Which misconfiguration involves allowing visitors to view directory contents when no index page exists?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the eLearnSecurity Junior Penetration Tester exam with our comprehensive quiz platform. Improve your skills with multiple-choice questions, detailed explanations, and exam tips. Get exam ready with ease!

Multiple Choice

Which misconfiguration involves allowing visitors to view directory contents when no index page exists?

Explanation:
Directory listing enabled is when the web server will show a list of files in a directory if no index page is present. This behavior is a misconfiguration because it exposes the directory contents to anyone who visits that URL, making it easy to discover sensitive files, backups, or misnamed resources. That direct exposure of what resources exist is why this choice is the best fit for the question. Other misconfigurations touch different issues (transport security, weak credentials, or outdated software) and don’t specifically cause a directory to reveal its contents. To fix this, disable directory listing in the server configuration (for example, turn off autoindex or set Options -Indexes) and/or ensure a proper index file exists or access is restricted. You can test by requesting a directory path without an index and verifying you don’t receive a file listing.

Directory listing enabled is when the web server will show a list of files in a directory if no index page is present. This behavior is a misconfiguration because it exposes the directory contents to anyone who visits that URL, making it easy to discover sensitive files, backups, or misnamed resources. That direct exposure of what resources exist is why this choice is the best fit for the question. Other misconfigurations touch different issues (transport security, weak credentials, or outdated software) and don’t specifically cause a directory to reveal its contents. To fix this, disable directory listing in the server configuration (for example, turn off autoindex or set Options -Indexes) and/or ensure a proper index file exists or access is restricted. You can test by requesting a directory path without an index and verifying you don’t receive a file listing.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy