmap -p80 –script http-userdir -enum localhost
D. nmap -p80 –script http-trace

Answer 25

Answer: B. nmap –script http-enum -p80

Question 26

Which of the following tools is used by an attacker to perform website mirroring?

A. Netcraft
B. Hydra
C. Nessus
D. HTTrack

Answer 26

Answer: D. HTTrack

Question 27

An attacker wants to perform a session hijacking attack. What tool should he use to achieve his objective?

A. Hydra
B. Burp suite
C. Nessus
D. Netcraft

Answer 27

Answer: B. Burp suite

Question 28

An attacker wants to crack passwords using attack techniques like brute-forcing, dictionary attack, and password guessing attack. What tool should he use to achieve his objective?

A. Burp suite
B. Netcraft
C. THC Hydra
D. Nessus

Answer 28

Answer: C. THC Hydra

Question 29

Attackers use GET and CONNECT requests to use vulnerable web servers as which of the following?

A. DNS servers
B. None of the above
C. Application servers
D. Proxies

Answer 29

Answer: D. Proxies

Question 30

Which of the following is a web crawler optimized for searching and analyzing directories, and it can find interesting results if the server has the “index of” mode enabled?

A. Shadowsocks
B. Ettercap
C. Dirhunt
D. Hashcat

Answer 30

Answer: C. Dirhunt

Question 31

Which of the following is a web security testing tool that can be used by an attacker to predict and use the next possible session ID token to take over a valid session?

A. Burp Suite
B. Netcraft
C. NCollector Studio
D. Nikto2

Answer 31

Answer: A. Burp Suite

Question 32

Which of the following types of payload modules in the Metasploit framework is self-contained and completely stand-alone?

A. Exploit
B. Stagers
C. Singles
D. Stages

Answer 32

Answer: C. Singles

Question 33

Which of the following guidelines should be followed by application developers to defend against HTTP response-splitting attacks?

A. Share incoming TCP connections among different clients
B. Allow CR (%0d or \r) and LF (%0a or \n) characters
C. Parse all user inputs or other forms of encoding before using them in HTTP headers
D. Use the same TCP connection with the proxy for different virtual hosts

Answer 33

Answer: C. Parse all user inputs or other forms of encoding before using them in HTTP headers

Question 34

Which of the following is not a defensive measure for web server attacks?

A. Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL)
B. Configure IIS to accept URLs with “../”
C. Encrypt or restrict intranet traffic
D. Ensure that protected resources are mapped to HttpForbiddenHandler and unused HttpModules are removed

Answer 34

Answer: B. Configure IIS to accept URLs with “../”

Question 35

Which of the following is NOT a best approach to protect your firm against web server attacks?

A. Remove unnecessary ISAPI filters from the web server
B. Allow remote registry administration
C. Apply restricted ACLs
D. Secure the SAM (Stand-alone Servers Only)

Answer 35

Answer: B. Allow remote registry administration

Question 36

Choose an ICANN accredited registrar and encourage them to set registrar-lock on the domain name in order to avoid which attack?

A. Denial-of-service attack
B. Session hijacking attack
C. Man-in-the-middle attack
D. DNS hijacking attack

Answer 36

Answer: D. DNS hijacking attack

Question 37

Which of the following tools is a web-application security scanner that searches for vulnerabilities to attacks such as clickjacking, SQL injection, and XSS?

A. N-Stalker X
B. Immunity Debugger
C. Vindicate
D. Mimikatz

Answer 37

Answer: A. N-Stalker X

Question 38

Which of the following countermeasures helps administrators in secure update and patch management of web servers?

A. Never make a detailed inventory of all the endpoints, services, and dependencies
B. Make a standardized patch management and security update methodology as part of the SDLC
C. Use default configurations dispatched with web servers
D. Enable all unused script extension mappings

Answer 38

Answer: B. Make a standardized patch management and security update methodology as part of the SDLC

Question 39

Which of the following practices helps administrators in secure update and patch management of web servers?

A. Reduce exposure to third-party risks by limiting the number of software versions you employ
B. Ensure that service packs, hotfixes, and security patch levels are non-consistent on all domain controllers (DCs)
C. Enable all unused script extension mappings
D. Never make a detailed inventory of all the endpoints, services, and dependencies

Answer 39

Answer: A. Reduce exposure to third-party risks by limiting the number of software versions you employ

Question 40

Which of the following practices helps administrators secure different protocols over the network?

A. Unblock all unnecessary ports, ICMP traffic, and unnecessary protocols such as NetBIOS and SMB
B. Integrate supporting servers such as LDAP servers from the local subnet
C. Isolate supporting servers such as LDAP servers from the local subnet
D. Ensure that identified FTP servers operate in an innocuous part of the directory tree

Answer 40

Answer: C. Isolate supporting servers such as LDAP servers from the local subnet

Question 41

Which of the following security practices makes user accounts on a web server vulnerable to various attacks?

A. Disable the Separation of Duties (SoD) feature on the server config settings
B. Disable unused default user accounts
C. Enable the user account locking feature
D. Implement 2FA or MFA for user accounts

Answer 41

Answer: A. Disable the Separation of Duties (SoD) feature on the server config settings

Question 42

Which of the following practices helps system administrators secure files and directories on a web server?

A. Retain unnecessary files within .jar files
B. Exclude meta characters while processing user inputs
C. Keep sensitive configuration information within the byte code
D. Enable the serving of directory listings

Answer 42

Answer: B. Exclude meta characters while processing user inputs

Question 43

Which of the following countermeasures should be followed for the secure update and patch management of web servers?

A. Use the default configurations that web servers are dispatched with
B. Never use virtual patches in the organization
C. Apply all updates, regardless of their type, on an “as-needed” basis
D. Enable all unused script extension mappings

Answer 43

Answer: C. Apply all updates, regardless of their type, on an “as-needed” basis

Question 44

Which of the following techniques is NOT a countermeasure for securing accounts?

A. Enable unused default user accounts
B. Remove all unused modules and application extensions
C. Eliminate unnecessary database users and stored procedures
D. Use secure web permissions, NTFS permissions, and .NET Framework access control mechanisms

Answer 44

Answer: A. Enable unused default user accounts

Question 45

Which of the following countermeasures should be followed to defend against DNS hijacking?

A. Include DNS hijacking into incident response and business continuity planning
B. Use the default router password included in the factory settings
C. Do not safeguard the registrant account information
D. Download audio and video codecs and other downloaders from untrusted websites

Answer 45

Answer: A. Include DNS hijacking into incident response and business continuity planning

Question 46

Which of the following is not a defensive measure for web server attacks?

A. Configure IIS to accept URLs with “../”
B. Ensure that protected resources are mapped to HttpForbiddenHandler and unused HttpModules are removed
C. Encrypt or restrict intranet traffic
D. Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL)

Answer 46

Answer: A. Configure IIS to accept URLs with “../”

Question 47

Which of the following is not a webserver security tool?

A. Retina CS
B. Netcraft
C. Fortify WebInspect
D. NetIQ secure configuration manager

Answer 47

Answer: B. Netcraft

Question 48

Which of the following teams has the responsibility to check for updates and patches regularly?

A. Vulnerability assessment team
B. Patch management team
C. Red team
D. Security software development team

Answer 48

Answer: B. Patch management team

Question 49

Which of the following is not a patch management tool?

A. Burp suite
B. Software vulnerability manager
C. GFI LanGuard
D. Symantec client management suite

Answer 49

Answer: A. Burp suite

Question 50

Which of the following is considered as a repair job to a programming problem?

A. Patch
B. Penetration test
C. Vulnerability
D. Assessment

Answer 50

Answer: A. Patch

Question 51

Andrew, a software developer in CyberTech organization has released a security update that acts as defensive technique against the vulnerabilities in the software product the company has released earlier. Identify the technique used by Andrew to resolve the software vulnerabilities?

A. Patch Management
B. Vulnerability Management
C. Risk Management
D. Product Management

Answer 51

Answer: A. Patch Management

Question 52

Which of the following terms refers to a set of hotfixes packed together?

A. Hotfix pack
B. Service pack
C. Repair pack
D. Patch

Answer 52

Answer: B. Service pack

Question 53

A security administrator is looking for a patch management tool which scans organizational network and manages security and non-security patches. Which of the following patch management tool, he/she can use in order to perform the required task?

A. Nikto
B. Netscan Pro
C. GFI LanGuard
D. Burp suite

Answer 53

Answer: C. GFI LanGuard

Question 54

Which of the following is true for automated patch management process?

A. Assess -> detect -> acquire -> deploy -> test -> maintain
B. Detect -> assess -> acquire -> test -> deploy -> maintain
C. Acquire -> assess -> detect -> deploy -> test -> maintain
D. Acquire -> assess -> detect -> test -> deploy -> maintain

Answer 54

Answer: B. Detect -> assess -> acquire -> test -> deploy -> maintain

Question 55

Andrew, a software developer in CyberTech organization has released a security update that acts as defensive technique against the vulnerabilities in the software product the company has released earlier. Identify the technique used by Andrew to resolve the software vulnerabilities?

A. Risk Management
B. Product Management
C. Patch Management
D. Vulnerability Management

Answer 55

Answer: C. Patch Management