Quiz 8: Security of Web Applications

A sender with a valid internal IP address should be allowed to send e-mail to external e-mail addresses.

In passive mode, the FTP client must listen and wait for the server connection.

When properly configured to afford anonymous users only very limited access, the FTP server works well.

Most of the weaknesses with SNMP occur with Version 1 of SNMP.

The Common Gateway Interface (CGI) is a programming language in and of itself.

____ is a simple method of transferring files between computer systems. A) IMAP C) NNTP B) FTP D) SNMP

____ are collections of IP addresses of known spam sources on the Internet, and they can be easily integrated into most SMTP server configurations. A) Real-time blacklistings (RBLs) C) SMTP traps B) Cross-site scriptings D) Domain Name Security Extensions

With ____ mode, a trusted internal FTP client makes an outgoing request to the FTP server. A) passive C) simple B) active D) aggressive

A major problem with FTP is that data is transferred in ____. A) encapsulated packets C) segments B) fragments D) plaintext

What is the best way to secure FTP or TFTP? A) Install FTP on the client and TFTP on the server. B) Install FTP on the server and TFTP on the client. C) Use anonymous FTP. D) Employ encryption and authentication.

What is the best way to secure Telnet? A) Scrub all user input to make sure no invalid characters are passed in the Telnet statement B) Do not use Telnet at all. C) Use anonymous Telnet. D) Use strong passwords that never change.

To provide monitoring, an SNMP ____ must be installed on a desired host or network device. A) script C) agent B) passcode D) signature

A(n) ____ is designed to translate information sent from a particular agent or class of agents. A) CGI script C) passphrase B) RBL D) MIB

An SMTP ____ is a simple message providing status information about the monitored device. A) agent C) script B) trap D) passphrase

DNS ____ provide a mechanism to divide ownership responsibility among various DNS servers and the organizations they serve. A) zones C) scripts B) agents D) registries

____ is the basis for Web communication. A) CSS C) HTTP B) DNS D) HTML

Which HTTP request method retrieves meta-information only from the resource signified in the URI? A) HEAD C) GET B) OPTIONS D) POST

Which HTTP response code indicates that an error has occurred on the client side? A) 100 C) 401 B) 200 D) 503

____ is a key component of the Web, working in conjunction with HTTP to move content from servers to clients. A) XML C) PHP B) HTML D) CSS

One of the biggest strengths of Perl is its ____-manipulation abilities. A) script C) string B) numeric D) text

____ was originally developed as a client-side language, which means the code is interpreted on the client side instead of on the Web server. A) AJAX C) JavaScript B) Perl D) CSS

____ refers to a new use of existing technologies. A) XML C) AJAX B) PHP D) JavaScript

In 2010, OWASP determined that ____ attacks were the top risk to Web applications. A) cross-site scripting C) cross-site request forgery B) injection D) security misconfiguration

What is the best way to restrict URL access? A) Redirect visitors to another page. B) Make sure sensitive pages require authentication. C) Use the"secure"flag on all sensitive cookies. D) Use Secure Shell (SSH).

What is the best way to make sure data is properly encrypted while in transit? A) Install an SNMP agent. B) Make sure sensitive pages require authentication. C) Use the"secure"flag on all sensitive cookies. D) Scrub all user input to make sure no invalid characters are passed in an SQL statement.

What is the best way to direct visitors to a new location or page? A) Create a .htaccess file with the following entry: Redirect 301 /old/old.html /new/new.html. B) Use an SMTP agent. C) Use Secure Shell (SSH). D) Generate random tokens with the various HTML forms used by a user.

The ____________________ is a set of applications (the software) that runs on top of the Internet.

____________________ is used to send Internet mail.

During a(n) ____________________ attack, a malicious user sends a flood of e-mail to the e-mail server.

____________________ queries are initiated by clients to resolve a fully qualified domain name (FQDN)to its IP address.

DNS ____________________ consists of inserting incorrect translation information within the DNS server (or within the communication between the resolver and server) in order to take a legitimate domain name and point the resolver to a malicious server, thereby secretly subverting the session.

Match each item with a statement below. a.Telnet f.CGI b.SNMP g.Perl c.NNTP h.PHP d.CSS i.CSRF e.XML -An extension to HTML that allows developers to define their own tags for structure.

Match each item with a statement below. a.Telnet f.CGI b.SNMP g.Perl c.NNTP h.PHP d.CSS i.CSRF e.XML -Used to monitor the status and performance of network devices and systems.

Match each item with a statement below. a.Telnet f.CGI b.SNMP g.Perl c.NNTP h.PHP d.CSS i.CSRF e.XML -Developed in 1987 by Larry Wall as an interpreted language (based on C syntax) that helps provide a more robust scripting capability for UNIX.

Match each item with a statement below. a.Telnet f.CGI b.SNMP g.Perl c.NNTP h.PHP d.CSS i.CSRF e.XML -An attack that exploits a Web site's trust or previous authentication of a user.

Match each item with a statement below. a.Telnet f.CGI b.SNMP g.Perl c.NNTP h.PHP d.CSS i.CSRF e.XML -Standardizes the HTML formatting for an entire Web site by allowing developers to customize fonts, tables, and other page elements.

Match each item with a statement below. a.Telnet f.CGI b.SNMP g.Perl c.NNTP h.PHP d.CSS i.CSRF e.XML -Developed specifically to allow developers to create dynamically generated HTML content.

Match each item with a statement below. a.Telnet f.CGI b.SNMP g.Perl c.NNTP h.PHP d.CSS i.CSRF e.XML -An API (application programming interface) that allows external programs or scripts to interact with a Web server.

Match each item with a statement below. a.Telnet f.CGI b.SNMP g.Perl c.NNTP h.PHP d.CSS i.CSRF e.XML -Allows users to connect a remote shell to run programs, view files, and perform a variety of other operations as if they were using the system locally.

Match each item with a statement below. a.Telnet f.CGI b.SNMP g.Perl c.NNTP h.PHP d.CSS i.CSRF e.XML -Designed to facilitate Usenet newsgroup communications.

Describe an open relay.

What is the "POP before SMTP" authentication method and how is it used to defend against improper use of an SMTP server?

Compare the Trivial File Transfer Protocol (TFTP) to FTP.

List four standard operations that can be performed by the LDAP protocol.

Provide a brief overview of DNS operations.

Describe the most common way a Web client can access Web servers.

Explain why cross-site scripting (XSS) vulnerabilities may be the least understood.

Why are more and more organizations turning to encryption to make sure data is stored in a format that cannot be leaked if a system is compromised?

Why is insufficient transport layer protection considered to be a threat in Web applications?.

List five best practices a Web system administrators should use to secure a Web server.