Maintaining a secure Web server requires constant effort, resources, and vigilance from an
organization. Securely administering a Web server on a daily basis is an essential aspect of Web
server security.
Maintaining the security of a Web server will usually involve the following steps:
1. Configuring, protecting, and analyzing log files
2. Backing up critical information frequently
3. Maintaining a protected authoritative copy of the organization’s Web content
4. Establishing and following procedures for recovering from compromise
5. Testing and applying patches in a timely manner
6. Testing security periodically.
In which step would you engage a forensic investigator?

In Buffer Overflow exploit, which of the following registers gets overwritten with return address of
the exploit code?

Web servers often contain directories that do not need to be indexed. You create a text file with
search engine indexing restrictions and place it on the root directory of the Web Server.
User-agent: *
Disallow: /images/
Disallow: /banners/
Disallow: /Forms/
Disallow: /Dictionary/
Disallow: /_borders/
Disallow: /_fpclass/
Disallow: /_overlay/
Disallow: /_private/
Disallow: /_themes/
What is the name of this file?

An attacker has successfully compromised a remote computer. Which of the following comes as
one of the last steps that should be taken to ensure that the compromise cannot be traced back to

the source of the problem?

Attackers target HINFO record types stored on a DNS server to enumerate information. These are
information records and potential source for reconnaissance. A network administrator has the
option of entering host information specifically the CPU type and operating system when creating
a new DNS record. An attacker can extract this type of information easily from a DNS server.
Which of the following commands extracts the HINFO record?

Bret is a web application administrator and has just read that there are a number of surprisingly
common web application vulnerabilities that can be exploited by unsophisticated attackers with
easily available tools on the Internet. He has also read that when an organization deploys a web
application, they invite the world to send HTTP requests. Attacks buried in these requests sail past
firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal
HTTP requests. Bret is determined to weed out vulnerabilities.
What are some of the common vulnerabilities in web applications that he should be concerned
about?

What is War Dialing?

Steven the hacker realizes the network administrator of Acme Corporation is using syskey in
Windows 2008 Server to protect his resources in the organization. Syskey independently encrypts
the hashes so that physical access to the server, tapes, or ERDs is only first step to cracking the
passwords. Steven must break through the encryption used by syskey before he can attempt to
use brute force dictionary attacks on the hashes. Steven runs a program called “SysCracker”
targeting the Windows 2008 Server machine in attempting to crack the hash used by Syskey. He
needs to configure the encryption level before he can launch the attack. How many bits does
Syskey use for encryption?

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured
door and uses the special card in order to access the restricted area of the target company. Just
as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the
employee to hold the door open so that he can enter. What is the best way to undermine the social
engineering activity of tailgating?

Ursula is a college student at a University in Amsterdam. Ursula originally went to college to study
engineering but later changed to marine biology after spending a month at sea with her friends.
These friends frequently go out to sea to follow and harass fishing fleets that illegally fish in foreign
waters. Ursula eventually wants to put companies practicing illegal fishing out of business. Ursula
decides to hack into the parent company’s computers and destroy critical data knowing fully well
that, if caught, she probably would be sent to jail for a very long time. What would Ursula be
considered?