To answer this question, you need to understand directory-traversal attacks and how to prevent them.
Directory-traversal attacks occur when an attacker tries to access files or directories outside of the intended directory structure. This can be done by manipulating input parameters to navigate to different directories on the server.
Let's go through each option to understand why it is correct or incorrect:
Option A) Enforce permissions to folders - This option is correct because enforcing proper permissions to folders can help prevent directory-traversal attacks. By setting appropriate access controls and permissions, you can restrict access to files and directories, ensuring that only authorized users have access.
Option B) Allow everyone access to the default page only - This option is incorrect because allowing everyone access to the default page only does not directly address the issue of directory-traversal attacks. It may help limit access to certain areas of the website, but it does not provide sufficient protection against traversal attacks.
Option C) Allow only registered users to access the home page of a website - This option is incorrect because restricting access to the home page of a website does not directly address the issue of directory-traversal attacks. While it may limit access to certain areas, it does not provide comprehensive protection.
Option D) Make all users log in to access folders - This option is incorrect because making all users log in to access folders does not directly address the issue of directory-traversal attacks. While authentication can help in controlling access, it does not specifically prevent traversal attacks.
The correct answer is A) Enforce permissions to folders. This option is correct because by setting appropriate access controls and permissions to folders, you can restrict access and prevent attackers from traversing to unauthorized directories.