Malory is creating a webpage in PHP where users will have to logon to gain access to certain areas of the site. Malory is concerned that malicious users might try to exploit her site, so she decides to use the following code to prevent some
attacks.
What is Malory trying to prevent here?
$username = addslashes($_POST["username"]);
$password = addslashes($_POST["password"]);
A. SQL injection
B. CSS attack
C. Reflected mode XSS attack
D. CSRF attack
Tyler is in the applicaion testing phase of a particular project. He has decided to use the White Box testing method. Tyler has made a number of changes to his code after some initial tests found some bugs. Tyler now needs to test the code with those changes in place.
What type of testing is Tyler getting ready to perform?
A. Integration testing
B. Mutation testing
C. Statement coverage testing
D. Branch coverage testing
Clay is a SQL dba working for Integrated Solutions Inc., a graphics design company in Miami. Clay administers 10 SQL servers at the company's headquarters. Clay wants to ensure that all SQL traffic stays within the internal network and no SQL traffic from the outside can get into the internal network.
What ports should Clay tell the network team to close off at the firewall to disallow all incoming and outgoing SQL traffic?
A. 1499
B. 1433
C. 389
D. 1434
Simon is going through some of Heather's code and notices an issue. What issue did Simon find in the following code?
void f4(void * arg, size_t len)
{
char *buff = new char[100];
C *ptr = new C;
memcpy(buff, arg, len);
ptr->vf();
return;
}
A. Function pointer clobbering
B. Null-termination
C. Data pointer modification
D. Virtual pointer smashing
Lori is creating a login page using Java on one of her websites with the following code. What vulnerability or issue is the code susceptible to?
conn = pool.getConnection();
String sql = "select * from user where
username='" + "' and password='" + password +
"'";
stmt = conn.createstatement();
rs = stmt.executeQuery(sql);
if (rs.next())
{
loggedIn = true;
out.println("Successfully logged in");
}
else
{
out.println("Username and/or password not valid");
}
A. SQL injection
B. Directory transversal
C. SQL slamming
D. Query string manipulation
Simon is writing an application that will use RPC to talk between a client and server. He will use authentication, but in his application the server does not have to know the RPC caller's identity. What type of RPC authentication can Simon use for this application?
A. UNIX authentication
B. ANONYMOUS authentication
C. DES authentication
D. NULL authentication
What two encryption methods are used by the Secure Electronic Transaction system?
A. RSA
B. AES
C. DES
D. 3DES
Kevin is developing a webpage using html and javascript code. The webpage will have a lot of important content and will have a number of functions that Kevin does not want revealed through the source code. Why would Kevin choose to employ HTML Guardian to hide the source code of his webpage?
A. HTML Guardian disables the "view source" option when users browse to the page
B. HTML Guardian makes it so that nothing can be seen at all when viewing the source code
C. HTML Guardian wraps the code up into include files
D. HTML Guardian encrypts html and javascript code
George is writing an application in Java and is using DES in the code to implement the encryption and decryption of data that will be passed. In the following code snippet, what will be accomplished?
FileOutputStream out = newFileOutputStream
(f);
out.write(rawkey);
A. Convert the secret key to an array of bytes
B. Generate a secret TripleDES encryption key
C. Writes the raw key to a file
D. Send the raw key to a decryption output array
Charles is writing a script in PERL for a website he is working on. The only problem he is having is that part of his script needs to call a file that a normal user does not have permission to access. What PERL command could Charles use to elevate the current user's permission so that the file could be called?
A. Taint
B. Setuid
C. Strict pragma
D. Setid()
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-92 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.