Eccouncil 312-96 Exam Practice Test Instant Access

Question 1

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

AHe is trying to use Whitelisting Input Validation

BHe is trying to use Non-parametrized SQL query

CHe is trying to use Blacklisting Input Validation

DHe is trying to use Parametrized SQL Query

Answer : B

Question 2

Ted is an application security engineer who ensures application security activities are being followed during the entire lifecycle of the project. One day, he was analyzing various interactions of users depicted in the use cases of the project under inception. Based on the use case in hand, he started depicting the scenarios where attacker could misuse the application. Can you identify the activity on which Ted is working?

ATed was depicting abuse cases

BTed was depicting abstract use cases

CTed was depicting lower-level use cases

DTed was depicting security use cases

Answer : A

Question 3

Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.

A< server port='' shutdown-'' >

B< server port='-1' shutdown-*' >

C< server port='-1' shutdown='SHUTDOWN' >

D< server port='8080' shutdown='SHUTDOWN' >

Answer : B

Question 4

Which of the following state management method works only for a sequence of dynamically generated forms?

ACookies

BSessions

CHidden Field

DURL-rewriting

Answer : C

Question 5

According to secure logging practices, programmers should ensure that logging processes are not disrupted by:

ACatching incorrect exceptions

BMultiple catching of incorrect exceptions

CRe-throwing incorrect exceptions

DThrowing incorrect exceptions

Answer : D

Question 6

Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?

A< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >

B< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >

C< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >

D< servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >

Answer : B

Question 7

A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class

A@Advice

B@ControllerAdvice

C@globalControllerAdvice

D@GlobalAdvice

Answer : B

Eccouncil Certified Application Security Engineer (CASE) JAVA 312-96 Exam Practice Test