ECCouncil 312-96 Real Exam Questions Test Engine Dumps Training With 49 Questions [Q18-Q40]

ECCouncil 312-96 Real Exam Questions Test Engine Dumps Training With 49 Questions

312-96 Actual Questions Answers PDF 100% Cover Real Exam Questions

EC-Council CASE Java Exam Certification Details:

Number of Questions	50
Duration	120 mins
Books / Training	Master Class
Exam Code	312-96
Schedule Exam	Pearson VUE OREC-Council Store,ECC Exam Center
Exam Price	$450 (USD)
Sample Questions	EC-Council CASE Java Sample Questions

 

NEW QUESTION # 18
Ted is an application security engineer who ensures application security activities are being followed during the entire lifecycle of the project. One day, he was analyzing various interactions of users depicted in the use cases of the project under inception. Based on the use case in hand, he started depicting the scenarios where attacker could misuse the application. Can you identify the activity on which Ted is working?

• A. Ted was depicting security use cases
• B. Ted was depicting abstract use cases
• C. Ted was depicting lower-level use cases
• D. Ted was depicting abuse cases

Answer: D

NEW QUESTION # 19
In which phase of secure development lifecycle the threat modeling is performed?

• A. Design phase
• B. Deployment phase
• C. Coding phase
• D. Testing phase

Answer: A

NEW QUESTION # 20
A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to

• A. Cross Site Request Forgery attack
• B. SQL Injection attack
• C. Brute force attack
• D. Session Hijacking attack

Answer: B

NEW QUESTION # 21
Which of the following method will help you check if DEBUG level is enabled?

• A. IsEnableDebug ()
• B. isDebugEnabled()
• C. EnableDebug ()
• D. DebugEnabled()

Answer: B

NEW QUESTION # 22
Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?

• A. < connector... maxPostSize="file size" / >
• B. < connector... maxPostSize="0"/>
• C. < connector... maxFileLimit="file size" / >
• D. < connector... maxFileSize="file size" / >

Answer: A

NEW QUESTION # 23
Identify the type of encryption depicted in the following figure.

• A. Asymmetric Encryption
• B. Digital Signature
• C. Symmetric Encryption
• D. Hashing

Answer: C

NEW QUESTION # 24
Identify the type of attack depicted in the figure below:

• A. Directory traversal attack
• B. SQL injection attack
• C. Session fixation attack
• D. Parameter/form attack

Answer: C

NEW QUESTION # 25
Which of the following relationship is used to describe security use case scenario?

• A. Extend Relationship
• B. Include Relationship
• C. Mitigates Relationship
• D. Threatens Relationship

Answer: A

NEW QUESTION # 26
During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

• A. He is trying to use Non-parametrized SQL query
• B. He is trying to use Parametrized SQL Query
• C. He is trying to use Whitelisting Input Validation
• D. He is trying to use Blacklisting Input Validation

Answer: A

NEW QUESTION # 27
Identify the type of attack depicted in the following figure.

• A. SQL Injection Attacks
• B. Denial-of-Service Attack
• C. Session Fixation Attack
• D. Parameter Tampering Attack

Answer: D

NEW QUESTION # 28
The software developer has implemented encryption in the code as shown in the following screenshot.

However, using the DES algorithm for encryption is considered to be an insecure coding practice as DES is a weak encryption algorithm. Which of the following symmetric encryption algorithms will you suggest for strong encryption?

• A. MD5
• B. AES
• C. Triple DES
• D. SHA-1

Answer: B

NEW QUESTION # 29
Which of the following authentication mechanism does J2EE support?

• A. Role Based, Http Basic, Windows, Http Digest Authentication
• B. Http Basic, Form Based, Client/Server Mutual, HTTP Digest Authentication
• C. Http Basic, Form Based, Client/Server Mutual, Role Based Authentication
• D. Windows, Form based. Role Based, Client/Server Mutual Authentication

Answer: B

NEW QUESTION # 30
Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Jav a. He found that the developer has used a piece of code as shown in the following screenshot. Identify the security mistakes that the developer has coded?

• A. He is attempting to use regular expression for validation
• B. He is attempting to use whitelist input validation approach
• C. He is attempting to use blacklist input validation approach
• D. He is attempting to use client-side validation

Answer: C

NEW QUESTION # 31
Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.
Alice wrote the following code on page load to read the file name.
String myfilename = request.getParameter("filename");
String txtFileNameVariable = myfilename;
String locationVariable = request.getServletContext().getRealPath("/"); String PathVariable = ""; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

• A. Directory Traversal vulnerability
• B. URL Tampering vulnerability
• C. XSS vulnerability
• D. Form Tampering vulnerability

Answer: A

NEW QUESTION # 32
Identify the type of attack depicted in the figure below:

• A. Cross-Site Request Forgery (CSRF) attack
• B. SQL injection attack
• C. XSS
• D. Denial-of-Service attack

Answer: A

NEW QUESTION # 33
Identify the formula for calculating the risk during threat modeling.

• A. RISK = PROBABILITY "Attack
• B. RISK = PROBABILITY " ASSETS
• C. RISK = PROBABILITY * DAMAGE POTENTIAL
• D. IRISK = PROBABILITY * VULNERABILITY

Answer: C

NEW QUESTION # 34
Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?

• A. ex.getMessage();
• B. ex.getError();
• C. ex.message();
• D. ex.StackTrace.getError();

Answer: A

NEW QUESTION # 35
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

• A. Client-Side Scripts Attack
• B. Directory Traversal Attack
• C. SQL Injection Attack
• D. Denial-of-Service attack

Answer: A

NEW QUESTION # 36
Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

• A. STRIDE
• B. RED
• C. SMART
• D. DREAD

Answer: A

NEW QUESTION # 37
......

VerifiedDumps 312-96 Exam Practice Test Questions: https://pass4sure.verifieddumps.com/312-96-valid-exam-braindumps.html