Question

What are the main roles of IIS in web application security control? (Select all that apply)

a. It blocks IP addresses and domains that are not permitted.
b. It creates an access token and passes it to ASP .NET or to Windows for security checks.
c. It maintains an access control list to permit or deny a user.
d. It compares received credentials with the credentials saved in a file.

Answer 1

Option A, B and C. The main roles of IIS in web application security control are blocking unauthorized IP addresses and domains, creating access tokens for authentication checks, and maintaining an access control list to restrict or allow user access.

Step-by-step explanation:

The main roles of Internet Information Services (IIS) in web application security control include managing access to resources and authenticating users. Specifically, IIS operates by:

• Blocking IP addresses and domains that are not permitted, thus controlling which users or systems can interact with the web application.
• Creating an access token to ensure that user credentials are valid and providing this token to ASP .NET or Windows for further security checks.
• Maintaining an access control list (ACL), which permits or denies users based on predefined rules, ensuring that only authorized users have access to certain resources.

While IIS may compare received credentials against those stored in a file, this is generally done at the application level within ASP.NET, not directly by IIS.