Website Security(Php ) Questions and answers for exam Preparation

Question 1. Which one of the following statements should be used to disable just the fopen(), and file() functions?

disable_functions = fopen(), file()
disable_functions = fopen, file
functions_disable = fopen(), file()
functions_disable = fopen, file

Explanation:-

Answer: Option B. -> disable_functions = fopen, file
You can set disable_functions equal to a comma-delimited list of function names that you want to disable.

Question 2. The memory_limit is only applicable if _______ is enabled when you configure PHP. Fill in the blank.

–enable-limit
-enable-memory-limit
–enable-memory-limit
-memory-limit

Explanation:-

Answer: Option C. -> –enable-memory-limit
This directive specifies, in megabytes, how much memory a script can use. Default value: 128M.

Question 3. What is the default value of max_execution_time directive? This directive specifies how many seconds a script can execute before being terminated.

10
20
30
40

Explanation:-

Answer: Option C. -> 30
This can be useful to prevent users’ scripts from consuming too much CPU time. If max_execution_time is set to 0, no time limit will be set.

Question 4. Which one of the following statements should be used to disable the use of two classes administrator and janitor?

disable_classes = “administrator, janitor”
disable_classes = class administrator, class janitor
disable_classes = class “administrator”, class “janitor”
disable_class = class “administrator”, class “janitor”

Explanation:-

Answer: Option A. -> disable_classes = “administrator, janitor”
There may be classes inside the libraries that you’d rather not make available. You can prevent the use of these classes with the disable_classes directive.

Question 5. Suppose all web material is located within the directory /home/www. To prevent users from viewing and manipulating files such as /etc/password, which one of the following statements should you use?

open_dir = “/home/www/”
open_dir = /home/www/
open_basedir = /home/www/
open_basedir = “/home/www/”

Explanation:-

Answer: Option D. -> open_basedir = “/home/www/”

Question 6. Which Apache directive outputs Apache’s server version, server name, port and compile-in modules?

ServerSignature
ServerName
ServerDetails
ServerInfo

Explanation:-

Answer: Option A. -> ServerSignature
It is capable of displaying output like: Apache/2.2.11 (Ubuntu) Server at localhost Port 80.

Question 7. Which directive should we disable to obscure the fact that PHP is being used on our server?

show_php
expose_php
print_php
info_php

Explanation:-

Answer: Option B. -> expose_php
Using the expose_php directive we can prevent PHP version details from being appended on our web server signature. When expose_php is disabled, the server signature will look like: Apache/2.2.11 (Ubuntu) Server.

Question 8. Which directive determines which degree of server details is provided if the ServerSignature directive is enabled?

ServerAddons
ServerExtra
ServerTokens
ServerDetails

Explanation:-

Answer: Option C. -> ServerTokens
Six options are available: Full, Major, Minimal, Minior, OS, and Prod. If it is set to Full ‘Apache/2.2.11 (Ubuntu) PHP/5.3.2 Server’ will be displayed.

Question 9. The developers of PHP deprecated the safe mode feature as of which PHP version.

PHP 5.1.0
PHP 5.2.0
PHP 5.3.0
PHP 5.3.1

Explanation:-

Answer: Option C. -> PHP 5.3.0
This happened because safe mode often creates many problems as it resolves, largely due to the need for enterprise applications to use many of the features safe mode disables.

Question 10. Say I want to change the extension of a PHP file, which of the following statements should I edit to change from .php to .html in the httpd.conf file?

AddType application/x-httpd-php .php
AddType application/x-httpd-php .asp
AddType application/x-httpd-asp .php
AddType application/x-httpd-asp .asp

Explanation:-

Answer: Option A. -> AddType application/x-httpd-php .php
Just change the .php to .html and your extension will change. This is used for security purpose.