49 Exam Questions for 312-96 Updated Versions With Test Engine
Pass 312-96 Exam with Updated 312-96 Exam Dumps PDF 2023
NEW QUESTION # 22
The threat modeling phase where applications are decomposed and their entry points are reviewed from an attacker's perspective is known as ________
- A. Impact Analysis
- B. Threat Identification
- C. Attack Surface Evaluation
- D. Threat Classification
Answer: C
NEW QUESTION # 23
Which of the threat classification model is used to classify threats during threat modeling process?
- A. RED
- B. STRIDE
- C. DREAD
- D. SMART
Answer: B
NEW QUESTION # 24
The software developer has implemented encryption in the code as shown in the following screenshot.
However, using the DES algorithm for encryption is considered to be an insecure coding practice as DES is a weak encryption algorithm. Which of the following symmetric encryption algorithms will you suggest for strong encryption?
- A. Triple DES
- B. MD5
- C. SHA-1
- D. AES
Answer: D
NEW QUESTION # 25
In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.
- A. Unvalidated Redirects and Forwards
- B. Denial-of-Service [Do
- C. Failure to Restrict URL
- D. Broken Authentication
Answer: B
NEW QUESTION # 26
Identify what should NOT be catched while handling exceptions.
- A. NullPointerException
- B. SecurityException
- C. EOFException
- D. IllegalAccessException
Answer: B
NEW QUESTION # 27
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?
- A. valid ate-'true"
- B. lsNotvalidate="disabled"
- C. lsNotvalidate="false"
- D. validate="enabled"
Answer: A
NEW QUESTION # 28
Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?
- A. < connector... maxPostSize="file size" / >
- B. < connector... maxPostSize="0"/>
- C. < connector... maxFileLimit="file size" / >
- D. < connector... maxFileSize="file size" / >
Answer: A
NEW QUESTION # 29
Identify the formula for calculating the risk during threat modeling.
- A. RISK = PROBABILITY "Attack
- B. RISK = PROBABILITY * DAMAGE POTENTIAL
- C. RISK = PROBABILITY " ASSETS
- D. IRISK = PROBABILITY * VULNERABILITY
Answer: B
NEW QUESTION # 30
Which of the following configurations can help you avoid displaying server names in server response header?
- A. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" Server = " " redirectPort="8443" / >
- B. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort= "8443" / >
- C. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName ="null " redirectPort="8443'' / >
- D. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName=" disable" redirectPort="8443" / >
Answer: D
NEW QUESTION # 31
Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?
- A. < servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >
- B. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >
- C. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >
- D. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >
Answer: B
NEW QUESTION # 32
Identify the type of attack depicted in the following figure.
- A. Denial-of-Service Attack
- B. SQL Injection Attacks
- C. Parameter Tampering Attack
- D. Session Fixation Attack
Answer: C
NEW QUESTION # 33
Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?
- A. < connector SSLEnabled="false" / >
- B. < connector lsSSLEnabled="Yes" / >
- C. < connector EnableSSL="true" / >
- D. < connector SSLEnabled="true" / >
Answer: D
NEW QUESTION # 34
Identify the type of attack depicted in the figure below:
- A. XSS
- B. SQL injection attack
- C. Cross-Site Request Forgery (CSRF) attack
- D. Denial-of-Service attack
Answer: C
NEW QUESTION # 35
James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?
- A. Try-With-Resources block
- B. Try-Catch block
- C. Try-Catch-Finally block
- D. Try-Catch-Resources block
Answer: A
NEW QUESTION # 36
In which phase of secure development lifecycle the threat modeling is performed?
- A. Coding phase
- B. Testing phase
- C. Deployment phase
- D. Design phase
Answer: D
NEW QUESTION # 37
Ted is an application security engineer who ensures application security activities are being followed during the entire lifecycle of the project. One day, he was analyzing various interactions of users depicted in the use cases of the project under inception. Based on the use case in hand, he started depicting the scenarios where attacker could misuse the application. Can you identify the activity on which Ted is working?
- A. Ted was depicting lower-level use cases
- B. Ted was depicting security use cases
- C. Ted was depicting abuse cases
- D. Ted was depicting abstract use cases
Answer: C
NEW QUESTION # 38
Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Jav a. He found that the developer has used a piece of code as shown in the following screenshot. Identify the security mistakes that the developer has coded?
- A. He is attempting to use regular expression for validation
- B. He is attempting to use whitelist input validation approach
- C. He is attempting to use blacklist input validation approach
- D. He is attempting to use client-side validation
Answer: C
NEW QUESTION # 39
Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?
- A. He wants to transfer the entire data over encrypted channel
- B. He wants to transfer only Session cookies over encrypted channel
- C. He wants to transfer only request parameter data over encrypted channel
- D. He wants to transfer only response parameter data over encrypted channel
Answer: A
NEW QUESTION # 40
A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class
- A. @ControllerAdvice
- B. @GlobalAdvice
- C. @globalControllerAdvice
- D. @Advice
Answer: A
NEW QUESTION # 41
......
EC-Council CASE Java Exam Certification Details:
| Schedule Exam | Pearson VUE OREC-Council Store,ECC Exam Center |
| Sample Questions | EC-Council CASE Java Sample Questions |
| Exam Price | $450 (USD) |
| Passing Score | 70% |
| Books / Training | Master Class |
| Duration | 120 mins |
| Exam Name | EC-Council Certified Application Security Engineer (CASE) - Java |
| Exam Code | 312-96 |
EC-Council 312-96 Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
| Static and Dynamic Application Security 'resting (SAST & DAST) | - Understand Static Application Security Testing (SAST) -Demonstrate the knowledge of manual secure code review techniques for most common vulnerabilities -Explain Dynamic Application Security Testing -Demonstrate the knowledge of Automated Application Vulnerability Scanning Toolsfor DAST -Demonstrate the knowledge of Proxy-based Security Testing Tools for DAST | 8% |
| Security Requirements Gathering | -Understand the importance of gathering security requirements -Explain Security Requirement Engineering (SRE) and its phases -Demonstrate the understanding of Abuse Cases and Abuse Case Modeling - Demonstrate the understanding of Security Use Cases and Security Use Case Modeling -Demonstrate the understanding of Abuser and Security Stories -Explain Security Quality Requirements Engineering (SQUARE) Model -Explain Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Model | 8% |
| Secure Coding Practices for Error Handling | - Explain Exception and Error Handling in Java -Explain erroneous exceptional behaviors -Demonstrate the knowledge of do's and don'ts in error handling -Explain Spring MVC error handing -Explain Exception Handling in Struts2 -Demonstrate the knowledge of best practices for error handling -Explain to Logging in Java -Demonstrate the knowledge of Log4j for logging -Demonstrate the knowledge of coding techniques for secure logging -Demonstrate the knowledge of best practices for logging | 16% |
| Secure Coding Practices for Cryptography | - Understand fundamental concepts and need of cryptography In Java -Explain encryption and secret keys -Demonstrate the knowledge of cipher class Implementation -Demonstrate the knowledge of digital signature and Its Implementation -Demonstrate the knowledge of Secure Socket Layer ISSUand Its Implementation -Explain Secure Key Management -Demonstrate the knowledgeofdigital certificate and its implementation - Demonstrate the knowledge of Hash implementation -Explain Java Card Cryptography -Explain Crypto Module in Spring Security -Demonstrate the understanding of Do's and Don'ts in Java Cryptography | 6% |
| Secure Application Design and Architecture | - Understand the importance of secure application design -Explain various secure design principles -Demonstrate the understanding of threat modeling -Explain threat modeling process -Explain STRIDE and DREAD Model -Demonstrate the understanding of Secure Application Architecture Design | 12% |
| Understanding Application Security, Threats, and Attacks | -Understand the need and benefits of application security -Demonstrate the understanding of common application-level attacks -Explain the causes of application-level vulnerabilities -Explain various components of comprehensive application security -Explain the need and advantages of integrating security in Software Development Life Cycle (SDLQ) -Differentiate functional vs security activities in SDLC -Explain Microsoft Security Development Lifecycle (SDU) -Demonstrate the understanding of various software security reference standards, models, and frameworks | 18% |
| Secure Coding Practices for Authentication and Authorization | - Understand authentication concepts -Explain authentication implementation in Java -Demonstrate the knowledge of authentication weaknesses and prevention -Understand authorization concepts -Explain Access Control Model -Explain EJB authorization -Explain Java Authentication and Authorization (JAAS) -Demonstrate the knowledge of authorization common mistakes and countermeasures -Explain Java EE security -Demonstrate the knowledge of authentication and authorization in Spring Security Framework -Demonstrate the knowledge of defensive coding practices against broken authentication and authorization | 4% |
| Secure Deployment andMaintenance | - Understand the importance of secure deployment -Explain security practices at host level -Explain security practices at network level -Explain security practices at application level -Explain security practices at web container level (Tomcat) -Explain security practices at Oracle database level -Demonstrate the knowledge of security maintenance and monitoring activities | 10% |
| Secure Coding Practices for Session Management | - Explain session management in Java -Demonstrate the knowledge of session management in Spring framework -Demonstrate the knowledge of session vulnerabilities and their mitigation techniques -Demonstrate the knowledge of best practices and guidelines for secure session management | 10% |
312-96 Exam Dumps - Free Demo & 365 Day Updates: https://exampdf.dumpsactual.com/312-96-actualtests-dumps.html
