Review Questions
1. Which of the following are types of HTTP web authentication? (Choose all that apply.)
A. Digest
B. Basic
C. Windows
D. Kerberos
2. Which of the following is a countermeasure for a buffer overflow attack?
A. Input field length validation
B. Encryption
C. Firewall
D. Use of web forms
3. A hardware device that displays a login that changes every 60 seconds is known as a/an
A. Login finder
B. Authentication server
C. Biometric authentication
D. Token
4. Which is a common web server vulnerability?
A. Limited user accounts
B. Default installation
C. Open shares
D. No directory access
5. A password of P@SSWORD can be cracked using which type of attack?
A. Brute force
B. Hybrid
C. Dictionary
D. Zero day exploit
6. Which of the following is a countermeasure for authentication hijacking?
A. Authentication logging
B. Kerberos
C. SSL
D. Active Directory
7. Why is a web server more commonly attacked than other systems?
A. A web server is always accessible.
B. Attacking a web server does not require much hacking ability.
C. Web servers are usually placed in a secure DMZ.
D. Web servers are simple to exploit.
8. A client/server program that resides on a web server is called a/an .
A. Internet program
B. Web application
C. Patch
D. Configuration file
9. Which is a countermeasure to a directory-traversal attack?
A. Enforce permissions to folders.
B. Allow everyone access to the default page only.
C. Allow only registered users to access the home page of a website.
D. Make all users log in to access folders.
10. What is it called when a hacker inserts programming commands into a web form?
A. Form tampering
B. Command injection
C. Buffer overflow
D. Web form attack
11. Which of the following commands would start to execute a banner grab against a web server?
A. telnet www.yahoo.com 80
B. telnet HTTP www.yahoo.com
C. http://www.yahoo.com:80
D. HEAD www.yahoo.com
12. Which of the following exploits can be used against Microsoft Internet Information (IIS)
Server? (Choose all that apply.)
A. IPP printer overflow attack
B. ISAPI DLL buffer overflow attack
C. Long URL attack
D. Proxy buffer overflow attack
13. Where does the most valuable target information reside on a web server?
A. Web server home directory
B. Web application system files
C. Web application database
D. NTHOME directory
14. Which of the following hacking tools performs directory-traversal attacks on IIS?
A. RPC DCOM
B. IIScrack.dll
C. WebInspect
15. Which program can be used to download entire websites?
A. WebSleuth
B. WSDigger
C. Wget
D. BlackWidow
16. Web servers support which of the following authentication credentials? (Choose all that apply.)
A. Certificates
B. Tokens
C. Biometrics
D. Kerberos
17. Which tool can be used to pull all email addresses from a website?
A. WebSleuth
B. WSDigger
C. Wget
D. BlackWidow
18. What does SiteScope do?
A. Maps out connections in web applications
B. Views the HTML source for all web pages in a site
C. Gathers email address from websites
D. Tests exploits against web applications
19. What are the three primary types of attacks against IIS servers?
A. Directory traversal
B. Buffer overflows
C. Authentication attacks
D. Source disclosure attacks
20. Which of the following is a common website attack that allows a hacker to deface a web-
site? (Choose all that apply)
A. Using a DNS attack to redirect users to a different web server
B. Revealing an administrator password through a brute-force attack
C. Using a directory-traversal attack
D. Using a buffer overflow attack via a web form
Answers to Review Questions
1. A, B. Digest and basic are the types of HTTP web authentication.
2. A. Validating the field length and performing bounds checking are countermeasures for a
buffer overflow attack.
3. D. A token is a hardware device containing a screen that displays a discrete set of numbers
used for login and authentication.
4. B. Default installation is a common web server vulnerability.
5. B. A hybrid attack substitutes numbers and special characters for letters.
6. C. SSL is a countermeasure for authentication hijacking.
7. A. A web server is always accessible, so a hacker can hack it more easily than less-available
systems.
8. B. Web applications are client/server programs that reside on a web server.
9. A. A countermeasure to a directory-traversal attack is to enforce permissions to folders.
10. B. Command injection involves a hacker entering programming commands into a web
form in order to get the web server to execute the commands.
11. A. To make an initial connection to the web server, use telnet to port 80.
12. A, B. IPP printer overflow and ISAPI DLL buffer overflow attacks are types of buffer over-
flow attacks that can be used to exploit IIS Server.
13. C. The most valuable target data, such as passwords, credit card numbers, and personal
information, reside in the database of a web application.
14. D. IISExploit.exe is a tool used to perform automated directory-traversal attacks on IIS.
15. C. Wget is a command-line tool that can be used to download an entire website with all the
source files.
16. A, B, C. Certificates, tokens. and biometrics are all credentials that can authenticate users
to web servers and web applications. Kerberos is a type of security system used to protect
user authentication credentials.
17. A. WebSleuth can be used to index a website and specifically pull email addresses from all
the pages of a website.
18. A. SiteScope maps out the connections within a web application and aids in the decon-
struction of the program.
19. A, B, D. The three most common attacks against IIS are directory traversal, buffer over-
flows, and source disclosure.
20. A, B. Using a DNS attack to redirect users to a different web server and revealing an admin-
istrator password through a brute-force attack are two methods of defacing a website.