A security analyst in an insurance company is assigned to test a new web application that will be used by
clients to help them choose and apply for an insurance plan. The analyst discovers that the application is
developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the
application's search form and introduces the following code in the search input fielD.
IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox
("Vulnerable");>"
When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".
Which web applications vulnerability did the analyst discover?
Real 192
EC-Council EC0-350 Exam
While testing the company's web applications, a tester attempts to insert the following test script into the
search area on the company's web sitE.
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text:
"Testing Testing Testing". Which vulnerability has been detected in the web application?
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system.
The alert was generated because a large number of packets were coming into the network over ports 20
and 21. During analysis, there were no signs of attack on the FTP servers.
How should the administrator classify this situation?
Real 194
EC-Council EC0-350 Exam
The following is part of a log file taken from the machine on the network with the IP address of
192.168.1.106:
Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:17 Port:21 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:19 Port:22 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:21 Port:23 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:22 Port:25 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:23 Port:80 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:30 Port:443 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
What type of activity has been logged?
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of
the following is the correct bit size of the Diffie-Hellman (DH) group 5?