• Home
  • Articles
  • [UPDATED 2024] Read 312-96 Study Guide Cover to Cover as Literally [Q25-Q49]

[UPDATED 2024] Read 312-96 Study Guide Cover to Cover as Literally [Q25-Q49]

Share

[UPDATED 2024] Read 312-96 Study Guide Cover to Cover as Literally

100% Real & Accurate 312-96 Questions and Answers with Free and Fast Updates


EC-Council CASE Java Exam Certification Details:

Exam Code312-96
Number of Questions50
Exam Price$450 (USD)
Books / TrainingMaster Class
Passing Score70%
Exam NameEC-Council Certified Application Security Engineer (CASE) - Java
Duration120 mins
Sample QuestionsEC-Council CASE Java Sample Questions

 

NEW QUESTION # 25
Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.
Alice wrote the following code on page load to read the file name.
String myfilename = request.getParameter("filename");
String txtFileNameVariable = myfilename;
String locationVariable = request.getServletContext().getRealPath("/"); String PathVariable = ""; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

  • A. Form Tampering vulnerability
  • B. XSS vulnerability
  • C. URL Tampering vulnerability
  • D. Directory Traversal vulnerability

Answer: D


NEW QUESTION # 26
Identify the type of encryption depicted in the following figure.

  • A. Symmetric Encryption
  • B. Digital Signature
  • C. Asymmetric Encryption
  • D. Hashing

Answer: A


NEW QUESTION # 27
Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?

  • A. ex.StackTrace.getError();
  • B. ex.getError();
  • C. ex.message();
  • D. ex.getMessage();

Answer: D


NEW QUESTION # 28
A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to

  • A. Session Hijacking attack
  • B. SQL Injection attack
  • C. Cross Site Request Forgery attack
  • D. Brute force attack

Answer: B


NEW QUESTION # 29
Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

  • A. < connector SSLEnabled="false" / >
  • B. < connector SSLEnabled="true" / >
  • C. < connector lsSSLEnabled="Yes" / >
  • D. < connector EnableSSL="true" / >

Answer: B


NEW QUESTION # 30
Identify the type of attack depicted in the figure below:

  • A. Parameter/form attack
  • B. Session fixation attack
  • C. SQL injection attack
  • D. Directory traversal attack

Answer: B


NEW QUESTION # 31
In which phase of secure development lifecycle the threat modeling is performed?

  • A. Testing phase
  • B. Design phase
  • C. Deployment phase
  • D. Coding phase

Answer: B


NEW QUESTION # 32
Identify the type of attack depicted in the following figure.

  • A. Directory Traversal Attack
  • B. Form Tampering Attack
  • C. SQL Injection attack
  • D. Denial-of-service attack

Answer: A


NEW QUESTION # 33
Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.
Which type of security assessment activity Jacob is currently performing?

  • A. CAST
  • B. SAST
  • C. ISCST
  • D. CAST

Answer: B


NEW QUESTION # 34
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

  • A. Denial-of-Service attack
  • B. Directory Traversal Attack
  • C. SQL Injection Attack
  • D. Client-Side Scripts Attack

Answer: D


NEW QUESTION # 35
Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

  • A. RED
  • B. DREAD
  • C. STRIDE
  • D. SMART

Answer: C


NEW QUESTION # 36
Which of the following relationship is used to describe abuse case scenarios?

  • A. Extend Relationship
  • B. Threatens Relationship
  • C. Include Relationship
  • D. Mitigates Relationship

Answer: B


NEW QUESTION # 37
Which of the following is used to mapCustom Exceptions to Statuscode?

  • A. @ResponseStatus
  • B. @ResponseStatusCode
  • C. @ResponseCode
  • D. @ScacusCode

Answer: A


NEW QUESTION # 38
Identify what should NOT be catched while handling exceptions.

  • A. EOFException
  • B. SecurityException
  • C. NullPointerException
  • D. IllegalAccessException

Answer: B


NEW QUESTION # 39
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?

  • A. validate="enabled"
  • B. valid ate-'true"
  • C. lsNotvalidate="disabled"
  • D. lsNotvalidate="false"

Answer: B


NEW QUESTION # 40
Which of the following configurations can help you avoid displaying server names in server response header?

  • A. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName=" disable" redirectPort="8443" / >
  • B. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName ="null " redirectPort="8443'' / >
  • C. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" Server = " " redirectPort="8443" / >
  • D. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort= "8443" / >

Answer: A


NEW QUESTION # 41
Identify the type of attack depicted in the figure below:

  • A. Denial-of-Service attack
  • B. Cross-Site Request Forgery (CSRF) attack
  • C. XSS
  • D. SQL injection attack

Answer: B


NEW QUESTION # 42
Which of the following can be derived from abuse cases to elicit security requirements for software system?

  • A. Use cases
  • B. Misuse cases
  • C. Security use cases
  • D. Data flow diagram

Answer: C


NEW QUESTION # 43
Which of the following method will help you check if DEBUG level is enabled?

  • A. EnableDebug ()
  • B. isDebugEnabled()
  • C. DebugEnabled()
  • D. IsEnableDebug ()

Answer: B


NEW QUESTION # 44
......


EC-Council 312-96 Exam Syllabus Topics:

TopicDetailsWeights
Secure Deployment andMaintenance- Understand the importance of secure deployment
-Explain security practices at host level
-Explain security practices at network level
-Explain security practices at application level
-Explain security practices at web container level (Tomcat)
-Explain security practices at Oracle database level
-Demonstrate the knowledge of security maintenance and monitoring activities		10%
Secure Coding Practices for Input Validation- Understand the need of input validation
-Explain data validation techniques
-Explain data validation in strut framework
-Explain data validation in Spring framework
-Demonstrate the knowledge of common input validation errors
-Demonstrate the knowledge of common secure coding practices for input validation		8%
Static and Dynamic Application Security 'resting (SAST & DAST)- Understand Static Application Security Testing (SAST)
-Demonstrate the knowledge of manual secure code review techniques for most common vulnerabilities
-Explain Dynamic Application Security Testing
-Demonstrate the knowledge of Automated Application Vulnerability Scanning Toolsfor DAST
-Demonstrate the knowledge of Proxy-based Security Testing Tools for DAST		8%
Understanding Application Security, Threats, and Attacks-Understand the need and benefits of application security
-Demonstrate the understanding of common application-level attacks
-Explain the causes of application-level vulnerabilities
-Explain various components of comprehensive application security
-Explain the need and advantages of integrating security in Software Development Life Cycle (SDLQ)
-Differentiate functional vs security activities in SDLC
-Explain Microsoft Security Development Lifecycle (SDU)
-Demonstrate the understanding of various software security reference standards, models, and frameworks		18%
Secure Coding Practices for Authentication and Authorization- Understand authentication concepts
-Explain authentication implementation in Java
-Demonstrate the knowledge of authentication weaknesses and prevention
-Understand authorization concepts
-Explain Access Control Model
-Explain EJB authorization
-Explain Java Authentication and Authorization (JAAS)
-Demonstrate the knowledge of authorization common mistakes and countermeasures
-Explain Java EE security
-Demonstrate the knowledge of authentication and authorization in Spring Security Framework
-Demonstrate the knowledge of defensive coding practices against broken authentication and authorization		4%
Secure Coding Practices for Cryptography- Understand fundamental concepts and need of cryptography In Java
-Explain encryption and secret keys
-Demonstrate the knowledge of cipher class Implementation
-Demonstrate the knowledge of digital signature and Its Implementation
-Demonstrate the knowledge of Secure Socket Layer ISSUand Its Implementation
-Explain Secure Key Management
-Demonstrate the knowledgeofdigital certificate and its implementation
- Demonstrate the knowledge of Hash implementation
-Explain Java Card Cryptography
-Explain Crypto Module in Spring Security
-Demonstrate the understanding of Do's and Don'ts in Java Cryptography		6%

 

Reliable Study Materials for 312-96 Exam Success For Sure: https://www.dumps4pdf.com/312-96-valid-braindumps.html

Get Unlimited Access to 312-96 Certification Exam Cert Guide: https://drive.google.com/open?id=1ZFKT4NBy2ho0QTLc8zLUfmZa6M2UJj6k

Related Articles

more
ECCouncil 312-96 Certification Practice Exam

Dumps4PDF ensure you get IT certification easily; you just need to use your spare time to practice the latest dumps pdf and remember the key points of exam dumps.

Latest Pass Dumps PDF

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Dumps4PDF NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Dumps4PDF does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Dumps4PDF does not own or claim any ownership on any of the brands.