Which of the following represent weak password? (Select 2 answers)

Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would
like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage
and decides to save the page locally, so that he can modify the page variables. In the context of
web application security, what do you think Bubba has changes?

Harold just got home from working at Henderson LLC where he works as an IT technician. He was
able to get off early because they were not too busy. When he walks into his home office, he
notices his teenage daughter on the computer, apparently chatting with someone online. As soon
as she hears Harold enter the room, she closes all her windows and tries to act like she was
playing a game. When Harold asks her what she was doing, she acts very nervous and does not
give him a straight answer. Harold is very concerned because he does not want his daughter to
fall victim to online predators and the sort. Harold doesn’t necessarily want to install any programs
that will restrict the sites his daughter goes to, because he doesn’t want to alert her to his trying to
figure out what she is doing. Harold wants to use some kind of program that will track her activities
online, and send Harold an email of her activity once a day so he can see what she has been up
to. What kind of software could Harold use to accomplish this?

Take a look at the following attack on a Web Server using obstructed URL:
http://www.example.com/script.ext?template%2e%2e%2e%2e%2e%2f%2e%2f%65%74%63%2f
%70%61%73%73%77%64
The request is made up of:
%2e%2e%2f%2e%2e%2f%2e%2f% = ../../../
%65%74%63 = etc
%2f = /
%70%61%73%73%77%64 = passwd
How would you protect information systems from these attacks?

You are performing a port scan with nmap. You are in hurry and conducting the scans at the
fastest possible speed. However, you don’t want to sacrifice reliability for speed. If stealth is not an
issue, what type of scan should you run to get very reliable results?

What are the differences between SSL and S-HTTP?

Blane is a security analyst for a law firm. One of the lawyers needs to send out an email to a client
but he wants to know if the email is forwarded on to any other recipients. The client is explicitly
asked not to re-send the email since that would be a violation of the lawyer’s and client’s
agreement for this particular case. What can Blane use to accomplish this?

Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the
link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain
functions are executed on his local system under his privileges, which allow Kevin access to
information used on the BBS. However, no executables are downloaded and run on the local
system. What would you term this attack?

You ping a target IP to check if the host is up. You do not get a response. You suspect ICMP is
blocked at the firewall. Next you use hping2 tool to ping the target host and you get a response.
Why does the host respond to hping2 and not ping packet?

Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been
able to spawn an interactive shell and plans to deface the main web page. He first attempts to use
the “echo” command to simply overwrite index.html and remains unsuccessful. He then attempts
to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in
which also he remains unsuccessful. What is the probable cause of Bill’s problem?