1.Question 1Which of the following countermeasures helps administrators defend against webserver attacks? 1 pointInstall the IIS server on a domain controller Do not configure a separate anonymous user account for each application Screen and filter incoming traffic requests Never use a dedicated machine as a web server 2.Question 2Which of the following practices is NOT a countermeasure to defend against web server attacks? 1 pointScreen and filter incoming traffic requests Physically protect the web server machine in a secure machine room Store website files and scripts on a separate partition or drive Install IIS server on a domain controller

1.Question 1Which of the following countermeasures helps security teams defend against DoS and DDoS attacks on the network and system? 1 pointDisable TCP SYN cookie protection Configure the firewall to allow external ICMP traffic access Enable unused and insecure services Prevent the use of unnecessary functions such as gets and strcpy 2.Question 2Which of the following countermeasures helps security professionals defend against DoS/DDoS attacks? 1 pointAllow the transmission of fraudulently addressed packets at the ISP level Make use of functions such as gets and strcpy Secure remote administration and connectivity testing Allow data processed by the attacker from being executed

Explain security measures that can be implemented in web servers? elaborate four security counter measures.

1.Question 1Identify the attack in which an attacker exploits vulnerabilities that evolve from the unsafe use of functions in an application in public web servers to send crafted requests to the internal or backend servers. 1 pointSSH brute force Web server password cracking Web server misconfiguration Server-side request forgery 2.Question 2In which of the following layers of the vulnerability stack do security professionals configure solutions such as IDS and IPS to raise alarms if any malicious traffic enters a target server? 1 pointLayer 5Layer 7Layer 3 Layer 13.Question 3While performing web application testing, Ruben, a software developer, found out that the web application failed to protect sensitive traffic flowing in the network. Additionally, the web application supported weak algorithms and used expired or invalid certificates, making it susceptible to various attacks that revealed user data.Identify the security misconfiguration detected by Ruben in the above scenario. 1 pointInsufficient transport layer protection Unvalidated inputs Improper error handling Parameter/form tampering 4.Question 4Identify the type of SQL injection technique used by the attacker when they cannot directly exploit any other SQL injection techniques. 1 pointBlind SQL injection Out-of-band SQL injection Error-based SQL injection In-band SQL injection 5.Question 5Which of the following countermeasure helps developers or testing teams secure the database against SQL injection attacks? 1 pointUse quoted/delimited identifiers as they can ease the whitelisting, black-listing, and escaping efforts Avoid constructing dynamic SQL with concatenated input values Test the content of string variables and accept all the values Ensure that the web config files for each application contain sensitive information

Which security device is best for defending Web Servers against the OWASP Top 10 web application security risks?1 pointload balancerintrusion prevention systemweb security appliancestateful firewallweb application firewall

Which of the following countermeasures helps security professionals protect a network against DoS/DDoS attacks?Implement cognitive radios in the physical layerNever perform input validationAllow all inbound packets originating from the service portsUse functions such as gets and strcpy