Page 799 - StudyBook.pdf
P. 799
Self Test Appendix • Appendix 783
Answer C is correct. It is highly likely that you will find unauthorized APs on the network.
Even if a company does not use or plan to use a wireless network, they should consider con-
ducting regular wireless site surveys to see if anyone has violated company security policy by
placing an unauthorized AP on the network.Although answers A and B are likely to occur in
this situation, they will not be specifically identified by the site survey.Answer D is invalid.
Chapter 5: Communication
Security: Web Based Services
1. When performing a security audit on a company’s Web servers, you note that the Web service
is running under the security context of an account that is a member of the server’s local
Administrators group.What is the best recommendation to make in your audit results?
A. Use a different account for the Web service that is a member of the Domain
Administrators group rather than the local Administrators group.
B. Use a different account for the Web service that only has access to those specific files and
directories that will be used by the Web site.
C. Use a different account for the Web service that is not a member of an Administrators
group but has access to all files on the system.
D. Recommend that the company continue with this practice as long as the account is just a
member of the local Administrators group and not the Domain Administrators group.
B. Use a different account for the Web service that only has access to those specific files and
directories that will be used by the Web site.The security context of an account used by the
Web service should always be restricted as much as possible to help prevent remote users from
being able to cause damage using this account.
A is incorrect, because this would just make the security hole worse by increasing the access
level of the account.Answer C is incorrect, because it will restrict the account a little more, but
still give it complete access to everything on the Web server, including the system.Answer D is
incorrect, because recommending that the company continue with this practice does nothing to
eliminate the security vulnerability.
2. While performing a routine port scan of your company’s internal network, you find several sys-
tems that are actively listening on port 80.What does this mean and what should you do?
A. There are rogue FTP servers, and they should be disabled.
B. There are rogue HTTP servers, and they should be disabled.
C. These are LDAP servers, and should be left alone.
D. These are FTP servers, and should be left alone.
www.syngress.com
