Webmaster Exam 2017


So you want to be a webmaster

Note on the root section: This section does not specifically test your ability as webmaster, but tests your root competency. As such, if you fail this section, the score will not count towards the overall test score, and all other questions will be marked out of 90 - you just won’t be given root access. If you pass this section, however, it will positively affect your ability to carry out webmaster duties, and as such the entire test will be marked out of 140.

Client Side [30 marks]

Questions

  1. Did you load this page (10 marks)
  2. What benefit is there of using png over svg? (2 Marks)
  3. Why are <iframes> bad? (2 marks)
  4. What is the DOM? What does it do? (2 marks)
  5. Name two browser rendering engines. (2 marks)

Practical

  1. Write a page with a center aligned div in the middle of the page using css grid layout or flexbox (3 marks)
  2. Now turn the center aligned div in to a card, like (3 marks) card
  3. Using only css and html create a translucent div above on the card that fades out when moused over (6 marks)

Server side [30 marks]

  1. What is a CMS? What are the benefits of having one? (2 marks)
  2. Briefly explain the components of an MVC Pattern? (3 marks)
  3. What do these stand for and briefly explain them. (4 marks)
    • XSS
    • CRSF
  4. What is Sql injection and how do you protect against it? (3 mark)
  5. Explain the difference between a for and a for each loop (3 mark)

Practical

Do this in a language of your choice

  1. In a language of your choice define an api with 3 end point (6 marks)
    • /api/user/ GET
    • /api/events/list GET
    • /api/events/new POST
  2. When the events/list end point is queried it should query a my mysql database for for all events on the events table where the date was in the next month (6 marks) (you can make assumtions about the db schema)
  3. Make it so when the events/new end point is hit it should create a new entry in the events table with when the event is, where it is, and whos hosting it. (6 marks)

Apache [30 marks]

  1. What do the following HTTP response codes stand for? (4 marks)
    • 200
    • 404
    • 500
    • 503
  2. What is mod_userdir? Does it play a big part in Redbrick’s user hosting? (2 marks)
  3. Why are _ and ~ bad in subdomain url? (2 marks)
  4. What is SuExec? (3 marks)
  5. What is Letsencrypt and why should it be used? What port does it use? and how do you set it up? (4 marks)
  6. How do you add a site to apache (3 marks)
  7. A site has been hacked, someone uploaded a web shell, what do you do? (3 marks)
  8. What is wrong with the following directory listing? (3 marks) root@metharmean:/etc/apache2/ssl# ls -l total 10 -rw-r--r-- 1 root root 3028 May 20 2008 redbrick.dcu.ie.crt -rw------- 1 root root 729 May 20 2008 redbrick.dcu.ie.csr -rw-r--r-- 1 root root 887 May 20 2008 redbrick.dcu.ie.key
  9. What is mod_proxy? Give an example where Redbrick uses it? What should you make sure is disabled when using it as a reverse proxy? (3 marks)
  10. What is a .htaccess file and name some related htaccess directives it can use? (3 marks)

Root [40 marks]

  1. What is LDAP? What is an LDIF? (2 marks)
  2. What ports are the following on? (4 marks)
    • ssh
    • imap
    • irc
    • ldap
  3. When should you use a docker-compose file vs a Dockerfile? (3 marks)
  4. What Is a chroot? Why might you use one? (3 marks)
  5. Mosh is a super cool replacement for ssh which keep your connection alive when you change networks. But it requires lots of ports being open. Why is this a problem? (3 marks)
  6. Why is this a bad idea? mysql -u root -h mysql.internal -p=rootpasswordgoeshere mydatabase (1 mark)
  7. ISS have called you at 3am saying they suspect that there is some malicious attacks eminating from the RedBrick network. What investigative steps would you take? (4 marks)
  8. You left a root terminal unlocked and someone has used it to do something. The history files has been deleted. How do you go about finding out what they did? (4 marks)
  9. fail2ban wtf is it? Why should you use it? (3 marks)
  10. What is NFS? Do Redbrick use it? If so, where? If not, why not? (3 marks)