This page was exported from IT Certification Exam Braindumps [ http://blog.braindumpsit.com ] Export date:Sat Apr 12 19:21:41 2025 / +0000 GMT ___________________________________________________ Title: The Best 312-96 Exam Study Material and Preparation Test Question Dumps [Q20-Q38] --------------------------------------------------- The Best 312-96 Exam Study Material and Preparation Test Question Dumps Get Ready to Pass the 312-96 exam Right Now Using Our Application Security Exam Package EC-Council 312-96 Exam Syllabus Topics: TopicDetailsWeightsSecurity Requirements Gathering-Understand the importance of gathering security requirements-Explain Security Requirement Engineering (SRE) and its phases-Demonstrate the understanding of Abuse Cases and Abuse Case Modeling- Demonstrate the understanding of Security Use Cases and Security Use Case Modeling-Demonstrate the understanding of Abuser and Security Stories-Explain Security Quality Requirements Engineering (SQUARE) Model-Explain Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Model8%Secure Coding Practices for Input Validation- Understand the need of input validation-Explain data validation techniques-Explain data validation in strut framework-Explain data validation in Spring framework-Demonstrate the knowledge of common input validation errors-Demonstrate the knowledge of common secure coding practices for input validation8%Secure Coding Practices for Cryptography- Understand fundamental concepts and need of cryptography In Java-Explain encryption and secret keys-Demonstrate the knowledge of cipher class Implementation-Demonstrate the knowledge of digital signature and Its Implementation-Demonstrate the knowledge of Secure Socket Layer ISSUand Its Implementation-Explain Secure Key Management-Demonstrate the knowledgeofdigital certificate and its implementation- Demonstrate the knowledge of Hash implementation-Explain Java Card Cryptography-Explain Crypto Module in Spring Security-Demonstrate the understanding of Do's and Don'ts in Java Cryptography6%Secure Coding Practices for Session Management- Explain session management in Java-Demonstrate the knowledge of session management in Spring framework-Demonstrate the knowledge of session vulnerabilities and their mitigation techniques-Demonstrate the knowledge of best practices and guidelines for secure session management10%Secure Deployment andMaintenance- Understand the importance of secure deployment-Explain security practices at host level-Explain security practices at network level-Explain security practices at application level-Explain security practices at web container level (Tomcat)-Explain security practices at Oracle database level-Demonstrate the knowledge of security maintenance and monitoring activities10%Secure Coding Practices for Error Handling- Explain Exception and Error Handling in Java-Explain erroneous exceptional behaviors-Demonstrate the knowledge of do's and don'ts in error handling-Explain Spring MVC error handing-Explain Exception Handling in Struts2-Demonstrate the knowledge of best practices for error handling-Explain to Logging in Java-Demonstrate the knowledge of Log4j for logging-Demonstrate the knowledge of coding techniques for secure logging-Demonstrate the knowledge of best practices for logging16%Static and Dynamic Application Security 'resting (SAST & DAST)- Understand Static Application Security Testing (SAST)-Demonstrate the knowledge of manual secure code review techniques for most common vulnerabilities-Explain Dynamic Application Security Testing-Demonstrate the knowledge of Automated Application Vulnerability Scanning Toolsfor DAST-Demonstrate the knowledge of Proxy-based Security Testing Tools for DAST8%   NEW QUESTION 20Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.Alice wrote the following code on page load to read the file name.String myfilename = request.getParameter(“filename”);String txtFileNameVariable = myfilename;String locationVariable = request.getServletContext().getRealPath(“/”); String PathVariable = “”; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?  URL Tampering vulnerability  Form Tampering vulnerability  XSS vulnerability  Directory Traversal vulnerability NEW QUESTION 21Identify the type of attack depicted in the following figure.  Denial-of-service attack  SQL Injection attack  Directory Traversal Attack  Form Tampering Attack NEW QUESTION 22Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?  < connector… maxFileLimit=”file size” / >  < connector… maxPostSize=”0″/>  < connector… maxFileSize=”file size” / >  < connector… maxPostSize=”file size” / > NEW QUESTION 23A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?  Maintained session by creating a Session variable user with value stored in uname variable.  Maintained session by creating a HTTP variable user with value stored in uname variable.  Maintained session by creating a Cookie user with value stored in uname variable.  Maintained session by creating a hidden variable user with value stored in uname variable. NEW QUESTION 24In which phase of secure development lifecycle the threat modeling is performed?  Coding phase  Testing phase  Deployment phase  Design phase NEW QUESTION 25Suppose there is a productList.jsp page, which displays the list of products from the database for the requested product category. The product category comes as a request parameter value. Which of the following line of code will you use to strictly validate request parameter value before processing it for execution?  public boolean validateUserName() {String CategoryId= request.getParameter(“CatId”);}  public boolean validateUserName() { Pattern p = Pattern.compile(“[a-zA-Z0-9]*$”); Matcher m = p.matcher(request.getParameter(CatId”)); boolean result = m.matches(); return result;}  public boolean validateUserName() { if(request.getParameter(“CatId”)!=null ) String CategoryId=request.getParameter(“CatId”);}  public.boolean validateUserName() { if(!request.getParamcter(“CatId”).equals(“null”))} NEW QUESTION 26James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?  Try-Catch-Finally block  Try-Catch block  Try-With-Resources block  Try-Catch-Resources block NEW QUESTION 27Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?  < int-param > < param-name>directory-listinqs < param-value>true < /init-param >  < int param > < param-name>directorv-listinqs < param-value>false < /init-param >  < int-param > < param-name>listinqs < param-value>true < /init-param  < int-param > < param-name>listinqs < param-value>false < /init-param > NEW QUESTION 28Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?  He wants to transfer the entire data over encrypted channel  He wants to transfer only response parameter data over encrypted channel  He wants to transfer only request parameter data over encrypted channel  He wants to transfer only Session cookies over encrypted channel NEW QUESTION 29Which of the following authentication mechanism does J2EE support?  Http Basic, Form Based, Client/Server Mutual, Role Based Authentication  Role Based, Http Basic, Windows, Http Digest Authentication  Http Basic, Form Based, Client/Server Mutual, HTTP Digest Authentication  Windows, Form based. Role Based, Client/Server Mutual Authentication NEW QUESTION 30Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.  < server port=”” shutdown-“‘ >  < server port=”-1″ shutdown-*” >  < server port=”-1″ shutdown=”SHUTDOWN” >  < server port=”8080″ shutdown=”SHUTDOWN” > NEW QUESTION 31Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.Which type of security assessment activity Jacob is currently performing?  ISCST  CAST  CAST  SAST NEW QUESTION 32To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?  valid ate-‘true”  lsNotvalidate=”disabled”  lsNotvalidate=”false”  validate=”enabled” NEW QUESTION 33Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?  session-fixation-protection =”newSessionlD”  session-fixation-protection =”.  session-fixation-protection =”enabled”  session-fixation-protection =”. NEW QUESTION 34Which line of the following example of Java Code can make application vulnerable to a session attack?  Line No. 1  Line No. 3  Line No. 4  Line No. 5 NEW QUESTION 35Which of the following DFD component is used to represent the change in privilege levels?  3  4  1  2 NEW QUESTION 36During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?  He is trying to use Whitelisting Input Validation  He is trying to use Non-parametrized SQL query  He is trying to use Blacklisting Input Validation  He is trying to use Parametrized SQL Query NEW QUESTION 37Which of the following is used to mapCustom Exceptions to Statuscode?  @ResponseStatus  @ResponseStatusCode  @ResponseCode  @ScacusCode NEW QUESTION 38In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.  Failure to Restrict URL  Broken Authentication  Unvalidated Redirects and Forwards  Denial-of-Service [Do  Loading … Get Special Discount Offer of 312-96 Certification Exam Sample Questions and Answers: https://www.braindumpsit.com/312-96_real-exam.html --------------------------------------------------- Images: https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-12-18 09:51:34 Post date GMT: 2023-12-18 09:51:34 Post modified date: 2023-12-18 09:51:34 Post modified date GMT: 2023-12-18 09:51:34