Chat with AI
Deck 10: Hacking Web Servers
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/49
Play
Full screen (f)
Deck 10: Hacking Web Servers
1
Which JavaScript function is a "method" or sequence of statements that perform a routine or task?
A) getElementById()
B) document.write()
C) CFLOCATION()
D)
A) getElementById()
B) document.write()
C) CFLOCATION()
D)
A
2
Web applications written in CFML can also contain other client-side technologies,such as HTML and JavaScript.
True
3
OLE DB relies on connection strings that enable the application to access the data stored on an external device.
True
4
Adobe System's ColdFusion uses its proprietary tags,which are written in which of the following languages?
A) XML
B) DHTML
C) PHP
D) CFML
A) XML
B) DHTML
C) PHP
D) CFML
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
5
CGI programs can be written in many different programming and scripting languages,such as C/C++,Perl,UNIX shells,Visual Basic,and FORTRAN.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
6
Visual Basic Script (VBScript)is a scripting language developed by which of the following companies?
A) Sun Microsystems
B) Symantec
C) Macromedia
D) Microsoft
A) Sun Microsystems
B) Symantec
C) Macromedia
D) Microsoft
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following interfaces,developed by Microsoft,is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?
A) OLE DB
B) ODBC
C) ADO
D) JDBC
A) OLE DB
B) ODBC
C) ADO
D) JDBC
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
8
To check whether a CGI program works,you can test the URL in your Web browser.Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?
A) bin
B) cgi-bin
C) cgi
D) scripts
A) bin
B) cgi-bin
C) cgi
D) scripts
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
9
Which of the following interfaces is a standard database access method,developed by SQL Access Group,that allows an application to access data stored in a database management system (DBMS)?
A) OLE DB
B) ODBC
C) ADO
D) JDBC
A) OLE DB
B) ODBC
C) ADO
D) JDBC
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
10
Which of the following is an alternative term used when referring to Application Security?
A) SecAPP
B) Apps
C) AppSec
D) SQLSec
A) SecAPP
B) Apps
C) AppSec
D) SQLSec
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?
A) reflected
B) injected
C) unvalidated
D) Stored
A) reflected
B) injected
C) unvalidated
D) Stored
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
12
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications,such as Word or Excel,to interact with the Web?
A) ADOSQL
B) ADO
C) SQL
D) SNAOLEDB
A) ADOSQL
B) ADO
C) SQL
D) SNAOLEDB
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following is the interface that determines how a Web server passes data to a Web browser?
A) Perl
B) ASP
C) CGI
D) PHP
A) Perl
B) ASP
C) CGI
D) PHP
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
15
A user can view the source code of a PHP file by using their Web browser's tools.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
16
Which of the following programming languages was originally used primarily on UNIX systems,but is used more widely now on many platforms,such as Macintosh and Windows?
A) HTML
B) JScript
C) VBScript
D) PHP
A) HTML
B) JScript
C) VBScript
D) PHP
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
17
Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB)requires using which of the following providers?
A) ADSDSOOBJECT
B) MySQLProv
C) SQLOLEDB
D) SNAOLEDB
A) ADSDSOOBJECT
B) MySQLProv
C) SQLOLEDB
D) SNAOLEDB
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?
A) CVE Web site
B) CERT
C) Microsoft Security Bulletin
D) Macromedia security
A) CVE Web site
B) CERT
C) Microsoft Security Bulletin
D) Macromedia security
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following does Object Linking and Embedding Database (OLE DB)rely on that allows an application to access data stored on an external device?
A) connection strings
B) program strings
C) SQL strings
D) string interfaces
A) connection strings
B) program strings
C) SQL strings
D) string interfaces
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
20
Which specific type of tag do All CFML tags begin with?
A) #
B) CF
C) CFML
D) %
A) #
B) CF
C) CFML
D) %
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
21
Why should security professionals have at least a little knowledge about the Apache Web Server?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
22
What is ColdFusion and which company owns the rights to ColdFusion?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
23
What is the specific act of filtering,rejecting,or sanitizing a user's untrusted input before the application processes it?
A) input validation
B) authorization
C) input auditing
D) discovery
A) input validation
B) authorization
C) input auditing
D) discovery
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
24
What is ODBC,and how can it be utilized?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
25
Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?
A) reflected
B) injected
C) unvalidated
D) Stored
A) reflected
B) injected
C) unvalidated
D) Stored
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
26
What is VBScript,and how can it be utilized?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
27
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
A) security tools
B) scan tools
C) developer tools
D) SQL tools
A) security tools
B) scan tools
C) developer tools
D) SQL tools
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
28
What is the main difference between HTML pages and Active Server Pages (ASP)?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
29
Which type of vulnerabilities can result from a server accepting untrusted,unvalidated input?
A) redirection
B) spoofing
C) injection
D) insertion
A) redirection
B) spoofing
C) injection
D) insertion
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
30
As a security professional,what should you do after identifying that a Web server you are testing is using PHP?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
31
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page,field,resource,or action in an application?
A) authentication
B) authorization
C) auditing
D) discovery
A) authentication
B) authorization
C) auditing
D) discovery
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
32
What is ActiveX Data Objects (ADO),and name an application that uses ADO to interact with the Web?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
33
Which of the following application tests analyzes an application's source code for vulnerabilities,and is therefore only possible when the source code of an application is available?
A) Static Application Security Testing
B) Fast Application Security Testing
C) Dynamic Application Security Testing
D) Executable Application Security Testing
A) Static Application Security Testing
B) Fast Application Security Testing
C) Dynamic Application Security Testing
D) Executable Application Security Testing
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
34
Dynamic Web pages need special components for displaying information that changes depending on user input or information obtained from a back-end server.What kind of components can Web pages use to achieve this?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
35
Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?
A) error handling
B) delay logic
C) client flow
D) business logic
A) error handling
B) delay logic
C) client flow
D) business logic
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
36
Which of the following results from poorly configured technologies that a Web application runs on top of?
A) reflected corruption
B) stored misconfigurations
C) reflected misconfigurations
D) security misconfigurations
A) reflected corruption
B) stored misconfigurations
C) reflected misconfigurations
D) security misconfigurations
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
37
Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
A technology that developers can use to display HTML documents to users on the fly
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
A technology that developers can use to display HTML documents to users on the fly
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
38
What is OWASP?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
39
What features does the current version of Wfetch offer?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
40
Which of the following application tests analyzes a running application for vulnerabilities?
A) Static Application Security Testing
B) Fast Application Security Testing
C) Dynamic Application Security Testing
D) Executable Application Security Testing
A) Static Application Security Testing
B) Fast Application Security Testing
C) Dynamic Application Security Testing
D) Executable Application Security Testing
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
41
Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Ability to vary the information that is displayed on the Web page
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Ability to vary the information that is displayed on the Web page
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
42
Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Displays the same information on the Web page regardless of who accesses the page
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Displays the same information on the Web page regardless of who accesses the page
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
43
Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Standard database access method developed by the SQL Access Group and allows interoperability between back-end DBMSs
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Standard database access method developed by the SQL Access Group and allows interoperability between back-end DBMSs
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
44
Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
The attacker supplies SQL commands when prompted to fill in a Web application field
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
The attacker supplies SQL commands when prompted to fill in a Web application field
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
45
Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Analysis of an application's source code for vulnerabilities
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Analysis of an application's source code for vulnerabilities
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
46
Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
The analysis of a running application for vulnerabilities
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
The analysis of a running application for vulnerabilities
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
47
Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
A pointer to the physical directory
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
A pointer to the physical directory
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
48
Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Open-source server-side scripting language that runs on a server and enables Web developers to create dynamic Web pages
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Open-source server-side scripting language that runs on a server and enables Web developers to create dynamic Web pages
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
49
Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
The interface that determines how a Web server passes data to a Web browser
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
The interface that determines how a Web server passes data to a Web browser
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
