Page 800 - StudyBook.pdf
P. 800
784 Appendix • Self Test Appendix
B.These are rogue HTTP servers, and they should be disabled. HTTP servers listen on port 80
by default.This situation indicates that rogue Web servers have be intentionally or unintention-
ally set up on your network.Without the administrator’s knowledge, this presents a security
vulnerability, as the operator(s) of the systems will probably not be able to or know how to
secure them properly.
Answers A and D are incorrect, because FTP uses port 20 and port 21.Answer C is incorrect,
because LDAP uses port 389.
3. You determine that someone has been using Web spoofing attacks to get your users to give out
their passwords to an attacker.The users tell you that the site at which they have been entering
the passwords shows the same address that normally shows in the address bar of the browser.
What is the most likely reason that the users cannot see the URL that they are actually using?
A. The attacker is using a digital certificate created by a third-party CA.
B. The attacker is using HTTP/S to prevent the browser from seeing the real URL.
C. The attacker is using ActiveX to prevent the Web server from sending its URL.
D. The attacker is using JavaScript to prevent the browser from displaying the real URL.
D. The attacker is using JavaScript to prevent the browser from displaying the real URL. By
using JavaScript, the attacker can cause the browser to change the URL in the address bar to
show whatever the attacker wants to, including the URL of a different site than the one the
user is actually using.
Answer A is incorrect, because digital certificates would not mask the URL that the user
would see in the address bar of the browser.Answer B is incorrect, because HTTP/S is used for
encrypted HTTP connections, but the browser would still display the correct URL.Answer C
is incorrect, because ActiveX doesn’t have the ability to prevent a Web server from sending its
URL to a client.
4. You are setting up a new Web server for your company. In setting directory properties and per-
missions through the Web server, you want to ensure that hackers are not able to navigate
through the directory structure of the site, or execute any compiled programs that are on the
hard disk.At the same time, you want visitors to the site to be able to enjoy the code you’ve
included in HTML documents, and in scripts stored in a directory of the Web site.Which of
the following will be part of the properties and permissions that you set?
A. Disable script source access
B. Set execute permissions in the directory to “None”
C. Disable directory browsing
D. Enable log visits
C. Disable directory browsing. Of the various tasks you would need to perform on the Web
server, the only choice offered that would apply to this scenario is disabling directory browsing
to prevent visitors from navigating through the directory structure of the Web site.
www.syngress.com
