EC-COUNCIL 312-92 問題集

質問 1：
Kevin wants to use an SSL certificate from his Mac OS X server so that he can send and receive encrypted email. What would Kevin accomplish by typing in the following command?
certtool c k=/Users/root/Library/Keychains/certkc
A. Remove any unnecessary permissions on the file "certkc"
B. Import encryption key into the file "certkc"
C. Create keychain called "certkc"
D. Copy the root certificate of the server to the file "certkc"
正解：C

質問 2：
Yancey has just finished downloading the Valgrind suite to use in his application development. Yancey is most concerned about the possibility of memory-management issues in his programs. What tool included in Valgrind suite can Yancey use to detect memory-management related issues?
A. Cachegrind
B. Memcheck
C. MemoryGuard
D. Massif
正解：B

質問 3：
What type of problem or error will result from the following statement?
void f2b(void * arg, size_t len)
{
char buffer[100];
long val = ...;
long *ptr = ...;
extern void (*f)();
memcpy(buff, arg, len);
*ptr = val;
f();
return;
}
A. Heap smashing
B. Virtual pointer smashing
C. Pointer subterfuge
D. Sign error
正解：C

質問 4：
After learning from an external auditor that his code was susceptible to attack, George decided to rewrite some of his code to look like the following. What is George preventing by changing the code?
public voif doContent(...) {
...
String s;
if ((s = getUsernameByID("userid")) != null) {
s = StringUtils.encodeToHTML(s, 50);
response.write("<br>Applicant:<u>" + s +
"</u>");
}
...
}
A. Query string manipulation
B. XSS attack
C. SQL injection
D. Cookie poisoning
正解：B

質問 5：
Tyler is in the applicaion testing phase of a particular project. He has decided to use the White Box testing method. Tyler has made a number of changes to his code after some initial tests found some bugs. Tyler now needs to test the code with those changes in place.
What type of testing is Tyler getting ready to perform?
A. Mutation testing
B. Integration testing
C. Branch coverage testing
D. Statement coverage testing
正解：A

質問 6：
William is the lead programmer for Gummerson, Inc., a software company located in San Francisco. Gummerson is looked upon as one of the leading software development companies for medical and health related applications. William believes that his company is so successful because they believe in involving the user or client in the design and development of the programs. What software development methodology does Gunnerson, Inc. use when creating applications for clients?
A. JAD
B. Waterfall
C. Fountain
D. RAD
正解：A

質問 7：
David is an applications developer working for Dewer and Sons law firm in Los Angeles David just completed a course on writing secure code and was enlightened by all the intricacies of how code must be rewritten many times to ensure its security. David decides to go through all the applications he has written and change them to be more secure. David comes across the following snippet in one of his programs:
#include <stdio.h>
int main(int argc, char **argv)
{
int number = 5;
printf(argv[1]);
putchar('\n');
printf("number (%p) is equal to %d\n",
&value, value);
}
What could David change, add, or delete to make this code more secure?
A. Change printf(argv[1]) to printf("%s", argv[1])
B. Change putchar('\n') to putchar("%s", '\n')
C. Change int number = 5 to const number = ""
D. Change printf(argv[1]) to printf(constv [0])
正解：A

質問 8：
Sherry is programming an online game and is trying to prevent security threats from being introduced into the game. She is also trying to prevent any kind of online cheating by searching for possible anomalies. Sherry especially wants to prevent cheating where a program or application is used to replace human reaction to produce superior results. What category of online cheating is she most concerned about?
A. Authoritative clients
B. Vector-time augmentation
C. Reflex augmentation
D. Artificial intelligence intervention
正解：D

質問 9：
Peter is writing a program that has a GUI front-end and uses a MS SQL database as a backend. Peter's application will repeatedly update and call upon specific tables in the database on a regular basis. Peter wants to make sure that his program always has the ability to update the database and that no other calls or updates can touch the database tables used at the same time. How could Peter accomplish this in his application?
A. SET TRANSACTION EXCLUSIVE
B. SET TRANSACTION WRITE
C. Implicit lock
D. Explicit lock
正解：D