Home > Quiz: Locking down IIS
Security Quiz:
EMAIL THIS LICENSING & REPRINTS

Quiz: Locking down IIS

15 Sep 2005

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

When it comes to securing IIS, resetting default passwords is just the beginning. There are nonessential services to disable and myriad other default settings to tweak. Take our quiz to see how well you know the Web server, then drop by Web Security School where our guest instructor goes under the hood of IIS.

1.) Which of the following services is nonessential for a Windows Web server?

IIS Checklists

Keep your Web server secure with these handy checklists:

Essential vs. nonessential services

Windows IIS server hardening checklist

Checklist of known IIS vulnerabilities
a. Network Connections
b. Distributed File System
c. Remote Registry Service
d. WMI Driver Extensions
Answer

2.) What is the default Connection Timeout value for IIS?
a. 900 seconds
b. 700 seconds
c. 500 seconds
d. 300 seconds
Answer

3.) When accessing a database, which of the following provides better access control over data?
a. Stored procedures
b. SQL statements
Answer

4.) Which of the following is an essential service?
a. Alerter
b. Messenger
c. Uninterruptible power supply
d. TCP/IP NetBIOS Helper
Answer

5.) Which of the following ports should you close? (You may choose more than one answer.)

Web Security School Webcasts

Listen to these on-demand webcasts from Web Security School and get tactics for keeping your servers and sites secure:

Insider's guide to Web server security

Web attacks and how to defeat them

Locking down your Web applications
a. 137
b. 138
c. 139
d. 445
Answer

6.) How many network interface cards should you use on your Web server?
a. 0
b. 1
c. 2
d. 3
Answer

7.) How long should you allow a session to be inactive before it's disconnected?
a. 2 minutes
b. 5 minutes
c. 7 minutes
d. 10 minutes
Answer

8.) Which of the following should be filtered and encoded?
a. All form data
b. All cookie data
c. Both a. and b.
d. Neither a. nor b.
Answer

9.) Which of the following vulnerabilities allows an attacker to take control of IIS?
a. ISAPI Extension buffer overflows
b. Microsoft Server Message Block vulnerability
c. Windows License Logging Service overflow
d. All of the above
Answer

10.) Which of the following services should be disabled?
a. FTP
b. SMTP
c. NNTP
d. All of them if they're not required.
Answer

How well do you know IIS?
9-10 correct: IIS expert
6-8 correct: IIS intermediate
3-5 correct: IIS amateur
0-2 correct: IIS ignorant




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Search Additional Security Research and Solutions
Find Security Channel Research for Resellers and Partners
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts