ECCouncil 312-92 - EC-Council Certified Secure Programmer (ECSP) Exam
Page: 2 / 20
Total 99 questions
Question #6 (Topic: )
Which Linux command will securely delete a file by overwriting its contents?
A. rm –rf /
B. Shred
C. ps –rm
D. del –rm
Answer: B
Question #7 (Topic: )
Shayla is designing a web-based application that will pass data to and from a company
extranet. This data is very sensitive and must be protected at all costs. Shayla will use a
digital certificate and a digital signature to protect the data. The digital signature she has
chosen to use is based on the difficulty in computing discrete logarithms. Which digital
signature has she chosen?
extranet. This data is very sensitive and must be protected at all costs. Shayla will use a
digital certificate and a digital signature to protect the data. The digital signature she has
chosen to use is based on the difficulty in computing discrete logarithms. Which digital
signature has she chosen?
A. Rabin
B. Diffie-Hellman
C. SA-PSS
D. ElGamal
Answer: D
Question #8 (Topic: )
After learning from an external auditor that his code was susceptible to attack, George
decided to rewrite some of his code to look like the following. What is George preventing by
changing the code?
public voif doContent(...) {
...
String s;
if ((s = getUsernameByID(userid)) != null) {
s = StringUtils.encodeToHTML(s, 50);
response.write(<br>Applicant:<u> + s +
</u>);
...
decided to rewrite some of his code to look like the following. What is George preventing by
changing the code?
public voif doContent(...) {
...
String s;
if ((s = getUsernameByID(userid)) != null) {
s = StringUtils.encodeToHTML(s, 50);
response.write(<br>Applicant:<u> + s +
</u>);
...
A. Query string manipulation
B. XSS attack
C. Cookie poisoning
D. SQL injection
Answer: B
Question #9 (Topic: )
Fred is planning on using the windows socket application ClientApp.exe program to create
a client-side application that his employees will use. This program will access backend
programs from two different remote sites over WAN connections. If Fred does not make
any modifications to the ClientApp.exe default settings, what port must he have the network
engineer open in order for the application to communicate?
a client-side application that his employees will use. This program will access backend
programs from two different remote sites over WAN connections. If Fred does not make
any modifications to the ClientApp.exe default settings, what port must he have the network
engineer open in order for the application to communicate?
A. 21
B. 23
C. 25
D. 80
Answer: D
Question #10 (Topic: )
What would be the result of the following code?
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[])
char *input=malloc(20);
char *output=malloc(20);
strcpy(output, normal output);
strcpy(input, argv[1]);
printf(input at %p: %s\n, input, input);
printf(output at %p: %s\n, output, output);
printf(\n\n%s\n, output);
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[])
char *input=malloc(20);
char *output=malloc(20);
strcpy(output, normal output);
strcpy(input, argv[1]);
printf(input at %p: %s\n, input, input);
printf(output at %p: %s\n, output, output);
printf(\n\n%s\n, output);
A. Stack buffer overflow
B. Heap overflow
C. Query string manipulation
D. Pointer Subterfuge
Answer: B
