| < Day Day Up > |
|
1. | You need to design an authentication strategy that will allow only authorized users to access the SportWeb server from the extranet. What should you do?
|
|
2. | You need to design an authentication strategy for internal users to the extranet. What should you do?
|
|
3. | Using the following exhibit, which of the following business and security requirements does the proposed solution meet? (Choose all the apply.)
|
|
4. | You need to design a way to update the content on the web server. Your solution must meet the business and security requirements contained in the scenario. What are two possible solutions? (Choose two.)
|
|
5. | You need to design a strategy to log access to the company’s web server. What should you do?
|
|
Answers
1. | A. The CSO has stated that they need a strong security mechanism to access the extranet servers. He doesn’t think that a username and password scheme will be enough because the partner companies have weaker security policies that often allow users to write down passwords (or potentially have users giving out passwords over the phone). You can protect against these problems by using a two-part authentication mechanism that uses a certificate and username/password on the website. This will make it so that the cracker needs both items to log on to the server as a user. You will also need to enable SSL to support client certificates as it is part of the SSL protocol. |
2. | B. The CSO has stated that they need a strong security mechanism to access the extranet servers. This is enabled for the partner networks. You would then need to distribute certificates to your users who need to access the extranet. You can make this easier by using Active Directory Group Policy to distribute certificates for a group and then give the group appropriate access permissions to the site. |
3. | A, C, D. The solution allows encrypted web traffic to the extranet through the firewall and has enabled all the necessary features on the extranet server to allow for the use of certificate authentication. It also has removed users of the ExtraNet group from the Domain Users group so that they would not be able to authenticate on other servers. The internal ISA server will not pass any traffic except SMTP to prevent access from the outside world, including the extranet users. |
4. | A, C. The requirements state that the solution is secure and all WAN communications must be encrypted, which means that you will need to make sure that the users authenticate and the content is encrypted. You will need to look for protocols that are possible and a corresponding means to encrypt the content. In this case WebDAV with SSL, and FTP with IPSec will work because they provide a means of encryption. The other solutions do not provide encryption. |
5. | D. The requirements for logging state that the log needs to be kept in a SQL Server 2000 database. You will need to use ODBC logging to do this with the options we presented here. You could also move the information in the text-based log files to the database by using a script or third-party product. This would be done offline and would probably be a more scalable solution if the website had a high traffic volume. |
| < Day Day Up > |
|