1D0-470
Which one of the following choices lists the two greatest security problems associated with HTTP?
A.
Community names and encrypted passwords
B.
IP spoofing and ICMP spoofing
C.
Viewer applications and external programs used by the HTTP server
D.
No bound checking on arrays and anonymous access
Explanation:
In general, HTTP is set up for anonymous access. Access can be secured, however that I not the normal operating environment for HTTP. HTTP by itself, does not protect the environment by bounds checking. That is left to the applications and languages to check and control.
Incorrect Answers:
A: HTTP does not use community names. Not all passwords are encrypted.
B: HTTP uses TCP, and spoofing is not the biggest problem. Note: IP spoofing is used to gain access when the intruders create packets with spoofed source IP addresses. This exploits applications that use authentication based on IP addresses and leads to unauthorized user and possibly root access on the targeted system. Denial of Service (DOS) attacks often use IP Source Address Spoofing. DOS attacks can also be made by using UDP and ICMP flooding.
C: Viewer applications do not cause security issues since they don’t change data. External programs that are used by the server do not present a security concern since it is under the control of the server administrator, and not delivered as part of a message payload.