John the system administrator of a web application that uses...

Name: john the system administrator of a web application that uses apache decided to create a root jail on usrwebbin for the user www data what attack was john protecting the web application again 59975
Uploaded: 2023-11-01T03:04:40-08:00
Duration: 2 min 5 s
Channel: Akash M
Description: john the system administrator of a web application that uses apache decided to create a root jail on usrwebbin for the user www data what attack was john protecting the web application again 59975

Akash M and 57 other subject AP CS educators are ready to help you.

Ask a new question

Labs

Want to see this concept in action?

NEW

Explore this concept interactively to see how it behaves as you change inputs.

View Labs

Key Concepts

Key Concept

Premium Feature

Explore the core concept behind this problem.

Key Concept

Premium Feature

Explore the core concept behind this problem.

Recommended Videos

Texts: Sally Parr is a social media editor for Bravo Manufacturing, a company which builds ruggedized computer systems for the aerospace and defense industries. Among Sally's duties is monitoring a discussion forum which the company hosts on one of the web servers in its DMZ. Bill Fernley is a web developer and administrator who maintains the company's Internet-facing systems - web server, mail gateway, etc. He works closely with Mike Chambers, a security analyst reporting to the CISO. On Monday morning, Sally is reviewing the weekend's posts on the discussion forum to make sure that any customer questions get answered. When she opens one discussion thread, a browser dialog window pops up, reading "Test - please ignore". She calls Bill to ask whether he is doing any testing, but he says, "No - the system hasn't been patched or updated for over a month". Bill executes an SQL query on the database which backs the discussion forum, in order to get the text of the last week's posts: SELECT post_text FROM forum_posts WHERE post_date BETWEEN '2019-01-18' AND '2019-01-25'; He immediately spots an entry from the previous evening with text that reads: '<script>alert("Test - please ignore");</script>'. Bill reports what he has found to Mike, who must quickly install some kind of compensating control. Which control would be most appropriate? Select one: 1) A packet-filtering firewall 2) A spam filter 3) A web application firewall. Which phase of the cyber intrusion kill chain has the attack reached, according to this evidence? Select one: 1) Weaponize 2) Reconnaissance 3) Deliver.

Akash M.

On a Tuesday night, a database administrator performs some off-hours maintenance on several production database servers. The administrator notices some unfamiliar and unusual directory names on one of the servers. After reviewing the directory listings and viewing some of the files, the administrator concludes that the server has been attacked and calls the incident response team for assistance. The team's investigation determines that the attacker successfully gained root access to the server six weeks ago.

Akash M.

Debra downloads an application on her workplace computer. As she installs the application, she notices an option to install an additional program. She unchecks the box to choose not to install the additional software. What type of malware did Debra prevent from being installed on her system? a. Cryptomalware b. Potentially unwanted program (PUP) c. Ransomware d. File-based virus Jose receives a security report that none of the employees in his organization can access the internal server. When he logs on to the server, he receives a message that all the files on the server have been encrypted and that he must pay a fee of $600 in bitcoins to decrypt the files. What type of malware was installed on the server? a. Cryptomalware b. Worm c. Ransomware d. Fileless virus A fileless virus has infected your computer. Which of the following is not a service that might be at risk? a. .NET Framework b. Macro c. Windows Control Panel d. PowerShell John downloaded new calendar software and installed it. Since then, he's noticed unexpected new activity, such as pop-up windows, on the computer. What should he do first? a. Unplug his computer from the power outlet. b. Unplug his computer from the network. c. Run rootkit detection software. d. Run antimalware software. James has recently run a vulnerability scan and determined that the current version of SQL installed on the server is vulnerable and out of date. Which of the following is the server most vulnerable to? a. XML injection b. SQL injection c. Virus d. SQL scripting

Akash M.

Transcript

00:01 Hello, here we are with the answers to the given question.

00:02 Let's start the discussion.

00:04 In this case, we are dealing with the question on the attacker.

00:11 This attacker has developed a malicious code.

00:20 So this malicious code would be destroying the entire threat.

00:30 And the attacker is well aware of the very same and he has executed his plans very well here.

00:40 And he has got a purpose also, when he develops such a malicious code, his purpose is to destroy the entire thing.

00:51 Now, coming to the attacker, we could see that this person has reached the delivery phase.

01:04 That means he has well developed a malicious code and he is ready to deliver it to the victim...

Question

John, the system administrator of a web application that uses Apache, decided to create a root jail on /usr/web/bin for the user www-data. What attack was John protecting the web application against? Oa. Directory traversal O b. XSRF Oc. XSS Od. SQL injection

Question

John, the system administrator of a web application that uses Apache, decided to create a root jail on /usr/web/bin for the user www-data. What attack was John protecting the web application against? Oa. Directory traversal O b. XSRF Oc. XSS Od. SQL injection

Please give Ace some feedback