Quiz: Locking down IIS

Take our quiz to see how well you know the Web server.

When it comes to securing IIS, resetting default passwords is just the beginning. There are nonessential services to disable and myriad other default settings to tweak. Take our quiz to see how well you know the Web server, then drop by Web Security School where our guest instructor goes under the hood of IIS.

1.) Which of the following services is nonessential for a Windows Web server?

IIS Checklists

Keep your Web server secure with these handy checklists:

Essential vs. nonessential services

Windows IIS server hardening checklist

Checklist of known IIS vulnerabilities

a. Network Connections
b. Distributed File System
c. Remote Registry Service
d. WMI Driver Extensions

2.) What is the default Connection Timeout value for IIS?
a. 900 seconds
b. 700 seconds
c. 500 seconds
d. 300 seconds

3.) When accessing a database, which of the following provides better access control over data?
a. Stored procedures
b. SQL statements

4.) Which of the following is an essential service?
a. Alerter
b. Messenger
c. Uninterruptible power supply
d. TCP/IP NetBIOS Helper

5.) Which of the following ports should you close? (You may choose more than one answer.)

Web Security School Webcasts

Listen to these on-demand webcasts from Web Security School and get tactics for keeping your servers and sites secure:

Insider's guide to Web server security

Web attacks and how to defeat them

Locking down your Web applications

a. 137
b. 138
c. 139
d. 445

6.) How many network interface cards should you use on your Web server?
a. 0
b. 1
c. 2
d. 3

7.) How long should you allow a session to be inactive before it's disconnected?
a. 2 minutes
b. 5 minutes
c. 7 minutes
d. 10 minutes

8.) Which of the following should be filtered and encoded?
a. All form data
b. All cookie data
c. Both a. and b.
d. Neither a. nor b.

9.) Which of the following vulnerabilities allows an attacker to take control of IIS?
a. ISAPI Extension buffer overflows
b. Microsoft Server Message Block vulnerability
c. Windows License Logging Service overflow
d. All of the above

10.) Which of the following services should be disabled?
a. FTP
d. All of them if they're not required.

How well do you know IIS?
9-10 correct: IIS expert
6-8 correct: IIS intermediate
3-5 correct: IIS amateur
0-2 correct: IIS ignorant

This was last published in September 2005

Dig Deeper on Web Server Threats and Countermeasures

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.