312-96 : Certified Application Security Engineer (C|ASE Java) Certification Exam

312-96 Dumps
312-96 Braindumps
312-96 Real Questions
312-96 Practice Test
312-96 Actual Questions


EC-COUNCIL
312-96
Certified Application Security Engineer (C|ASE Java)
Certification
https://killexams.com/pass4sure/exam-detail/312-96
Question: 56
Which of the following is a secure coding practice to prevent Remote Code
Execution vulnerabilities?
A. Allowing user-supplied input to be executed without proper validation
B. Disabling input validation for code execution
C. Implementing input validation and sanitization for code execution
D. Using weak or common passwords
Answer: C
Explanation: Implementing input validation and sanitization for code execution
is a secure coding practice to prevent Remote Code Execution vulnerabilities.
By validating and sanitizing user-supplied input before executing it as code, the
risk of malicious code execution can be mitigated. Allowing user-supplied
input to be executed without proper validation, disabling input validation for
code execution, and using weak or common passwords are insecure practices
that can contribute to Remote Code Execution vulnerabilities.
Question: 57
Which of the following is a secure coding practice to prevent Security
Vulnerabilities in third-party libraries?
A. Using outdated and unpatched libraries
B. Disabling input validation for libraries
C. Storing sensitive data in plain text in the libraries
D. Implementing regular updates and patching for libraries
Answer: D
Explanation: Implementing regular updates and patching for libraries is a
secure coding practice to prevent Security Vulnerabilities in third-party
libraries. By keeping libraries up to date and applying patches promptly, the
application can address known vulnerabilities and reduce the risk of
exploitation. Using outdated and unpatched libraries, disabling input validation
for libraries, and storing sensitive data in plain text in the libraries are insecure
practices that can contribute to security vulnerabilities.
Question: 58
Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application
developed in Java. He found that the developer has used a piece of code as shown in the following screenshot.

Identify the security mistakes that the developer has coded?
A. He is attempting to use client-side validation
B. He is attempting to use whitelist input validation approach
C. He is attempting to use regular expression for validation
D. He is attempting to use blacklist input validation approach
Answer: D
Question: 59
Identify the type of attack depicted in the following figure.


A. SQL Injection Attacks
B. Session Fixation Attack
C. Parameter Tampering Attack
D. Denial-of-Service Attack
Answer: C
Question: 60
According to secure logging practices, programmers should ensure that logging processes are not disrupted by:
A. Catching incorrect exceptions
B. Multiple catching of incorrect exceptions
C. Re-throwing incorrect exceptions
D. Throwing incorrect exceptions
Answer: D
Question: 61
Which of the threat classification model is used to classify threats during threat modeling process?
A. RED
B. STRIDE
C. DREAD
D. SMART
Answer: B
Question: 62
Which line of the following example of Java Code can make application vulnerable to a session attack?

A. Line No. 1
B. Line No. 3
C. Line No. 4
D. Line No. 5
Answer: B
Question: 63
Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the
Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do
so.
A. < server port="" shutdown-"' >
B. < server port="-1" shutdown-*" >
C. < server port="-1" shutdown="SHUTDOWN" >
D. < server port="8080" shutdown="SHUTDOWN" >
Answer: B
Question: 64
Which of the following method will help you check if DEBUG level is enabled?
A. isDebugEnabled()
B. EnableDebug ()
C. IsEnableDebug ()
D. DebugEnabled()
Answer: A
Question: 65
Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?
A. < connector lsSSLEnabled="Yes" / >
B. < connector EnableSSL="true" / >
C. < connector SSLEnabled="false" / >
D. < connector SSLEnabled="true" / >
Answer: D
Question: 66
In which phase of secure development lifecycle the threat modeling is performed?
A. Coding phase
B. Testing phase
C. Deployment phase
D. Design phase
Answer: D
Question: 67
Identify the type of attack depicted in the figure below:


A. XSS
B. Cross-Site Request Forgery (CSRF) attack
C. SQL injection attack
D. Denial-of-Service attack
Answer: B

User: Snezhana***** I found Killexams.com to be an extraordinary IT exam education platform when I passed the 312-96 exam with ease. The questions were not only actual, but they were also structured in a similar way that the 312-96 exam does, making it easier to recall the answers during the exam. Although not all questions were the same, most of them were, and it was easy to sort them out with the help of Killexams.com. IT specialists like myself find it very cool and beneficial.

User: Makar***** The 312-96 practice tests provided by killexams.com are worth the money as they are great and helped me pass the exam. The questions are valid, and the answers are correct, which I have double-checked with a few friends. I suggest killexams.com to anyone who wants to pass the exam.

User: Henry***** Choosing our thoughts should be done with as much care as we choose our daily outfits, as it holds significant power over our lives. Therefore, if we wish to achieve our goals, we must put in the hard work and utilize all of our potential. Personally, I dedicated myself to preparing for the 312-96 exam and found great success with the help of killexams.com, which proved to be an excellent resource and made my life more relaxed.

User: Mia***** The Killexams.com questions bank was undoubtedly helpful, and I passed my 312-96 exam with 68.25% marks. The questions were appropriate, and the database is frequently updated with new questions. I highly recommend this resource to others who are preparing for their 312-96 profession certification exams.

User: Talya***** I am grateful to killexams.com for providing a comprehensive guide on how to use their questions and answers effectively. With their help, I was able to score 78% on my 312-96 exam. This was my first time taking this exam, and although I felt confident, I still needed to prepare well. Therefore, I used killexams.com questions and answers along with their exam simulator software, which proved to be very useful.

---