This document contains 20 multiple choice questions about securing web servers and preventing common attacks like session hijacking. The questions cover topics like where IIS logs are located, steps to increase web server security, tools that can be used to sniff network traffic, and vulnerabilities like buffer overflows.

1. Buy here:
http://theperfecthomework.com/cmit-321-quiz-3/
Question 1​ (5 points)
By default, where are the IIS logs recorded?
Question 1 options:
Inetpub/logs
%systemroot%logfiles
%systemroot%system32logfiles
Inetpubwwwlogs
Save
Question 2​ (5 points)
Which steps should be taken to increase web server security? (Select all that apply.)
Question 2 options:
Remove unused application mappings.
Enable remote administration.

2. Apply service packs and hotfixes.
Check for malicious input in forms and query strings.
Save
Question 3​ (5 points)
IP spoofing is not difficult and can be used in a variety of attacks. However, the attacker will
not see the packets that are returned to the spoofed IP address. In this case, the attacker
uses ______________ and then sniffs the traffic as it passes.
Question 3 options:
alternate data streams
source routing
session hijacking
a redirect
Save
Question 4​ (5 points)
Which of the following is the best countermeasure against hijacking? (Select all that apply.)
Question 4 options:

3. Use unpredictable sequence numbers.
Do not use the TCP protocol.
Use encryption.
Limit the unique sessions token to each browser’s instance.
Save
Question 5​ (5 points)
This IIS 7 component allows clients to publish, locks and manages resources on the web,
and should be disabled on a dedicated server.
Question 5 options:
WebDAV Publishing
Remote Administration
Active Server pages
Internet Data Connector
Save
Question 6​ (5 points)

4. Which of the following components help defend against session hijacking? (Select all that
apply.)
Question 6 options:
per-packet integrity checking
source routing
PPTP
SSL
Save
Question 7​ (5 points)
_____________ is the US government's repository of standards-based
vulnerability-management data that includes databases of security checklists,
security-related software flaws, misconfigurations, product names, and impact metrics.
Question 7 options:
National Vulnerability Database (NVD)
US Cyber Security Database
National SQL Database
US Vulnerability Database

5. Save
Question 8​ (5 points)
Which type of attack allows an attacker to change the DNS table of a server so that requests
for sites redirect to an IP address of the attacker's choosing?
Question 8 options:
cache redirect
buffer overflow
cache poisoning
Unicode directory traversal vulnerability
Save
Question 9​ (5 points)
An attacker sends packets to a target host using a spoofed IP address of a trusted host on a
different network. What kind of packets will be returned to the attacker?
Question 9 options:
ACK packets
RST packets

6. ISNs incremented by 1
No packets will be returned to the attacker.
Save
Question 10​ (5 points)
What tool could an attacker use to capture sequence and acknowledgment numbers from a
victim in order to track a network session?
Question 10 options:
Traceroute
Netstat
Network Sniffer
Nslookup
Save
Question 11​ (5 points)
Once an initial sequence number (ISN) has been agreed to, all the packets that follow will be
the ____________. This makes it possible to inject data into a communication stream.
Question 11 options:

7. ISN-1
ISN-2
ISN+1
ISN+2
Save
Question 12​ (5 points)
Which of the following tools automates and takes advantage of directory traversal exploits in
IIS?
Question 12 options:
Msw3prt IPP Vulnerability
IIS_Traversal
ServerMask
IIS Xploit
Save
Question 13​ (5 points)

8. The Privileged Command Execution Vulnerability is executed with _______________
permissions and allows an attacker to execute arbitrary code in a section of memory not
reserved for the particular application.
Question 13 options:
root
administrator
SYSTEM
guest
Save
Question 14​ (5 points)
At what layer of the TCP stack does the three-way handshake occur?
Question 14 options:
transport
network
application
data link
Save

9. Question 15​ (5 points)
An attacker successfully performs a Unicode directory traversal attack against a default IIS
installation running on a Windows 2000 server. What are the attacker’s current privileges?
Question 15 options:
IUSR_COMPUTERNAME
administrator
root
SYSTEM
Save
Question 16​ (5 points)
Which tool helps hackers hide their activities by removing IIS log entries based on the
attacker’s IP address?
Question 16 options:
ServerMask
Log Analyzer
IISLogCleaner

10. CleanIISLog
Save
Question 17​ (5 points)
This type of attack is usually the result of faulty programming practices. It allows an attacker
to place data into a buffer that is larger than the allocated size, resulting in an overflow,
overwriting, and corruption of adjacent data spaces.
Question 17 options:
Unicode directory traversal vulnerability
denial of service
ping of death
buffer overflow
Save
Question 18​ (5 points)
In _____________ hijacking, the attacker uses a packet-sniffer to capture the session IDs to
gain control of an existing session or to create a new unauthorized session.
Question 18 options:
UDP

11. blind
Internet-level
application-level
Save
Question 19​ (5 points)
The act of predicting TCP sequence numbers is called ______________________.
Question 19 options:
a brute-force attack
blind hijacking
application hijacking
spoofing
Save
Question 20​ (5 points)
At what layer of the TCP stack does web browsing take place?
Question 20 options:

12. network
application
Internet
data link