CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 68)

Page 67 of 191
PDF with 878 Questions

Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code and decides to save the page locally to modify some of the page variables. In the context of web application security, what do you think Jane has changed?

  1. An integer variable
  2. A 'hidden' price value
  3. A 'hidden' form field value
  4. A page cannot be changed locally; it can only be served by a web server

Answer(s): C

Explanation:

Changing hidden form values is possible when a web site is poorly built and is trusting the visitors computer to submit vital data, like the price of a product, to the database.



____________ will let you assume a users identity at a dynamically generated web page or site.

  1. SQL attack
  2. Injection attack
  3. Cross site scripting
  4. The shell attack
  5. Winzapper

Answer(s): C

Explanation:

Cross site scripting is also referred to as XSS or CSS. You must know the user is online and you must scam that user into clicking on a link that you have sent in order for this hack attack to work.



A Buffer Overflow attack involves:

  1. Using a trojan program to direct data traffic to the target host's memory stack
  2. Flooding the target network buffers with data traffic to reduce the bandwidth available to legitimate users
  3. Using a dictionary to crack password buffers by guessing user names and passwords
  4. Poorly written software that allows an attacker to execute arbitrary code on a target system

Answer(s): D

Explanation:

B is a denial of service. By flooding the data buffer in an application with trash you could get access to write in the code segment in the application and that way insert your own code.



Sniffing is considered an active attack.

  1. True
  2. False

Answer(s): B

Explanation:

Sniffing is considered a passive attack.






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Exam Discussions & Posts