ExamGecko
Search Search Login
Home Home / ECCouncil / 312-96

ECCouncil 312-96 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?
James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?
A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to
Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp < form Id='form1' method='post' action='SearchProperty.jsp' > < input type='text' id=''txt_Search' name='txt_Search' placeholder='Search Property...' / > < input type='Submit' Id='Btn_Search' value='Search' / > < /form > However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.
In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.
Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?
Which of the following relationship is used to describe abuse case scenarios?
Identify the type of attack depicted in the figure below:
Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page. Alice wrote the following code on page load to read the file name. String myfilename = request.getParameter('filename'); String txtFileNameVariable = myfilename; String locationVariable = request.getServletContext().getRealPath('/'); String PathVariable = ''; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

Question 31

Report
Export
Collapse

A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class

A.
@Advice
A.
@Advice
Answers
B.
@ControllerAdvice
B.
@ControllerAdvice
Answers
C.
@globalControllerAdvice
C.
@globalControllerAdvice
Answers
D.
@GlobalAdvice
D.
@GlobalAdvice
Answers
Suggested answer: B

Question 32

Report
Export
Collapse

Which of the following relationship is used to describe abuse case scenarios?

A.
Include Relationship
A.
Include Relationship
Answers
B.
Threatens Relationship
B.
Threatens Relationship
Answers
C.
Extend Relationship
C.
Extend Relationship
Answers
D.
Mitigates Relationship
D.
Mitigates Relationship
Answers
Suggested answer: B

Question 33

Report
Export
Collapse

To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?

A.
valid ate-'true'
A.
valid ate-'true'
Answers
B.
lsNotvalidate='disabled'
B.
lsNotvalidate='disabled'
Answers
C.
lsNotvalidate='false'
C.
lsNotvalidate='false'
Answers
D.
validate='enabled'
D.
validate='enabled'
Answers
Suggested answer: A

Question 34

Report
Export
Collapse

Suppose there is a productList.jsp page, which displays the list of products from the database for the requested product category. The product category comes as a request parameter value. Which of the following line of code will you use to strictly validate request parameter value before processing it for execution?

A.
public boolean validateUserName() {String CategoryId= request.getParameter('CatId');}
A.
public boolean validateUserName() {String CategoryId= request.getParameter('CatId');}
Answers
B.
public boolean validateUserName() { Pattern p = Pattern.compile('[a-zA-Z0-9]*$'); Matcher m = p.matcher(request.getParameter(CatId')); boolean result = m.matches(); return result;}
B.
public boolean validateUserName() { Pattern p = Pattern.compile('[a-zA-Z0-9]*$'); Matcher m = p.matcher(request.getParameter(CatId')); boolean result = m.matches(); return result;}
Answers
C.
public boolean validateUserName() { if(request.getParameter('CatId')!=null ) String CategoryId=request.getParameter('CatId');}
C.
public boolean validateUserName() { if(request.getParameter('CatId')!=null ) String CategoryId=request.getParameter('CatId');}
Answers
D.
public.boolean validateUserName() { if(!request.getParamcter('CatId').equals('null'))}Answer: B
D.
public.boolean validateUserName() { if(!request.getParamcter('CatId').equals('null'))}Answer: B
Answers
Suggested answer: B

Question 35

Report
Export
Collapse

A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?

A.
Maintained session by creating a Session variable user with value stored in uname variable.
A.
Maintained session by creating a Session variable user with value stored in uname variable.
Answers
B.
Maintained session by creating a HTTP variable user with value stored in uname variable.
B.
Maintained session by creating a HTTP variable user with value stored in uname variable.
Answers
C.
Maintained session by creating a Cookie user with value stored in uname variable.
C.
Maintained session by creating a Cookie user with value stored in uname variable.
Answers
D.
Maintained session by creating a hidden variable user with value stored in uname variable.
D.
Maintained session by creating a hidden variable user with value stored in uname variable.
Answers
Suggested answer: A

Question 36

Report
Export
Collapse

Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?

A.
< connector... maxFileLimit='file size' / >
A.
< connector... maxFileLimit='file size' / >
Answers
B.
< connector... maxPostSize='0'/>
B.
< connector... maxPostSize='0'/>
Answers
C.
< connector... maxFileSize='file size' / >
C.
< connector... maxFileSize='file size' / >
Answers
D.
< connector... maxPostSize='file size' / >
D.
< connector... maxPostSize='file size' / >
Answers
Suggested answer: D

Question 37

Report
Export
Collapse

Identify the type of attack depicted in the following figure.

A.
Denial-of-service attack
A.
Denial-of-service attack
Answers
B.
SQL Injection attack
B.
SQL Injection attack
Answers
C.
Directory Traversal Attack
C.
Directory Traversal Attack
Answers
D.
Form Tampering Attack
D.
Form Tampering Attack
Answers
Suggested answer: C

Question 38

Report
Export
Collapse

Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?

A.
< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >
A.
< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >
Answers
B.
< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >
B.
< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >
Answers
C.
< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >
C.
< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >
Answers
D.
< servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >
D.
< servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >
Answers
Suggested answer: B

Question 39

Report
Export
Collapse

The software developer has implemented encryption in the code as shown in the following screenshot.

However, using the DES algorithm for encryption is considered to be an insecure coding practice as DES is a weak encryption algorithm. Which of the following symmetric encryption algorithms will you suggest for strong encryption?

A.
MD5
A.
MD5
Answers
B.
SHA-1
B.
SHA-1
Answers
C.
Triple DES
C.
Triple DES
Answers
D.
AES
D.
AES
Answers
Suggested answer: D

Question 40

Report
Export
Collapse

James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?

A.
Try-Catch-Finally block
A.
Try-Catch-Finally block
Answers
B.
Try-Catch block
B.
Try-Catch block
Answers
C.
Try-With-Resources block
C.
Try-With-Resources block
Answers
D.
Try-Catch-Resources block
D.
Try-Catch-Resources block
Answers
Suggested answer: C
Total 47 questions
Go to page: of 5
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms