Download Ec-council.Examsheets.312-50.v2014-02-04.by.Batista

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts

Computer and network surveillance wikipedia, lookup

Computer security compromised by hardware failure wikipedia, lookup

Transcript
Section: (none)
Explanation
Explanation/Reference:
Explanation: This is a typical Type-1 Cross Site Scripting attack. This kind of cross-site scripting hole is also
referred to as a non-persistent or reflected vulnerability,and is by far the most common type. These holes show
up when data provided by a web client is used immediately by server-side scripts to generate a page of results
for that user. If unvalidated user-supplied data is included in the resulting page without HTML encoding,this will
allow client-side code to be injected into the dynamic page. A classic example of this is in site search engines: if
one searches for a string which includes some HTML special characters,often the search string will be
redisplayed on the result page to indicate what was searched for,or will at least include the search terms in the
text box for easier editing. If all occurrences of the search terms are not HTML entity encoded,an XSS hole will
result.
QUESTION 738
Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn
an interactive shell and plans to deface the main web page. He first attempts to use the "echo" command to
simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no
progress. Finally, he tries to overwrite it with another page in which also he remains unsuccessful. What is the
probable cause of Bill's problem?
A.
B.
C.
D.
You cannot use a buffer overflow to deface a web page
There is a problem with the shell and he needs to run the attack again
The HTML file has permissions of read only
The system is a honeypot
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 739
Which of the following statements best describes the term Vulnerability?
A.
B.
C.
D.
A weakness or error that can lead to a compromise
An agent that has the potential to take advantage of a weakness
An action or event that might prejudice security
The loss potential of a threat.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: Vulnerabilities are all weaknesses that can be exploited.
QUESTION 740
Bob is a very security conscious computer user. He plans to test a site that is known to have malicious applets,
code, and more. Bob always make use of a basic Web Browser to perform such testing.
Which of the following web browser can adequately fill this purpose?
A. Internet Explorer
B. Mozila