You need to design a method to update the content on the Web server whilst
ensuring that your solution meet business and security requirements.
What should you do? (Each correct answer presents a complete solution. Choose
two)
A. Use SSH to encrypt content as it is transferred to the Web server on the perimeter
network.
B. Install the Microsoft FrontPage Server Extensions, and use FrontPage to update
content.
C. Use Web Distributed Authoring and Versioning (WebDAV) over SSL connection to
the Web server to update content.
D. Use FTP over an IPSec connection to transfer content to the Web server.
E. Use Telnet to connect to the Web server, and then perform content changes directly on
the server.
Leading the way in IT testing and certification tools, www.certifyme.com
- 73 -
Answer: C, D
Explanation:
C: WebDAV is a file sharing protocol that is commonly used in Windows
Internet-related applications.350-001 It is a secure file transfer protocol over intranets and the
Internet. You can download, upload, and manage files on remote computers across the
Internet and intranets using WebDAV. WebDAV is similar to FTP. WebDAV always
uses password security and data encryption on file transfers (FTP does not support these
tasks). Thus making use of WebDAV over SSL connection should comply with the
company's security requirements.
D: The File Transfer Protocol (FTP) is a valuable component of IIS 6.0.640-802 FTP is used to
"swap" or "share" files between servers and clients. This could be dangerous practice for
businesses with sensitive information. Most large organization firewalls will block FTP
access. We need to implement FTP communication over a secure channel like VPN.
VPNs use the Point-to-Point Tunneling Protocol (PPTP) or Secure Internet Protocol
(IPSec) to encrypt data and facilitate secure FTP communication. We can also use SSL
encryption on WebDAV supported directories for the same purpose.
Incorrect answers:
A: SSH is independent of the operating system and is therefore suitable for use in a
mixed operating system environment. However, not all terminal concentrators provide
built-in security functions, so you'll need to consult with the vendor's documentation to
see what, if any, security is provided.VCP-310 Thus this option is a security risk.
B: Making use of Microsoft FrontPage Server Extensions and updating the content with
FrontPage will not comply with security requirements.
E: You should enable the Telnet service only if you see a real need for it, especially since
the other administrative tools at your disposal offer more features and far better security.
The Telnet service should remain disabled unless a need arises that requires it. In this
instance it would be unnecessary.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment