[2024] Pass ECCouncil 312-96 Test Practice Test Questions Exam Dumps [Q11-Q35]

[2024] Pass ECCouncil 312-96 Test Practice Test Questions Exam Dumps

Verified 312-96 dumps Q&As - 312-96 dumps with Correct Answers

EC-Council CASE Java Exam Certification Details:

Schedule Exam	Pearson VUE OREC-Council Store,ECC Exam Center
Passing Score	70%
Duration	120 mins
Exam Price	$450 (USD)
Books / Training	Master Class
Exam Code	312-96

 

NEW QUESTION # 11
Which of the following relationship is used to describe abuse case scenarios?

• A. Threatens Relationship
• B. Mitigates Relationship
• C. Extend Relationship
• D. Include Relationship

Answer: A

NEW QUESTION # 12
Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?

• A. He wants to transfer only request parameter data over encrypted channel
• B. He wants to transfer only response parameter data over encrypted channel
• C. He wants to transfer only Session cookies over encrypted channel
• D. He wants to transfer the entire data over encrypted channel

Answer: D

NEW QUESTION # 13
Which of the following configurations can help you avoid displaying server names in server response header?

• A. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort= "8443" / >
• B. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName=" disable" redirectPort="8443" / >
• C. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" Server = " " redirectPort="8443" / >
• D. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName ="null " redirectPort="8443'' / >

Answer: B

NEW QUESTION # 14
Which of the following DFD component is used to represent the change in privilege levels?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: D

NEW QUESTION # 15
In which phase of secure development lifecycle the threat modeling is performed?

• A. Testing phase
• B. Design phase
• C. Deployment phase
• D. Coding phase

Answer: B

NEW QUESTION # 16
Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

• A. DREAD
• B. STRIDE
• C. SMART
• D. RED

Answer: B

NEW QUESTION # 17
Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp
< form Id="form1" method="post" action="SearchProperty.jsp" >
< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >
< input type="Submit" Id="Btn_Search" value="Search" / >
< /form >
However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?

• A. He should write code like out.write ("You Searched for:" + request.qetParameter("search"l.toStrinq(ll;
• B. He should write code like out-Write ("You Searched for:" +ESAPI.encoder().encodeForHTML(search));
• C. He should write code like out.write (("You Searched for:" +(search));
• D. He should write code like out.write ("You Searched for:" + request.qetParameterf'txt Search"));

Answer: B

NEW QUESTION # 18
Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.
Which type of security assessment activity Jacob is currently performing?

• A. CAST
• B. CAST
• C. ISCST
• D. SAST

Answer: D

NEW QUESTION # 19
Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?

• A. < servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >
• B. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >
• C. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >
• D. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >

Answer: B

NEW QUESTION # 20
James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?

• A. Try-Catch-Resources block
• B. Try-Catch-Finally block
• C. Try-With-Resources block
• D. Try-Catch block

Answer: C

NEW QUESTION # 21
Identify the type of attack depicted in the figure below:

• A. Denial-of-Service attack
• B. Cross-Site Request Forgery (CSRF) attack
• C. XSS
• D. SQL injection attack

Answer: B

NEW QUESTION # 22
Which of the following can be derived from abuse cases to elicit security requirements for software system?

• A. Security use cases
• B. Data flow diagram
• C. Use cases
• D. Misuse cases

Answer: A

NEW QUESTION # 23
Which of the following method will help you check if DEBUG level is enabled?

• A. IsEnableDebug ()
• B. DebugEnabled()
• C. EnableDebug ()
• D. isDebugEnabled()

Answer: D

NEW QUESTION # 24
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

• A. Denial-of-Service attack
• B. SQL Injection Attack
• C. Directory Traversal Attack
• D. Client-Side Scripts Attack

Answer: D

NEW QUESTION # 25
Which line of the following example of Java Code can make application vulnerable to a session attack?

• A. Line No. 5
• B. Line No. 4
• C. Line No. 3
• D. Line No. 1

Answer: C

NEW QUESTION # 26
A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to

• A. Brute force attack
• B. SQL Injection attack
• C. Cross Site Request Forgery attack
• D. Session Hijacking attack

Answer: B

NEW QUESTION # 27
Which of the following is used to mapCustom Exceptions to Statuscode?

• A. @ResponseStatusCode
• B. @ResponseStatus
• C. @ResponseCode
• D. @ScacusCode

Answer: B

NEW QUESTION # 28
A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?

• A. Maintained session by creating a Cookie user with value stored in uname variable.
• B. Maintained session by creating a hidden variable user with value stored in uname variable.
• C. Maintained session by creating a HTTP variable user with value stored in uname variable.
• D. Maintained session by creating a Session variable user with value stored in uname variable.

Answer: D

NEW QUESTION # 29
Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.
Alice wrote the following code on page load to read the file name.
String myfilename = request.getParameter("filename");
String txtFileNameVariable = myfilename;
String locationVariable = request.getServletContext().getRealPath("/"); String PathVariable = ""; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

• A. URL Tampering vulnerability
• B. XSS vulnerability
• C. Form Tampering vulnerability
• D. Directory Traversal vulnerability

Answer: D

NEW QUESTION # 30
......

312-96 certification guide Q&A from Training Expert ExamTorrent: https://prep4sure.examtorrent.com/312-96-exam-papers.html