Download Latest 312-96 Dumps with Authentic Real Exam Questions
Authentic 312-96 Exam Dumps PDF - Nov-2023 Updated
EC-Council CASE Java Exam Certification Details:
| Exam Code | 312-96 |
| Exam Name | EC-Council Certified Application Security Engineer (CASE) - Java |
| Passing Score | 70% |
| Schedule Exam | Pearson VUE OREC-Council Store,ECC Exam Center |
| Books / Training | Master Class |
| Duration | 120 mins |
| Exam Price | $450 (USD) |
| Sample Questions | EC-Council CASE Java Sample Questions |
NEW QUESTION # 19
Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.
Alice wrote the following code on page load to read the file name.
String myfilename = request.getParameter("filename");
String txtFileNameVariable = myfilename;
String locationVariable = request.getServletContext().getRealPath("/"); String PathVariable = ""; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?
- A. Directory Traversal vulnerability
- B. XSS vulnerability
- C. URL Tampering vulnerability
- D. Form Tampering vulnerability
Answer: A
NEW QUESTION # 20
Which of the following relationship is used to describe security use case scenario?
- A. Threatens Relationship
- B. Include Relationship
- C. Mitigates Relationship
- D. Extend Relationship
Answer: D
NEW QUESTION # 21
Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.
- A. < server port="" shutdown-"' >
- B. < server port="-1" shutdown="SHUTDOWN" >
- C. < server port="8080" shutdown="SHUTDOWN" >
- D. < server port="-1" shutdown-*" >
Answer: D
NEW QUESTION # 22
Which of the following method will help you check if DEBUG level is enabled?
- A. EnableDebug ()
- B. IsEnableDebug ()
- C. DebugEnabled()
- D. isDebugEnabled()
Answer: D
NEW QUESTION # 23
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?
- A. valid ate-'true"
- B. lsNotvalidate="false"
- C. lsNotvalidate="disabled"
- D. validate="enabled"
Answer: A
NEW QUESTION # 24
Identify the type of attack depicted in the following figure.
- A. Session Fixation Attack
- B. SQL Injection Attacks
- C. Parameter Tampering Attack
- D. Denial-of-Service Attack
Answer: C
NEW QUESTION # 25
Ted is an application security engineer who ensures application security activities are being followed during the entire lifecycle of the project. One day, he was analyzing various interactions of users depicted in the use cases of the project under inception. Based on the use case in hand, he started depicting the scenarios where attacker could misuse the application. Can you identify the activity on which Ted is working?
- A. Ted was depicting lower-level use cases
- B. Ted was depicting abuse cases
- C. Ted was depicting abstract use cases
- D. Ted was depicting security use cases
Answer: B
NEW QUESTION # 26
Identify the type of attack depicted in the figure below:
- A. Directory traversal attack
- B. Session fixation attack
- C. SQL injection attack
- D. Parameter/form attack
Answer: B
NEW QUESTION # 27
Identify what should NOT be catched while handling exceptions.
- A. SecurityException
- B. IllegalAccessException
- C. NullPointerException
- D. EOFException
Answer: A
NEW QUESTION # 28
Which of the following is used to mapCustom Exceptions to Statuscode?
- A. @ResponseCode
- B. @ResponseStatus
- C. @ScacusCode
- D. @ResponseStatusCode
Answer: B
NEW QUESTION # 29
A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?
- A. Maintained session by creating a HTTP variable user with value stored in uname variable.
- B. Maintained session by creating a Cookie user with value stored in uname variable.
- C. Maintained session by creating a hidden variable user with value stored in uname variable.
- D. Maintained session by creating a Session variable user with value stored in uname variable.
Answer: D
NEW QUESTION # 30
Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp
< form Id="form1" method="post" action="SearchProperty.jsp" >
< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >
< input type="Submit" Id="Btn_Search" value="Search" / >
< /form >
However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?
- A. He should write code like out.write (("You Searched for:" +(search));
- B. He should write code like out.write ("You Searched for:" + request.qetParameter("search"l.toStrinq(ll;
- C. He should write code like out-Write ("You Searched for:" +ESAPI.encoder().encodeForHTML(search));
- D. He should write code like out.write ("You Searched for:" + request.qetParameterf'txt Search"));
Answer: C
NEW QUESTION # 31
Which line of the following example of Java Code can make application vulnerable to a session attack?
- A. Line No. 3
- B. Line No. 4
- C. Line No. 1
- D. Line No. 5
Answer: A
NEW QUESTION # 32
Which of the following authentication mechanism does J2EE support?
- A. Windows, Form based. Role Based, Client/Server Mutual Authentication
- B. Role Based, Http Basic, Windows, Http Digest Authentication
- C. Http Basic, Form Based, Client/Server Mutual, HTTP Digest Authentication
- D. Http Basic, Form Based, Client/Server Mutual, Role Based Authentication
Answer: C
NEW QUESTION # 33
Identify the type of encryption depicted in the following figure.
- A. Symmetric Encryption
- B. Asymmetric Encryption
- C. Digital Signature
- D. Hashing
Answer: A
NEW QUESTION # 34
Identify the type of attack depicted in the following figure.
- A. Directory Traversal Attack
- B. Denial-of-service attack
- C. Form Tampering Attack
- D. SQL Injection attack
Answer: A
NEW QUESTION # 35
Identify the formula for calculating the risk during threat modeling.
- A. RISK = PROBABILITY "Attack
- B. RISK = PROBABILITY * DAMAGE POTENTIAL
- C. RISK = PROBABILITY " ASSETS
- D. IRISK = PROBABILITY * VULNERABILITY
Answer: B
NEW QUESTION # 36
The developer wants to remove the HttpSessionobject and its values from the client' system.
Which of the following method should he use for the above purpose?
- A. sessionlnvalidateil
- B. Invalidate(session JSESSIONID)
- C. isValidateQ
- D. invalidateQ
Answer: D
NEW QUESTION # 37
In which phase of secure development lifecycle the threat modeling is performed?
- A. Coding phase
- B. Deployment phase
- C. Testing phase
- D. Design phase
Answer: D
NEW QUESTION # 38
......
EC-Council 312-96 Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
| Secure Coding Practices for Cryptography | - Understand fundamental concepts and need of cryptography In Java -Explain encryption and secret keys -Demonstrate the knowledge of cipher class Implementation -Demonstrate the knowledge of digital signature and Its Implementation -Demonstrate the knowledge of Secure Socket Layer ISSUand Its Implementation -Explain Secure Key Management -Demonstrate the knowledgeofdigital certificate and its implementation - Demonstrate the knowledge of Hash implementation -Explain Java Card Cryptography -Explain Crypto Module in Spring Security -Demonstrate the understanding of Do's and Don'ts in Java Cryptography | 6% |
| Understanding Application Security, Threats, and Attacks | -Understand the need and benefits of application security -Demonstrate the understanding of common application-level attacks -Explain the causes of application-level vulnerabilities -Explain various components of comprehensive application security -Explain the need and advantages of integrating security in Software Development Life Cycle (SDLQ) -Differentiate functional vs security activities in SDLC -Explain Microsoft Security Development Lifecycle (SDU) -Demonstrate the understanding of various software security reference standards, models, and frameworks | 18% |
| Secure Coding Practices for Input Validation | - Understand the need of input validation -Explain data validation techniques -Explain data validation in strut framework -Explain data validation in Spring framework -Demonstrate the knowledge of common input validation errors -Demonstrate the knowledge of common secure coding practices for input validation | 8% |
| Secure Deployment andMaintenance | - Understand the importance of secure deployment -Explain security practices at host level -Explain security practices at network level -Explain security practices at application level -Explain security practices at web container level (Tomcat) -Explain security practices at Oracle database level -Demonstrate the knowledge of security maintenance and monitoring activities | 10% |
312-96 Dumps for success in Actual Exam: https://www.free4torrent.com/312-96-braindumps-torrent.html
312-96 Dumps Special Discount for limited time Try FOR FREE: https://drive.google.com/open?id=1SwsCT_oqvO3CoD2hqWUGYdp86sHPLWd8