Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil 312-92 EC-Council Certified Secure Programmer (ECSP) Exam Practice Test

Demo: 14 questions
Total 99 questions

EC-Council Certified Secure Programmer (ECSP) Questions and Answers

Question 1

What would be the result of the following code?

#include

#include

int main(int argc, char *argv[])

{

char *input=malloc(20);

char *output=malloc(20);

strcpy(output, “normal output”);

strcpy(input, argv[1]);

printf(“input at %p: %s\n”, input, input);

printf(“output at %p: %s\n”, output, output);

printf(“\n\n%s\n”, output);

}

Options:

A.

Stack buffer overflow

B.

Heap overflow

C.

Query string manipulation

D.

Pointer Subterfuge

Question 2

Steve is using the libcap library to create scripts for capturing and analyzing network traffic.

Steve has never used libcap before and is struggling with finding out the correct functions to use. Steve is trying to pick the default network interface in his script and does not know which function to use. Which function would he use to correctly choose the default interface in the script?

Options:

A.

pcap_open_live

B.

pcap_int_default

C.

pcap_lookupdev

D.

pcap_use_int

Question 3

What encryption algorithm is used by PERL crypt() function?

Options:

A.

Skipjack

B.

3DES

C.

DES

D.

AES

Question 4

Shayla is designing a web-based application that will pass data to and from a company extranet. This data is very sensitive and must be protected at all costs. Shayla will use a digital certificate and a digital signature to protect the data. The digital signature she has chosen to use is based on the difficulty in computing discrete logarithms. Which digital signature has she chosen?

Options:

A.

Rabin

B.

Diffie-Hellman

C.

SA-PSS

D.

ElGamal

Question 5

What will the following ASP script accomplish on a webpage?

<%

Response.CacheControl = “no-cache”

Response.AddHeader “Pragma”, “no-cache”

Response.Expires = -1

if session(“UID”)=”” then

Response.Redirect “Logon.asp”

Response.End

end if

%>

Options:

A.

Redirect users to the logon page if they do not have a valid certificate

B.

Logged on users will timeout after hour

C.

Checks whether user has already logged on

D.

Checks the user’s cache for personal information

Question 6

What would be the output of the following script?

import java.net*;

public class ExampleByName {

public static void main(String[] args) {

try

{

InetAddress.getByName(www.microsoft.com");

System.out.println(address);

}

catch (UnKnownHostException e) {

System.out.println("Could not find www.microsoft.com")

}

}

Options:

A.

IP address of www.microsoft.com

B.

Hexadecimal equivalent for www.microsoft.com

C.

Tracert information to the www.microsoft.com

D.

Whois information for www.microsoft.com

Question 7

When a developer is creating port binding shell code, why should he/she not use the NULL characters?

Options:

A.

Creates hardware call errors

B.

Create firmware vulnerabilities with hardware

C.

Create buffer overflow

D.

Create open sockets

Question 8

Devon is writing the following code to avoid what?

Options:

A.

Type safety

B.

GET source code path

C.

Parent path tampering

D.

Canonicalization

Question 9

Harold is developing software for the company he works for to aid in their human resources and payroll procedures. Harold is almost done working on the program, currently working in the testing phase. Since Harold’s supervisors and the company executives are going to consider this a mission critical program, they want it to be tested to the fullest. Harold decides to test the program using higher than normal simulated loads and requests. What type of testing is Harold performing against his program?

Options:

A.

Load test

B.

Stress test

C.

User acceptance test

D.

Load-pressure test

Question 10

Kevin is developing a webpage using html and javascript code. The webpage will have a lot of important content and will have a number of functions that Kevin does not want revealed through the source code. Why would Kevin choose to employ HTML Guardian to hide the source code of his webpage?

Options:

A.

HTML Guardian disables the “view source” option when users browse to the page

B.

HTML Guardian makes it so that nothing can be seen at all when viewing the source code

C.

HTML Guardian wraps the code up into include files

D.

HTML Guardian encrypts html and javascript code

Question 11

Lyle is writing some code in VB.NET and is implementing some build-in security. What type of .NET security is Lyle using in the following code?

public class Myclass1

Public Sub New()

End Sub

Public Sub MyMethods()

Dim Perm As New MyPermission()

Perm.Demand()

End Sub

Pub Sub YourMethod()

End Sub

End Class

Options:

A.

Imperative security

B.

Explicit security

C.

Implicit security

D.

Declarative security

Question 12

When dealing with IA32 (x86) systems, how are the inputted variables treated as they enter the memory stack?

Options:

A.

Cache for 30 seconds

B.

LIFO

C.

FIFO

D.

FCFS

Question 13

David is an applications developer working for Dewer and Sons law firm in Los Angeles David just completed a course on writing secure code and was enlightened by all the intricacies of how code must be rewritten many times to ensure its security. David decides to go through all the applications he has written and change them to be more secure. David comes across the following snippet in one of his programs:

#include

int main(int argc, char **argv)

{

int number = 5;

printf(argv[1]);

putchar(‘\n’);

printf(“number (%p) is equal to %d\n”,

&value, value);

}

What could David change, add, or delete to make this code more secure?

Options:

A.

Change putchar(‘\n’) to putchar(“%s”, ‘\n’)

B.

Change printf(argv[1]) to printf(“%s”, argv[1])

C.

Change printf(argv[1]) to printf(constv [0])

D.

Change int number = 5 to const number = “”

Question 14

Mathew is working on a Fedora machine and is having issues with some shellcode he wrote that is producing errors. Mathew decides to download and use Ktrace to debug the shellcode to see where the errors are originating from. Why will his plan not work?

Options:

A.

Ktrace cannot debug errors, it only notifies of successful calls

B.

Ktrace only works on Windows platforms

C.

Ktrace cannot debug shellcode

D.

Ktrace only works on *BSD platforms

Demo: 14 questions
Total 99 questions