312-96 MCQs
312-96 TestPrep
312-96 Study Guide
312-96 Practice Test
312-96 Exam Questions
killexams.com EC-COUNCIL 312-96
Certified Application Security Engineer (C|ASE Java) Certification
https://killexams.com/pass4sure/exam-detail/312-96
Question: 56
Which of the following is a secure coding practice to prevent Remote Code Execution vulnerabilities?
Allowing user-supplied input to be executed without proper validation
Disabling input validation for code execution
Implementing input validation and sanitization for code execution
Using weak or common passwords
Answer: C
Explanation: Implementing input validation and sanitization for code execution is a secure coding practice to prevent Remote Code Execution vulnerabilities. By validating and sanitizing user-supplied input before executing it as code, the risk of malicious code execution can be mitigated. Allowing user-supplied input to be executed without proper validation, disabling input validation for code execution, and using weak or common passwords are insecure practices that can contribute to Remote Code Execution vulnerabilities.
Question: 57
Which of the following is a secure coding practice to prevent Security Vulnerabilities in third-party libraries?
Using outdated and unpatched libraries
Disabling input validation for libraries
Storing sensitive data in plain text in the libraries
Implementing regular updates and patching for libraries
Answer: D
Explanation: Implementing regular updates and patching for libraries is a secure coding practice to prevent Security Vulnerabilities in third-party libraries. By keeping libraries up to date and applying patches promptly, the application can address known vulnerabilities and reduce the risk of exploitation. Using outdated and unpatched libraries, disabling input validation for libraries, and storing sensitive data in plain text in the libraries are insecure practices that can contribute to security vulnerabilities.
Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Java. He found that the developer has used a piece of code as shown in the following screenshot.
Identify the security mistakes that the developer has coded?
He is attempting to use client-side validation
He is attempting to use whitelist input validation approach
He is attempting to use regular expression for validation
He is attempting to use blacklist input validation approach
Identify the type of attack depicted in the following figure.
SQL Injection Attacks
Session Fixation Attack
Parameter Tampering Attack
Denial-of-Service Attack
According to secure logging practices, programmers should ensure that logging processes are not disrupted by:
Catching incorrect exceptions
Multiple catching of incorrect exceptions
Re-throwing incorrect exceptions
Throwing incorrect exceptions
Which of the threat classification model is used to classify threats during threat modeling process?
RED
STRIDE
DREAD
SMART
Which line of the following example of Java Code can make application vulnerable to a session attack?
Line No. 1
Line No. 3
Line No. 4
Line No. 5
Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.
< server port="" shutdown-"' >
< server port="-1" shutdown-*" >
< server port="-1" shutdown="SHUTDOWN" >
< server port="8080" shutdown="SHUTDOWN" >
Which of the following method will help you check if DEBUG level is enabled?
isDebugEnabled()
EnableDebug ()
IsEnableDebug ()
DebugEnabled()
In which phase of secure development lifecycle the threat modeling is performed?
Coding phase
Testing phase
Deployment phase
Design phase
Identify the type of attack depicted in the figure below:
XSS
Cross-Site Request Forgery (CSRF) attack
SQL injection attack
Denial-of-Service attack
KILLEXAMS.COM
Killexams.com is a leading online platform specializing in high-quality certification exam preparation. Offering a robust suite of tools, including MCQs, practice tests, and advanced test engines, Killexams.com empowers candidates to excel in their certification exams. Discover the key features that make Killexams.com the go-to choice for exam success.
Killexams.com provides exam questions that are experienced in test centers. These questions are updated regularly to ensure they are up-to-date and relevant to the latest exam syllabus. By studying these questions, candidates can familiarize themselves with the content and format of the real exam.
Killexams.com offers exam MCQs in PDF format. These questions contain a comprehensive
collection of questions and answers that cover the exam topics. By using these MCQs, candidate can enhance their knowledge and improve their chances of success in the certification exam.
Killexams.com provides practice test through their desktop test engine and online test engine. These practice tests simulate the real exam environment and help candidates assess their readiness for the actual exam. The practice test cover a wide range of questions and enable candidates to identify their strengths and weaknesses.
Killexams.com offers a success guarantee with the exam MCQs. Killexams claim that by using this materials, candidates will pass their exams on the first attempt or they will get refund for the purchase price. This guarantee provides assurance and confidence to individuals preparing for certification exam.
Killexams.com regularly updates its question bank of MCQs to ensure that they are current and reflect the latest changes in the exam syllabus. This helps candidates stay up-to-date with the exam content and increases their chances of success.