Cyber Security Multiple Choice Questions on “Web Server Attacks”.
1. Which of the following is not an appropriate way to compromise web servers?
a) Misconfiguration in OS
b) Using network vulnerabilities
c) Misconfiguration in networks
d) Bugs in OS which allow commands to run on web servers
Answer: b
Clarification: Websites get hosted on web servers. Web servers are actually computers running that makes us available & accessible files (web pages) through the internet. Various ways that can help compromise a web server are a misconfiguration of network or OS, bugs in web server’s OS etc.
2. Which of the following is not an appropriate method of defacing web server?
a) Fetching credentials through MiTM
b) Brute-forcing Admin Password
c) IP address spoofing
d) DNS Attack through cache poisoning
Answer: c
Clarification: Various ways which can help a hacker deface the web server. These are by fetching credentials through MiTM, brute-forcing administrator password, DNS attack through cache poisoning, FTP server intrusion and many more.
3. Which of the following is not an appropriate method of defacing web server?
a) Mail server intrusion
b) Web application bugs
c) Web shares misconfiguration
d) Sessions hijacking
Answer: d
Clarification: Defacing the web server can be done in various ways by fetching credentials through brute-forcing administrator password, through cache poisoning, mail server intrusion, web app bugs and many more.
4. _________ is one of the most widely used web server platforms.
a) IIS
b) IAS
c) ISS
d) AIS
Answer: a
Clarification: Websites get hosted on web servers. Web servers are actually computers running that makes us available & accessible files (web pages) through the internet. IIS is one of the most widely used web server platforms.
5. IIS stands for __________________
a) Interconnected Information Server
b) Interconnected Information Services
c) Internet Information Server
d) Internet Information Services
Answer: d
Clarification: Web servers are actually computers running that makes us available & accessible files (web pages) through the internet. The most widely used web server platform is the IIS (Internet Information Services).
6. ____________ is a tiny script that if uploaded to a web server can give hacker complete control of a remote PC.
a) Spyware
b) ASP Trojan
c) Web ransomware
d) Stuxnet
Answer: b
Clarification: ASP Trojan is a tiny script that if uploaded to a web server can give hacker complete control of remote PC. ASP Trojan can be easily attached to web applications creating a backdoor in web server hacking.
7. ____________ logs all the visits in log files which is located at <%systemroot%>logfiles.
a) IIS
b) Microsoft Server
c) Linux
d) IAS
Answer: a
Clarification: Internet Information Services logs all the visits in log files which are located at <%systemroot%>logfiles. IIS (Internet Information Services) is one of the most widely used web server platforms.
8. Which of the following is not a web server attack type?
a) DOS attack
b) Website Defacement using SQLi
c) Directory Traversal
d) Password guessing
Answer: d
Clarification: The web servers are actually computers running that makes us available & accessible files (web pages) through the internet. Different web server attack types are through DOS attack, website defacement using SQLi and directory traversal.
9. ______________ tool clears the log entries in the IIS log files filtered by an IP address.
a) CleanIISLoging
b) CleanLogger
c) CleanIISLog
d) ClearIISLog
Answer: c
Clarification: IIS (Internet Information Services) is one of the most widely used web server platform. IIS logs all the visits in log files which are located at <%systemroot%>logfiles. CleanIISLog tool clears the log entries in the IIS log files filtered by an IP address.
10. CleanIISLog is not a hacking tool.
a) True
b) False
Answer: b
Clarification: CleanIISLog tool is used to clear the log entries in the IIS log files filtered by an IP address. It is a hacking tool which can help in easily remove all traces of her log file from the server.
11. Which of the following is not an appropriate countermeasure for web server hacking?
a) Patch updates need to be done regularly
b) Not to use default configurations
c) Use IDS and firewalls with signature updates
d) Use low-speed internet
Answer: d
Clarification: To protect against web server hacking, one need to patch updates regularly, not to use default configurations, use IDS and firewalls with signature updates.
12. Which of the following is not an appropriate countermeasure for web server hacking?
a) Using OS or antivirus without updates
b) Scan web server applications for vulnerabilities
c) Using secure protocols
d) Follow strict access control policy
Answer: a
Clarification: For defending against web server hacking, one needs to scan web server applications for vulnerabilities, make use of secure protocols, and follow strict access control policy.