Download ECCouncil.312-50v10.Prep4Sure.2018-09-09.67q.tqb
| Vendor: | ECCouncil |
| Exam Code: | 312-50v10 |
| Exam Name: | Certified Ethical Hacker v10 Exam |
| Date: | Sep 09, 2018 |
| File Size: | 319 KB |
Demo Questions
Question 1
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
- Cross-site scripting vulnerability
- Web site defacement vulnerability
- SQL injection vulnerability
- Cross-site Request Forgery vulnerability
Correct answer: A
Question 2
Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.
Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?
- “GET/restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”
- “GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com”
- “GET/restricted/bank.getaccount(‘Ned’) HTTP/1.1 Host: westbank.com”
- “GET/restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”
Correct answer: B
Question 3
Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?
- Metasploit
- Cain & Abel
- Maltego
- Wireshark
Correct answer: C
