Eccouncil ECSAv10 Exam - Topic 1 Question 13 Discussion

Actual exam question for Eccouncil's ECSAv10 exam

Question #: 13
Topic #: 1

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

include

#include

int main(int argc, char *argv[])

{

char buffer[10];

if (argc < 2)

{

fprintf(stderr, "USAGE: %s string\n", argv[0]);

return 1;

}

strcpy(buffer, argv[1]);

return 0;

}

ABuffer overflow

BFormat string bug

CKernal injection

DSQL injection

Show Suggested Answer

Suggested Answer: A

by Lorean at May 04, 2022, 02:21 PM

Limited Time Offer

25%

Off

Get Premium ECSAv10 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Twila

4 months ago

Not sure, could it be something else?

upvoted 0 times

...

Carlota

4 months ago

Yup, buffer overflow is definitely the issue here.

upvoted 0 times

...

Antonio

4 months ago

Wait, isn't that a bit too obvious?

upvoted 0 times

...

Kyoko

4 months ago

Totally agree, that's a classic vulnerability!

upvoted 0 times

...

Noah

5 months ago

He's testing for buffer overflow.

upvoted 0 times

...

Edward

5 months ago

I’m confused because I thought SQL injection was more about database queries, but this seems to be about memory issues.

upvoted 0 times

...

Gary

5 months ago

This looks similar to a practice question we did on buffer overflows in class. I feel like that's the main issue with strcpy.

upvoted 0 times

...

Vanda

5 months ago

I'm not entirely sure, but I remember something about format string bugs being related to printf functions, so that doesn't seem right here.

upvoted 0 times

...

Terrilyn

5 months ago

I think Kyle is testing for a buffer overflow since he's using strcpy without checking the length of argv[1].

upvoted 0 times

...

Florinda

5 months ago

Hmm, this is a tricky one. I'm not entirely sure about the specifics of using URPF in an IPsec VPN environment. I'll need to review my notes and try to piece together the right strategy.

upvoted 0 times

...

Desiree

5 months ago

Hmm, this seems like a tricky one. I'll need to think it through carefully.

upvoted 0 times

...

Joesph

5 months ago

Okay, let me think this through step-by-step. The question is asking about the result of an array addition, and the image shows some arrays. I'll need to add up the elements in the arrays to determine the correct answer.

upvoted 0 times

...

Ethan

5 months ago

Wait, what's "Ut scanning"? I'm not familiar with that term in the context of corrosion. I'll have to guess on this one and hope for the best.

upvoted 0 times

...