Directory browsing should not be allowed on which scan component?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

Directory browsing should not be allowed on which scan component?

Explanation:
Directory browsing is an information disclosure risk that happens when a web server reveals the list of files in a directory to a client. This is especially dangerous on web servers because it exposes the site’s internal structure, backup copies, configuration files, and other sensitive data that an attacker could use to plan targeted attacks or discover vulnerabilities. In PCI scans, preventing this disclosure is a basic hardening step for any publicly accessible web content. That’s why the web server is the component where directory browsing should be disabled. Other components like mail servers, application servers, or DNS servers don’t typically expose a directory listing over the web in the same direct way, so the immediate risk from directory listing isn’t the same for them. The remedy is to configure the web server to turn off directory indexing (for example, disabling autoindex/Indexes in Apache, turning off Directory Browsing in IIS, or disabling autoindex in Nginx) and ensure an appropriate default index file is served.

Directory browsing is an information disclosure risk that happens when a web server reveals the list of files in a directory to a client. This is especially dangerous on web servers because it exposes the site’s internal structure, backup copies, configuration files, and other sensitive data that an attacker could use to plan targeted attacks or discover vulnerabilities. In PCI scans, preventing this disclosure is a basic hardening step for any publicly accessible web content.

That’s why the web server is the component where directory browsing should be disabled. Other components like mail servers, application servers, or DNS servers don’t typically expose a directory listing over the web in the same direct way, so the immediate risk from directory listing isn’t the same for them. The remedy is to configure the web server to turn off directory indexing (for example, disabling autoindex/Indexes in Apache, turning off Directory Browsing in IIS, or disabling autoindex in Nginx) and ensure an appropriate default index file is served.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy