|
Home > Archive > 70-218 > October 2002 > Another question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Slinky 2002-10-09, 9:02 am |
| Your company has one web server running IIS 5.0 hosting a web site to provide product information to potential customers from the Internet. Recently, your company has decided to provide the online purchase facilities for the internet users. Since the data provided by the internet users contains the sensitive information such as credit card number, customer billing address, etc., you need to ensure that the information is securely transmitted across the network. How can you accomplish this task? (Choose two)
A. Ensure that the authentication method is set to integrated Windows Authentication and disable the anonymous access.
B. Ensure that anonymous access is enabled.
C. Obtain and install a web server certificate using the web server certificate wizard in IIS 5.0 and then enable the SSL for that web site.
D. Enable the SSL for that web site.
E. Enable Encryption for the folder that contains the files for that web site.
F. Enable IPSec on the Web server.
Hasta manana. | |
| CyberDude 2002-10-09, 10:24 am |
| B - because this will allow everyone to view the products and decide if they want to become a customer.
C - because this keep all sensitive data secure, by utilising a trusted third party.  | |
|
|
| Slinky 2002-10-10, 8:25 am |
| Answer: B,C
To ensure that the information transferred across the network is secured, you need to provide a secure communication between the client and the server. Secure communication between the client and the server can be setup by installing a web server certificate and then enable the Secure Socket Layer (SSL). Note that SSL only can be enabled after a certificate is installed into the web server using the Web Server certificate wizard. The certificate installed can also ensure the customers that the web site is belong to your company because the client browser can verify the owner of the certificate by contacting the trusted certificate authority that issues the certificate. Since this web site is for public access, you should not disable the anonymous access hence A is incorrect. Without a certificate, you cannot enable the SSL, hence D is incorrect. Enabling encryption on folder level only ensure that the file is physically encrypted in the storage device, however, when the file is transmitted across the network, it will be decrypted and available in plain text format, hence E is incorrect. IPsec allow end to end encryption, however, your client from the internet may not support IPsec, also IPsec is more suitable for extranet or Virtual Private Network than public access internet, hence F is incorrect. | |
| ruscorp 2002-10-10, 10:23 am |
| Was going to say "B and D", but then re-read the question and answers.
B. Ensure that anonymous access is enabled.
C. Obtain and install a web server certificate using the web server certificate wizard in IIS 5.0 and then enable the SSL for that web site. |
|
|
|
|
