Web Security School Entrance Exam Answers

Web Security School Entrance Exam Answers

1.) The correct answer is: a. Encrypt data as it travels over a network
Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of data in transmission across a network such as the Internet.

<< Back to exam
























































2.) The correct answer is: e. 443
Port 21 is used by FTP, and 53 is used by DNS. HTTP uses port 80 and NetBIOS uses port 137. HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer (HTTP over SSL) and is a Web protocol that encrypts and decrypts user page requests as well as the pages that are returned by the Web server.

<< Back to exam
























































3.) The correct answer is: False
A risk analysis is not the same as a vulnerability assessment. Risk analysis determines what resources you need to protect and tries to quantify any costs linked to not protecting them, such as loss of data, replacement of equipment, etc. It is the process of examining all of your risks and ranking those risks by level of severity.

A vulnerability assessment looks at the likelihood of those risks actually happening, enabling you to make a decision as to what risks you are most vulnerable, and based on their severity, which you need to protect against first. The two processes combined help you to prioritize your security policy and maximize your investment in securing your system.

<< Back to exam
























































4.) The correct answer is: e. None of the above.
Phishing is a problem for organizations because it can affect their reputation. All three use social engineering and technical subterfuge to try and gain access to information. Technical subterfuge involves installing malicious software on a PC. Finally, they are all threats that are very difficult to stop and require security awareness training to reduce their potential impact.

<< Back to exam
























































5.) The correct answer is b. Success: Off, Failure: On
Setting Object Access auditing determines whether to audit the event of a user accessing an object; for example, a file, folder, registry key, printer and so forth. Before setting up auditing for files and folders, you must enable object access auditing by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.

If you log every successful object access event your log files will fill up with enormous amounts of data that will not tell you anything useful about an attack as the user accessing the object obviously had permission to access the object.

<< Back to exam
























































6.) The correct answer is: a. No, this computer is not on a network or is on a network without a domain.
You should keep the Web server separate from your intranet. If the Web server is successfully attacked and it is part of your network domain, then the rest of your network could be exposed, allowing the attacker to compromise every machine on your network.

<< Back to exam
























































7.) The correct answer is: d. Server Service
The Server Service is only required if you are going to run SMTP or NNTP services.

<< Back to exam
























































8.) The correct answer is: e. None of the above
Any nonessential application mappings should be removed to minimize the possibility of their being exploited in an attack. For example, files that have the extension .htw are handled by webhits.dll, but a vulnerability in webhits allows attackers to break out of the Web virtual root file system.

You do not need a printer attached to a Web server, and as you are using ASP and PHP, you do not need Server Side Directives or the .sthm file type. Internet Data Query (.idq) files for the Indexing Service can allow an attacker to break outside of the Web virtual root and gain unauthorized access to files.

<< Back to exam
























































9.) The correct answer is: c. W3C Extended Log File Format
This option allows you to log more information that is useful for monitoring the activity on your Web site. For example, you can log the query the client was trying to perform (if any) and the browser used on the client, and record the process event.

<< Back to exam
























































10.) The correct answer is: e. Log File Directory: F:\LogFiles
The log files are being stored on a different drive to the operating system and the Web site's content. The F drive should be an NTFS formatted drive.

<< Back to exam
























































11.) The correct answer is: c. Back-to-back perimeter network
This layout uses two firewalls to separate the perimeter network from the Internet on one side and the internal network on the other side. A tripled-homed network is certainly more secure than a flat network, where all resources are on the same network, but it is more suitable to a low budget, low value network.

<< Back to exam
























































12.) The correct answer is: c. Sign for the certificate when FedEx delivers it. 
The digital certificate will be delivered via the Internet, most likely from the CA's Web site. All the other steps are required to configure IIS to handle encrypted sessions.

<< Back to exam
























































13.) The correct answer is: True
You don't a digital certificate installed on your Web server, as Microsoft has built encryption into both the Terminal Services client and server using RSA Security's RC4 cipher -- the same encryption algorithm commonly used for the Secure Socket Layer (SSL) protocol that is used to secure communications over the Internet.

<< Back to exam
























































14.) The correct answer is: False 
The Event Viewer snap-in is used to view application, security and system events recorded by the Event Log Service. With the event logs in Event Viewer, you can obtain information about your hardware, software and system components, and monitor security events on a local or remote computer, but you cannot use it to view IIS logs. To view your IIS-generated log files, you need to open them in a text viewer such as notepad, or use a report generator program such as Analog, which is freely available at www.analog.cx.

<< Back to exam
























































15.) The correct answer is: c. Risk analysis determines what resources you need to protect and quantifies the costs of not protecting them.
Risk analysis is determining what resources you need to protect and quantifying any costs linked to not protecting them, such as loss of data, replacement of equipment, etc. It ranks those risks by level of severity. A vulnerability assessment looks at the likelihood of those risks actually happening.

<< Back to exam
























































16.) The correct answer is: c. Internet Protocol (TCP/IP) 
The only service you need to run for IIS on the Internet facing network card is the Internet Protocol (TCP/IP). You have two network cards in a dual-homed systems and the internal-facing card requires the Internet Protocol (TCP/IP) and Client for Microsoft Networks. This instance of Client for Microsoft Networks is sufficient to allow IIS to run. All other protocols and services, such as File and Printer Sharing for Microsoft Networks should not be enabled.

<< Back to exam
























































17.) The correct answer is: a. Determines which users can log on at the computer
Option b. is the definition for the "Deny logon locally" assignment, while option c. is for the "Log on as a service assignment." Option d. is the definition for "Access this computer from the network" and option e. is the definition for "Log on as a batch job."

<< Back to exam
























































18.) The correct answer is: c. System (Full Control), Administrators (Full Control) You need to prevent hackers from deleting your log files to cover their tracks. Several Microsoft documents state that the Everyone group should have Read and Change permissions set for the log files, but this level of permission can expose sensitive data and allow an attacker to change ACLs on the log file directory. So it is best to not assign permissions at all to the Everyone group and not to give Change rights to any files that can be accessed over the network.

<< Back to exam
























































19.) The correct answer is: c. Networking Services
Networking Services contains a variety of specialized, network-related services and protocols, none of which are needed to run IIS. Common Files contains program files required by IIS, while the Snap-in provides the administrative interface for IIS.

<< Back to exam
























































20.) The correct answer is: d. WINNT\REPAIR\SAM
The file WINNT\Repair\SAM is a backup copy of the Security Accounts Manager database. A directory traversal attack could be used to download this file and give an attacker user-level access to the Web server operating system. Apart form the WINNT\SYSTEM32\CONFIG\SAM, the other SAM files are fictitious.

Null sessions should be disabled to reduce the risk of unauthorized individuals obtaining information about system resources, accounts or sensitive information.

<< Back to exam

<< Return to Web Security School

 

This was first published in June 2005
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close