312-50v8 Question Answer

QUESTION NO: 1

A security analyst in an insurance company is assigned to test a new web application that will be
used by clients to help them choose and apply for an insurance plan. The analyst discovers that
the application is developed in ASP scripting language and it uses MSSQL as a database
backend. The analyst locates the application's search form and introduces the following code in
the search input fielD.

IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC"
originalPath="vbscript:msgbox("Vulnerable");>"

When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".
Which web applications vulnerability did the analyst discover?

A. Cross-site request forgery
B. Command injection
C. Cross-site scripting
D. SQL injection

Answer: C

QUESTION NO: 2

Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display,
or modify ACL’s (access control lists) to files or folders and also one that can be used within batch
files.Which of the following tools can be used for that purpose? (Choose the best answer)
A. PERM.exe
B. CACLS.exe
C. CLACS.exe
D. NTPERM.exe

Answer: B

Explanation: Cacls.exe is a Windows NT/2000/XP command-line tool you can use to assign,display,or modify ACLs (access control lists) to files or folders. Cacls is an interactive tool,and since it's a command-line utility,you can also use it in batch files.