Lab 6 Tuesday 4/8/2008Student name: _______________________________ Computer # _____ QuestionsAnswer the following two questions based on the material presented in class and your general knowledge about web service.1. Assume that the home directory for the www.homeschool.com web site is C:\homeschool\web. Which of the following URL could be typed in the Address text box of a web browser to get the report.htm file located in the report directory which is a subdirectory under the home directory?a) www.report.homeschool.comb) www.report.homeschool.com/reportc) www.report.homeschool.com/report/report.htmd) www.homeschool.com/report/report.htm2. The URL “http://www.pukanui.com/rainbow/dawgs.htm” will retrieve a file from the _____ directory.a) dawgs.htmb) rainbowc) comd) pukanui.come) www.pukanui.com3. Write down the URL to retrieve the file dogs.htm under the doggy directory on the host www.eiu.edu_____http://www.eiu.edu/doggy/dogs.htm_____________________________________2. Which of the following used to be an effective technique for IIS directory traversal attacks?a) Adding “traverse” to the beginning of the URL b) Typing in URLs that include “../” c) Typing in the home directory in the URL instead of the name registered in DNSd) None of the above© Abdou Illia 11/3Page 1/3Lab 6-2Lab 6 Tuesday 4/8/2008Reading page 334-341 in the textbook could help you answer the following questions.4. Attackers use _______ representations to make it difficult to filter out directory traversal attacks.a) hexadecimalb) UNICODEc) Both of the above.d) Neither a. nor b.5. Which of the following attackers began to use in order to launch traversal attacks when Microsoft fixed the vulnerability that allows traversal attacks on Windows NT and Windows 2000 servers running IIS?a) Use %2F in URLsb) Use UNICODE characters that are equivalent of dot and backslashc) All of the above6. Write down the URL that would pass the values 45 and $749 for the variables number and total to the order.exe program in the escripts directory that is under the scripts directory. The assumption is that scripts is a directory under the home directory of the www.calculator.com web site.___http://www.calculator.com/scripts/escripts/order.exe?number=45&total=749_______7. What programming/scripting language does CGI require?a) Java.b) Javascript.c) Active-X.d) CGI script.e) CGI does not require a specific language.8. Which vendor supports asp scripting?a) Microsoft.b) SUN.c) Java.d) IBM.e) Apache.9. On the production server, who should have permissions?a) developers.b) testers.c) Both of the above.d) Neither a. nor b.10. On the testing server, who should have permissions?a) developers.b) testers.c) Both of the above.d) Neither a. nor b.© Abdou Illia 22/3Page 2/3Lab 6 Tuesday 4/8/200811. Which offers strong mutual authentication?a) TLS with customer certificates.b) IPsec authentication.c) Both of the above.d) Neither of the above.Explanation: with TLS if customers have certificates, there will be a strong mutual authentication. The reason is if customers have certificates, it suggests that sellers have them two. It doesn’t make sense for customers to use certificates if sellers don’t use them.12. How do scripting languages compare to full programming languages?a) Scripting languages are more powerful.b) The two are about equally powerful.c) Full programming languages are more powerful.Note: This question will not be considered given the possible misinterpretation of the word powerful.13. JavaScript is scripted form of Java.a) True.b) False.14. Using Windows defaults, malicious.txt.exe will appear to be a …a) text (txt) fileb) executable (exe) file15. Which of the following is used to track users at a website to see what pages they view?a) cookies.b) web bugs.c) Both of the above.d) Neither a. nor b.16. What is a Java applet? a) it is a small Java program that executes when a webpage is loaded or when the user takes specific actions.b) it is not a script per se, but a program called by scripts on webpages.c) All of the above.© Abdou Illia 33/3Page