Prepare With Top Rated High-quality 312-96 Dumps For Success in 312-96 Exam
312-96 Free Certification Exam Easy to Download PDF Format 2023
EC-Council 312-96 Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
| Secure Coding Practices for Error Handling | - Explain Exception and Error Handling in Java -Explain erroneous exceptional behaviors -Demonstrate the knowledge of do's and don'ts in error handling -Explain Spring MVC error handing -Explain Exception Handling in Struts2 -Demonstrate the knowledge of best practices for error handling -Explain to Logging in Java -Demonstrate the knowledge of Log4j for logging -Demonstrate the knowledge of coding techniques for secure logging -Demonstrate the knowledge of best practices for logging | 16% |
| Secure Coding Practices for Input Validation | - Understand the need of input validation -Explain data validation techniques -Explain data validation in strut framework -Explain data validation in Spring framework -Demonstrate the knowledge of common input validation errors -Demonstrate the knowledge of common secure coding practices for input validation | 8% |
| Secure Coding Practices for Cryptography | - Understand fundamental concepts and need of cryptography In Java -Explain encryption and secret keys -Demonstrate the knowledge of cipher class Implementation -Demonstrate the knowledge of digital signature and Its Implementation -Demonstrate the knowledge of Secure Socket Layer ISSUand Its Implementation -Explain Secure Key Management -Demonstrate the knowledgeofdigital certificate and its implementation - Demonstrate the knowledge of Hash implementation -Explain Java Card Cryptography -Explain Crypto Module in Spring Security -Demonstrate the understanding of Do's and Don'ts in Java Cryptography | 6% |
| Understanding Application Security, Threats, and Attacks | -Understand the need and benefits of application security -Demonstrate the understanding of common application-level attacks -Explain the causes of application-level vulnerabilities -Explain various components of comprehensive application security -Explain the need and advantages of integrating security in Software Development Life Cycle (SDLQ) -Differentiate functional vs security activities in SDLC -Explain Microsoft Security Development Lifecycle (SDU) -Demonstrate the understanding of various software security reference standards, models, and frameworks | 18% |
| Secure Application Design and Architecture | - Understand the importance of secure application design -Explain various secure design principles -Demonstrate the understanding of threat modeling -Explain threat modeling process -Explain STRIDE and DREAD Model -Demonstrate the understanding of Secure Application Architecture Design | 12% |
| Secure Coding Practices for Session Management | - Explain session management in Java -Demonstrate the knowledge of session management in Spring framework -Demonstrate the knowledge of session vulnerabilities and their mitigation techniques -Demonstrate the knowledge of best practices and guidelines for secure session management | 10% |
NEW QUESTION # 20
A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class
- A. @GlobalAdvice
- B. @ControllerAdvice
- C. @globalControllerAdvice
- D. @Advice
Answer: B
NEW QUESTION # 21
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.
- A. Directory Traversal Attack
- B. Denial-of-Service attack
- C. SQL Injection Attack
- D. Client-Side Scripts Attack
Answer: D
NEW QUESTION # 22
The software developer has implemented encryption in the code as shown in the following screenshot.
However, using the DES algorithm for encryption is considered to be an insecure coding practice as DES is a weak encryption algorithm. Which of the following symmetric encryption algorithms will you suggest for strong encryption?
- A. SHA-1
- B. AES
- C. Triple DES
- D. MD5
Answer: B
NEW QUESTION # 23
Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp
< form Id="form1" method="post" action="SearchProperty.jsp" >
< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >
< input type="Submit" Id="Btn_Search" value="Search" / >
< /form >
However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?
- A. He should write code like out.write ("You Searched for:" + request.qetParameter("search"l.toStrinq(ll;
- B. He should write code like out.write (("You Searched for:" +(search));
- C. He should write code like out.write ("You Searched for:" + request.qetParameterf'txt Search"));
- D. He should write code like out-Write ("You Searched for:" +ESAPI.encoder().encodeForHTML(search));
Answer: D
NEW QUESTION # 24
A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to
- A. Brute force attack
- B. Cross Site Request Forgery attack
- C. SQL Injection attack
- D. Session Hijacking attack
Answer: C
NEW QUESTION # 25
Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?
- A. He wants to transfer only Session cookies over encrypted channel
- B. He wants to transfer the entire data over encrypted channel
- C. He wants to transfer only response parameter data over encrypted channel
- D. He wants to transfer only request parameter data over encrypted channel
Answer: B
NEW QUESTION # 26
Identify the formula for calculating the risk during threat modeling.
- A. RISK = PROBABILITY "Attack
- B. RISK = PROBABILITY * DAMAGE POTENTIAL
- C. IRISK = PROBABILITY * VULNERABILITY
- D. RISK = PROBABILITY " ASSETS
Answer: B
NEW QUESTION # 27
It is recommended that you should not use return, break, continue or throw statements in _________
- A. Try-With-Resources block
- B. Catch block
- C. Finally block
- D. Try block
Answer: C
NEW QUESTION # 28
Identify the type of attack depicted in the following figure.
- A. Directory Traversal Attack
- B. Denial-of-service attack
- C. SQL Injection attack
- D. Form Tampering Attack
Answer: A
NEW QUESTION # 29
Suppose there is a productList.jsp page, which displays the list of products from the database for the requested product category. The product category comes as a request parameter value. Which of the following line of code will you use to strictly validate request parameter value before processing it for execution?
- A. public.boolean validateUserName() { if(!request.getParamcter("CatId").equals("null"))}
- B. public boolean validateUserName() { if(request.getParameter("CatId")!=null ) String CategoryId=request.getParameter("CatId");}
- C. public boolean validateUserName() {String CategoryId= request.getParameter("CatId");}
- D. public boolean validateUserName() { Pattern p = Pattern.compile("[a-zA-Z0-9]*$"); Matcher m = p.matcher(request.getParameter(CatId")); boolean result = m.matches(); return result;}
Answer: D
NEW QUESTION # 30
Which of the following is used to mapCustom Exceptions to Statuscode?
- A. @ScacusCode
- B. @ResponseStatusCode
- C. @ResponseStatus
- D. @ResponseCode
Answer: C
NEW QUESTION # 31
Which of the following state management method works only for a sequence of dynamically generated forms?
- A. Hidden Field
- B. URL-rewriting
- C. Sessions
- D. Cookies
Answer: A
NEW QUESTION # 32
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?
- A. validate="enabled"
- B. valid ate-'true"
- C. lsNotvalidate="false"
- D. lsNotvalidate="disabled"
Answer: B
NEW QUESTION # 33
Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.
Alice wrote the following code on page load to read the file name.
String myfilename = request.getParameter("filename");
String txtFileNameVariable = myfilename;
String locationVariable = request.getServletContext().getRealPath("/"); String PathVariable = ""; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?
- A. URL Tampering vulnerability
- B. Directory Traversal vulnerability
- C. Form Tampering vulnerability
- D. XSS vulnerability
Answer: B
NEW QUESTION # 34
Identify the type of attack depicted in the figure below:
- A. SQL injection attack
- B. Directory traversal attack
- C. Parameter/form attack
- D. Session fixation attack
Answer: D
NEW QUESTION # 35
The threat modeling phase where applications are decomposed and their entry points are reviewed from an attacker's perspective is known as ________
- A. Impact Analysis
- B. Threat Classification
- C. Attack Surface Evaluation
- D. Threat Identification
Answer: C
NEW QUESTION # 36
Identify the type of attack depicted in the following figure.
- A. Session Fixation Attack
- B. Parameter Tampering Attack
- C. SQL Injection Attacks
- D. Denial-of-Service Attack
Answer: B
NEW QUESTION # 37
In which phase of secure development lifecycle the threat modeling is performed?
- A. Coding phase
- B. Testing phase
- C. Deployment phase
- D. Design phase
Answer: D
NEW QUESTION # 38
During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?
- A. He is trying to use Non-parametrized SQL query
- B. He is trying to use Whitelisting Input Validation
- C. He is trying to use Blacklisting Input Validation
- D. He is trying to use Parametrized SQL Query
Answer: A
NEW QUESTION # 39
......
EC-Council CASE Java Exam Certification Details:
| Sample Questions | EC-Council CASE Java Sample Questions |
| Passing Score | 70% |
| Exam Price | $450 (USD) |
| Exam Name | EC-Council Certified Application Security Engineer (CASE) - Java |
| Books / Training | Master Class |
| Duration | 120 mins |
| Exam Code | 312-96 |
| Number of Questions | 50 |
Get 100% Success with Latest Application Security 312-96 Exam Dumps: https://latestdumps.actual4exams.com/312-96-real-braindumps.html