Chapter 6: Securing Internet Information Services


1.  

One of the new reliability features in IIS 6.0 is the introduction of HTTP.Sys. HTTP.Sys is the new kernel mode driver for IIS 6.0. HTTP.Sys is engineered to increase the performance of IIS dramatically. You have been researching HTTP.Sys functionality. Your research indicates that one of the following about HTTP.Sys is true. What is HTTP.Sys is capable of?

  1. Create virtual directories for Web sites

  2. Implementing flexible caching

  3. Back up XML metabase

  4. Provides health detection data to IIS

 b . http.sys does implement flexible caching. iis 6.0 will enable caching at the kernel level. this is referred to as flexible caching. x answer a is incorrect. virtual directories are not created by http.sys. they are done by using the inetinfo.exe process. xml metabase backups are not done by http.sys. therefore, answer c is also incorrect. http.sys does not provide health detection data to iis. http.sys is primarily responsible for analyzing the incoming web requests. therefore, answer d is also incorrect.

2.  

You have been approached by the AllWebCustomers company to design the security structure for their new bookstore application. This application will run on Windows Server 2003 and IIS 6.0. The infrastructure architect has designed a Web farm with SQL cluster database connections. There is also an Active Directory available in the enterprise. You are contemplating the Windows logon authentication method for this application. Which of the following will be most suited to the Windows authentication method in Windows Server 2003?

  1. RADIUS authentication

  2. Digest authentication

  3. .NET cryptographic assembly authentication

  4. Anonymous login

 b . digest authentication is an iis 6.0 authentication option. it will authenticate users with the help of the active directory. x answer a is incorrect. radius authentication enables multiple remote mechanisms to use a single sign- on method. there are no remote vpn or dial-up internet networks mentioned here. answer c is incorrect. .net cryptographic library authentication is not available in iis 6.0. this is only used in .net managed code (c#, vb.net, and so forth) execution. anonymous login is the least secure of the iis 6.0 login mechanisms. we will not be using the active directory if we implement anonymous login. therefore, answer d is also incorrect.

3.  

You are contemplating using integrated Windows authentication or basic authentication for a shopping cart application. This application will be used by Internet Explorer, Netscape, and Opera browsers. There are more non-IE browsers than IE browsers. You are also implementing an SSL connection to secure the data transmission between the users and the IIS server. Which authentication model will suit this shopping cart application?

  1. Basic authentication because of the variety of browser types.

  2. Integrated Windows authentication because of the variety of browser types.

  3. Integrated Windows authentication because basic authentication will expose the credentials.

  4. Basic authentication; however SSL, could be overkill for this application.

 a . basic authentication is the most supported authentication mechanism. we have myriad browsers to support in our architecture. the non-ie browser numbers will exceed the ie browser numbers. therefore, we should implement basic authentication to support many types of browsers. x answer b is incorrect. integrated windows authentication is tightly coupled into the windows architecture. therefore, non-ie browser base will need substantial effort to implement a secure implementation of the application. basic authentication will expose the credentials as clear text. however, ssl will provide a secure channel to transfer data between the client and the server. therefore, answer c is incorrect. answer d is also incorrect. we do need ssl if we implement a basic authentication model. therefore, it is not over kill for the application (it is not optional; it is a necessity).

4.  

Your company network has recently implemented a wireless internal network. As the system administrator, you need to maintain this network, VPN, and Internet access to your company. You are currently using different usernames and passwords for each user on these three different networks. Therefore, a single user needs to remember three usernames and passwords to access the appropriate network. This is also an inconvenience for you as the systems administrator. You have heard of a RADIUS implementation in Windows Server 2003. You are currently deploying Windows Server 2003 in your company. What is the RADIUS implementation in Windows Server 2003?

  1. Advance Digest Authentication

  2. Internet Information Server 6.0

  3. Internet Authentication Service

  4. Internet Protocol v6

 c . the radius protocol implementation in windows server 2003 is called internet authentication services. x answer a is incorrect. advance digest authentication is an authentication mechanism to authenticate users to iis 6.0. answer b is also incorrect. internet information server (iis) 6.0 is the web server in windows server 2003. it does not implement radius authentication. internet protocol (ip) v6 is a transport protocol; therefore, answer d is also incorrect.

5.  

You have been instructed to install Windows Server 2003 on a Windows 2000 machine. The current Windows 2000 server is running under a FAT32 system. The Windows Server 2003 installation will permit you to upgrade or have clean installation. When you are performing the upgrade, you have an option between FAT32 and NTFS file systems. Which would you choose?

  1. FAT

  2. FAT32

  3. NTFS

  4. FAT64

 c . the preferred file system is ntfs. iis 6.0 and other servers rely on ntfs security permissions to authenticate users. x answer a is incorrect. file allocation table (fat) is an old dos version of a file system. this was superceded by fat32 version. fat32 was a 32-bit file allocation system; therefore, answer b is also incorrect. the fat64 system was a proposed 64-bit file allocation system that follows the fat format. this option is not implemented yet; hence, answer d is incorrect.

6.  

You have installed IIS 6.0 successfully using the Configure Your Server Wizard. You want to experiment with the ASP.NET functionality in IIS 6.0. You have downloaded the QuickStart tutorials from Microsoft to try out ASP.NET scripts. You try to invoke one of the ASP.NET pages and get a 404 Not Found error. What could be the reason for this?

  1. IIS 6.0 does not support ASP.NET scripts.

  2. ASP.NET support has to be enabled through Web Services Extensions.

  3. ASP.NET support should be enabled through Control Panel Administrative tools .

  4. IIS 6.0 only supports ASP.NET scripts inside ASP scripts.

 b . asp.net is not enabled by default after the iis installation. you need to manually enable the support through web service extensions. x answer a is incorrect. iis 6.0 does support asp.net. answer c is incorrect because the web server extension can be found in the iis manager , not in control panel  administrative tools . answer d is also incorrect. we can run asp scripts inside asp.net applications, not vice versa.

7.  

You have created a commercial Web site with sensitive business information. Your senior architect has advised you to use Advance Digest Security to maximize security benefits on IIS 6.0. You have been doing research on Advance Digest Security. What is the incorrect piece of information you came across in your research?

  1. It uses the WinFX file system to store user credentials.

  2. It works with both HTTP 1.0 and HTTP 1.1 enabled browsers.

  3. It will work with Internet Explorer 5.0 with JavaScript 1.3 support.

  4. It only works with SSL support.

 c . advance digest security only works with http 1.1 enabled browsers. the http 1.1 support was enabled after internet explorer version 5.0. the javascript 1.3 support is irrelevant. x answer a is incorrect. the winfx file system is not available in windows server 2003; it is a longhorn feature. advance digest security can only be implemented on http 1.1 browsers. therefore, answer b is incorrect. answer d is also incorrect. we do not need ssl support to implement an advance digest security on iis 6.0.

8.  

Phase One of the new IIS 6.0 features is implemented at the hardware level. The devices that implement this new feature can be described as Plug and Play devices. These devices implement an API called CryptoAPI and can be chosen from a list from IIS Manager. This new feature could be referred as:

  1. Server-gated Cryptography

  2. Selectable Cryptographic Service Provider

  3. Secure Sockets Layer support

  4. .NET System Cryptography library support

 b . selectable cryptography server provider will let you select a device from an iis list that implements crypto api. x server-gated cryptography is a software feature that extends ssl support. therefore, answer a is incorrect. answer c is also incorrect. secure sockets layer support is not new and has been around for a long while. the system cryptography .net library is a set of libraries available for .net code (c#, vb.net) to implement cryptography in scripts. this is a software implementation, not a hardware implementation. therefore, answer d is incorrect

Answers

1.  

¾ B . HTTP.Sys does implement flexible caching. IIS 6.0 will enable caching at the kernel level. This is referred to as flexible caching.

x Answer A is incorrect. Virtual directories are not created by HTTP.Sys. They are done by using the inetinfo.exe process. XML metabase backups are not done by HTTP.Sys. Therefore, Answer C is also incorrect. HTTP.Sys does not provide health detection data to IIS. HTTP.Sys is primarily responsible for analyzing the incoming Web requests . Therefore, Answer D is also incorrect.

2.  

¾ B . Digest authentication is an IIS 6.0 authentication option. It will authenticate users with the help of the Active Directory.

x Answer A is incorrect. RADIUS authentication enables multiple remote mechanisms to use a single sign- on method. There are no remote VPN or dial-up Internet networks mentioned here. Answer C is incorrect. .NET cryptographic library authentication is not available in IIS 6.0. This is only used in .NET managed code (C#, VB.NET, and so forth) execution. Anonymous login is the least secure of the IIS 6.0 login mechanisms. We will not be using the Active Directory if we implement anonymous login. Therefore, Answer D is also incorrect.

3.  

¾ A . Basic authentication is the most supported authentication mechanism. We have myriad browsers to support in our architecture. The non-IE browser numbers will exceed the IE browser numbers . Therefore, we should implement basic authentication to support many types of browsers.

x Answer B is incorrect. Integrated Windows authentication is tightly coupled into the Windows architecture. Therefore, non-IE browser base will need substantial effort to implement a secure implementation of the application. Basic authentication will expose the credentials as clear text. However, SSL will provide a secure channel to transfer data between the client and the server. Therefore, Answer C is incorrect. Answer D is also incorrect. We do need SSL if we implement a basic authentication model. Therefore, it is not over kill for the application (it is not optional; it is a necessity).

4.  

¾ C . The RADIUS protocol implementation in Windows Server 2003 is called Internet Authentication Services.

x Answer A is incorrect. Advance Digest Authentication is an authentication mechanism to authenticate users to IIS 6.0. Answer B is also incorrect. Internet Information Server (IIS) 6.0 is the Web server in Windows Server 2003. It does not implement RADIUS authentication. Internet Protocol (IP) V6 is a transport protocol; therefore, Answer D is also incorrect.

5.  

¾ C . The preferred file system is NTFS. IIS 6.0 and other servers rely on NTFS security permissions to authenticate users.

x Answer A is incorrect. File Allocation Table (FAT) is an old DOS version of a file system. This was superceded by FAT32 version. FAT32 was a 32-bit file allocation system; therefore, Answer B is also incorrect. The FAT64 system was a proposed 64-bit file allocation system that follows the FAT format. This option is not implemented yet; hence, Answer D is incorrect.

6.  

¾ B . ASP.NET is not enabled by default after the IIS installation. You need to manually enable the support through Web Service Extensions.

x Answer A is incorrect. IIS 6.0 does support ASP.NET. Answer C is incorrect because the Web Server Extension can be found in the IIS Manager , not in Control Panel Administrative Tools . Answer D is also incorrect. We can run ASP scripts inside ASP.NET applications, not vice versa.

7.  

¾ C . Advance Digest Security only works with HTTP 1.1 enabled browsers. The HTTP 1.1 support was enabled after Internet Explorer version 5.0. The JavaScript 1.3 support is irrelevant.

x Answer A is incorrect. The WinFX file system is not available in Windows Server 2003; it is a longhorn feature. Advance Digest Security can only be implemented on HTTP 1.1 browsers. Therefore, Answer B is incorrect. Answer D is also incorrect. We do not need SSL support to implement an Advance Digest Security on IIS 6.0.

8.  

¾ B . Selectable Cryptography Server provider will let you select a device from an IIS list that implements Crypto API.

x Server-gated Cryptography is a software feature that extends SSL support. Therefore, Answer A is incorrect. Answer C is also incorrect. Secure Sockets Layer support is not new and has been around for a long while. The System Cryptography .NET library is a set of libraries available for .NET code (C#, VB.NET) to implement cryptography in scripts. This is a software implementation, not a hardware implementation. Therefore, Answer D is incorrect




MCSE Designing Security for a Windows Server 2003 Network. Exam 70-298
MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
ISBN: 1932266550
EAN: 2147483647
Year: 2003
Pages: 122

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net