Improve Your Knowledge with 312-96 Exam Dumps

Practicing with 312-96 questions can help you identify areas where you need to improve your knowledge. By answering 312-96 questions and reviewing your responses, you can identify gaps in your understanding and focus your study efforts on those areas. The 312-96 exam has a strict time limit, and you need to manage your time effectively to answer all the questions. Practicing with EC-Council 312-96 dumps questions can help you develop time management skills by simulating the exam's time constraints. You'll learn how to pace yourself, manage your time effectively, and ensure that you complete the 312-96 exam within the allotted time. Test EC-Council 312-96 exam free dumps below.

Page 1 of 2

1. Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?

ex.StackTrace.getError();

ex.message();

ex.getMessage();

ex.getError();

 Loading...

2. Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

Denial-of-Service attack

Client-Side Scripts Attack

SQL Injection Attack

Directory Traversal Attack

 Loading...

3. Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

< connector lsSSLEnabled="Yes" / >

< connector EnableSSL="true" / >

< connector SSLEnabled="false" / >

< connector SSLEnabled="true" / >

 Loading...

4. Identify the type of encryption depicted in the following figure.

Asymmetric Encryption

Digital Signature

Symmetric Encryption

Hashing

 Loading...

5. Which line of the following example of Java Code can make application vulnerable to a session attack?

Line No. 1

Line No. 3

Line No. 4

Line No. 5

 Loading...

6. A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class

@Advice

@ControllerAdvice

@globalControllerAdvice

@GlobalAdvice

 Loading...

7. James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream.

Which of the following exception handling block should he use for the above purpose?

Try-Catch-Finally block

Try-Catch block

Try-With-Resources block

Try-Catch-Resources block

 Loading...

8. The developer wants to remove the HttpSessionobject and its values from the client' system.

Which of the following method should he use for the above purpose?

sessionlnvalidateil

Invalidate(session JSESSIONID)

isValidateQ

invalidateQ

 Loading...

9. Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files.

Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?

< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >

< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >

< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >

< servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >

 Loading...

10. The software developer has implemented encryption in the code as shown in the following screenshot.





However, using the DES algorithm for encryption is considered to be an insecure coding practice as DES is a weak encryption algorithm.

Which of the following symmetric encryption algorithms will you suggest for strong encryption?

MD5

SHA-1

Triple DES

AES

 Loading...

Page 2 of 2

11. Identify the type of attack depicted in the figure below:

XSS

Cross-Site Request Forgery (CSRF) attack

SQL injection attack

Denial-of-Service attack

 Loading...

12. Suppose there is a productList.jsp page, which displays the list of products from the database for the requested product category. The product category comes as a request parameter value.

Which of the following line of code will you use to strictly validate request parameter value before processing it for execution?

public boolean validateUserName() {String CategoryId= request.getParameter("CatId");}

public boolean validateUserName() { Pattern p = Pattern.compile("[a-zA-Z0-9]*$"); Matcher m = p.matcher(request.getParameter(CatId")); boolean result = m.matches(); return result;}

public boolean validateUserName() { if(request.getParameter("CatId")!=null ) String CategoryId=request.getParameter("CatId");}

public.boolean validateUserName() { if(!request.getParamcter("CatId").equals("null"))}

 Loading...

13. In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.

Failure to Restrict URL

Broken Authentication

Unvalidated Redirects and Forwards

Denial-of-Service [Do

 Loading...

14. Identify the formula for calculating the risk during threat modeling.

RISK = PROBABILITY "Attack

RISK = PROBABILITY " ASSETS

RISK = PROBABILITY * DAMAGE POTENTIAL

IRISK = PROBABILITY * VULNERABILITY

 Loading...

15. 1.Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Java. He found that the developer has used a piece of code as shown in the following screenshot.





Identify the security mistakes that the developer has coded?

He is attempting to use client-side validation

He is attempting to use whitelist input validation approach

He is attempting to use regular expression for validation

He is attempting to use blacklist input validation approach

 Loading...

 Loading...