Eccouncil 312-96 Exam Practice Test Instant Access

Question 1

Which line of the following example of Java Code can make application vulnerable to a session attack?

ALine No. 1

BLine No. 3

CLine No. 4

DLine No. 5

Answer : B

Question 2

A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to

ASession Hijacking attack

BCross Site Request Forgery attack

CSQL Injection attack

DBrute force attack

Answer : C

Question 3

Which of the following state management method works only for a sequence of dynamically generated forms?

ACookies

BSessions

CHidden Field

DURL-rewriting

Answer : C

Question 4

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

AHe is trying to use Whitelisting Input Validation

BHe is trying to use Non-parametrized SQL query

CHe is trying to use Blacklisting Input Validation

DHe is trying to use Parametrized SQL Query

Answer : B

Question 5

Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?

A< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >

B< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >

C< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >

D< servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >

Answer : B

Question 6

Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

A< connector lsSSLEnabled='Yes' / >

B< connector EnableSSL='true' / >

C< connector SSLEnabled='false' / >

D< connector SSLEnabled='true' / >

Answer : D

Question 7

Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.

Alice wrote the following code on page load to read the file name.

String myfilename = request.getParameter("filename");

String txtFileNameVariable = myfilename;

String locationVariable = request.getServletContext().getRealPath("/");

String PathVariable = "";

PathVariable = locationVariable + txtFileNameVariable;

BufferedInputStream bufferedInputStream = null;

Path filepath = Paths.get(PathVariable);

After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

AURL Tampering vulnerability

BForm Tampering vulnerability

CXSS vulnerability

DDirectory Traversal vulnerability

Answer : D

Eccouncil Certified Application Security Engineer (CASE) JAVA 312-96 Exam Practice Test