Eccouncil 312-96 Exam Questions Instant Access

Question 1

The threat modeling phase where applications are decomposed and their entry points are reviewed from an attacker's perspective is known as ________

AAttack Surface Evaluation

BThreat Classification

CThreat Identification

DImpact Analysis

Answer : A

Question 2

Which of the following configurations can help you avoid displaying server names in server response header?

A< Connector port='8080' protocol='HTTP/1.1' connectionTimeout='20000' redirectPort= '8443' / >

B< Connector port='8080' protocol='HTTP/1.1' connectionTimeout='20000' ServerName=' disable' redirectPort='8443' / >

C< Connector port='8080' protocol='HTTP/1.1' connectionTimeout='20000' Server = ' ' redirectPort='8443' / >

D< Connector port='8080' protocol='HTTP/1.1' connectionTimeout='20000' ServerName ='null ' redirectPort='8443'' / >

Answer : B

Question 3

Identify the type of attack depicted in the figure below:

AXSS

BCross-Site Request Forgery (CSRF) attack

CSQL injection attack

DDenial-of-Service attack

Answer : B

Question 4

Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?

Asession-fixation-protection ='newSessionlD'

Bsession-fixation-protection ='.

Csession-fixation-protection ='enabled'

Dsession-fixation-protection ='.

Answer : B

Question 5

Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

A< connector lsSSLEnabled='Yes' / >

B< connector EnableSSL='true' / >

C< connector SSLEnabled='false' / >

D< connector SSLEnabled='true' / >

Answer : D

Question 6

Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

ADREAD

BSMART

CSTRIDE

DRED

Answer : C

Question 7

Identify the type of encryption depicted in the following figure.

AAsymmetric Encryption

BDigital Signature

CSymmetric Encryption

DHashing

Answer : C

Eccouncil Certified Application Security Engineer (CASE) JAVA 312-96 Exam Questions