Chapter 9 ■ Practice Test 1 227
- Why does Nikto flag the /test directory?
A. The /test directory allows administrative access to PHP.
B. It is used to store sensitive data.
C. Test directories often contain scripts that can be misused.
D. It indicates a potential compromise.- Why does Nikto identify directory indexing as an issue?
A. It lists files in a directory.
B. It may allow for XDRF.
C. Directory indexing can result in a denial of service attack.
D. Directory indexing is off by default, potentially indicating compromise.- Nikto lists OSVDB-877, noting that the system may be vulnerable to XST. What would
this type of attack allow an attacker to do?
A. Use cross-site targeting.
B. Steal a user’s cookies.
C. Counter SQL tracing.
D. Modify a user’s TRACE information.