312-96 Certification Overview - [Feb 11, 2024] Latest 312-96 PDF Dumps
The Best ECCouncil 312-96 Study Guides and Dumps of 2024
EC-Council CASE Java Exam Certification Details:
| Books / Training | Master Class |
| Duration | 120 mins |
| Passing Score | 70% |
| Exam Price | $450 (USD) |
| Exam Name | EC-Council Certified Application Security Engineer (CASE) - Java |
| Sample Questions | EC-Council CASE Java Sample Questions |
NEW QUESTION # 23
Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?
- A. RED
- B. STRIDE
- C. DREAD
- D. SMART
Answer: B
NEW QUESTION # 24
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?
- A. valid ate-'true"
- B. lsNotvalidate="disabled"
- C. lsNotvalidate="false"
- D. validate="enabled"
Answer: A
NEW QUESTION # 25
In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.
- A. Failure to Restrict URL
- B. Unvalidated Redirects and Forwards
- C. Denial-of-Service [Do
- D. Broken Authentication
Answer: C
NEW QUESTION # 26
Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?
- A. < int param > < param-name>directorv-listinqs < param-value>false < /init-param >
- B. < int-param > < param-name>directory-listinqs < param-value>true < /init-param >
- C. < int-param > < param-name>listinqs < param-value>true < /init-param
- D. < int-param > < param-name>listinqs < param-value>false < /init-param >
Answer: A
NEW QUESTION # 27
Which of the following relationship is used to describe security use case scenario?
- A. Mitigates Relationship
- B. Threatens Relationship
- C. Include Relationship
- D. Extend Relationship
Answer: D
NEW QUESTION # 28
In which phase of secure development lifecycle the threat modeling is performed?
- A. Testing phase
- B. Coding phase
- C. Design phase
- D. Deployment phase
Answer: C
NEW QUESTION # 29
According to secure logging practices, programmers should ensure that logging processes are not disrupted by:
- A. Throwing incorrect exceptions
- B. Multiple catching of incorrect exceptions
- C. Re-throwing incorrect exceptions
- D. Catching incorrect exceptions
Answer: A
NEW QUESTION # 30
A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to
- A. Brute force attack
- B. SQL Injection attack
- C. Session Hijacking attack
- D. Cross Site Request Forgery attack
Answer: B
NEW QUESTION # 31
Which of the following can be derived from abuse cases to elicit security requirements for software system?
- A. Security use cases
- B. Use cases
- C. Data flow diagram
- D. Misuse cases
Answer: A
NEW QUESTION # 32
The developer wants to remove the HttpSessionobject and its values from the client' system.
Which of the following method should he use for the above purpose?
- A. isValidateQ
- B. sessionlnvalidateil
- C. Invalidate(session JSESSIONID)
- D. invalidateQ
Answer: D
NEW QUESTION # 33
Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?
- A. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >
- B. < servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >
- C. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >
- D. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >
Answer: A
NEW QUESTION # 34
Identify the type of attack depicted in the following figure.
- A. Session Fixation Attack
- B. Denial-of-Service Attack
- C. Parameter Tampering Attack
- D. SQL Injection Attacks
Answer: C
NEW QUESTION # 35
The software developer has implemented encryption in the code as shown in the following screenshot.
However, using the DES algorithm for encryption is considered to be an insecure coding practice as DES is a weak encryption algorithm. Which of the following symmetric encryption algorithms will you suggest for strong encryption?
- A. MD5
- B. SHA-1
- C. Triple DES
- D. AES
Answer: D
NEW QUESTION # 36
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.
- A. Denial-of-Service attack
- B. Client-Side Scripts Attack
- C. SQL Injection Attack
- D. Directory Traversal Attack
Answer: B
NEW QUESTION # 37
Which of the following is used to mapCustom Exceptions to Statuscode?
- A. @ResponseStatus
- B. @ResponseCode
- C. @ResponseStatusCode
- D. @ScacusCode
Answer: A
NEW QUESTION # 38
Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?
- A. He wants to transfer only request parameter data over encrypted channel
- B. He wants to transfer only Session cookies over encrypted channel
- C. He wants to transfer only response parameter data over encrypted channel
- D. He wants to transfer the entire data over encrypted channel
Answer: D
NEW QUESTION # 39
Identify the type of attack depicted in the figure below:
- A. Cross-Site Request Forgery (CSRF) attack
- B. Denial-of-Service attack
- C. SQL injection attack
- D. XSS
Answer: A
NEW QUESTION # 40
......
EC-Council 312-96 Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
| Secure Application Design and Architecture | - Understand the importance of secure application design -Explain various secure design principles -Demonstrate the understanding of threat modeling -Explain threat modeling process -Explain STRIDE and DREAD Model -Demonstrate the understanding of Secure Application Architecture Design | 12% |
| Static and Dynamic Application Security 'resting (SAST & DAST) | - Understand Static Application Security Testing (SAST) -Demonstrate the knowledge of manual secure code review techniques for most common vulnerabilities -Explain Dynamic Application Security Testing -Demonstrate the knowledge of Automated Application Vulnerability Scanning Toolsfor DAST -Demonstrate the knowledge of Proxy-based Security Testing Tools for DAST | 8% |
| Security Requirements Gathering | -Understand the importance of gathering security requirements -Explain Security Requirement Engineering (SRE) and its phases -Demonstrate the understanding of Abuse Cases and Abuse Case Modeling - Demonstrate the understanding of Security Use Cases and Security Use Case Modeling -Demonstrate the understanding of Abuser and Security Stories -Explain Security Quality Requirements Engineering (SQUARE) Model -Explain Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Model | 8% |
| Secure Coding Practices for Authentication and Authorization | - Understand authentication concepts -Explain authentication implementation in Java -Demonstrate the knowledge of authentication weaknesses and prevention -Understand authorization concepts -Explain Access Control Model -Explain EJB authorization -Explain Java Authentication and Authorization (JAAS) -Demonstrate the knowledge of authorization common mistakes and countermeasures -Explain Java EE security -Demonstrate the knowledge of authentication and authorization in Spring Security Framework -Demonstrate the knowledge of defensive coding practices against broken authentication and authorization | 4% |
| Secure Coding Practices for Error Handling | - Explain Exception and Error Handling in Java -Explain erroneous exceptional behaviors -Demonstrate the knowledge of do's and don'ts in error handling -Explain Spring MVC error handing -Explain Exception Handling in Struts2 -Demonstrate the knowledge of best practices for error handling -Explain to Logging in Java -Demonstrate the knowledge of Log4j for logging -Demonstrate the knowledge of coding techniques for secure logging -Demonstrate the knowledge of best practices for logging | 16% |
| Secure Deployment andMaintenance | - Understand the importance of secure deployment -Explain security practices at host level -Explain security practices at network level -Explain security practices at application level -Explain security practices at web container level (Tomcat) -Explain security practices at Oracle database level -Demonstrate the knowledge of security maintenance and monitoring activities | 10% |
| Secure Coding Practices for Session Management | - Explain session management in Java -Demonstrate the knowledge of session management in Spring framework -Demonstrate the knowledge of session vulnerabilities and their mitigation techniques -Demonstrate the knowledge of best practices and guidelines for secure session management | 10% |
| Secure Coding Practices for Cryptography | - Understand fundamental concepts and need of cryptography In Java -Explain encryption and secret keys -Demonstrate the knowledge of cipher class Implementation -Demonstrate the knowledge of digital signature and Its Implementation -Demonstrate the knowledge of Secure Socket Layer ISSUand Its Implementation -Explain Secure Key Management -Demonstrate the knowledgeofdigital certificate and its implementation - Demonstrate the knowledge of Hash implementation -Explain Java Card Cryptography -Explain Crypto Module in Spring Security -Demonstrate the understanding of Do's and Don'ts in Java Cryptography | 6% |
| Secure Coding Practices for Input Validation | - Understand the need of input validation -Explain data validation techniques -Explain data validation in strut framework -Explain data validation in Spring framework -Demonstrate the knowledge of common input validation errors -Demonstrate the knowledge of common secure coding practices for input validation | 8% |
Valid 312-96 Exam Updates - 2024 Study Guide: https://www.free4torrent.com/312-96-braindumps-torrent.html
Top ECCouncil 312-96 Exam Audio Study Guide! Practice Questions Edition: https://drive.google.com/open?id=1twyEWdkbFk2n9lL4Aau-ii6nIp_ar2RI