312-96 : Certified Application Security Engineer (C|ASE Java) Certification Exam

312-96 Dumps
312-96 Braindumps
312-96 Real Questions
312-96 Practice Test
312-96 Actual Questions


EC-COUNCIL
312-96
Certified Application Security Engineer (C|ASE Java)
Certification
https://killexams.com/pass4sure/exam-detail/312-96
Question: 56
Which of the following is a secure coding practice to prevent Remote Code
Execution vulnerabilities?
A. Allowing user-supplied input to be executed without proper validation
B. Disabling input validation for code execution
C. Implementing input validation and sanitization for code execution
D. Using weak or common passwords
Answer: C
Explanation: Implementing input validation and sanitization for code execution
is a secure coding practice to prevent Remote Code Execution vulnerabilities.
By validating and sanitizing user-supplied input before executing it as code, the
risk of malicious code execution can be mitigated. Allowing user-supplied
input to be executed without proper validation, disabling input validation for
code execution, and using weak or common passwords are insecure practices
that can contribute to Remote Code Execution vulnerabilities.
Question: 57
Which of the following is a secure coding practice to prevent Security
Vulnerabilities in third-party libraries?
A. Using outdated and unpatched libraries
B. Disabling input validation for libraries
C. Storing sensitive data in plain text in the libraries
D. Implementing regular updates and patching for libraries
Answer: D
Explanation: Implementing regular updates and patching for libraries is a
secure coding practice to prevent Security Vulnerabilities in third-party
libraries. By keeping libraries up to date and applying patches promptly, the
application can address known vulnerabilities and reduce the risk of
exploitation. Using outdated and unpatched libraries, disabling input validation
for libraries, and storing sensitive data in plain text in the libraries are insecure
practices that can contribute to security vulnerabilities.
Question: 58
Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application
developed in Java. He found that the developer has used a piece of code as shown in the following screenshot.

Identify the security mistakes that the developer has coded?
A. He is attempting to use client-side validation
B. He is attempting to use whitelist input validation approach
C. He is attempting to use regular expression for validation
D. He is attempting to use blacklist input validation approach
Answer: D
Question: 59
Identify the type of attack depicted in the following figure.


A. SQL Injection Attacks
B. Session Fixation Attack
C. Parameter Tampering Attack
D. Denial-of-Service Attack
Answer: C
Question: 60
According to secure logging practices, programmers should ensure that logging processes are not disrupted by:
A. Catching incorrect exceptions
B. Multiple catching of incorrect exceptions
C. Re-throwing incorrect exceptions
D. Throwing incorrect exceptions
Answer: D
Question: 61
Which of the threat classification model is used to classify threats during threat modeling process?
A. RED
B. STRIDE
C. DREAD
D. SMART
Answer: B
Question: 62
Which line of the following example of Java Code can make application vulnerable to a session attack?

A. Line No. 1
B. Line No. 3
C. Line No. 4
D. Line No. 5
Answer: B
Question: 63
Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the
Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do
so.
A. < server port="" shutdown-"' >
B. < server port="-1" shutdown-*" >
C. < server port="-1" shutdown="SHUTDOWN" >
D. < server port="8080" shutdown="SHUTDOWN" >
Answer: B
Question: 64
Which of the following method will help you check if DEBUG level is enabled?
A. isDebugEnabled()
B. EnableDebug ()
C. IsEnableDebug ()
D. DebugEnabled()
Answer: A
Question: 65
Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?
A. < connector lsSSLEnabled="Yes" / >
B. < connector EnableSSL="true" / >
C. < connector SSLEnabled="false" / >
D. < connector SSLEnabled="true" / >
Answer: D
Question: 66
In which phase of secure development lifecycle the threat modeling is performed?
A. Coding phase
B. Testing phase
C. Deployment phase
D. Design phase
Answer: D
Question: 67
Identify the type of attack depicted in the figure below:


A. XSS
B. Cross-Site Request Forgery (CSRF) attack
C. SQL injection attack
D. Denial-of-Service attack
Answer: B

User: Tetyana***** The 312-96 practice tests provided by Killexams.com are updated and valid, and I answered each question correctly in the real exam. I practiced with their VCE exam simulator, which prepared me for the actual exam. I got a score of 98%, which is a remarkable achievement, and I owe it to Killexams.com.

User: Sidney***** Thanks to Killexams.com, I managed to crack my 312-96 exam on the first attempt with a score of 72.5% after just two days of preparation. Their valuable questions made the exam much less intimidating. I look forward to passing more exams with their help.

User: Tanja***** For a reliable 312-96 practice test and the best training ever, killexams.com is the ultimate source of help. The exam simulator guided me through every aspect of the exam and provided the best questions and answers I have ever seen.

User: Mikhail***** I cannot believe that I passed the 312-96 exam with a high score. It is all thanks to killexams.com. There was one topic that was very difficult for me, but killexams.com helped me overcome it. It was awesome to see that more exam questions had been taken from their guide. I relied on the Questions and Answers from killexams.com to prepare for the 312-96 exam, and I was able to achieve a score of 85% in 58 questions inside 90 minutes.

User: Vitaliy***** Going through the killexams.com Questions and Answers has become an addiction when preparing for the 312-96 exam. With only six days left until the exam, their questions and answers became increasingly critical. However, I needed a reference guide to move forward from time to time, and killexams.com provided me with just that. Thanks to their product, I scored 980 on my exam, which is a very satisfactory score.

---