CMIT 265 Fundamentals of Networking Quiz 3 Answers – Homeworkmade

DOWNLOAD: CMIT 265 Fundamentals of Networking Quiz 3 Answers – Homeworkmade

CMIT 265 Quiz 3

1. This vulnerability uses malformed URLs to navigate and access folders and files outside the web folder on the system’s logical drive.
2. This IIS 7 component allows clients to publish, locks and manages resources on the web, and should be disabled on a dedicated server.
3. Which tool helps hackers hide their activities by removing IIS log entries based on the attacker’s IP address?
4. The Privileged Command Execution Vulnerability is executed with _______________ permissions and allows an attacker to execute arbitrary code in a section of memory not reserved for the particular application.
5. At what layer of the TCP stack does the three-way handshake occur?
6. An attacker sends packets to a target host using a spoofed IP address of a trusted host on a different network. What kind of packets will be returned to the attacker? 
7. IP spoofing is not difficult and can be used in a variety of attacks. However, the attacker will not see the packets that are returned to the spoofed IP address. In this case, the attacker uses ______________ and then sniffs the traffic as it passes.
8. In _____________ hijacking, the attacker uses a packet-sniffer to capture the session IDs to gain control of an existing session or to create a new unauthorized session.
9. Session hijacking takes advantage of the __________________ between two hosts.
10. Identify two vulnerabilities of Microsoft’s Internet Information Services (IIS) from the options listed below. (Select two.)
11. Which of the following components help defend against session hijacking? (Select all that apply.)
12. _____________ is an open-source development platform that allows users to configure exploit modules and test systems against attack.
13. This IIS vulnerability allows files to be accessed only when they reside on the same logical drive as the web folders.
14. _____________ is the US government’s repository of standards-based vulnerability-management data that includes databases of security checklists, security-related software flaws, misconfigurations, product names, and impact metrics.
15. Identify the directory exploits countermeasures in the following list. (Select all that apply.)
16. At what layer of the TCP stack does web browsing take place?
17. Which steps should be taken to increase web server security? (Select all that apply.)
18. This type of attack is usually the result of faulty programming practices. It allows an attacker to place data into a buffer that is larger than the allocated size, resulting in an overflow, overwriting, and corruption of adjacent data spaces.
19. An attacker successfully performs a Unicode directory traversal attack against a default IIS installation running on a Windows 2000 server. What are the attacker’s current privileges?
20. This IIS vulnerability allows a remote user to view server-side scripts.