Home > Quiz: Web attack prevention and defense
Security School:
EMAIL THIS

Quiz: Web attack prevention and defense

03 Jun 2005 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

by Michael Cobb

Test your knowledge of the materials covered in the Web Security School Lesson 1 webcast, Insider's guide to Web server security, and technical paper, Know your enemy: Why your Web site is at risk. When you're done, let us know how you did.

1.) Which of the following is not considered a strong password?

a. WfgHLm94SED
b. xD$8sf!H
c. 9Q-^g4FP7
d. P3t3rWh!t3
e. They are all strong passwords.

Answer

Web Security School

Download PDF

Return to Lesson 1

Return to Web Security School

2.) Which is the correct physical boot sequence for a Web server?

a. Floppy Drive, Hard Drive, CD-ROM
b. CD-ROM, Hard Drive, Floppy Drive
c. Floppy Drive, CD-ROM, Hard Drive
d. Hard Drive, Floppy Drive, CD-ROM
e. CD-ROM, Floppy Drive, Hard Drive

Answer

3.) A Windows-hosted Web site displays dynamic pages using server-side scripting such as Active Server Pages or PHP. It also displays static pages with the .htm file extension. What are the correct IIS settings for the Web site?

a.
Script source access: enabled
Read: enabled
Write: enabled
Log visits: enabled
Execute Permissions: Scripts only

b.
Script source access: disabled
Read: enabled
Write: disabled
Log visits: enabled
Execute Permissions: None

c.
Script source access: disabled
Read: enabled
Write: disabled
Log visits: enabled
Execute Permissions: Scripts only

d.
Script source access: disabled
Read: enabled
Write: disabled
Log visits: enabled
Execute Permissions: Scripts and Executables

e.
Script source access: disabled
Read: disabled
Write: disabled
Log visits: enabled
Execute Permissions: Scripts only

Answer

4.) An administrator needs to provide FTP services so that clients can download product documentation and sales people can upload their expense and meeting reports. Which is the correct FTP directory configuration?

a.
Local Path: c:\inetpub\ftproot\files\
Read: enabled
Write: enabled
Log visits: enabled

b.
Local Path: e:\inetpub\ftproot\files\
Read: enabled
Write: disabled
Log visits: enabled

c.
Local Path: e:\inetpub\ftproot\clients\
Read: enabled
Write: enabled
Log visits: enabled
Local Path: e:\inetpub\ftproot\sales\
Read: enabled
Write: enabled
Log visits: enabled

d.
Local Path: e:\inetpub\ftproot\clients\
Read: enabled
Write: disabled
Log visits: enabled
Local Path: e:\inetpub\ftproot\sales\
Read: enabled
Write: enabled
Log visits: enabled

e.
Local Path: e:\inetpub\ftproot\clients\
Read: enabled
Write: disabled
Log visits: enabled
Local Path: e:\inetpub\ftproot\sales\
Read: disabled
Write: enabled
Log visits: enabled

Answer

5.) John Doe is responsible for the content of your Web site and its back up. Which are the correct group accounts to which John should belong?

a. Power Users, Backup Operators and Administrators
b. Content Managers, Backup Operators and Administrators
c. Content Managers and Backup Operators
d. Content Managers and Administrators
e. Power Users, Content Managers and Backup Operators

Answer

BROWSE BY TAG
Application and Platform Security,   Web Security Tools and Best Practices,   Web Application Security,   Web Server Threats and Countermeasures,   Web Application and Web 2.0 Threats,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Web Application Security
Black box and white box testing: Which is best?
InZero Systems launches hardware-based security gateway
Web application vulnerability assessment shows patching progress
Preventing SQL injection attacks: A network admin's perspective
Cisco acquires SaaS security vendor ScanSafe
Web application firewall use goes beyond compliance, company finds
Gumblar Trojan drive-by exploits spike following Adobe update
Some Facebook applications lead to Russian attack sites
Barracuda acquires Purewire expanding Web security reach
An enterprise strategy for Web application security threats

Web Server Threats and Countermeasures
Increase in Gumblar backdoors poses FTP credential problems
VeriSign extends DDoS attack protection service
Microsoft issues IIS FTP advisory, exploit code circulates
Panda reports fast-spreading rogueware antivirus fraud rakes in millions
Oracle issues quarterly patches, fixes database flaws
Latest DDoS attacks extremely unsophisticated, experts say
Stolen FTP credentials likely in massive website attacks
Microsoft warns of IIS zero-day vulnerability
How to find and stop automated SQL injection attacks
How to spot attacks through Apache Web server log analysis

Web Application and Web 2.0 Threats
Web security firm ranks Firefox, Safari browsers as flaw prone
Web application vulnerability assessment shows patching progress
Layoffs prompt insider threat fears, cybersecurity survey finds
Botnet masters turn to Google, social networks to avoid detection
Computer worm infections up, scareware antivirus down, Microsoft says
Web-based attacks skyrocket, pirating sites surge, security firms say
Kaspersky system analyzes malicious URLs on Twitter for malware
Pushdo botnet uses Facebook to spread malicious email attachment
Do Facebook URL security concerns justify blocking social networks?
Gumblar Trojan drive-by exploits spike following Adobe update

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
anonymous Web surfing  (SearchSecurity.com)
buffer overflow  (SearchSecurity.com)
cache cramming  (SearchSecurity.com)
cookie poisoning  (SearchSecurity.com)
dictionary attack  (SearchSecurity.com)
distributed denial-of-service attack  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
National Computer Security Center  (SearchSecurity.com)
threat modeling  (SearchSecurity.com)
trigraph  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Search Additional Security Research and Solutions
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts