312-92 Dumps
312-92 Braindumps
312-92 Real Questions
312-92 Practice Test
312-92 Actual Questions
EC-Council Certified Secure Programmer v2 (CSP)
https://killexams.com/pass4sure/exam-detail/312-92
Sideline diffusion
Backdoor diffusion
What type of authentication is used in the following Pocket SOAP code? Dim Envelope
Dim HTTP
Set Envelope = CreateObject("PocketSOAP.Envelope.2")
Set HTTP = CreateObject("PocketSOAP.HTTPTransport.2) Envelope.SetMethod "GetSome", "http://www.mysite.org/message/" Emvelope.Parameters.Create "SomeParameter", "SomeValue" HTTP.SOAPAction = "http://www.mysite.org/action/Service.GetSome" HTTP.Authentication "Username", "Password"
HTTP.Send http://www.mysite.org/webservice.WDSL",Envelope.Serialize Envelope.Parse HTTP
MsgBox "Result: " & Envelope.Parameters.Item(0).Value
A. Digest authentication
. SSL authentication
Basic authentication
Integrated authentication
What function can be used with SQL to encrypt user supplied-passwords to that they can be compared with the encrypted passwords stored on the SQL server?
pwdencrypt()
userencrypt()
DESpassword()
passwordin()
Darren has just been hired on as the SQL dba for Fredrickson Inc., a marketing firm in New York City. He has been asked to clearn up the SQL databases on one of the servers.
What SQL stored procedure could Darren use to remove user accounts from the databases?
sp_revokedbaccess
sp_revokeusers
sp_removeoldusers
sp_denyaccess
What encryption algorithm is used by PERL crypt() function?
Skipjack
3DES
DES
AES
Cylie is the Oracle DBA for her company and now wants to track all actions on her Oracle server using auditing. What file should Cylie insert the following line into? udit_trail = true
Sqlaudit.conf
audit.sql
init.ora
audit.sql
Travis is writing a website in PHP but is worried about its inherent vulnerability from session hijacking. What function could Travis use to protect against session hijacking in his PHP code?
Renew_session_id
PHP_id_renew
Create_newsession_id
Session_regenerate_id
What vulnerability is the following code susceptible to?
CREATE OR REPLACE PROCEDURE demo (name in VARCHAR2) as
cursor_name INTEGER; rows_processed INTEGER; sql VARCHAR2(150); code VARCHAR2(2);
BEGIN
...
sql := 'SELECT postal_code FROM states WHERE state_name = '''
|| '''';
cursor_name := dbms_sql.open_cursor; DBMS_SQL.PARSE(cursor_name, sql, DBMS_SQL.NATIVE); DBMS_SQL.DEFINE_COLUMN(cursor_name, 1, code, 10);
row_processed:= DMBS_SQL.EXECUTIVE(cursor_name); DBMS_SQL.CLOSE_CURSOR(cursor_name);
SQL string manipulation
DBMS_Open string attacks
Oracle injection
SQL injection
When dealing with IA32 (x86) systems, how are the inputted variables treated as they enter the memory stack?
Cache for 30 seconds
LIFO
FIFO
FCFS
William, a software developer just starting his career, was asked to create a website in PHP that would allow visitors to enter a month and a year for their birth date. The PHP code he creates has to validate the input after it is entered. If William uses the following code, what could a malicious user input to the year value to actually delete the whole website?
$month = $_GET['month'];
$year = $_GET['year'];
exec("cal $month $year", $result); print "<PRE>";
foreach($result as $r)
{
print "$r<BR>";
}
print "</PRE>";
";gf -rm *"
";dfr -php *"
";php -rf *"
";rm -rf *"
What type of encryption will be used from the following code? Dim Publickey As Byte() = {214,46,220,83,160,73,40,39,201 155,19,202,3,11,191,178,56,74,90,36,248,103,
18,144,170,163,145,87,54,61,34,220,222,207,
137,149,173,14,92,120,206,222,158,28,40,24,
30,16,175,108,128,35,203,118,40,121,113,125,
216,130,11,24,9,0,48,194,240,105,44,76,34,57,
249,228,125,80,38,9,136,29,117,207,139,168,181,
85,137,126,10,126,242,120,247,121,8,100,12,201,
171,38,226,193,180,190,117,177,87,143,242,213,
11,44,18,0,113,93,106,99,179,68,175,211,164,116,
64,148,226,254,172,147}
Dim Exponent As Byte() = {1,0,1}
Dim Encrypted SymmetricKey() As Byte Dim Encrypted SymmetricIV() As Byte
Dim RSA as New RSACryptoServiceProvider()
Dim RSAKeyInfo As New RSAParameters() RSAKeyInfo.Modules = PublicKey RSAKeyInfo.Exponent = Exponent RSA.ImportParameters(RSAKeyInfo)
Dim RM As New RijendaelManaged() EncryptedSymmetricKey = RSA.Encrypt(RM.Key,False) EncryptedSymmetricIV = RSA.Encrypt(RM.Key,False)
Symmetric encryption
MITM encryption
Reverse-key encryption
Asymmetric encryption
Peter is writing a program that has a GUI front-end and uses a MS SQL database as a backend. Peter's application will repeatedly update and call upon specific tables in the database on a regular basis. Peter wants to make sure that his program always has the ability to update the database and that no other calls or updates can touch the database tables used at the same time. How could Peter accomplish this in his application?
Explicit lock
SET TRANSACTION EXCLUSIVE
SET TRANSACTION WRITE
Implicit lock
Victor has completed writing his software application and is now working on error messages that will be displayed in case of any kind of failure or problem. He has written code that will display a op-up message where there is an error. He has also written code that explain the error that has occurred. What is the last aspect of error messages that Victor needs to create for his application?
Display exact code in application where erroroccurred
Suggest solution
Shut down application so no damage canoccur
Fix error in application
What type of problem will result if the following statement is used? int main()
{
short int a;
unsigned short int=b32768; a=b;
printf( " a = %d", a); b=65535;
a=b;
printf( " a = %d", a);
}
Truncation
Pointer subterfuge
Sign error
Function-pointer clobbering
6$03/( 48(67,216
7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV
.LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP
$FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP
([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP
3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV
*XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV
8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV
7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\
'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU
.LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG