312-92 Online Practice Questions and Answers

Processes having the "CAP_NET_BIND_SERVICE" can listen on which ports?

A. Any TCP port over 1024

B. Any UDP port under 1024

C. Any TCP port under 1024

D. Any UDP port over 1024

What would be the result of the following code?

#include

#include

int main(int argc, char *argv[])

{

char *input=malloc(20);

char *output=malloc(20);

strcpy(output, "normal output");

strcpy(input, argv[1]);

printf("input at %p: %s\n", input, input);

printf("output at %p: %s\n", output, output);

printf("\n\n%s\n", output);

}

A. Stack buffer overflow

B. Heap overflow

C. Query string manipulation

D. Pointer Subterfuge

Travis, a senior systems developer for YNY Services, received an email recently from an unknown source. Instead of opening the email on his normal production machine, Travis decides to copy the email to a thumb drive and examine it from

a quarantined PC not on the network. Travis examines the email and discovers a link that is supposed to take him to http://scarysite.com. Travis decides to get back on his production computer and examine the code of that site.

From the following code snippet, what has Travis discovered?

A. URL obfuscation

B. XSS attack

C. JavaScript hijacking

D. URL tampering

David is a developer that has created an application using the secure RPC protocol. Before anyone can actually use the program, where must David add entries for the users so that they can gain access?

A. /system/root/publickey

B. /etc/root/pkusers

C. /system/root/rpcusers

D. /etc/publickey

George is the CIO for the US Department of Defense. George's education and work experience cover everything from Systems Administration to developing complex software programs for the government. With many new federal regulations put forth by the US Department of Homeland Security, every single aspect of George's control must be secured and protected from attack. George is currently looking to purchase customized communications software for sending instant messages to branches of the DoD all over the world.

What set of security standards should George ensure the software he purchases be developed under?

A. Common Criteria

B. ISO 199776

C. Code Containment

D. Code Access Security

Neil is almost finished developing a Web-based inventorytracking application for a company he is working for under contract. Neil finds out that the company wants to pay him half of what they had agreed upon so he is very angry. Neil

decides to insert the following code into his application.

What is Neil trying to create here?

#include

#include

int main(int argc, char *argv[])

{

char buffer[10];

if (argc < 2)

{

fprintf(stderr, "USAGE: %s

string\n", argv[0]);

return 1;

}

strcpy(buffer, argv[1]);

return 0;

}

A. UML malformed string

B. Format string bug

C. Buffer underflow

D. Buffer overflow

What will the following command accomplish? c:\signtool12winnt\signtool -L -d a:\tmpcert:a:\cert

A. Save certificate to a temporary archive directory

B. Sign Java applet

C. Verify archive

D. Determine certificate nickname

What will the following ASP script accomplish on a webpage?

<%

Response.CacheControl = "no-cache"

Response.AddHeader "Pragma", "no-cache"

Response.Expires = -1

if session("UID")="" then

Response.Redirect "Logon.asp"

Response.End

end if

%>

A. Redirect users to the logon page if they do not have a valid certificate

B. Logged on users will timeout after hour

C. Checks whether user has already logged on

D. Checks the user's cache for personal information

Heather has built a new Linux kernel for her machine and wants to use the grub boot loader. Which file should she edit to tell the computer how to boot up properly?

A. /boot/grub/menu.lst

B. /usr/src/linux/arch/i386/boot/menu.lst

C. /etc/dev/boot/menu.lst

D. /etc/boot/lilo.conf

Jonathan is creating an XML document and needs to sign data streams. In his code, Jonathan creates a signature node that is contained within the signed datastream. What type of signature signing has Jonathan employed here?

A. Enveloping

B. Attached

C. Detached

D. Enveloped

Tyler is in the applicaion testing phase of a particular project. He has decided to use the White Box testing method. Tyler has made a number of changes to his code after some initial tests found some bugs. Tyler now needs to test the code with those changes in place.

What type of testing is Tyler getting ready to perform?

A. Integration testing

B. Mutation testing

C. Statement coverage testing

D. Branch coverage testing

Versions Unlimited, a software design company in Seattle, has just finished development of a new mapping software product. They have completed testing the internal code and are now ready to involve users other than programmers in the testing. Versions Unlimited invites internal employees and some external users to come to their company and test the product in a controlled environment.

What type of testing is Versions Unlimited currently undertaking?

A. Alpha testing

B. Open box testing

C. Regression testing

D. Beta testing

Nathan, an application developer, has taken over the lead developer's position and now will administer five other developers. The last lead developer was a programmer specialized in Xcode. Nathan is not familiar with Xcode at all, but will have to learn it to develop programs for company. Nathan come across some code left by the past developer: set this_file to choose file with prompt "Scale your image to 25%" try tell application "Image Capture Scripting" set this_image to open this_file scale this_image by factor 0.35 save this_image in this_file close this_image end tell on error error_message beep buttons {"Process failed")default button1 end try

A. Carbon

B. AppleTalk

C. AppleScript

D. Cocoa

What encryption algorithm is used by PERL crypt() function?

A. Skipjack

B. 3DES

C. DES

D. AES

William, a software developer just starting his career, was asked to create a website in PHP that would allow visitors to enter a month and a year for their birth date. The PHP code he creates has to validate the input after it is entered. If

William uses the following code, what could a malicious user input to the year value to actually delete the whole website?

$month = $_GET['month'];

$year = $_GET['year'];

exec("cal $month $year", $result);

print "

"; 
foreach($result as $r) 
{ 
print "$r
"; 
} 
print "

A. ";gf -rm *"

B. ";dfr -php *"

C. ";php -rf *"

D. ";rm -rf *"