Quiz: Web attack prevention and defense
Test your knowledge of the material covered in Web attack prevention and defense, including the fundamentals of securing a Web server.

by Michael Cobb
Test your knowledge of the materials covered in the Web Security School Lesson 1 webcast, Insider's guide to Web server security, and technical paper, Know your enemy: Why your Web site is at risk. When you're done, let us know how you did.
1.) Which of the following is not considered a strong password?
a. WfgHLm94SED
b. xD$8sf!H
c. 9Q-^g4FP7
d. P3t3rWh!t3
e. They are all strong passwords.
2.) Which is the correct physical boot sequence for a Web server?
a. Floppy Drive, Hard Drive, CD-ROMb. CD-ROM, Hard Drive, Floppy Drive
c. Floppy Drive, CD-ROM, Hard Drive
d. Hard Drive, Floppy Drive, CD-ROM
e. CD-ROM, Floppy Drive, Hard Drive Answer
3.) A Windows-hosted Web site displays dynamic pages using server-side scripting such as Active Server Pages or PHP. It also displays static pages with the .htm file extension. What are the correct IIS settings for the Web site?
a.
Script source access: enabled
Read: enabled
Write: enabled
Log visits: enabled
Execute Permissions: Scripts only
b.
Script source access: disabled
Read: enabled
Write: disabled
Log visits: enabled
Execute Permissions: None
c.
Script source access: disabled
Read: enabled
Write: disabled
Log visits: enabled
Execute Permissions: Scripts only
d.
Script source access: disabled
Read: enabled
Write: disabled
Log visits: enabled
Execute Permissions: Scripts and Executables
e.
Script source access: disabled
Read: disabled
Write: disabled
Log visits: enabled
Execute Permissions: Scripts only
4.) An administrator needs to provide FTP services so that clients can download product documentation and sales people can upload their expense and meeting reports. Which is the correct FTP directory configuration?
a.
Local Path: c:\inetpub\ftproot\files\
Read: enabled
Write: enabled
Log visits: enabled
b.
Local Path: e:\inetpub\ftproot\files\
Read: enabled
Write: disabled
Log visits: enabled
c.
Local Path: e:\inetpub\ftproot\clients\
Read: enabled
Write: enabled
Log visits: enabled
Local Path: e:\inetpub\ftproot\sales\
Read: enabled
Write: enabled
Log visits: enabled
d.
Local Path: e:\inetpub\ftproot\clients\
Read: enabled
Write: disabled
Log visits: enabled
Local Path: e:\inetpub\ftproot\sales\
Read: enabled
Write: enabled
Log visits: enabled
e.
Local Path: e:\inetpub\ftproot\clients\
Read: enabled
Write: disabled
Log visits: enabled
Local Path: e:\inetpub\ftproot\sales\
Read: disabled
Write: enabled
Log visits: enabled
5.) John Doe is responsible for the content of your Web site and its back up. Which are the correct group accounts to which John should belong?
a. Power Users, Backup Operators and Administratorsb. Content Managers, Backup Operators and Administrators
c. Content Managers and Backup Operators
d. Content Managers and Administrators
e. Power Users, Content Managers and Backup Operators Answer