Study Deck

Question 1

Human Rights 1998

Answer 1

Act to give effect to the rights and freedom guaranteed under the European Convention of Human Rights

Question 2

Data Protection 1998

Answer 2

Act to provide the regulations of the processing of information related to individuals.

Question 3

Police and Justice Act 2006

Answer 3

Act to establish a national policing improvement agency

Question 4

Computer Misuse Act 1990

Answer 4

Act to secure computer material against unauthorised material. Criminalises the act of accessing or modifying data stored on a computer system without permision

Question 5

Well-known ports

Answer 5

0-1023

Question 6

Registered ports

Answer 6

1024-49,151

Question 7

Dynamic and private ports

Answer 7

49,152-65,535

Question 8

ICMP

Answer 8

Internet Control Message Protocol

Question 9

ICMP type 0

Answer 9

Echo Reply

Question 10

ICMP type 3 (code 0-3)

Answer 10

Destination Unreachable 
Code 0 - Network Unreachable
Code 1 - Host Unreachable
Code 2 - Protocol Unreachable
Code 3 - Port Unreachable

Question 11

ICMP type 5

Answer 11

Redirect

Question 12

ICMP type 8

Answer 12

Echo Request

Question 13

ICMP type 11

Answer 13

Time Exceeded

Question 14

ICMP type 12

Answer 14

Parameter Problem

Question 15

Traceroute

Answer 15

Tracks utility tracks the route that packets have taken from a network on their way to a host

Question 16

OSI

Answer 16

Open System Interconnection

Question 17

OSI Layer 7

Answer 17

Application - Human computer interactions - HTTP, FTP, SMTP, IMAP

Question 18

OSI Layer 6

Answer 18

Presentation - ensures data is in a usable format and is where data encryptions occurs - Proxies, Firewalls, encryption compressions and character sets.

Question 19

OSI Layer 5

Answer 19

Session - Maintains connections and is responsible for controlling ports and sessions - Firewalls

Question 20

OSI Layer 4

Answer 20

Transport - transmits data using transmission protocols such as TCP and UDP

Question 21

OSI Layer 3

Answer 21

Network - decides which physical path the data will take

Question 22

OSI Layer 2

Answer 22

Data Link - defines the format of data on the network - WAN, LAN protocols

Question 23

OSI Layer 1

Answer 23

Physical - transmits raw bit stream over physical medium

Question 24

Ingress Filtering

Answer 24

Concept of fire-walling traffic that enter the network from external sources such as the internet

Question 25

Encryption

Answer 25

Process whereby data is transformed in a way to guarantee confidentiality - requires secret to be used (key)

Question 26

MD5

Answer 26

Message Digest Algorithm - Ron Rivest and uses 128-bit key - Vulnerable to rainbow tables

Question 27

SHA

Answer 27

Secure Hash Algorithm
Hash function designed by NSA
SHA-1 160-bits
SHA-2 256/512 bits block sizes

Question 28

HMAC

Answer 28

Hash-based Message Authentication Code - MAC is used to authenticate a message and provide integrity and authenticity assurance on messages

Works with other hash such as HMAC-SHA1

Question 29

RSA

Answer 29

Rivest Shamir Adleman - Public key cryptography algorithm.
Slower than symmetric key algorithm but suitable for encryption (keys are much longer)

Uses two distinct prime numbers that can’t be factored

Question 30

DES

Answer 30

Data Encryption Standard - old type of block cipher used in 1970s as an encryption standard - 64 bit block cipher using 54 bit key (Replace by AES)

Question 31

Triple DES (3DES)

Answer 31

Triple Data Encryption Standard - applies cipher algorithm three times on each cipher block Block size is 64 bits but key can be up to 168 bits (Replaced by AES)

Question 32

AES

Answer 32

Advanced Encryption Standard - Symmetric key encryption standard with three standards - AES 128, AES 192, AES 256. Cipher block is 128 bits but keys are 128,192,256 bits respectively

Used in WPA2, remote control applications and windows encrypting file system like bit locker

Question 33

RC4

Answer 33

Stream Cipher used in protocols such as SSL, WEP, RDP

Question 34

PGP

Answer 34

Pretty Good Privacy - Used for signing, encrypting and decrypting emails in order to increase the security communication - PGP uses symmetric key sessions (pre-shared keys)

Question 35

IPSEC

Answer 35

Internet Protocol Security is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Question 36

AH

Answer 36

Authentication Header - Provides a mechanism for authentication only - (Integrity) -

Question 37

ESP

Answer 37

Encapsulating Security Payload - Provides data confidentiality (encryption) and authentication (data integrity, data origin auth and replay protection).

Question 38

SA

Answer 38

Security Association - The IPsec protocols use a security association, where the communicating parties establish shared security attributes such as algorithms and keys. As such IPsec provides a range of options once it has been determined whether AH or ESP is used.

Question 39

ISAKMP

Answer 39

Internet Security Association and key management protocol

Question 40

SSL

Answer 40

Secure Sockets Layer - Protocol used to secure websites

Question 41

TLS

Answer 41

Transport Layer Security - Protocol used to secure websites- TLS 1.3 latest version

Question 42

WEP

Answer 42

Wireless Equivalent Privacy - 802.11 defined as method to make wireless link equivalent to wire connection - uses RC4 (on data frames) - Shared key security method

Question 43

TKIP

Answer 43

Temporary Key integrity protocol - used to make WEP more secure - 802.11I - Per packet mixing function - Message intergrity Code (MIC function) - enhanced IV

Question 44

WPA

Answer 44

WPA improves on WEP in that it provides the TKIP encryption scheme to scramble the encryption key and verify that it hasn’t been altered during the data transfer.

Question 45

PSK

Answer 45

Pre shared key - used in WPA and users enter shared secret in AP or client

Question 46

SUID

Answer 46

u+s - File executes as owner o the file

Question 47

SGID

Answer 47

g+s - File executes as the group owner

Question 48

Sticky Bit

Answer 48

Sets a special restriction on deleting files. Only owner of file and root can delete files within directory

Question 49

Umask

Answer 49

a command that determines the settings of a mask that controls how file permissions are set for newly created files.

Question 50

netstat -noa

Answer 50

List processes and associated network socket in Windows

Question 51

netstat -lptu

Answer 51

List processes and associated network socket in Linux

Question 52

lsof -i

Answer 52

List processes that own a file or directory (linux)

Question 53

‘wmic qfe list’ or ‘wmic qfe list full’

Answer 53

(Quick Fix Engineering) Windows command that lists all patches

Question 54

uname -a

Answer 54

Check which kernel version linux os is running

Question 55

WHOIS

Answer 55

Queries Top Level Domain (TLD) port 43

Question 56

RIR

Answer 56

Regional Internet Registry
ARIN - American Registry of Internet Numbers
APNIC - Asian Pacific Network Information Centre
LACNIC - Latin America and Caribbean Network Information Centre
AfriNIC - African Network Information Centre
RIPE NCC - Europe, West Asia and former USSR

Question 57

DNS

Answer 57

Domain Name Server - Port 53 TCP and UDP

Question 58

A Record

Answer 58

Maps host name to IPv4 Address

Question 59

CNAME

Answer 59

Maps multiple names (alias) to A record

Canonical Name

Question 60

MX

Answer 60

Mail Exchange - Maps a domain to a mail server

Question 61

NS

Answer 61

Name Server - Assigns a DNS zone to access the give authoritative name servers

Question 62

PTR

Answer 62

Pointer - Maps IP addresses to the host names for reverse look ups

Question 63

SOA

Answer 63

Start of Authority - Specifies authoritative info for a DNS zone.

Question 64

HINFO

Answer 64

Host Information Resource Record - Provide OS and platform info

Question 65

SRV

Answer 65

Service Locator - Specifies a generic service location record for newer protocols

Question 66

AAAA

Answer 66

Maps host name to IPv6 Address

Question 67

Dig

Answer 67

Can be used to preform DNS Zone Transfer - dD

Question 68

Telnet

Answer 68

Port 23 - Provides remote access to servers and network equipment - Can be used to get banner from hosts to

Question 69

SSH

Answer 69

Secure Shell Protocol - Port 22 - Replaced Telnet (Ssh more secure)

Question 70

TFTP

Answer 70

Trivial File Transfer Protocol - UDP port 69 - Used for unauthenticated file transfers - Need file name and exact location

Question 71

SNMP

Answer 71

Simple Network Management Protocol - UDP port 161 - Designed to provide information about network devices, software and systems

Question 72

SNMP MIB

Answer 72

Simple Network Management Protocol Management information base which is implemented by some vendors and contain vendor specific information

Question 73

NTP

Answer 73

Network Time Protocol - UDP port 123 - Can be queried for host name OS and ntp version

Question 74

PCAP

Answer 74

Packet Capture - API that captures live network packet data.

Type of Files: .PCAP,Libpcap,WinPcap,PCAPng,Npcap

Question 75

ARP

Answer 75

Address Resolution Protocol - Used by the internet protocol (IPv4) to map IP network addresses to hardware addresses (MAC Addresses) used by the data link protocol.

ARP Request,reply
RARP Request,reply

Question 76

DHCP

Answer 76

Dynamic Host Configuration Procotol - UDP - used to provide local systems’ network settings such as IP address, subnet, default gateway and DNS.
port 67 68

Question 77

Cisco Discovery Protocol (CDP)

Answer 77

Runs on all media that support Subnetwork Access Protocol; LAN,Frame Relay and ATM media - Data link Layer only

Question 78

Hot Standby Router Protocol

Answer 78

Provides redundancy for IP Networks, ensuring that traffic can transparently recover from first hop failures.

Question 79

Virtual Router Redundancy Protocol

Answer 79

VRRP - Computing networking protocol that provides for automatic assignment of available Internet Protocols routers to participating hosts

Question 80

VLAN Trunking Protcol

Answer 80

provides a way for engineers to distribute VLAN configuration information among switches

Question 81

Spanning Tree Protocol

Answer 81

STP (STP) was introduced into the networking world as a means to prevent layer 2 network loops (frame broadcast storms) from disrupting the service of a local area network.

Question 82

TACACS+

Answer 82

Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services

Question 83

VOIP

Answer 83

Voice Over Internet Protocol -

Question 84

PBX

Answer 84

Private branch exchange - Cost effect solution to telephony services in small and medium sized companies because it provides flexibility and intercommunication throughout companies.

Question 85

SCCP

Answer 85

Skinny Call Control Protocol - lightweight protocol used in IP telephony and call management - developed by Cisco

Question 86

SIP

Answer 86

Session Initiation Protocol - Session management protocol - UDP and TCP and supports TLS

Question 87

SIP Methods

Answer 87

INVITE, ACK, BYE, CANCEL, REGISTER, OPTIONS

Question 88

WPA2

Answer 88

device supports TKIP and AES

Question 89

LEAP

Answer 89

Lightweight Extensible Authentication protocol - LEAP takes an MS CHAPv2 challenge and responses and transmits them clearly over the wireless network - Password used - Made from CISCO

Question 90

PPTP

Answer 90

Point to point tunnelling protocol - TCP 1723 - to negotiate and establish connection and IP 47 (GRE) for data communication (legacy protocol)

Question 91

mysql

Answer 91

Port 3306 (Maria db is free version)
netstat or telnet to ID version

Question 92

ms-sql

Answer 92

Microsoft SQL Server
TCP 1433
1434(SSRS) - provides referral service for mutiple SQL server instances
TCP 2433 - Hidden Mode

Question 93

oracle

Answer 93

Use Transparent Network Substrate (TNS Protocol) to connect to the database port 1521 or (1526,1541)

Question 94

Oracle DBSNMP User

Answer 94

used by OEM (Oracle Enterprise Manager) intelligent agent to log on automatically to remote servers, to provide information to oracle enterprise manager - SELECT ANY DICTIONARY priv needed
Default password needs to be changed to prevent access to sys.user$

Question 95

Ms-sql server stored procedures

Answer 95

No output from Store procedure because not ran on the front end presentation tier

xp_cmdshell - query and execute OS calls directly
sp_makewebtask - dump results of SQL SELECT to HTML file
xp_regread - dump registry keys from database server and can obtain password

Question 96

Threat modelling

Answer 96

designing of security flaws or vulnerability of an application by thinking based on specific functionality.

User Functionality
Business Logic
Software Package version installed on the system

Question 97

XXS

Answer 97

Cross Site Scripting is a common attack vector that injects malicious code into a vulnerable web application.

Question 98

SQL Injection

Answer 98

Attacker modifies a string that he/she knows will be processed by an SQL server running in the backend to form an SQL.

Question 99

NetBIOS Name Server

Answer 99

UDP port 137 - Provides NetBIOS Name Table - nbtstat -n or nbtstat -A IP

Question 100

net user /domain

Answer 100

list local and global groups user belongs to

Question 101

NetBIOS name server, NetBIOS Datagram Service and NetBIOS session Service

Answer 101

UDP 138- gets info from datagram header and store in NetBios name cache and
TCP 139 - Authentication across windows workgroups or domain and provides access to resources such as printers

Question 102

net view

Answer 102

used to show all computers within a network

Question 103

net share

Answer 103

will show accessible SMB shares

Question 104

SYSVOl

Answer 104

Important part of AD - SYSVOL folder is shared on an NTFS volume on all domains controllers in a domain and used to deliver policy and logon scripts to domain members

Question 105

SNMP

Answer 105

Simple Network Management Protocol - UDP 161 - found on infrastructure devices such as switches and routers

Question 106

LDAP

Answer 106

Lightweight Directory Access Protocol - Provides directory information to clients

LDAP Global Catalogue (GC) TCP 3268 - ldapsearch is a tool used for enum

Question 107

FSMO

Answer 107

Flexible Single Master Operations - Five roles divided used in AD

Question 108

Schema Operation master

Answer 108

Primary Domain Controller - Emulator operation master - Only one allowed in the forest - Only DC that can update AD schema

Question 109

Domain naming operation master

Answer 109

The relative Identifier (RID) operation master - Responsible for adding and removing DC to and from the AD forest

Question 110

Primary Domain Controller Emulator Operation Master (PDC)

Answer 110

PDC operation master role is domain wide setting (each domain in forest will have one) - responsible for synchronisation - PDCs sync time with forest root domain PDC role-holder and sync time with external time sources - ALSO, responsible for password change replications

Question 111

Relative ID Operation Master Role (RID)

Answer 111

Domain wide setting (each domain has one) - responsible for maintaining a poll of relative identifiers that will be used when creating objects in the domain - RID is used in the process of creating a Security Identifier (SID) - Once RID is used to generate SID, it is not used again.

Question 112

Infrastructure Operation Master

Answer 112

Role responsible for replicating SID and Distinguished name (DN) value change to cross-domains- Checks its database at regular intervals for foreigns group members from other domains and once it finds objects it check SID and DN values with the global catalogue servers. If mismatch it will replace its value with the global catalogue

Question 113

FSMO Role Placement

Answer 113

The first DC in a AD forest will hold all five FSMO roles

Question 114

Domain Controller

Answer 114

Component thats runs windows server OS and holds AD domain services role.

Question 115

Global Catalogue Server

Answer 115

Global catalogue server holds the full writable copy of objects in its host domain and a partial copy of objects in other domains in the same forest

Question 116

AD DNS

Answer 116

Without DNS an AD domain infrastructure cannot work because it wouldn’t be able to locate Domain Controllers and maintain a hierarchical infrastructure design.

Question 117

Active Directory Database

Answer 117

Maintains a databse to store schema information, configuration information and domain information.

ntds.dit file is the AD database file - contains classes, attributes and relationships between the two.

C:\Windows\System32\ntds.dit
C:\Windows\NTDS\ntds.dit

Question 118

Group Policy

Answer 118

Rules applied to manage application settings, security setting and system setting of the AD Objects

A set of Group Policy configurations is called a Group Policy Object (GPO)

Question 119

Local Security Policy

Answer 119

Set of information about the security of a local computer -
1, domain trusted to authenticate logon attempts
2.which users can access systems
3.privilege assigned to accounts
4. security auditing policy

Local Security Authority stores the local policy info in a set of LSA policy Objects

Question 120

Password Policies

Answer 120

Password Rules and Lock out policies, lifetime and password complexities

Question 121

Account Lockout Policy

Answer 121

This setting control the threshold for this response and the actions to be taken after that threshold has been reach

Question 122

LM Hash (Hash Storage)

Answer 122

Lan manager - old technique that Microsoft used back in the 1980s to create hash passwords. 14 character max, find in SAM or NTDS database on a DC - encrypted with DES - disabled in older systems like vista or 2008 srv

Question 123

NT (NTLM) Hash (Hash Storage)

Answer 123

New Technology Lan Manager is the new way that Microsoft uses to hash password. In SAM db or NTDS.dit database. - RC4 Cipher (which is an old cryptographic methods such as AES or SHA-512

Version 2 use MD5 hash

Both unsalted hashes

Question 124

Patch Management

Answer 124

Is a field on system management that involves acquiring, testing and installing patches to a computer

Question 125

Software Update Services (SUS)

Answer 125

Free patch management tool from Microsoft to help system admins to deploy security patches - Each workstation connects to the SUS server and gets update from there

Question 126

System Management Server (SMS)

Answer 126

2003 - Provides a rich management and servicing solution. Can be used to manage networked windows embedded standard- based devices alongside windows desktop and sever.

Question 127

Windows Server Update Services (WSUS)

Answer 127

WSUS enables system administrators to deploy the latest Microsoft product updates- WSUS server can be the update source for other WSUS servers within the organisation (upstream server)

Question 128

Microsoft Baseline Security Analyser (MBSA)

Answer 128

MSBA helps to stay on top of regular network auditing tasks by scanning both local and remote Microsoft systems from security Misconfigurations. Also can identify any missing security updates and service packs available through the Microsoft update technologies

Question 129

Snowball effect

Answer 129

A small issue leads to another increasing severity and risk.

Question 130

Microsoft Exchange Servers

Answer 130

Extended SMTP feature - Once connected to server EHLO command will enum authentication types

Question 131

EternalBlue

Answer 131

SMBv1 vulnerability - 2017 - Mishandles specially-crafted packets from remote packets allowing an arbitrary code to be executed on the target. Wannacry ransom used Eternalblue to spread itself

Question 132

Finger user enum

Answer 132

Finger protocol is a app level protocol that provides an interface between the finger command and the fingerd daemon - returns information about the users currently logged in to a specified host

TCP port 79 - ‘finger @IP’ or ‘finger oracle@IP’ or ‘finger user@IP’ users with string user

Question 133

ruser

Answer 133

RPC service endpoint which listens to dynamic port - First connects to RPC port mapper and returns whereabouts of the rusersd service. If rusersd is running you can use ‘r -l 192.168.1.5’ to see users logged in.

Question 134

rwho

Answer 134

rwhod service listens on port 513 - and if it is accessible, use the command rwho to query the service and get list of currents users logged in to the remote host

Question 135

Solaris

Answer 135

Allows a malicious user to bypass authentication due to improper sanitation of input (Crafting a special telnet string)

Question 136

FTP

Answer 136

TCP 20 - used to send data from server to client
TCP 21 - used to accept and process FTP commands from the client.
ID banner by using quote help or syst command
rwt in tmp directory with anonymous access

Question 137

SMTP

Answer 137

Protocol for sending emails through several software packages such as sendmail, Microsoft exchange etc.

Commands: HELP,VRFY,EXPN, RCPT TO. MAIL FROM

Question 138

POP-3

Answer 138

Post Office Protocol is a standard mail protocol used to receive emails from a remote server to a local email client.

common to not have a Lockout Policy so susceptible to brute forcing

Question 139

IMAP

Answer 139

Internet Message Access Protocol an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection.

Plain text and also susceptible to brute forcing

Question 140

NFS

Answer 140

Network File System is a distributed file system protocol that allows a user on a client computer to access files over a computer network much like local storage is accessed.
Port 2049 - UDP and TCP and NFSv4 is latest version

Question 141

ro

Answer 141

Read only on NFS

Question 142

rw

Answer 142

Read write on NFS

Question 143

no_root_squash

Answer 143

Root on NFS is treated as nfsnobody by NFS server (security measure) - to disable such protection use no_squash_root

Question 144

mount options

Answer 144

Nosuid - disables set user identifier or set group identifier bits to prevent remote users from gaining higher privileges
Noexec - prevents execution of binaries on mounted file systems

Question 145

R-services

Answer 145

The most popular are “rsh” for a remote shell, “rlogin” for a remote login, and “rexec” for remote execution.

exec 512/tcp
login 513/tcp
shell 514/tcp

uses Pluggable Authentication Modules (PAM) username and password for auth, which can be overridden by ~/.rhost and /etc/hosts.equiv

Question 146

X Windows System (X11 or X)

Answer 146

X provides the basic framework for a GUI environment: drawing and moving windows on the display device and interacting with a mouse and keyboard.

X server 6000 to 6063

xhost + or - used to give access or remove access host

Question 147

.xauthority

Answer 147

Magic cookie saved when user logs into X windows under the users home directory

Question 148

XWININFO

Answer 148

get information about X windows using a build-in utility in Kali

xwininfo -tree -root -display IP

Question 149

RPC

Answer 149

A number of Linux daemons run as remote procedure call services using dynamic ports.

rpcinfo can be used to query RPC port mapper to list the accessible RPC service endpoints

Question 150

Portmapper

Answer 150

TCP and UDP port 111 or 32771

Question 151

SSH

Answer 151

Secure Shell Protocol- encrypted access to linux, unix and windows OS and allows file access using secure copy (SCP) secure FTP (SFTP) and SSH Port forwarding.

Question 152

Presentation Tier

Answer 152

Web browser and mobile clients support rich functionality using Javascript and other client-side technologies which interact with server APIs and Endpoints

Question 153

Application Tier

Answer 153

Application server supports code execution written in languages like Java,Ruby,Python and Microsoft ASP.NET. Connectors and adaptors are used to negotiate the communications between the clients and applications.

Question 154

Data Tier

Answer 154

The data stores used with web applications are databases, key-values stores and distributed file systems.

Question 155

HTTP

Answer 155

Hypertext Transfer Protocol - Application level protocol for hypermedia information systems.
Connectionless, Independent Media and Stateless

Question 156

URI

Answer 156

Uniform Resource Identifiers formatted case-insensitive strings containing a name, location and much more in order to identify a resource such as a website

Question 157

HTTPS

Answer 157

TLS (Transport Layer Security) and SSL (Secure Socket Layer) are cryptographic protocols which provide secure communication over the HTTP protocol

Question 158

GET

Answer 158

Passes parameters to the web app through URL

Question 159

POST

Answer 159

Passes data to the server through the body of the request

Question 160

HEAD

Answer 160

Gets the HTTP header without sending any payload

Question 161

TRACE

Answer 161

when this method is used, the server bounces back the TRACE response with the original request message in the body of the response - used to Identify alterations to the request by intermediates devices such as firewalls and proxies

Question 162

PUT AND DELETE

Answer 162

PUT is used to upload and DELETE is used to remove data

Question 163

OPTIONS

Answer 163

Used to query the server for the methods that it supports

Question 164

CONNECT

Answer 164

used to establish a tunnel to the server identified by a five URI

Question 165

1xx

Answer 165

Informational - Request received and the process continued

Question 166

2xx

Answer 166

Success - Action successfully recieved nd understood and accepted

Question 167

3xx

Answer 167

Redirection - Further action must be taken in order to complete the request

Question 168

4xx

Answer 168

Client Error - The request contains incorrect syntax or cannot be fulfilled

Question 169

5xx

Answer 169

Server Error - The server failed to fulfill an apparently valid request

Question 170

SOAP Protocol

Answer 170

Simple Object Access Protocol - XML message protocol in order for computers to exchange information.

• Communication protocol for internet
• Can extend HTTP for XML messaging
• Can exchange complete documents or call a remote procedure
• Can be used to broadcast a message
• Is platform and language - independent
• Enables clients applications to easily connect to remote services and invoke remote methods
• Is an EML way to define what information is sent and how

Question 171

X-Frame Option

Answer 171

gives instructions to the broswer if and when a page should be displayed as part of another page

Question 172

Strict-Transport-Security

Answer 172

HTST - HTTP Strict Transport Security - instructs browser to enforce a HTTPS connection

Question 173

X-XXS Protection

Answer 173

Instructs website to used Cross-site Scripting protection

Question 174

Content-Security-Policy

Answer 174

Sent from server to demand the location where scripts can be loaded

Question 175

Set-Cookie

Answer 175

header may contain different flags. Expire sets a date til the cookie is valid

Question 176

Persistent Cookie

Answer 176

Max-Age or Expires attribute and stored on disk by web browser until the expiration date.

Question 177

Non persistent cookie

Answer 177

Stored in RAM on the client computer and deleted when the browser is closed

Question 178

Secure Flag

Answer 178

Forces the web browser to send cookies though an encrypted connection such as HTTPS which prevents eavesdropping.

Question 179

HTTPOnly

Answer 179

instructs the web browser not to expose the cookie through client-side scripts thus disallowing access to the cookie from any script

Question 180

XML

Answer 180

Extensible Markup Language
XML Document Type Definition (DTD) is a document used to validate an XML document for a certain criteria. Acts as a validation template containing a definition a valid structure attributes and elements for an XML document.

Question 181

PHP

Answer 181

Scripting language and interpreter are used on the server-side (on ISS and Apache) to support PHP functionality.

Question 182

AJAX

Answer 182

Asynchronous Javascript and XML is a combination of technologies used to create fast and dynamic pages. Uses an asynchronous request-response method which makes the application more interactive. Allows content of a web page to be updated without submitting the entire page to the server.

Question 183

DOM

Answer 183

Dynamic Object Model - is a framework to organise elements in an HTML or XML document. Convention for representing and interacting with HTML objects.

Question 184

.NET Framework

Answer 184

Set of APIs that support an advanced type system,data,graphics,network and what is needed to write enterprise apps in a Microsoft ecosystem.

Question 185

ISAPI

Answer 185

Internet Server Application Programming Interface provides application support within ISS through DLL that are mapped with specific file extensions

Question 186

CGI

Answer 186

Common Gateway Interface is a way for a web server to pass a user request to an application programme and to receive data to forward them to the user. (part of HTTP protocol)

Question 187

IIS Versions

Answer 187

5. 0 2000
6. 1 Windows XP
7. 0 W Server 2003
8. 0 W Server 2008 and Vista
9. 5 Windows 7
10. 0 Server 2012 and windows 8
11. 5 Windows 2012 R2 and Windows 8.1
12. 0 Windows 2016

Question 188

EAP

Answer 188

Extensible Authentication Protocol - Used to authenticated people to wireless networks (WPA and WPA2 use it)

Question 189

PEAP

Answer 189

Protected Extensible Authentication Protocol - TLS tunnel (SSL) authentication communication is encrypted in the tunnel