ExamGecko
Search Search Login
Home Home / ECCouncil / 312-96
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?
James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?
A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to
Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp < form Id='form1' method='post' action='SearchProperty.jsp' > < input type='text' id=''txt_Search' name='txt_Search' placeholder='Search Property...' / > < input type='Submit' Id='Btn_Search' value='Search' / > < /form > However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.
In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.
Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?
Which of the following relationship is used to describe abuse case scenarios?
Identify the type of attack depicted in the figure below:
Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?

Question 28 - 312-96 discussion

Report
Export

The threat modeling phase where applications are decomposed and their entry points are reviewed from an attacker's perspective is known as ________

A.
Attack Surface Evaluation
Answers
A.
Attack Surface Evaluation
B.
Threat Classification
Answers
B.
Threat Classification
C.
Threat Identification
Answers
C.
Threat Identification
D.
Impact Analysis
Answers
D.
Impact Analysis
Suggested answer: A
Show Answer
asked 18/09/2024
Prinesh Chain
38 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms