Web attack prevention and defense final exam answers

Check our final exam answers following our Web attack defense and prevention Security School lesson.

1.) The correct answer is b. Net Logon
The Net Logon service along with the Workstation service are only required if the computer is running as part of a Windows domain. A public Web server should never be part of a Windows domain.

<< Back to exam

2.) The correct answer is d. They may use your system to scan or exploit other systems.
Many script kiddies try to hack sites for fun, but some will then use a compromised system to attack other systems. Their approach to hacking is simple; scan as many systems as possible in pursuit of a vulnerability. Unfortunately, spikes in attacks do tie in with the school calendar suggesting that many teenagers are behind them.

<< Back to exam

3.) The correct answer is e. All of the above.
Security is about ensuring a system can deliver essential services and maintain essential properties such as integrity, confidentiality and performance, despite the presence of intrusions; in other words, reliability in the face of adversity. Therefore it must have all of the above four key properties.

<< Back to exam

4.) The correct answer is c. It locates it on a different subnet to your Intranet.
Systems placed in the DMZ are still open to attack since they are connected to the Internet. However, by placing them on a different subnet to your internal resources you make it harder for an attacker who has compromised your Web server to gain access to your internal systems.

<< Back to exam

5.) The correct answer is d. Red Teams
Red Teams are invited to attack a system to uncover system weaknesses. This ethical hacking is a controlled simulation of an attack against a Web site to find security holes in order to fix them before a real intrusion occurs. The other answer options would all result in malicious attacks.

<< Back to exam

6.) The correct answer is b. No 
Unfortunately, your customers would not be able to send their credit card details, as you have blocked port 443, which is used by HTTPS. HTTPS is the secure version of HTTP and encrypts the session data using SSL.

<< Back to exam

7.) The correct answer is b. It reduces the cost of backing up log files.
Although it is recommended that you should log system events both locally and to a remote log server, it increases your costs as you need an additional server and resources to maintain it.

<< Back to exam

8.) The correct answer is e. e. None of the above.
Phishing is a problem for organizations because it can affect their reputation. All three use social engineering and technical subterfuge to try and gain access to information. Technical subterfuge involves installing malicious software on a PC. Finally, they are all threats that are very difficult to stop and require security awareness training to reduce their potential impact.

<< Back to exam

9.) The correct answer is b. FrontPage Server Extensions 
While FrontPage Server Extensions enables authoring and administration of Web sites with FrontPage, it is not an essential component and can introduce additional security weaknesses. Common Files contains program files required by IIS, while the Snap-in provides the administrative interface for IIS.

<< Back to exam

10.) The correct answer is b. F:\Inetpub\iissamples 
You should never leave product documentation files and sample scripts on a production Web server; therefore, you should delete the F:\Inetpub\iissamples directory.

<< Back to exam

11.) The correct answer is False. 
Client-side validation gives you the opportunity to validate and filter form data at the user's browser before it is sent to your server. Server-side validation is more sophisticated and more powerful than client-side validation and, unlike client-side validation, cannot be circumvented by the user.

<< Back to exam

12.) The correct answer is d. .bak 
Many Web authoring tools allow users to create an automatic backup copy of their work. If developers are allowed to save their work directly to the server -- something I strongly advise against -- these backup files are saved to the server as well, usually with the extension .bak. Anyone pointing their browser to one of these .bak files can view the script code by viewing the source returned by the server, since the Web server doesn't process the page and the script tags remain intact. To avoid this problem, ensure that all .bak files are deleted every time developers finish updating the site. To be on the safe side, associate .bak files to the scripting engine to ensure that the pages will be executed and that only the results are sent to the client.

<< Back to exam

13.) The correct answer is: e. All of the above.
All of the answers are possible signs that computers have been infected by spyware. Other signs may be unusual toolbars appearing on browsers, and antispyware or antivirus programs not working correctly.

<< Back to exam

14.) The correct answer is b. Local intranet zone
The local intranet zone typically contains any addresses that don't require a proxy server, such as sites specified on the Connections tab, network paths such as computernamefoldername and local intranet sites (typically addresses that don't contain periods, such as http://internal). The default security level for the Local intranet zone is Medium.

<< Back to exam

15.) The correct answer is b. Encrypt files located on a computer's hard drive.
An NTFS formatted drive supports encrypting files and folders using the Encryption File System (EFS). NTFS also supports access control lists that let an administrator control who can access specific files.

<< Back to exam

16.) The answer is True. 
A maximum of two concurrent connections are automatically allowed on a Terminal server in Remote Administration mode.

<< Back to exam

17.) The correct answer is d. an "allowed path"
Allowed paths are part of services that a system provides, intentionally and by design. Hackers often try to expose vulnerabilities in the allowed paths that a system or architecture offers.

<< Back to exam

18.) The correct answer is b. &lt;script&gt; If an HTML page needs to display the actual characters <>, they should be replaced with &lt; and &gt; to distinguish them from actual markup tags. If the special characters in the scripts stored in the database are not encoded when they are published, an attacker can insert malicious code into a script example and run the script when he requests the Web page displaying the example.

<< Back to exam

19.) The correct answer is a. permanently overwrites all of the deleted data on a hard drive.
Microsoft's cipher.exe can be used to manage encrypted data by using the Encrypting File System. It also has the ability to permanently overwrite all of the deleted data on a hard drive. This improves security by ensuring that even an attacker with complete physical control of a Windows machine is unable to recover previously deleted data. It is available from Microsoft.com.

<< Back to exam

20.) The correct answer is False. 
A null session occurs when a computer connects to another computer and no authentication is required. This is also called an "anonymous connection," which should not be confused with anonymous authentication in IIS. Anonymous authentication in IIS refers to allowing a user to have access to Web resources by automatically assigning them to the Internet Guest account without having to provide a user name and password. They are, however, accessing the server as a regular user in the security context of the Internet Guest account.

Null sessions should be disabled to reduce the risk of unauthorized individuals obtaining information about system resources, accounts or sensitive information.

<< Back to exam

<< Return to Web Security School

This was last published in June 2007

Dig Deeper on Emerging cyberattacks and threats



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.








  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...