Home / ECCouncil / 312-96

ECCouncil 312-96 Practice Test - Questions Answers, Page 2

Question list

List of questions

Question 11

(0)

The developer wants to remove the HttpSessionobject and its values from the client' system. Which of the following method should he use for the above purpose?

Question 12

(0)

Identify the type of encryption depicted in the following figure.

Question 13

(0)

Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Jav

Question 14

(0)

Identify the type of attack depicted in the following figure.

Question 15

(0)

According to secure logging practices, programmers should ensure that logging processes are not disrupted by:

Question 16

(0)

Which of the threat classification model is used to classify threats during threat modeling process?

Question 17

(0)

Which line of the following example of Java Code can make application vulnerable to a session attack?

Question 18

(0)

Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.

Question 19

(0)

Which of the following method will help you check if DEBUG level is enabled?

Question 20

(0)

Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

Related questions

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?

A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to

Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp < form Id='form1' method='post' action='SearchProperty.jsp' > < input type='text' id=''txt_Search' name='txt_Search' placeholder='Search Property...' / > < input type='Submit' Id='Btn_Search' value='Search' / > < /form > However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.

Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?

Which of the following relationship is used to describe abuse case scenarios?

Identify the type of attack depicted in the figure below:

Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page. Alice wrote the following code on page load to read the file name. String myfilename = request.getParameter('filename'); String txtFileNameVariable = myfilename; String locationVariable = request.getServletContext().getRealPath('/'); String PathVariable = ''; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

Question 11

The developer wants to remove the HttpSessionobject and its values from the client' system.

Which of the following method should he use for the above purpose?

sessionlnvalidateil

Invalidate(session JSESSIONID)

isValidateQ

invalidateQ

Show Answer Comment (0)

Question 12

Identify the type of encryption depicted in the following figure.

Asymmetric Encryption

Digital Signature

Symmetric Encryption

Hashing

Show Answer Comment (0)

Question 13

Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Jav

He found that the developer has used a piece of code as shown in the following screenshot. Identify the security mistakes that the developer has coded?

He is attempting to use client-side validation

He is attempting to use whitelist input validation approach

He is attempting to use regular expression for validation

He is attempting to use blacklist input validation approach

Show Answer Comment (0)

Question 14

Identify the type of attack depicted in the following figure.

SQL Injection Attacks

Session Fixation Attack

Parameter Tampering Attack

Denial-of-Service Attack

Show Answer Comment (0)

Question 15

According to secure logging practices, programmers should ensure that logging processes are not disrupted by:

Catching incorrect exceptions

Multiple catching of incorrect exceptions

Re-throwing incorrect exceptions

Throwing incorrect exceptions

Show Answer Comment (0)

Question 16

Which of the threat classification model is used to classify threats during threat modeling process?

RED

STRIDE

DREAD

SMART

Show Answer Comment (0)

Question 17

Which line of the following example of Java Code can make application vulnerable to a session attack?

Line No. 1

Line No. 3

Line No. 4

Line No. 5

Show Answer Comment (0)

Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.

< server port='' shutdown-'' >

< server port='-1' shutdown-*' >

< server port='-1' shutdown='SHUTDOWN' >

< server port='8080' shutdown='SHUTDOWN' >

Show Answer Comment (0)