312-96, ECCouncil, , , ,
Rate this post

The Best 312-96 Exam Study Material and Preparation Test Question Dumps

Get Ready to Pass the 312-96 exam Right Now Using Our Application Security Exam Package

EC-Council 312-96 Exam Syllabus Topics:

Topic Details Weights
Security Requirements Gathering -Understand the importance of gathering security requirements
-Explain Security Requirement Engineering (SRE) and its phases
-Demonstrate the understanding of Abuse Cases and Abuse Case Modeling
– Demonstrate the understanding of Security Use Cases and Security Use Case Modeling
-Demonstrate the understanding of Abuser and Security Stories
-Explain Security Quality Requirements Engineering (SQUARE) Model
-Explain Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Model		 8%
Secure Coding Practices for Input Validation – Understand the need of input validation
-Explain data validation techniques
-Explain data validation in strut framework
-Explain data validation in Spring framework
-Demonstrate the knowledge of common input validation errors
-Demonstrate the knowledge of common secure coding practices for input validation		 8%
Secure Coding Practices for Cryptography – Understand fundamental concepts and need of cryptography In Java
-Explain encryption and secret keys
-Demonstrate the knowledge of cipher class Implementation
-Demonstrate the knowledge of digital signature and Its Implementation
-Demonstrate the knowledge of Secure Socket Layer ISSUand Its Implementation
-Explain Secure Key Management
-Demonstrate the knowledgeofdigital certificate and its implementation
– Demonstrate the knowledge of Hash implementation
-Explain Java Card Cryptography
-Explain Crypto Module in Spring Security
-Demonstrate the understanding of Do’s and Don’ts in Java Cryptography		 6%
Secure Coding Practices for Session Management – Explain session management in Java
-Demonstrate the knowledge of session management in Spring framework
-Demonstrate the knowledge of session vulnerabilities and their mitigation techniques
-Demonstrate the knowledge of best practices and guidelines for secure session management		 10%
Secure Deployment andMaintenance – Understand the importance of secure deployment
-Explain security practices at host level
-Explain security practices at network level
-Explain security practices at application level
-Explain security practices at web container level (Tomcat)
-Explain security practices at Oracle database level
-Demonstrate the knowledge of security maintenance and monitoring activities		 10%
Secure Coding Practices for Error Handling – Explain Exception and Error Handling in Java
-Explain erroneous exceptional behaviors
-Demonstrate the knowledge of do’s and don’ts in error handling
-Explain Spring MVC error handing
-Explain Exception Handling in Struts2
-Demonstrate the knowledge of best practices for error handling
-Explain to Logging in Java
-Demonstrate the knowledge of Log4j for logging
-Demonstrate the knowledge of coding techniques for secure logging
-Demonstrate the knowledge of best practices for logging		 16%
Static and Dynamic Application Security ‘resting (SAST & DAST) – Understand Static Application Security Testing (SAST)
-Demonstrate the knowledge of manual secure code review techniques for most common vulnerabilities
-Explain Dynamic Application Security Testing
-Demonstrate the knowledge of Automated Application Vulnerability Scanning Toolsfor DAST
-Demonstrate the knowledge of Proxy-based Security Testing Tools for DAST		 8%

 

NEW QUESTION 20
Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.
Alice wrote the following code on page load to read the file name.
String myfilename = request.getParameter(“filename”);
String txtFileNameVariable = myfilename;
String locationVariable = request.getServletContext().getRealPath(“/”); String PathVariable = “”; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

 
 
 
 

NEW QUESTION 21
Identify the type of attack depicted in the following figure.

 
 
 
 

NEW QUESTION 22
Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?

 
 
 
 

NEW QUESTION 23
A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?

 
 
 
 

NEW QUESTION 24
In which phase of secure development lifecycle the threat modeling is performed?

 
 
 
 

NEW QUESTION 25
Suppose there is a productList.jsp page, which displays the list of products from the database for the requested product category. The product category comes as a request parameter value. Which of the following line of code will you use to strictly validate request parameter value before processing it for execution?

 
 
 
 

NEW QUESTION 26
James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?

 
 
 
 

NEW QUESTION 27
Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?

 
 
 
 

NEW QUESTION 28
Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?

 
 
 
 

NEW QUESTION 29
Which of the following authentication mechanism does J2EE support?

 
 
 
 

NEW QUESTION 30
Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.

 
 
 
 

NEW QUESTION 31
Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.
Which type of security assessment activity Jacob is currently performing?

 
 
 
 

NEW QUESTION 32
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?

 
 
 
 

NEW QUESTION 33
Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?

 
 
 
 

NEW QUESTION 34
Which line of the following example of Java Code can make application vulnerable to a session attack?

 
 
 
 

NEW QUESTION 35
Which of the following DFD component is used to represent the change in privilege levels?

 
 
 
 

NEW QUESTION 36
During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

 
 
 
 

NEW QUESTION 37
Which of the following is used to mapCustom Exceptions to Statuscode?

 
 
 
 

NEW QUESTION 38
In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.

 
 
 
 

Get Special Discount Offer of 312-96 Certification Exam Sample Questions and Answers: https://www.braindumpsit.com/312-96_real-exam.html

         

Leave a comment

Your email address will not be published. Required fields are marked *

Enter the text from the image below