• Home
  • Articles
  • 312-96 Braindumps Real Exam Updated on Apr 01, 2024 with 49 Questions [Q25-Q43]

312-96 Braindumps Real Exam Updated on Apr 01, 2024 with 49 Questions [Q25-Q43]

Share

312-96 Braindumps Real Exam Updated on Apr 01, 2024 with 49 Questions

Latest 312-96 PDF Dumps & Real Tests Free Updated Today


EC-Council 312-96 Exam Syllabus Topics:

TopicDetailsWeights
Secure Coding Practices for Input Validation- Understand the need of input validation
-Explain data validation techniques
-Explain data validation in strut framework
-Explain data validation in Spring framework
-Demonstrate the knowledge of common input validation errors
-Demonstrate the knowledge of common secure coding practices for input validation		8%
Understanding Application Security, Threats, and Attacks-Understand the need and benefits of application security
-Demonstrate the understanding of common application-level attacks
-Explain the causes of application-level vulnerabilities
-Explain various components of comprehensive application security
-Explain the need and advantages of integrating security in Software Development Life Cycle (SDLQ)
-Differentiate functional vs security activities in SDLC
-Explain Microsoft Security Development Lifecycle (SDU)
-Demonstrate the understanding of various software security reference standards, models, and frameworks		18%
Secure Application Design and Architecture- Understand the importance of secure application design
-Explain various secure design principles
-Demonstrate the understanding of threat modeling
-Explain threat modeling process
-Explain STRIDE and DREAD Model
-Demonstrate the understanding of Secure Application Architecture Design		12%
Secure Coding Practices for Session Management- Explain session management in Java
-Demonstrate the knowledge of session management in Spring framework
-Demonstrate the knowledge of session vulnerabilities and their mitigation techniques
-Demonstrate the knowledge of best practices and guidelines for secure session management		10%

 

NEW QUESTION # 25
Which of the following is used to mapCustom Exceptions to Statuscode?

  • A. @ScacusCode
  • B. @ResponseCode
  • C. @ResponseStatusCode
  • D. @ResponseStatus

Answer: D


NEW QUESTION # 26
James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?

  • A. Try-Catch-Finally block
  • B. Try-Catch block
  • C. Try-Catch-Resources block
  • D. Try-With-Resources block

Answer: D


NEW QUESTION # 27
Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?

  • A. < connector... maxFileSize="file size" / >
  • B. < connector... maxPostSize="0"/>
  • C. < connector... maxPostSize="file size" / >
  • D. < connector... maxFileLimit="file size" / >

Answer: C


NEW QUESTION # 28
Identify the type of attack depicted in the figure below:

  • A. XSS
  • B. Cross-Site Request Forgery (CSRF) attack
  • C. SQL injection attack
  • D. Denial-of-Service attack

Answer: B


NEW QUESTION # 29
Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

  • A. < connector lsSSLEnabled="Yes" / >
  • B. < connector SSLEnabled="false" / >
  • C. < connector EnableSSL="true" / >
  • D. < connector SSLEnabled="true" / >

Answer: D


NEW QUESTION # 30
Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?

  • A. session-fixation-protection ="newSessionlD"
  • B. session-fixation-protection =".
  • C. session-fixation-protection ="enabled"
  • D. session-fixation-protection =".

Answer: D


NEW QUESTION # 31
In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.

  • A. Failure to Restrict URL
  • B. Denial-of-Service [Do
  • C. Broken Authentication
  • D. Unvalidated Redirects and Forwards

Answer: B


NEW QUESTION # 32
A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to

  • A. Session Hijacking attack
  • B. Cross Site Request Forgery attack
  • C. SQL Injection attack
  • D. Brute force attack

Answer: C


NEW QUESTION # 33
Which of the following authentication mechanism does J2EE support?

  • A. Role Based, Http Basic, Windows, Http Digest Authentication
  • B. Windows, Form based. Role Based, Client/Server Mutual Authentication
  • C. Http Basic, Form Based, Client/Server Mutual, HTTP Digest Authentication
  • D. Http Basic, Form Based, Client/Server Mutual, Role Based Authentication

Answer: C


NEW QUESTION # 34
The software developer has implemented encryption in the code as shown in the following screenshot.

However, using the DES algorithm for encryption is considered to be an insecure coding practice as DES is a weak encryption algorithm. Which of the following symmetric encryption algorithms will you suggest for strong encryption?

  • A. MD5
  • B. Triple DES
  • C. AES
  • D. SHA-1

Answer: C


NEW QUESTION # 35
Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.
Alice wrote the following code on page load to read the file name.
String myfilename = request.getParameter("filename");
String txtFileNameVariable = myfilename;
String locationVariable = request.getServletContext().getRealPath("/"); String PathVariable = ""; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

  • A. XSS vulnerability
  • B. Form Tampering vulnerability
  • C. URL Tampering vulnerability
  • D. Directory Traversal vulnerability

Answer: D


NEW QUESTION # 36
Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

  • A. STRIDE
  • B. RED
  • C. SMART
  • D. DREAD

Answer: A


NEW QUESTION # 37
Identify what should NOT be catched while handling exceptions.

  • A. IllegalAccessException
  • B. SecurityException
  • C. EOFException
  • D. NullPointerException

Answer: B


NEW QUESTION # 38
Which of the following configurations can help you avoid displaying server names in server response header?

  • A. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName ="null " redirectPort="8443'' / >
  • B. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" Server = " " redirectPort="8443" / >
  • C. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName=" disable" redirectPort="8443" / >
  • D. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort= "8443" / >

Answer: C


NEW QUESTION # 39
It is recommended that you should not use return, break, continue or throw statements in _________

  • A. Try-With-Resources block
  • B. Finally block
  • C. Try block
  • D. Catch block

Answer: B


NEW QUESTION # 40
Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?

  • A. ex.getMessage();
  • B. ex.StackTrace.getError();
  • C. ex.message();
  • D. ex.getError();

Answer: A


NEW QUESTION # 41
During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

  • A. He is trying to use Non-parametrized SQL query
  • B. He is trying to use Parametrized SQL Query
  • C. He is trying to use Blacklisting Input Validation
  • D. He is trying to use Whitelisting Input Validation

Answer: A


NEW QUESTION # 42
The threat modeling phase where applications are decomposed and their entry points are reviewed from an attacker's perspective is known as ________

  • A. Attack Surface Evaluation
  • B. Threat Identification
  • C. Threat Classification
  • D. Impact Analysis

Answer: A


NEW QUESTION # 43
......


EC-Council CASE Java Exam Certification Details:

Sample QuestionsEC-Council CASE Java Sample Questions
Number of Questions50
Books / TrainingMaster Class
Passing Score70%
Schedule ExamPearson VUE OREC-Council Store,ECC Exam Center
Exam Price$450 (USD)
Exam Code312-96

 

312-96 Dumps With 100% Verified Q&As - Pass Guarantee or Full Refund: https://exam-labs.itpassleader.com/ECCouncil/312-96-dumps-pass-exam.html

Related Articles

more
ECCouncil 312-96 Certification Practice Exam
0
0
0
0