Question

1) SSL is used to

A) Encrypt specific elements of data for application-specific purposes.
B) Encrypt files located on a Web server.
C) Encrypt data as it travels over a network.
D) Encrypt digital certificates used to authenticate a Web site.
E) Encrypt passwords for storage in a database.

2) What kind of attacks does SSL prevent? Select the best answer. Explain.

A) SQL Injection.
B) Sniffing.
C) Variable Manipulation.
D) Phishing Attacks.

3) Which of the following are not methods for minimizing a threat to a Web server? Indicate the two best answers from the following list, and explain your choice:

A) Disable all non-Web services.
B) Ensure telnet is running.
C) Disable nonessential services.
D) Enable logging.

4) _________ provides secure, remote logon and other secure client/server facilities.

A) SLP
B) HTTPS
C) TLS
D) SSH

Answer 1

1) SSL is used to
Answer C)

A) Encrypt specific elements of data for application-specific purposes. - Encryption of data for application-specific purposes isn't served by SSL.
B) Encrypt files located on a Web server. - SSL don't provide facility for file encryption and hence files located on a Web server aren't encrypted with SSL.
C) Encrypt data as it travels over a network. - SSL or Secure Sockets Layer protocol is used for encryption of data as its tranferred over a network.
D) Encrypt digital certificates used to authenticate a Web site. - Digital certificate is used to verify the identity of a user, maybe sender or receiver. It provides identification / authentication, confidentiality, integrity, non-repudiation, and access control. SSL is not used for encryption of digital certificates.
E) Encrypt passwords for storage in a database. - Encryption of passwords for storage in a database is not done using SSL though transfer of secure information over web traffic can and should happen over some encryption like using SSL.

2) What kind of attacks does SSL prevent? Select the best answer. Explain.
Answer B)

A) SQL Injection. - SQL injection works by placement of malicious code in SQL statements, via web page input. Encryption by SSL won't prevent such attacks.
B) Sniffing. - SSL encrypts web traffic and especially prevents sniffing by any 3rd person/device.
C) Variable Manipulation. - Encryption by SSL again can't prevent any intended variable manipulation.
D) Phishing Attacks. - Phishing is a type of social engineering attack and occurs when an attacker masquerades as a trusted entity and dupes a victim. SSL can't prevent such attacks.

3) Which of the following are not methods for minimizing a threat to a Web server? Indicate the two best answers from the following list, and explain your choice:
Answer A) and B) - Do note question states "are NOT methods", hence option A) and B)

A) Disable all non-Web services. - Non-web services could include services which are essential for the system hosting the environment and as such option A) is not one of the best option.
B) Ensure telnet is running. - Telnet is insecure since it works with non-encrypted data and can be easily sniffed. So telnet should be disabled on a web server. So option B) is not a good method to secure a web server.
C) Disable nonessential services. - Non essential service basically imply all services which are no going to be used or non-required services from a web server perspective like say VNC service. All such services as decided by the web admin should be disabled. So option C) is a good choice.
D) Enable logging. - Logging is an essential component of any online facing platform or service especially a web server as it captures details pertaining to web site diagnostics and security. It should always be enabled for a web server and hence option D) is a good choice.

4) _________ provides secure, remote logon and other secure client/server facilities.
Answer D)

A) SLP - SLP or Service Level Protocol provides a way for clients to dynamically discover network services.
B) HTTPS - HTTPS or Hyper Text Transfer Protocol Secure is a protocol for securing the communication between two systems e.g. the browser and the web server.
C) TLS - TLS or Transport Layer Security (also SSL) is a security/cryptographic protocol that provides privacy and data integrity over Internet communications using encryption.
D) SSH - SSH or Secure Shell provides secure, remote logon and other secure client/server facilities.