| < Day Day Up > |
|
1. | Your company has the following requirement: All traffic sent over WAN links must be secure. What protocol would you enable for web content sent over the WAN? (Choose all that apply.)
|
|
2. | What protocols are included as part of IIS? (Choose all that apply.)
|
|
3. | Your company has had some security issues with the WebDAV protocol due to improperly applied permissions. Your boss has decided that WebDAV does not need to be running on the IIS servers. You need to prohibit WebDAV. What should you do?
|
|
4. | You need to authenticate a user with a domain controller running Active Directory. The client is using Internet Explorer 6 on Windows XP. You want to use the Kerberos protocol to authenticate your users. Which option should you choose for authentication?
|
|
5. | You need to enable authentication on your server, but you need to support any browser that the user chooses to use. You will also need to use a SQL Server 2000 database to store the credentials. What authentication method should you use?
|
|
6. | You need to provide a secure authentication mechanism for an extranet with two partner sites. The partner sites will have approximately 200 users each. You want a secure but easy-to-manage authentication method. You do not require the identification of each individual user, just the organization. What should you do?
|
|
7. | You need to authenticate a user with a domain controller running Active Directory. The client will use an HTTP 1.1–compliant browser, but it will not necessarily be Internet Explorer. You do not need encryption for all content and have chosen not to enable SSL. You need to provide for password security. Which option should you choose for authentication?
|
|
8. | One of your company’s web applications keeps crashing. You suspect that an attacker is exploiting a bug in the server to cause it to crash, thereby creating a denial of service attack. You need to determine what web requests are causing the web server to crash. What type of logging should you enable on the server?
|
|
9. | You need to log what users are downloading from the website. What should you do?
|
|
10. | You need to update the content on your web server. The content is sensitive and should remain private. Your server is on the other side of a firewall that allows only HTTP and HTTPS to pass through it. What should you do?
|
|
Answers
1. | B, C. SSL and IPSec would both be correct with the information provided in the question. Both of these protocols allow you to establish a secure session with a server. HTTP does not provide encryption. MD5 is a signing algorithm, not an encryption protocol. |
2. | A, B. Simple Mail Transfer Protocol (SMTP) and Hypertext Transfer Protocol (HTTP) are part of IIS. Server Message Block (SMB) and NetBIOS are not, but they are part of Windows networking. |
3. | D. IIS 6 introduces the Web Service Extensions section of the IIS Manager. It allows you to enable or prohibit various ISAPI extensions installed on the server. This is the preferred way to disable WebDAV with IIS 6. You could install UrlScan and filter the WebDAV protocol, but it is no longer the preferred method. The metabase and Registry keys do not exist. |
4. | C. You would choose integrated Windows authentication, which supports either NT LAN Manager or Kerberos v5 for authentication. Basic authentication sends the credentials to the server in plain text but does not use Kerberos. Digest authentication will encrypt the password but does not use Kerberos. .NET Passport authentication uses a mechanism similar to Kerberos to authenticate users, but it is not Kerberos. |
5. | A. You should create a web page to request the information required to authenticate the user. This means a developer will need to write code to authenticate the credentials against a database in SQL Server 2000. If the credentials check out, then the user is directed to the requested URL. Basic, .NET Passport, and certificate authentication support many different clients but require the use of Active Directory. |
6. | B. You will want to enable a certificate mechanism to be most secure because the user needs a certificate to authenticate. .NET Passport authentication and forms-based authentication are not as secure and require more work in the form of custom programming for the website. Option A requires more work than necessary in setting up and maintaining all the user accounts, certificates, and mappings because the business requirements state that they are not interested in identifying individual users, just the partner organizations. You would map certificates to the partner organization based on a rule. |
7. | B. You would choose digest authentication because it will provide for encryption of the password and works with HTTP 1.1–compliant browsers. This option requires using Active Directory on Windows Server 2003. Basic authentication sends the password in clear text. Integrated Windows authentication only works with Internet Explorer. .NET Passport authentication does not use Active Directory. |
8. | A. Protocol logging logs the URLs and additional information for each request that comes to the server into a text file. This file can be a standard form that is readily parsed by a number of applications for reporting purposes. Audit object access with Windows auditing would only log access to files on the NTFS file system that the website was on. The hacker may be exploiting a bug that never touches a file on the file system, so this log may yield nothing useful. ODBC logging is just an option to store your protocol log, so it could capture the information, but it is a more complex form of logging and is not the simplest solution. Network Monitor would work in capturing the information if it is configured correctly, but it is not the simplest approach. |
9. | A. You would enable protocol logging for the website; protocol logging will record all requests sent to the server in a text file or in an ODBC-compliant database like SQL Server 2000. This is the easiest way to get this information. Network Monitor would record the information, but it would be more difficult to parse and read, so protocol logging is a better choice. You cannot use Performance Monitor or auditing to obtain the same information. |
10. | B. You will need to use WebDAV because the firewall will not pass FTP traffic. You will also need to use SSL to encrypt the content update because WebDAV has no built-in encryption mechanism. |
| < Day Day Up > |
|