Which of the following components of a web server stores critical HTML files related to the web pages of a domain name that can be sent in response to the user requests?1 pointDocument root Web proxy Top-level root directory Server root 2.Question 2Identify the web-based attack in which the attacker makes unauthorized changes to a website’s content that results in changes to the visual appearance of the web page or website. 1 pointWeb cache poisoning attack Directory traversal attack Website defacement Web server misconfiguration

What is a Directory traversal attack?Answer choicesSelect only one optionREVISITThis Kind of attack happens when the hacker is able to read an error from the Web application system.This kind of attack happens when the hacker is able to get system information by typing scripts in input boxes on the websiteThis kind of attack happens when the hacker is able to put defacing images on the victim's websiteThis Kind of attack happens when the hacker is able to access OS features of the Server on which the Website is Running

1.Question 1Identify the attack in which an attacker exploits vulnerabilities that evolve from the unsafe use of functions in an application in public web servers to send crafted requests to the internal or backend servers. 1 pointSSH brute force Web server password cracking Web server misconfiguration Server-side request forgery 2.Question 2In which of the following layers of the vulnerability stack do security professionals configure solutions such as IDS and IPS to raise alarms if any malicious traffic enters a target server? 1 pointLayer 5Layer 7Layer 3 Layer 13.Question 3While performing web application testing, Ruben, a software developer, found out that the web application failed to protect sensitive traffic flowing in the network. Additionally, the web application supported weak algorithms and used expired or invalid certificates, making it susceptible to various attacks that revealed user data.Identify the security misconfiguration detected by Ruben in the above scenario. 1 pointInsufficient transport layer protection Unvalidated inputs Improper error handling Parameter/form tampering 4.Question 4Identify the type of SQL injection technique used by the attacker when they cannot directly exploit any other SQL injection techniques. 1 pointBlind SQL injection Out-of-band SQL injection Error-based SQL injection In-band SQL injection 5.Question 5Which of the following countermeasure helps developers or testing teams secure the database against SQL injection attacks? 1 pointUse quoted/delimited identifiers as they can ease the whitelisting, black-listing, and escaping efforts Avoid constructing dynamic SQL with concatenated input values Test the content of string variables and accept all the values Ensure that the web config files for each application contain sensitive information

Which of the following is known as the form of attack in which hacker submits a page request on behalf of the user to a different website that may cause damage or reveal the sensitive information?ACSRFBHashCApplication controllerDNone of the above

Explain security measures that can be implemented in web servers? elaborate four security counter measures.

Which of the following is a common vulnerability in web servers? Directory traversal SQL injection Cross-site scripting None of the above