Echte Fragen 312-50 EC-COUNCIL Fragenkatalog
it-pruefungen bietet qualitativ hochwertige Prüfungsfragen und Antworten für die Vorbereitung auf Ihre IT-Zertifizierungsprüfungen, die alle Examfragen und Examsantworten abdecken. Bei it-pruefungen.de stehen Ihnen zahlreiche kostenlose Zertifizierungsfragen von IT Prüfungen zur Verfügung. Die neuesten Unterlagen und Simulationssoftware bei it-pruefungen.de machen die IT Prüfungen ganz leicht für Sie. Im Falle eines Scheiterns erhalten Sie nämlich die Gebühr zurückerstattet
312-50 Ethical Hacker Certified IT Prüfung,IT Zertifizierung,Prüfungsfrage, originale Fragen,Antorten, Fragenkataloge,Prüfungsunterlagen, Prüfungsfragen, Prüfungsfrage, Testfagen, Testantworten, Vorbereitung, Zertifizierungsfragen, Zertifizierungsantworten, Examsfragen, Antworten, echte Fragen
Echte Fragen 312-50 EC-COUNCIL Fragenkatalog
QUESTION NO: 1
Bob has a good understanding of cryptography, having worked with it for many years.
Cryptography is used to secure data from specific threats but it does not secure the data
from the specific threats but it does no secure the application from coding errors. It can
provide data privacy; integrity and enable strong authentication but it can’t mitigate
programming errors. What is a good example of a programming error that Bob can use to
explain to the management how encryption will not address all their security concerns?
A. Bob can explain that using a weak key management technique is a form of programming error
B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique
D. Bob can explain that a random number generation can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error
Answer: C
Explanation:
In computer security and programming, a buffer overflow, or buffer overrun, is a
programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.
QUESTION NO: 2
Which of the following built-in C/C++ functions you should avoid to prevent your program
from buffer overflow attacks?
A. strcpy()
B. strcat()
C. streadd()
D. strscock()
Answer: A,B,C
Explanation:
When hunting buffer overflows, the first thing to look for is functions which write into
arrays without any way to know the amount of space available. If you get to define the function, you can pass a length parameter in, or ensure that every array you ever pass to it is at least as big as the hard-coded maximum amount it will write. If you’re using a function someone else (like, say, the compiler vendor) has provided then avoiding functions like gets(), which take some amount of data over which you have no control and stuff it into arrays they can never know the size of, is a good start. Make sure that functions like the str…() family which expect NUL-terminated strings actually get them – store a ‘\0′ in the last element of each array involved just before you call the
function, if necessary. Strscock() is not a valid C/C++ function.
QUESTION NO: 3
An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -1 –p 1234 < secretfile Machine B: netcat 192.168.3.4 > 1234
He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt information before transmitting it on the
wire?
A. Machine A: netcat -1 –p –s password 1234 < testfile
Machine B: netcat 1234
B. Machine A: netcat -1 –e magickey –p 1234 < testfile
Machine B: netcat 1234
C. Machine A: netcat -1 –p 1234 < testfile –pw password
Machine B: netcat 1234 –pw password
D. Use cryptcat instead of netcat.
Answer: D
Echte Fragen 312-50 EC-COUNCIL Fragenkatalog
