Web Server and Web Technology sample paper.

1. 1. Networking (Total marks for this question: 20)
a) What is the purpose of Internet Protocol (IP)? Provide four (4) of its features. (4 Marks).
b) You have purchased a domain name www.socit.net and set up the web server to only listen
to port 3080. When users type www.socit.net into their browser, an error is reported saying
that the server is not responding. Your server is definitely running. Why is the error message
returned? How can the site be accessed successfully? (4 Marks).
c) Assume you need to setup a network consists of about 1000 hosts and you were given
192.160.128.0 segment as the initial IP address.
i) Determine the most suitable netmask address (in both binary and decimal format)
to minimize the wastage of IP addresses. Show your working in obtaining the
netmask address.
ii) How many IP addresses can be used in your answer to question c.i ?
iii) What are the first usable IP address and the lass usable IP address on this network?
Show your workings to obtain the addresses. (6+2=4 = 12 Marks).
2. HTTP and Apache (Total marks for this question: 35)
a) Explain briefly what the following HTTP Status codes mean:
i) 200 OK.
ii) 302 NOT MODIFIED.
iii) 400 BAD REQUEST.
iv) 500 INTERNAL ERROR (1+1+1+1 = 4Marks).
b) Describe what the following server-level directives in Apache 2.0 do:
i) AddType.
ii) CustomLog.
iii) DocumentRoot. (2+2+2=6 Marks).
c) Describe what the following directory-leve directives in Apache 2.0 do:
i) Allow from
ii) AllowOverride.
iii) DirectoryIndex. (2+2+2=6 Marks).

2. d) Answer the following question based on the sample HTTP request below:
Connect to 203.176.151.15 on port 80 ... ok
GET / HTTP / 1.1
Host: m.taylors.edu.my
Connections: close
User-Agent: Mozilla/5.0 (windows; U; Windows NT 5.1; en-US;
Rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept-Encoding: gzip
Accept-Charset: ISO-8859-1, UTF-8; q=0.7,*;q=0.7
Cache-Control: no-cache
Accept-Language: de,en-gb;q=0.7,en-us;q=0.3
Referer: http://web-siffer.net
i) Is the request using persistent connections? Provide the reasons that support your
answer.
ii) Identify all the request header fields in the above sample HTTP request.
iii) Explain what the values of the Accept-Language in the above sample HTTP request
indicate. (3+3+3=9 Marks).

3. e) Answer the following question based on the sample HTTP response below:
Status: HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Sep 2011 15:46:43 GMT
Server: Apache/2.2.11 (Win32) mode_ssl/2.2.11 OpenSSL/0.9.8i
PHP/5.2.9
Set-Cookies: MoodelSession=69d6469642e223c3aa23ad2d0667ed0f;
path=/
Cache-Control: private, pre-check=0, post-check=0, max-age=0
Pragma: no-cache
Content-Language: en
Content-Script-Type: text/javascript
Content-Style-Type: text/css
Acceept-Ranges: none
Connection: close
Content-Type: text/html; charset=utf-8
i) Explain what the status code in this example indicates.
ii) What Operating System does the server reside on?
iii) What is the function of the Set-Cookie header? (3+1+2=6 Marks).
f) Provide 2 advantages and 2 disadvantages of the event-driven web server architecture. (4
Marks).
3. Web Security (Total marks for this question: 35)
a) Differentiate between authentication and authorization. Provide suitable examples to
support your answer. (4 Marks).
b) You are the web server administrator for your organization. Due to security issues, your are
required to provide digest authentication in your Apache server for the following directory:
/www/private/management. Only the users that belong to the group manager are allowed
to access this directory. The password file called digest is located in the following directory:
/usr/local/apache/passwd. Show how the per-directory configuration directive in your
httpd.conf file should look like, based on the information given. (6 Marks).

4. c) What directives would you add into your per-directory configuration in part (b) to only allow
users from your network (called www.acme.net) to access the
/www/private/management directory, and no one else can access the directory? (3 Marks).
d) What is the utility program used to create the password file for digest authentication called?
(1 Mark).
e) Why is digest authentication more secure than basic authentication? Explain in detail. (4
Marks).
f) Explain in detail how symmetric key encryption works. (5 Marks).
g) Provide a concise definition for the following terms:
i) SYN flooding.
ii) Public Key Infrastructure (PKI).
iii) Webjacking (2+2+2=6 Marks).
h) Draw a diagram the depicts a screened host gateway firewall architecture, and provide a
brief description on this architecture.
4. Web Server Performance (Total marks for this question: 20)
a) When tuning a web server, allowing DNS lookups can add to network latency. Explain in
detail why. (4 Marks).

5. b) The following is the performance configuration directives (and default values) for the
prefork multi-processing module (MPM):
<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 5
MaxClients 150
MaxRequestPerChild 0
</IfModule>
i) What does the StartServer directive specify?
ii) What is the MinSpareServers directive responsible for?
iii) Explain what the value of MaxRequestPerChild 0 means. (1+1+2 = 4 Marks).
c) Provide on example of the type of web application that would benefit from using the
prefork Multi-Processing Module and one type for the worker Multi-Processing Module.
Briefly explain why as well. (4 Marks).
d) Web server log files are very useful in measuring the performance of a web server.
i) What type of data is recorded in server log files?
ii) Why is the default log format for Apache the common log format?
iii) Although log files help in measuring the performance of a web server, it can also
become a potential performance liability on the web server itself. Explain why. How
can this potential performance liability be overcome? (2+2+4 = 8 Marks).
5. Caching and Load Balancing (Total marks for this question: 10)
a) Propagation delay and session persistence ('stickiness') are parameters that affect load
balancing. Briefly explain what these two parameters refer to. (10 marks)