Quiz: Web attack prevention and defense

Test your knowledge of the material covered in Web attack prevention and defense, including the fundamentals of securing a Web server.

by Michael Cobb

Test your knowledge of the materials covered in the Web Security School Lesson 1 webcast, Insider's guide to Web server security, and technical paper, Know your enemy: Why your Web site is at risk. When you're done, let us know how you did.

1.) Which of the following is not considered a strong password?

a. WfgHLm94SED
b. xD$8sf!H
c. 9Q-^g4FP7
d. P3t3rWh!t3
e. They are all strong passwords.

Answer

@11292

2.) Which is the correct physical boot sequence for a Web server?

a. Floppy Drive, Hard Drive, CD-ROM
b. CD-ROM, Hard Drive, Floppy Drive
c. Floppy Drive, CD-ROM, Hard Drive
d. Hard Drive, Floppy Drive, CD-ROM
e. CD-ROM, Floppy Drive, Hard Drive

Answer

3.) A Windows-hosted Web site displays dynamic pages using server-side scripting such as Active Server Pages or PHP. It also displays static pages with the .htm file extension. What are the correct IIS settings for the Web site?

a.
Script source access: enabled
Read: enabled
Write: enabled
Log visits: enabled
Execute Permissions: Scripts only

b.
Script source access: disabled
Read: enabled
Write: disabled
Log visits: enabled
Execute Permissions: None

c.
Script source access: disabled
Read: enabled
Write: disabled
Log visits: enabled
Execute Permissions: Scripts only

d.
Script source access: disabled
Read: enabled
Write: disabled
Log visits: enabled
Execute Permissions: Scripts and Executables

e.
Script source access: disabled
Read: disabled
Write: disabled
Log visits: enabled
Execute Permissions: Scripts only

Answer

4.) An administrator needs to provide FTP services so that clients can download product documentation and sales people can upload their expense and meeting reports. Which is the correct FTP directory configuration?

a.
Local Path: c:\inetpub\ftproot\files\
Read: enabled
Write: enabled
Log visits: enabled

b.
Local Path: e:\inetpub\ftproot\files\
Read: enabled
Write: disabled
Log visits: enabled

c.
Local Path: e:\inetpub\ftproot\clients\
Read: enabled
Write: enabled
Log visits: enabled
Local Path: e:\inetpub\ftproot\sales\
Read: enabled
Write: enabled
Log visits: enabled

d.
Local Path: e:\inetpub\ftproot\clients\
Read: enabled
Write: disabled
Log visits: enabled
Local Path: e:\inetpub\ftproot\sales\
Read: enabled
Write: enabled
Log visits: enabled

e.
Local Path: e:\inetpub\ftproot\clients\
Read: enabled
Write: disabled
Log visits: enabled
Local Path: e:\inetpub\ftproot\sales\
Read: disabled
Write: enabled
Log visits: enabled

Answer

5.) John Doe is responsible for the content of your Web site and its back up. Which are the correct group accounts to which John should belong?

a. Power Users, Backup Operators and Administrators
b. Content Managers, Backup Operators and Administrators
c. Content Managers and Backup Operators
d. Content Managers and Administrators
e. Power Users, Content Managers and Backup Operators

Answer

Read more on Antivirus, firewall and IDS products