Download Certified Application Security Engineer (CASE) JAVA.312-96.VCEplus.2023-08-21.20q.vcex

Vendor: ECCouncil
Exam Code: 312-96
Exam Name: Certified Application Security Engineer (CASE) JAVA
Date: Aug 21, 2023
File Size: 540 KB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?
  1. < int-param > < param-name>directory-listinqs < param-value>true < /init-param >
  2. < int param > < param-name>directorv-listinqs < param-value>false < /init-param >
  3. < int-param > < param-name>listinqs < param-value>true < /init-param
  4. < int-param > < param-name>listinqs < param-value>false < /init-param >
Correct answer: B
Question 2
Which of the following relationship is used to describe security use case scenario?
  1. Threatens Relationship
  2. Extend Relationship
  3. Mitigates Relationship
  4. Include Relationship
Correct answer: B
Question 3
Identify the formula for calculating the risk during threat modeling.
  1. RISK = PROBABILITY 'Attack
  2. RISK = PROBABILITY ' ASSETS
  3. RISK = PROBABILITY * DAMAGE POTENTIAL
  4. IRISK = PROBABILITY * VULNERABILITY
Correct answer: C
Question 4
The threat modeling phase where applications are decomposed and their entry points are reviewed from an attacker's perspective is known as ________
  1. Attack Surface Evaluation
  2. Threat Classification
  3. Threat Identification
  4. Impact Analysis
Correct answer: A
Question 5
Ted is an application security engineer who ensures application security activities are being followed during the entire lifecycle of the project. One day, he was analyzing various interactions of users depicted in the use cases of the project under inception. Based on the use case in hand, he started depicting the scenarios where attacker could misuse the application. Can you identify the activity on which Ted is working?
  1. Ted was depicting abuse cases 
  2. Ted was depicting abstract use cases
  3. Ted was depicting lower-level use cases
  4. Ted was depicting security use cases
Correct answer: A
Question 6
A US-based ecommerce company has developed their websitewww.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URLhttp://www.ec-sell.com/products.jsp?val=100 tohttp://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to
  1. Session Hijacking attack
  2. Cross Site Request Forgery attack
  3. SQL Injection attack
  4. Brute force attack
Correct answer: C
Question 7
A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class
  1. @Advice
  2. @ControllerAdvice
  3. @globalControllerAdvice
  4. @GlobalAdvice 
Correct answer: B
Question 8
Which of the following relationship is used to describe abuse case scenarios?
  1. Include Relationship
  2. Threatens Relationship
  3. Extend Relationship
  4. Mitigates Relationship
Correct answer: B
Question 9
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file? 
 
  1. valid ate-'true'
  2. lsNotvalidate='disabled'
  3. lsNotvalidate='false'
  4. validate='enabled'
Correct answer: A
Question 10
Suppose there is a productList.jsp page, which displays the list of products from the database for the requested product category. The product category comes as a request parameter value. Which of the following line of code will you use to strictly validate request parameter value before processing it for execution?
  1. public boolean validateUserName() {String CategoryId= request.getParameter('CatId');}
  2. public boolean validateUserName() { Pattern p = Pattern.compile('[a-zA-Z0-9]*$'); Matcher m = p.matcher(request.getParameter(CatId')); boolean result = m.matches(); return result;}
  3. public boolean validateUserName() { if(request.getParameter('CatId')!=null ) String CategoryId=request.getParameter('CatId');}
  4. public.boolean validateUserName() { if(!request.getParamcter('CatId').equals('null'))}
Correct answer: B
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!