Quiz: Secure Web directories and development

Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management.

By Michael Cobb

1.) Which is the best directory structure for a Web site that includes static and dynamic content?

a. E: \inetpub\wwwroot\mywebsite

b. C: \inetpub\wwwroot\mywebsite

c. E: \inetpub\wwwroot\myserver\scripts
E: \inetpub\wwwroot\myserver\static

d. C: \inetpub\wwwroot\myserver\scripts
C: \inetpub\wwwroot\myserver\static

e. E: \inetpub\wwwroot\myserver\executables
E: \inetpub\wwwroot\myserver\static


Web Security School

Download the PDF version of the Secure Web directories and development quiz.

Return to Web attack prevention and defense.

Return to Intrusion Defense School.

2.) Which option is not a reason for validating data received from a Web form before processing it?

a. The user might have misspelled their name
b. The user might have entered an invalid date
c. The data may contain malicious code
d. The data may be of the wrong type
e. None of the above


3.) True or False: Hidden form fields are a safe way to pass sensitive information from one form to another.


4.) Your Windows IIS Web server has been attacked and you think the hacker has gained access to your database server that contains customer details and orders received via the Internet. What is the first thing you should do?

a. Disconnect all compromised machines from your network
b. Reboot the server and log on as the local administrator
c. Consult your security policy
d. Determine if the Web server is running a network sniffer
e. Create a backup of your system


5.) Even if your Web server is initially set up in a perfectly secure and pristine state, it will degrade over time. Which factor can speed up this degradation?

a. Using Windows IIS instead of Linux
b. Having a very popular Web site
c. Having a lot of administrators with access to the server
d. Having regular vulnerability assessments
e. Regularly changing the contents of the home page


Take the final exam

This was last published in June 2005

Dig Deeper on Web Server Threats and Countermeasures

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.