This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Web Server Attacks”.
1. Which of the following is not an appropriate way to compromise web servers?
a) Misconfiguration in OS
b) Using network vulnerabilities
c) Misconfiguration in networks
d) Bugs in OS which allow commands to run on web servers
View Answer
Explanation: Websites get hosted on web servers. Web servers are actually computers running that makes us available & accessible files (web pages) through the internet. Various ways that can help compromise a web server are a misconfiguration of network or OS, bugs in web server’s OS etc.
2. Which of the following is not an appropriate method of defacing web server?
a) Fetching credentials through MiTM
b) Brute-forcing Admin Password
c) IP address spoofing
d) DNS Attack through cache poisoning
View Answer
Explanation: Various ways which can help a hacker deface the web server. These are by fetching credentials through MiTM, brute-forcing administrator password, DNS attack through cache poisoning, FTP server intrusion and many more.
3. Which of the following is not an appropriate method of defacing web server?
a) Mail server intrusion
b) Web application bugs
c) Web shares misconfiguration
d) Sessions hijacking
View Answer
Explanation: Defacing the web server can be done in various ways by fetching credentials through brute-forcing administrator password, through cache poisoning, mail server intrusion, web app bugs and many more.
4. _________ is one of the most widely used web server platforms.
a) IIS
b) IAS
c) ISS
d) AIS
View Answer
Explanation: Websites get hosted on web servers. Web servers are actually computers running that makes us available & accessible files (web pages) through the internet. IIS is one of the most widely used web server platforms.
5. IIS stands for __________________
a) Interconnected Information Server
b) Interconnected Information Services
c) Internet Information Server
d) Internet Information Services
View Answer
Explanation: Web servers are actually computers running that makes us available & accessible files (web pages) through the internet. The most widely used web server platform is the IIS (Internet Information Services).
6. ____________ is a tiny script that if uploaded to a web server can give hacker complete control of a remote PC.
a) Spyware
b) ASP Trojan
c) Web ransomware
d) Stuxnet
View Answer
Explanation: ASP Trojan is a tiny script that if uploaded to a web server can give hacker complete control of remote PC. ASP Trojan can be easily attached to web applications creating a backdoor in web server hacking.
7. ____________ logs all the visits in log files which is located at <%systemroot%>\logfiles.
a) IIS
b) Microsoft Server
c) Linux
d) IAS
View Answer
Explanation: Internet Information Services logs all the visits in log files which are located at <%systemroot%>\logfiles. IIS (Internet Information Services) is one of the most widely used web server platforms.
8. Which of the following is not a web server attack type?
a) DOS attack
b) Website Defacement using SQLi
c) Directory Traversal
d) Password guessing
View Answer
Explanation: The web servers are actually computers running that makes us available & accessible files (web pages) through the internet. Different web server attack types are through DOS attack, website defacement using SQLi and directory traversal.
9. ______________ tool clears the log entries in the IIS log files filtered by an IP address.
a) CleanIISLoging
b) CleanLogger
c) CleanIISLog
d) ClearIISLog
View Answer
Explanation: IIS (Internet Information Services) is one of the most widely used web server platform. IIS logs all the visits in log files which are located at <%systemroot%>\logfiles. CleanIISLog tool clears the log entries in the IIS log files filtered by an IP address.
10. CleanIISLog is not a hacking tool.
a) True
b) False
View Answer
Explanation: CleanIISLog tool is used to clear the log entries in the IIS log files filtered by an IP address. It is a hacking tool which can help in easily remove all traces of her log file from the server.
11. Which of the following is not an appropriate countermeasure for web server hacking?
a) Patch updates need to be done regularly
b) Not to use default configurations
c) Use IDS and firewalls with signature updates
d) Use low-speed internet
View Answer
Explanation: To protect against web server hacking, one need to patch updates regularly, not to use default configurations, use IDS and firewalls with signature updates.
12. Which of the following is not an appropriate countermeasure for web server hacking?
a) Using OS or antivirus without updates
b) Scan web server applications for vulnerabilities
c) Using secure protocols
d) Follow strict access control policy
View Answer
Explanation: For defending against web server hacking, one needs to scan web server applications for vulnerabilities, make use of secure protocols, and follow strict access control policy.
Sanfoundry Global Education & Learning Series – Cyber Security.
To practice all areas of Cyber Security, here is complete set of 1000+ Multiple Choice Questions and Answers.
If you find a mistake in question / option / answer, kindly take a screenshot and email to [email protected]
- Check Computer Science Books
- Check Cyber Security Books
- Practice Cryptography & Network Security MCQ
- Check Programming Books
- Practice Programming MCQs
