Latest 312-96 Practice Tests with Actual Questions

Get Complete pool of questions with Premium PDF and Test Engine

Exam Code : 312-96
Exam Name : Certified Application Security Engineer (C|ASE Java) Certification
Vendor Name :
"EC-COUNCIL"

Download Full Version of 312-96

---

312-96 Dumps

312-96 Braindumps

312-96 Real Questions

312-96 Practice Test

312-96 Actual Questions

killexams.com EC-COUNCIL 312-96

Certified Application Security Engineer (C|ASE Java) Certification

https://killexams.com/pass4sure/exam-detail/312-96

Question: 56

Which of the following is a secure coding practice to prevent Remote Code Execution vulnerabilities?

1. Allowing user-supplied input to be executed without proper validation

2. Disabling input validation for code execution

3. Implementing input validation and sanitization for code execution

4. Using weak or common passwords

Answer: C

Explanation: Implementing input validation and sanitization for code execution is a secure coding practice to prevent Remote Code Execution vulnerabilities. By validating and sanitizing user-supplied input before executing it as code, the risk of malicious code execution can be mitigated. Allowing user-supplied input to be executed without proper validation, disabling input validation for code execution, and using weak or common passwords are insecure practices that can contribute to Remote Code Execution vulnerabilities.

Question: 57

Which of the following is a secure coding practice to prevent Security Vulnerabilities in third-party libraries?

1. Using outdated and unpatched libraries

2. Disabling input validation for libraries

3. Storing sensitive data in plain text in the libraries

4. Implementing regular updates and patching for libraries

Answer: D

Explanation: Implementing regular updates and patching for libraries is a secure coding practice to prevent Security Vulnerabilities in third-party libraries. By keeping libraries up to date and applying patches promptly, the application can address known vulnerabilities and reduce the risk of exploitation. Using outdated and unpatched libraries, disabling input validation for libraries, and storing sensitive data in plain text in the libraries are insecure practices that can contribute to security vulnerabilities.

Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Java. He found that the developer has used a piece of code as shown in the following screenshot.

Identify the security mistakes that the developer has coded?

1. He is attempting to use client-side validation

2. He is attempting to use whitelist input validation approach

3. He is attempting to use regular expression for validation

4. He is attempting to use blacklist input validation approach

Answer: D
Question: 59

Identify the type of attack depicted in the following figure.

1. SQL Injection Attacks

2. Session Fixation Attack

3. Parameter Tampering Attack

4. Denial-of-Service Attack

Answer: C
Question: 60

According to secure logging practices, programmers should ensure that logging processes are not disrupted by:

1. Catching incorrect exceptions

2. Multiple catching of incorrect exceptions

3. Re-throwing incorrect exceptions

4. Throwing incorrect exceptions

Answer: D
Question: 61

Which of the threat classification model is used to classify threats during threat modeling process?

1. RED

2. STRIDE

3. DREAD

4. SMART

Answer: B

Which line of the following example of Java Code can make application vulnerable to a session attack?

1. Line No. 1

2. Line No. 3

3. Line No. 4

4. Line No. 5

Answer: B
Question: 63

Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.

1. < server port="" shutdown-"' >

2. < server port="-1" shutdown-*" >

3. < server port="-1" shutdown="SHUTDOWN" >

4. < server port="8080" shutdown="SHUTDOWN" >

Answer: B
Question: 64

Which of the following method will help you check if DEBUG level is enabled?

1. isDebugEnabled()

2. EnableDebug ()

3. IsEnableDebug ()

4. DebugEnabled()

Answer: A
Question: 65

In which phase of secure development lifecycle the threat modeling is performed?

1. Coding phase

2. Testing phase

3. Deployment phase

4. Design phase

Answer: D
Question: 67

Identify the type of attack depicted in the figure below:

1. XSS

2. Cross-Site Request Forgery (CSRF) attack

3. SQL injection attack

4. Denial-of-Service attack

Answer: B

User: Elias***** Obtaining a certificate offers many career advancement opportunities. I wanted to develop my knowledge and become certified. I chose to seek help from the platform and began my exam education through their exam cram. The exam cram made memorizing the certificate material easy for me and helped me achieve my desired results. I can confidently say that I would not have passed my exam on the first try without the platform.

User: Zhora***** Preparing for the 312-96 exam was a challenging experience with so many complicated subjects to cover. However, with the help of Killexams.com, I gained the confidence needed to pass the exam by practicing on exact questions. I scored an impressive 84%, despite encountering some twisted questions. Thanks to Killexams.com, I was able to mark the correct answers.

User: Pavel***** The killexams.com practice tests are a top-notch product that is easy to use and comprehensive. I used them daily for my learning, and they motivated me to perform well in the 312-96 exam. Their guide is excellent for preparing, and it helped me score well on the exam. Thank you for the extraordinary assistance.

User: Nastia***** I put in the hard work and used killexams.com to achieve a brilliant position in the 312-96 exam. The program proved to be an energetic and amazing resource that secured my desired position in the exam, making my life more secure.

User: Slava***** My experience with the 312-96 exam preparation was terrible. I wanted to prepare via a test approach in a classroom and joined different trainings, but they all seemed fake, so I quit immediately. I eventually changed my thinking about the 312-96 exam and started using Killexams. It gave me the best marks on the exam, and I am satisfied to have that.

---