Web Server & Applications

1. Which of the following best describes a web application?

• A) Code designed to be run on the client
• B) Code designed to be run on the server
• C) SQL code for databases
• D) Targeting of web services

---

2. __________ is a client-side scripting language.

• A) JavaScript
• B) ASP
• C) ASP.NET
• D) PHP

---

3. Which of the following is an example of a server-side scripting language?

• A) JavaScript
• B) PHP
• C) SQL
• D) HTML

---

4. Which of the following is used to access content outside the root of a website?

• A) Brute force
• B) Port scanning
• C) SQL injection
• D) Directory traversal

---

5. Which of the following can prevent bad input from being presented to an application through a form?

• A) Request filtering
• B) Input validation
• C) Input scanning
• D) Directory traversing

---

6. __________ can be used to identify a web server.

• A) Session hijacking
• B) Banner grab
• C) Traversal
• D) Header analysis

---

7. In the field of IT security, the concept of defense in depth is layering more than one control on another. Why would this be helpful in the defense of a system of session hijacking?

• A) To provide better protection
• B) To build dependency among layers
• C) To increase logging ability
• D) To satisfy auditors

---

8. Which of the following is used to set permissions on content in a website?

• A) HIDS
• B) ACE
• C) ACL
• D) ALS

---

9. What could be used to monitor application errors and violations on a web server or application?

• A) HIDS
• B) HIPS
• C) NIDS
• D) Logs

---

10. Which of the following is an attribute used to secure a cookie?

• A) Encrypt
• B) Secure
• C) HttpOnly
• D) Domain

---

11. A POODLE attack targets what exactly?

• A) SSL
• B) TLS
• C) VPN
• D) AES

---

12. What is used to store session information?

• A) Cookie
• B) Snoop
• C) Directory
• D) File

---

13. Which attack can be used to take over a previous session?

• A) Cookie snooping
• B) Session hijacking
• C) Cookie hijacking
• D) Session sniffing

---

14. Which command would retrieve banner information from a website at port 80?

• A) nc 192.168.10.27 80
• B) nc 192.168.19.27 443
• C) nc 192.168.10.27 –p 80
• D) nc 192.168.10.27 –p –l 80

---

15. How is a brute-force attack performed?

• A) By trying all possible combinations of characters
• B) By trying dictionary words
• C) By capturing hashes
• D) By comparing hashes

---

16. What is the command to retrieve header information from a web server using Telnet?

• A) telnet < website name > 80
• B) telnet < website name > 443
• C) telnet < website name > –port:80
• D) telnet < website name > –port:443

---

17. Groups and individuals who may hack a web server or web application based on principle or personal beliefs are known as __________.

• A) White hats
• B) Black hats
• C) Script kiddies
• D) Hacktivists

---

18. The Wayback Machine would be useful in viewing what type of information relating to a web application?

• A) Get Job postings
• B) Websites
• C) Archived versions of websites
• D) Backup copies of websites

---

19. What may be helpful in protecting the content on a web server from being viewed by unauthorized personnel?

• A) Encryption
• B) Permissions
• C) Redirection
• D) Firewalls

---

20. A common attack against web servers and web applications is __________.

• A) Banner grab
• B) Input validation
• C) Buffer validations
• D) Buffer overflow