Zend Preparation | PHP Quiz (Learning Mode)

Security Learning Mode

Qusetions Index 59/185

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185

Sometimes, it is desirable to use a third-party utility from within a PHP script to perform operations that the language does not support internally (for instance, calling a compression program to compress a file using a format that PHP does not provide an extension for). When executing system commands from PHP scripts, which of the following functions should always be used to ensure no malicious commands are injected? (Choose 2)

Always prefer the backtick operator ` to calls such as exec(), which are less secure

Always use the shell_exec function when possible, as it performs security checks on commands prior to executing them

Use the escapeshellcmd function to escape shell metacharacters prior to execution

Enable the safe_mode configuration directive prior to executing shell commands using ini_set()

Use the escapeshellarg function to escape shell command arguments prior to execution