What misconfiguration allows attackers to view server contents via a web directory index?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

What misconfiguration allows attackers to view server contents via a web directory index?

Explanation:
Directory listing is the misconfiguration that lets someone view what’s inside a web directory. When a server is configured to show a directory’s contents and there’s no index page to hide it, the server may render an Index Of page that lists all files and subfolders. Seeing those filenames, paths, and potentially sensitive items enables an attacker to map the site and identify targets for further compromise. The fix is to disable directory listings, ensure a proper index page is present, and apply access controls so directories aren’t exposed publicly. The other options don’t fit because blocking with a firewall prevents access, password protection requires authentication and hides contents from unauthenticated users, and encryption protects data at rest or in transit but doesn’t prevent a public directory listing from revealing file names.

Directory listing is the misconfiguration that lets someone view what’s inside a web directory. When a server is configured to show a directory’s contents and there’s no index page to hide it, the server may render an Index Of page that lists all files and subfolders. Seeing those filenames, paths, and potentially sensitive items enables an attacker to map the site and identify targets for further compromise. The fix is to disable directory listings, ensure a proper index page is present, and apply access controls so directories aren’t exposed publicly. The other options don’t fit because blocking with a firewall prevents access, password protection requires authentication and hides contents from unauthenticated users, and encryption protects data at rest or in transit but doesn’t prevent a public directory listing from revealing file names.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy