CMIT 321 QUIZ 3
- 1. Buy here: http://theperfecthomework.com/cmit-321-quiz-3/ Question 1 (5 points) By default, where are the IIS logs recorded? Question 1 options: Inetpub/logs %systemroot%logfiles %systemroot%system32logfiles Inetpubwwwlogs Save Question 2 (5 points) Which steps should be taken to increase web server security? (Select all that apply.) Question 2 options: Remove unused application mappings. Enable remote administration.
- 2. Apply service packs and hotfixes. Check for malicious input in forms and query strings. Save Question 3 (5 points) IP spoofing is not difficult and can be used in a variety of attacks. However, the attacker will not see the packets that are returned to the spoofed IP address. In this case, the attacker uses ______________ and then sniffs the traffic as it passes. Question 3 options: alternate data streams source routing session hijacking a redirect Save Question 4 (5 points) Which of the following is the best countermeasure against hijacking? (Select all that apply.) Question 4 options:
- 3. Use unpredictable sequence numbers. Do not use the TCP protocol. Use encryption. Limit the unique sessions token to each browser’s instance. Save Question 5 (5 points) This IIS 7 component allows clients to publish, locks and manages resources on the web, and should be disabled on a dedicated server. Question 5 options: WebDAV Publishing Remote Administration Active Server pages Internet Data Connector Save Question 6 (5 points)
- 4. Which of the following components help defend against session hijacking? (Select all that apply.) Question 6 options: per-packet integrity checking source routing PPTP SSL Save Question 7 (5 points) _____________ is the US government's repository of standards-based vulnerability-management data that includes databases of security checklists, security-related software flaws, misconfigurations, product names, and impact metrics. Question 7 options: National Vulnerability Database (NVD) US Cyber Security Database National SQL Database US Vulnerability Database
- 5. Save Question 8 (5 points) Which type of attack allows an attacker to change the DNS table of a server so that requests for sites redirect to an IP address of the attacker's choosing? Question 8 options: cache redirect buffer overflow cache poisoning Unicode directory traversal vulnerability Save Question 9 (5 points) An attacker sends packets to a target host using a spoofed IP address of a trusted host on a different network. What kind of packets will be returned to the attacker? Question 9 options: ACK packets RST packets
- 6. ISNs incremented by 1 No packets will be returned to the attacker. Save Question 10 (5 points) What tool could an attacker use to capture sequence and acknowledgment numbers from a victim in order to track a network session? Question 10 options: Traceroute Netstat Network Sniffer Nslookup Save Question 11 (5 points) Once an initial sequence number (ISN) has been agreed to, all the packets that follow will be the ____________. This makes it possible to inject data into a communication stream. Question 11 options:
- 7. ISN-1 ISN-2 ISN+1 ISN+2 Save Question 12 (5 points) Which of the following tools automates and takes advantage of directory traversal exploits in IIS? Question 12 options: Msw3prt IPP Vulnerability IIS_Traversal ServerMask IIS Xploit Save Question 13 (5 points)
- 8. The Privileged Command Execution Vulnerability is executed with _______________ permissions and allows an attacker to execute arbitrary code in a section of memory not reserved for the particular application. Question 13 options: root administrator SYSTEM guest Save Question 14 (5 points) At what layer of the TCP stack does the three-way handshake occur? Question 14 options: transport network application data link Save
- 9. Question 15 (5 points) An attacker successfully performs a Unicode directory traversal attack against a default IIS installation running on a Windows 2000 server. What are the attacker’s current privileges? Question 15 options: IUSR_COMPUTERNAME administrator root SYSTEM Save Question 16 (5 points) Which tool helps hackers hide their activities by removing IIS log entries based on the attacker’s IP address? Question 16 options: ServerMask Log Analyzer IISLogCleaner
- 10. CleanIISLog Save Question 17 (5 points) This type of attack is usually the result of faulty programming practices. It allows an attacker to place data into a buffer that is larger than the allocated size, resulting in an overflow, overwriting, and corruption of adjacent data spaces. Question 17 options: Unicode directory traversal vulnerability denial of service ping of death buffer overflow Save Question 18 (5 points) In _____________ hijacking, the attacker uses a packet-sniffer to capture the session IDs to gain control of an existing session or to create a new unauthorized session. Question 18 options: UDP
- 11. blind Internet-level application-level Save Question 19 (5 points) The act of predicting TCP sequence numbers is called ______________________. Question 19 options: a brute-force attack blind hijacking application hijacking spoofing Save Question 20 (5 points) At what layer of the TCP stack does web browsing take place? Question 20 options: