In: Computer Science
1) SSL is used to
A) Encrypt specific elements of data for application-specific
purposes.
B) Encrypt files located on a Web server.
C) Encrypt data as it travels over a network.
D) Encrypt digital certificates used to authenticate a Web
site.
E) Encrypt passwords for storage in a database.
2) What kind of attacks does SSL
prevent? Select the best answer. Explain.
A) SQL Injection.
B) Sniffing.
C) Variable Manipulation.
D) Phishing Attacks.
3) Which of the
following are not methods for minimizing a threat to a Web server?
Indicate the two best answers from the following list, and explain
your choice:
A) Disable all non-Web services.
B) Ensure telnet is running.
C) Disable nonessential services.
D) Enable logging.
4) _________ provides secure, remote
logon and other secure client/server facilities.
A) SLP
B) HTTPS
C) TLS
D) SSH
1) SSL is used to
Answer C)
A) Encrypt specific elements of data for application-specific
purposes. - Encryption of data for application-specific purposes
isn't served by SSL.
B) Encrypt files located on a Web server. - SSL don't provide
facility for file encryption and hence files located on a Web
server aren't encrypted with SSL.
C) Encrypt data as it travels over a network. - SSL or
Secure Sockets Layer protocol is used for encryption of data as its
tranferred over a network.
D) Encrypt digital certificates used to authenticate a Web site. -
Digital certificate is used to verify the identity of a user, maybe
sender or receiver. It provides identification / authentication,
confidentiality, integrity, non-repudiation, and access control.
SSL is not used for encryption of digital certificates.
E) Encrypt passwords for storage in a database. - Encryption of
passwords for storage in a database is not done using SSL though
transfer of secure information over web traffic can and should
happen over some encryption like using SSL.
2) What kind of attacks does SSL prevent? Select the best
answer. Explain.
Answer B)
A) SQL Injection. - SQL injection works by placement of
malicious code in SQL statements, via web page input. Encryption by
SSL won't prevent such attacks.
B) Sniffing. - SSL encrypts web traffic and especially
prevents sniffing by any 3rd person/device.
C) Variable Manipulation. - Encryption by SSL again can't prevent
any intended variable manipulation.
D) Phishing Attacks. - Phishing is a type of social engineering
attack and occurs when an attacker masquerades as a trusted entity
and dupes a victim. SSL can't prevent such attacks.
3) Which of the following are not methods for minimizing a
threat to a Web server? Indicate the two best answers from the
following list, and explain your choice:
Answer A) and B) - Do note question states "are
NOT methods", hence option A) and B)
A) Disable all non-Web services. - Non-web services
could include services which are essential for the system hosting
the environment and as such option A) is not one of the best
option.
B) Ensure telnet is running. - Telnet is insecure since it works
with non-encrypted data and can be easily sniffed. So telnet should
be disabled on a web server. So option B) is not a good method to
secure a web server.
C) Disable nonessential services. - Non essential service basically
imply all services which are no going to be used or non-required
services from a web server perspective like say VNC service. All
such services as decided by the web admin should be disabled. So
option C) is a good choice.
D) Enable logging. - Logging is an essential component of any
online facing platform or service especially a web server as it
captures details pertaining to web site diagnostics and security.
It should always be enabled for a web server and hence option D) is
a good choice.
4) _________ provides secure, remote logon and other secure
client/server facilities.
Answer D)
A) SLP - SLP or Service Level Protocol provides a way for
clients to dynamically discover network services.
B) HTTPS - HTTPS or Hyper Text Transfer Protocol Secure is a
protocol for securing the communication between two systems e.g.
the browser and the web server.
C) TLS - TLS or Transport Layer Security (also SSL) is a
security/cryptographic protocol that provides privacy and data
integrity over Internet communications using encryption.
D) SSH - SSH or Secure Shell provides secure, remote logon
and other secure client/server facilities.