22 Sep Practice Test Question – Web Server Security Risks
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Katie is reviewing the security of a web server used by her organization. She discovers each of the items listed below. Which one of these items poses the greatest security risk and should be prioritized for remediation?
A. The server uses TLS 1.2.
B. The server supports access on port 80.
C. The server runs Apache and MySQL.
D. The server supports access on port 443.
Correct Answer: C
One of the basic server security principles is that each server should support only one primary function. Best practice dictates separating the web server (Apache) from the database server (MySQL). It is normal and standard for a web server to support both unencrypted access on port 80 and encrypted access on port 443. TLS 1.2 is a modern version of the protocol and is secure and acceptable for use.