Quiz: Secure Web directories and development

1.) Which is the best directory structure for a Web site that includes static and dynamic content?

a. E: \inetpub\wwwroot\mywebsite

b. C: \inetpub\wwwroot\mywebsite

c. E: \inetpub\wwwroot\myserver\scripts
E: \inetpub\wwwroot\myserver\static

d. C: \inetpub\wwwroot\myserver\scripts
C: \inetpub\wwwroot\myserver\static

e. E: \inetpub\wwwroot\myserver\executables
E: \inetpub\wwwroot\myserver\static

Answer

Web Security School Download the PDF version of the Secure Web directories and development quiz. Return to Web attack prevention and defense. Return to Intrusion Defense School.

2.) Which option is not a reason for validating data received from a Web form before processing it?

a. The user might have misspelled their name
b. The user might have entered an invalid date
c. The data may contain malicious code
d. The data may be of the wrong type
e. None of the above

Answer

3.) True or False: Hidden form fields are a safe way to pass sensitive information from one form to another.

Answer

4.) Your Windows IIS Web server has been attacked and you think the hacker has gained access to your database server that contains customer details and orders received via the Internet. What is the first thing you should do?

a. Disconnect all compromised machines from your network
b. Reboot the server and log on as the local administrator
c. Consult your security policy
d. Determine if the Web server is running a network sniffer
e. Create a backup of your system

Answer

5.) Even if your Web server is initially set up in a perfectly secure and pristine state, it will degrade over time. Which factor can speed up this degradation?

a. Using Windows IIS instead of Linux
b. Having a very popular Web site
c. Having a lot of administrators with access to the server
d. Having regular vulnerability assessments
e. Regularly changing the contents of the home page

Answer

Take the final exam

BROWSE BY TAG Secure Web directories and development,   Preventing Web server attacks: Spyware and malware defense,   Intrusion Defense School,   Application and Platform Security,   Web Security Tools and Best Practices,   Web Server Threats and Countermeasures,   Web Application and Web 2.0 Threats,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Secure Web directories and development Locking down your Web applications Web Server Threats and Countermeasures Latest DDoS attacks extremely unsophisticated, experts say Stolen FTP credentials likely in massive website attacks Microsoft warns of IIS zero-day vulnerability How to find and stop automated SQL injection attacks How to spot attacks through Apache Web server log analysis Symantec acquires Mi5 Networks, bolsters Web security How to harden Linux operating systems How to clear out anonymous Web proxy servers in the workplace Information security book excerpts and reviews Is it more secure to have a mainframe or a collection of servers? Web Application and Web 2.0 Threats Editor's Desk: Google security needs HTTPS by default nCircle statistics show rising Web application vulnerabilities Twitter risks, Facebook threats trouble security pros Twitter bugs, DNSSEC and broswer security Twitter vulnerability project highlights Bit.ly flaws Security researchers develop browser-based darknet Month of Twitter Bugs project to document Twitter flaws Microsoft cracks down on click fraud ring Cloud security begins with infrastructure assessment RSA council addresses growing security risks in the cloud

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cache cramming  (SearchSecurity.com) content filtering  (SearchSecurity.com) Web filter  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary