Page 367 - StudyBook.pdf
P. 367

Communication Security: Web Based Services • Chapter 5  351

                      B. Use a different account for the Web service that only has access to those
                         specific files and directories that will be used by the Web site.

                      C. Use a different account for the Web service that is not a member of an
                         Administrators group but has access to all files on the system.

                      D. Recommend that the company continue with this practice as long as the
                         account is just a member of the local Administrators group and not the
                         Domain Administrators group.

                  2. While performing a routine port scan of your company’s internal network,
                      you find several systems that are actively listening on port 80.What does this
                      mean and what should you do?
                    A. There are rogue FTP servers, and they should be disabled.

                    B. There are rogue HTTP servers, and they should be disabled.
                    C. These are LDAP servers, and should be left alone.
                    D. These are FTP servers, and should be left alone.


                  3. You determine that someone has been using Web spoofing attacks to get your
                      users to give out their passwords to an attacker.The users tell you that the site
                      at which they have been entering the passwords shows the same address that
                      normally shows in the address bar of the browser.What is the most likely
                      reason that the users cannot see the URL that they are actually using?
                      A. The attacker is using a digital certificate created by a third-party CA.

                      B. The attacker is using HTTP/S to prevent the browser from seeing the real
                         URL.

                      C. The attacker is using ActiveX to prevent the Web server from sending its
                         URL.

                      D. The attacker is using JavaScript to prevent the browser from displaying the
                         real URL.

                  4. You are setting up a new Web server for your company. In setting directory
                      properties and permissions through the Web server, you want to ensure that
                      hackers are not able to navigate through the directory structure of the site, or
                      execute any compiled programs that are on the hard disk.At the same time,
                      you want visitors to the site to be able to enjoy the code you’ve included in
                      HTML documents, and in scripts stored in a directory of the Web site.Which
                      of the following will be part of the properties and permissions that you set?


                                                                              www.syngress.com
   362   363   364   365   366   367   368   369   370   371   372