Quiz: Secure Web directories and development

1.) Which is the best directory structure for a Web site that includes static and dynamic content?

a. E: \inetpub\wwwroot\mywebsite

b. C: \inetpub\wwwroot\mywebsite

c. E: \inetpub\wwwroot\myserver\scripts
E: \inetpub\wwwroot\myserver\static

d. C: \inetpub\wwwroot\myserver\scripts
C: \inetpub\wwwroot\myserver\static

e. E: \inetpub\wwwroot\myserver\executables
E: \inetpub\wwwroot\myserver\static

Answer

Web Security School Download the PDF version of the Secure Web directories and development quiz. Return to Web attack prevention and defense. Return to Intrusion Defense School.

2.) Which option is not a reason for validating data received from a Web form before processing it?

a. The user might have misspelled their name
b. The user might have entered an invalid date
c. The data may contain malicious code
d. The data may be of the wrong type
e. None of the above

Answer

3.) True or False: Hidden form fields are a safe way to pass sensitive information from one form to another.

Answer

4.) Your Windows IIS Web server has been attacked and you think the hacker has gained access to your database server that contains customer details and orders received via the Internet. What is the first thing you should do?

a. Disconnect all compromised machines from your network
b. Reboot the server and log on as the local administrator
c. Consult your security policy
d. Determine if the Web server is running a network sniffer
e. Create a backup of your system

Answer

5.) Even if your Web server is initially set up in a perfectly secure and pristine state, it will degrade over time. Which factor can speed up this degradation?

a. Using Windows IIS instead of Linux
b. Having a very popular Web site
c. Having a lot of administrators with access to the server
d. Having regular vulnerability assessments
e. Regularly changing the contents of the home page

Answer

Take the final exam

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IIS Security Kaminsky: DNS flaw capable of attacks on many fronts Trend Micro site compromised What server considerations should be made when setting up an internal network's private applications? IT discussion: Is malware the cause of a DNS server error? Insider's guide to IIS Web server security Microsoft July updates for critical Excel, Windows and .NET flaws Finding and blocking Web application server attack vectors What's the best way to verify client authentication across unrelated Web servers? Microsoft to release DNS patch Tuesday DNS worm strikes at Microsoft flaw IIS Security Research Secure Web directories and development Locking down your Web applications Spyware removal checklist Developer's active content delivery checklist Top tools for testing your online security Top tools for testing your online security, part 2

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary