Q: What are the main components of a web server?
A: Document Root, Server Root, Virtual Document Tree, Virtual Hosting, Web Proxy

Q: Name some common security vulnerabilities in web servers.
A: Software vulnerabilities, configuration errors, lack of updates, credential reuse, unrestricted traffic, unhardened applications

Q: What are the common architectures for web servers?
A: LAMP stack (Linux, Apache, MySQL, PHP) and Microsoft IIS

Q: What is DNS Server Hijacking?
A: An attack where attackers redirect user requests to rogue servers by compromising DNS settings.

Q: Describe a Directory Traversal Attack.
A: An attack that allows attackers to access restricted directories by exploiting vulnerabilities in web server software.

Q: What is a Web Cache Poisoning Attack?
A: An attack that involves swapping cached content with infected content to serve malicious content to users.

Q: What methods are used in Web Server Password Cracking?
A: Dictionary attacks, brute-force attacks, hybrid attacks

Q: How does a DoS/DDoS Attack work?
A: It overwhelms web servers with fake requests to make them unavailable to legitimate users.

Q: What is a Man-in-the-Middle Attack?
A: An attack where an attacker intercepts and alters communications between an end-user and web servers to steal sensitive information.

Q: List some preventive measures against web server attacks.
A: Regular updates and patching, strong authentication, application hardening, traffic restrictions, proper configuration, monitoring, and security

Q: From a webmaster's perspective, what is a significant concern regarding web servers?
A: Bugs in software programs and the open architecture of web servers pose inherent risks.

Q: Why should intranet traffic be encrypted or restricted?
A: To secure the web server from unauthorized access and potential attacks.

Q: How can server certificates help in securing web servers?
A: They guarantee security by being signed by a trusted authority and help avoid MITM attacks.

Q: What is the purpose of the machine.config file in web server security?
A: It provides a mechanism for securing information by changing machine-level settings and includes settings that affect the security of the .Net framework.

Q: What is Code Access Security and why is it important?
A: It ensures that there are no permissions to execute code downloaded from the Internet or intranet, preventing execution of malicious code.

https://quizlet.com/au/928576959/module-13-hacking-web-servers-flash-cards/?i=2hfw1u&x=1jqt