Free Download Pass4sure EC-Council 312-92 Dumps
EC-Council Certified Secure Programmer (ECSP): 312-92 Exam
312-92 Questions & Answers
Exam Code: 312-92
Exam Name: EC-Council Certified Secure Programmer (ECSP)
Q & A: 104 Q&As
QUESTION 1
Cylie is the Oracle DBA for her company and now wants to track all actions on her Oracle server
using auditing. What file should Cylie insert the following line into? audit_trail = true
A. Sqlaudit.conf
B. audit.sql
C. init.ora
D. audit.sql
Answer: C
QUESTION 2
Travis is writing a website in PHP but is worried about its inherent vulnerability from session
hijacking. What function could Travis use to protect against session hijacking in his PHP code?
A. Renew_session_id
B. PHP_id_renew
C. Create_newsession_id
D. Session_regenerate_id
Answer: D
QUESTION 3
What vulnerability is the following code susceptible to?
CREATE OR REPLACE PROCEDURE demo (name in VARCHAR2) as cursor_name INTEGER;
rows_processed INTEGER;
sql VARCHAR2(150);
code VARCHAR2(2);
BEGIN
…
sql := ‘SELECT postal_code FROM states WHERE state_name = ”’ || ””;
cursor_name := dbms_sql.open_cursor;
DBMS_SQL.PARSE(cursor_name, sql, DBMS_SQL.NATIVE);
DBMS_SQL.DEFINE_COLUMN(cursor_name, 1, code, 10);
row_processed:= DMBS_SQL.EXECUTIVE(cursor_name);
DBMS_SQL.CLOSE_CURSOR(cursor_name);
A. SQL string manipulation
B. DBMS_Open string attacks
C. Oracle injection
D. SQL injection
Answer: D
QUESTION 4
When dealing with IA32 (x86) systems, how are the inputted variables treated as they enter the
memory stack?
A. Cache for 30 seconds
B. LIFO
C. FIFO
D. FCFS
Answer: B
QUESTION 5
William, a software developer just starting his career, was asked to create a website in PHP that
would allow visitors to enter a month and a year for their birth date. The PHP code he creates has
to validate the input after it is entered. If William uses the following code, what could a malicious
user input to the year value to actually delete the whole website?
$month = $_GET[‘month’];
$year = $_GET[‘year’];
exec(“cal $month $year”, $result);
print “<PRE>”;
foreach($result as $r)
{
print “$r<BR>”;
}
print “</PRE>”;
A. “;gf -rm *”
B. “;dfr -php *”
C. “;php -rf *”
D. “;rm -rf *”
Answer: D
QUESTION 6
What type of encryption will be used from the following code?
Dim Publickey As Byte() = {214,46,220,83,160,73,40,39,201
155,19,202,3,11,191,178,56,74,90,36,248,103,
18,144,170,163,145,87,54,61,34,220,222,207,
137,149,173,14,92,120,206,222,158,28,40,24,
30,16,175,108,128,35,203,118,40,121,113,125,
216,130,11,24,9,0,48,194,240,105,44,76,34,57,
249,228,125,80,38,9,136,29,117,207,139,168,181,
85,137,126,10,126,242,120,247,121,8,100,12,201,
171,38,226,193,180,190,117,177,87,143,242,213,
11,44,18,0,113,93,106,99,179,68,175,211,164,116,
64,148,226,254,172,147}
Dim Exponent As Byte() = {1,0,1}
Dim Encrypted SymmetricKey() As Byte
Dim Encrypted SymmetricIV() As Byte
Dim RSA as New RSACryptoServiceProvider()
Dim RSAKeyInfo As New RSAParameters()
RSAKeyInfo.Modules = PublicKey
RSAKeyInfo.Exponent = Exponent
RSA.ImportParameters(RSAKeyInfo)
Dim RM As New RijendaelManaged()
EncryptedSymmetricKey = RSA.Encrypt(RM.Key,False)EncryptedSymmetricIV = RSA.Encrypt(RM.Key,False)
A. Symmetric encryption
B. MITM encryption
C. Reverse-key encryption
D. Asymmetric encryption
Answer: D
QUESTION 7
Peter is writing a program that has a GUI front-end and uses a MS SQL database as a backend.
Peter’s application will repeatedly update and call upon specific tables in the database on a regular
basis. Peter wants to make sure that his program always has the ability to update the database
and that no other calls or updates can touch the database tables used at the same time. How
could Peter accomplish this in his application?
A. Explicit lock
B. SET TRANSACTION EXCLUSIVE
C. SET TRANSACTION WRITE
D. Implicit lock
Answer: A
QUESTION 8
Victor has completed writing his software application and is now working on error messages that
will be displayed in case of any kind of failure or problem. He has written code that will display a
pop-up message where there is an error. He has also written code that explain the error that has
occurred. What is the last aspect of error messages that Victor needs to create for his application?
A. Display exact code in application where error occurred
B. Suggest solution
C. Shut down application so no damage can occur
D. Fix error in application
Answer: B
QUESTION 9
What type of problem will result if the following statement is used?
int main()
{
short int a;
unsigned short int=b32768;
a=b;
printf( ” a = %d”, a);
b=65535;
a=b;
printf( ” a = %d”, a);
}
A. Truncation
B. Pointer subterfuge
C. Sign error
D. Function-pointer clobbering
Answer: A
QUESTION 10
What would be the result of the following code?
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
char *input=malloc(20);
char *output=malloc(20);
strcpy(output, “normal output”);
strcpy(input, argv[1]);
printf(“input at %p: %s\n”, input, input);
printf(“output at %p: %s\n”, output, output);
printf(“\n\n%s\n”, output);
}
A. Stack buffer overflow
B. Heap overflow
C. Query string manipulation
D. Pointer Subterfuge
Answer: B
…you can go to http://www.lead2pass.com/312-92.html to download the full version.
Why Choose Lead2pass?
If you want to pass the exam successfully in first attempt you have to choose the best IT study material provider, in my opinion, Lead2pass is one of the best way to prepare for the exam.
Lead2pass | Testking | Pass4sure | Actualtests | Others | |
$99.99 | $124.99 | $125.99 | $189 | $29.99-$49.99 | |
Up-to-Dated | ✔ | ✖ | ✖ | ✖ | ✖ |
Real Questions | ✔ | ✖ | ✖ | ✖ | ✖ |
Error Correction | ✔ | ✖ | ✖ | ✖ | ✖ |
Printable PDF | ✔ | ✖ | ✖ | ✖ | ✖ |
Premium VCE | ✔ | ✖ | ✖ | ✖ | ✖ |
VCE Simulator | ✔ | ✖ | ✖ | ✖ | ✖ |
One Time Purchase | ✔ | ✖ | ✖ | ✖ | ✖ |
Instant Download | ✔ | ✖ | ✖ | ✖ | ✖ |
Unlimited Install | ✔ | ✖ | ✖ | ✖ | ✖ |
100% Pass Guarantee | ✔ | ✖ | ✖ | ✖ | ✖ |
100% Money Back | ✔ | ✖ | ✖ | ✖ | ✖ |