Practicetest 312-50 EC-COUNCIL it-exams
Practicetest 312-50 EC-COUNCIL it-exams
IT Exam,IT Certification,braindump,original questions, question pool,document, braindump, test questions, test question, dumps, test answers, it-exams.com, preparation, pdf, certification questions, answers Certification, certification test, practice test, exam dumps, certification training, answers real questions
312-50 Ethical Hacker Certified our products come with a 100% guarantee of success. We hold this claim because of the highly dedicated and expert team that we have and because of our past performance.
Practicetest 312-50 EC-COUNCIL it-exams
QUESTION NO: 1
Bob has a good understanding of cryptography, having worked with it for many years.
Cryptography is used to secure data from specific threats but it does not secure the data
from the specific threats but it does no secure the application from coding errors. It can
provide data privacy; integrity and enable strong authentication but it can’t mitigate
programming errors. What is a good example of a programming error that Bob can use to
explain to the management how encryption will not address all their security concerns?
A. Bob can explain that using a weak key management technique is a form of programming error
B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique
D. Bob can explain that a random number generation can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error
Answer: C
Explanation:
In computer security and programming, a buffer overflow, or buffer overrun, is a
programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.
QUESTION NO: 2
Which of the following built-in C/C++ functions you should avoid to prevent your program
from buffer overflow attacks?
A. strcpy()
B. strcat()
C. streadd()
D. strscock()
Answer: A,B,C
Explanation:
When hunting buffer overflows, the first thing to look for is functions which write into
arrays without any way to know the amount of space available. If you get to define the function, you can pass a length parameter in, or ensure that every array you ever pass to it is at least as big as the hard-coded maximum amount it will write. If you're using a function someone else (like, say, the compiler vendor) has provided then avoiding functions like gets(), which take some amount of data over which you have no control and stuff it into arrays they can never know the size of, is a good start. Make sure that functions like the str...() family which expect NUL-terminated strings actually get them - store a '\0' in the last element of each array involved just before you call the
function, if necessary. Strscock() is not a valid C/C++ function.
QUESTION NO: 3
An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -1 –p 1234 < secretfile
Machine B: netcat 192.168.3.4 > 1234
He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt information before transmitting it on the
wire?
A. Machine A: netcat -1 –p –s password 1234 < testfile
Machine B: netcat 1234
B. Machine A: netcat -1 –e magickey –p 1234 < testfile
Machine B: netcat 1234
C. Machine A: netcat -1 –p 1234 < testfile –pw password
Machine B: netcat 1234 –pw password
D. Use cryptcat instead of netcat.
Answer: D
Practicetest 312-50 EC-COUNCIL it-exams
IT Exam,IT Certification,braindump,original questions, question pool,document, braindump, test questions, test question, dumps, test answers, it-exams.com, preparation, pdf, certification questions, answers Certification, certification test, practice test, exam dumps, certification training, answers real questions
312-50 Ethical Hacker Certified our products come with a 100% guarantee of success. We hold this claim because of the highly dedicated and expert team that we have and because of our past performance.
Practicetest 312-50 EC-COUNCIL it-exams
QUESTION NO: 1
Bob has a good understanding of cryptography, having worked with it for many years.
Cryptography is used to secure data from specific threats but it does not secure the data
from the specific threats but it does no secure the application from coding errors. It can
provide data privacy; integrity and enable strong authentication but it can’t mitigate
programming errors. What is a good example of a programming error that Bob can use to
explain to the management how encryption will not address all their security concerns?
A. Bob can explain that using a weak key management technique is a form of programming error
B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique
D. Bob can explain that a random number generation can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error
Answer: C
Explanation:
In computer security and programming, a buffer overflow, or buffer overrun, is a
programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.
QUESTION NO: 2
Which of the following built-in C/C++ functions you should avoid to prevent your program
from buffer overflow attacks?
A. strcpy()
B. strcat()
C. streadd()
D. strscock()
Answer: A,B,C
Explanation:
When hunting buffer overflows, the first thing to look for is functions which write into
arrays without any way to know the amount of space available. If you get to define the function, you can pass a length parameter in, or ensure that every array you ever pass to it is at least as big as the hard-coded maximum amount it will write. If you're using a function someone else (like, say, the compiler vendor) has provided then avoiding functions like gets(), which take some amount of data over which you have no control and stuff it into arrays they can never know the size of, is a good start. Make sure that functions like the str...() family which expect NUL-terminated strings actually get them - store a '\0' in the last element of each array involved just before you call the
function, if necessary. Strscock() is not a valid C/C++ function.
QUESTION NO: 3
An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -1 –p 1234 < secretfile
Machine B: netcat 192.168.3.4 > 1234
He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt information before transmitting it on the
wire?
A. Machine A: netcat -1 –p –s password 1234 < testfile
Machine B: netcat 1234
B. Machine A: netcat -1 –e magickey –p 1234 < testfile
Machine B: netcat 1234
C. Machine A: netcat -1 –p 1234 < testfile –pw password
Machine B: netcat 1234 –pw password
D. Use cryptcat instead of netcat.
Answer: D
Practicetest 312-50 EC-COUNCIL it-exams
nina008 - 28. Dez, 03:14
