312-96 : Certified Application Security Engineer (C|ASE Java) Certification Exam

312-96 Dumps
312-96 Braindumps
312-96 Real Questions
312-96 Practice Test
312-96 Actual Questions
killexams.com EC-COUNCIL 312-96
Certified Application Security Engineer (C|ASE Java) Certification
https://killexams.com/pass4sure/exam-detail/312-96
Question: 56
Which of the following is a secure coding practice to prevent Remote Code Execution vulnerabilities?
1. Allowing user-supplied input to be executed without proper validation
2. Disabling input validation for code execution
3. Implementing input validation and sanitization for code execution
4. Using weak or common passwords
Answer: C
Explanation: Implementing input validation and sanitization for code execution is a secure coding practice to prevent Remote Code Execution vulnerabilities. By validating and sanitizing user-supplied input before executing it as code, the risk of malicious code execution can be mitigated. Allowing user-supplied input to be executed without proper validation, disabling input validation for code execution, and using weak or common passwords are insecure practices that can contribute to Remote Code Execution vulnerabilities.
Question: 57
Which of the following is a secure coding practice to prevent Security Vulnerabilities in third-party libraries?
1. Using outdated and unpatched libraries
2. Disabling input validation for libraries
3. Storing sensitive data in plain text in the libraries
4. Implementing regular updates and patching for libraries
Answer: D
Explanation: Implementing regular updates and patching for libraries is a secure coding practice to prevent Security Vulnerabilities in third-party libraries. By keeping libraries up to date and applying patches promptly, the application can address known vulnerabilities and reduce the risk of exploitation. Using outdated and unpatched libraries, disabling input validation for libraries, and storing sensitive data in plain text in the libraries are insecure practices that can contribute to security vulnerabilities.
Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Java. He found that the developer has used a piece of code as shown in the following screenshot.
Identify the security mistakes that the developer has coded?
1. He is attempting to use client-side validation
2. He is attempting to use whitelist input validation approach
3. He is attempting to use regular expression for validation
4. He is attempting to use blacklist input validation approach
Answer: D Question: 59
Identify the type of attack depicted in the following figure.
1. SQL Injection Attacks
2. Session Fixation Attack
3. Parameter Tampering Attack
4. Denial-of-Service Attack
Answer: C Question: 60
According to secure logging practices, programmers should ensure that logging processes are not disrupted by:
1. Catching incorrect exceptions
2. Multiple catching of incorrect exceptions
3. Re-throwing incorrect exceptions
4. Throwing incorrect exceptions
Answer: D Question: 61
Which of the threat classification model is used to classify threats during threat modeling process?
1. RED
2. STRIDE
3. DREAD
4. SMART
Answer: B
Which line of the following example of Java Code can make application vulnerable to a session attack?
1. Line No. 1
2. Line No. 3
3. Line No. 4
4. Line No. 5
Answer: B Question: 63
Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.
1. < server port="" shutdown-"' >
2. < server port="-1" shutdown-*" >
3. < server port="-1" shutdown="SHUTDOWN" >
4. < server port="8080" shutdown="SHUTDOWN" >
Answer: B Question: 64
Which of the following method will help you check if DEBUG level is enabled?
1. isDebugEnabled()
2. EnableDebug ()
3. IsEnableDebug ()
4. DebugEnabled()
Answer: A Question: 65
In which phase of secure development lifecycle the threat modeling is performed?
1. Coding phase
2. Testing phase
3. Deployment phase
4. Design phase
Answer: D Question: 67
Identify the type of attack depicted in the figure below:
1. XSS
2. Cross-Site Request Forgery (CSRF) attack
3. SQL injection attack
4. Denial-of-Service attack
Answer: B

User: Roy***** I scored an impressive 97% on the certified application security engineer (c|ase java) certification exam after just 10 days of preparation with Killexams.com. Their practice tests and exam simulator provided an authentic exam experience, making them the best choice for expert-level certifications. I highly recommend Killexams.com for anyone aiming to excel in challenging exams.

User: Tasha***** For years, I have relied on Killexams.com for IT exam preparation, and the 312-96 exam was no exception. Their questions, answers, and exam simulator are dependable and accurate, helping me pass with ease. The content is always relevant, and while I never needed their customer service, I have heard it is exceptional. Killexams.com consistently delivers top-quality resources.

User: Rostisla***** As someone who used to look for shortcuts, Killexams.com’s 312-96 practice questions were a lifesaver. Their sample questions helped me grasp the material and achieve a great score.

User: Santino***** Passing the 312-96 exam is certainly not an easy feat, but I managed to do it on my first attempt thanks to the excellent guidance provided by killexams.com Questions and Answers. I would strongly advise other students not to take this exam lightly and to study diligently to achieve success.

User: Yaroslav***** The exam coaching package from killexams.com is genuinely a worthwhile investment because it directly contributed to me passing the 312-96 exam with an impressive score of 94%. Every single question presented was valid and appeared on the actual exam, which clearly demonstrates killexams.com’s commitment to keeping their materials updated with the latest exam changes. I have known many people who have used killexams.com for other IT exams in the past, and they consistently reported similar precision. It is undoubtedly a very dependable and truthful resource.

---