Quiz: Locking down IIS

Take our quiz to see how well you know the Web server.

When it comes to securing IIS, resetting default passwords is just the beginning. There are nonessential services to disable and myriad other default settings to tweak. Take our quiz to see how well you know the Web server, then drop by Web Security School where our guest instructor goes under the hood of IIS.

1.) Which of the following services is nonessential for a Windows Web server?

IIS Checklists

Keep your Web server secure with these handy checklists:

Essential vs. nonessential services

Windows IIS server hardening checklist

Checklist of known IIS vulnerabilities

a. Network Connections
b. Distributed File System
c. Remote Registry Service
d. WMI Driver Extensions
Answer

2.) What is the default Connection Timeout value for IIS?
a. 900 seconds
b. 700 seconds
c. 500 seconds
d. 300 seconds
Answer

3.) When accessing a database, which of the following provides better access control over data?
a. Stored procedures
b. SQL statements
Answer

4.) Which of the following is an essential service?
a. Alerter
b. Messenger
c. Uninterruptible power supply
d. TCP/IP NetBIOS Helper
Answer

5.) Which of the following ports should you close? (You may choose more than one answer.)

Web Security School Webcasts

Listen to these on-demand webcasts from Web Security School and get tactics for keeping your servers and sites secure:

Insider's guide to Web server security

Web attacks and how to defeat them

Locking down your Web applications

a. 137
b. 138
c. 139
d. 445
Answer

6.) How many network interface cards should you use on your Web server?
a. 0
b. 1
c. 2
d. 3
Answer

7.) How long should you allow a session to be inactive before it's disconnected?
a. 2 minutes
b. 5 minutes
c. 7 minutes
d. 10 minutes
Answer

8.) Which of the following should be filtered and encoded?
a. All form data
b. All cookie data
c. Both a. and b.
d. Neither a. nor b.
Answer

9.) Which of the following vulnerabilities allows an attacker to take control of IIS?
a. ISAPI Extension buffer overflows
b. Microsoft Server Message Block vulnerability
c. Windows License Logging Service overflow
d. All of the above
Answer

10.) Which of the following services should be disabled?
a. FTP
b. SMTP
c. NNTP
d. All of them if they're not required.
Answer

How well do you know IIS?
9-10 correct: IIS expert
6-8 correct: IIS intermediate
3-5 correct: IIS amateur
0-2 correct: IIS ignorant


This was first published in September 2005

Dig deeper on Web Server Threats and Countermeasures

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close