New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ECCouncil 312-96 Certified Application Security Engineer (CASE) JAVA Exam Practice Test

Demo: 14 questions
Total 47 questions

Certified Application Security Engineer (CASE) JAVA Questions and Answers

Question 1

Which line of the following example of Java Code can make application vulnerable to a session attack?

Options:

A.

Line No. 1

B.

Line No. 3

C.

Line No. 4

D.

Line No. 5

Question 2

Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

Options:

A.

< connector lsSSLEnabled="Yes" / >

B.

< connector EnableSSL="true" / >

C.

< connector SSLEnabled="false" / >

D.

< connector SSLEnabled="true" / >

Question 3

Which of the threat classification model is used to classify threats during threat modeling process?

Options:

A.

RED

B.

STRIDE

C.

DREAD

D.

SMART

Question 4

The threat modeling phase where applications are decomposed and their entry points are reviewed from an attacker's perspective is known as ________

Options:

A.

Attack Surface Evaluation

B.

Threat Classification

C.

Threat Identification

D.

Impact Analysis

Question 5

Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Java. He found that the developer has used a piece of code as shown in the following screenshot. Identify the security mistakes that the developer has coded?

Options:

A.

He is attempting to use client-side validation

B.

He is attempting to use whitelist input validation approach

C.

He is attempting to use regular expression for validation

D.

He is attempting to use blacklist input validation approach

Question 6

According to secure logging practices, programmers should ensure that logging processes are not disrupted by:

Options:

A.

Catching incorrect exceptions

B.

Multiple catching of incorrect exceptions

C.

Re-throwing incorrect exceptions

D.

Throwing incorrect exceptions

Question 7

James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?

Options:

A.

Try-Catch-Finally block

B.

Try-Catch block

C.

Try-With-Resources block

D.

Try-Catch-Resources block

Question 8

Which of the following relationship is used to describe abuse case scenarios?

Options:

A.

Include Relationship

B.

Threatens Relationship

C.

Extend Relationship

D.

Mitigates Relationship

Question 9

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

Options:

A.

He is trying to use Whitelisting Input Validation

B.

He is trying to use Non-parametrized SQL query

C.

He is trying to use Blacklisting Input Validation

D.

He is trying to use Parametrized SQL Query

Question 10

Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.

Alice wrote the following code on page load to read the file name.

String myfilename = request.getParameter("filename");

String txtFileNameVariable = myfilename;

String locationVariable = request.getServletContext().getRealPath("/");

String PathVariable = "";

PathVariable = locationVariable + txtFileNameVariable;

BufferedInputStream bufferedInputStream = null;

Path filepath = Paths.get(PathVariable);

After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

Options:

A.

URL Tampering vulnerability

B.

Form Tampering vulnerability

C.

XSS vulnerability

D.

Directory Traversal vulnerability

Question 11

Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?

Options:

A.

session-fixation-protection ="newSessionlD"

B.

session-fixation-protection =".

C.

session-fixation-protection ="enabled"

D.

session-fixation-protection =".

Question 12

Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?

Options:

A.

< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >

B.

< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >

C.

< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >

D.

< servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >

Question 13

Identify the type of attack depicted in the figure below:

Options:

A.

SQL injection attack

B.

Parameter/form attack

C.

Directory traversal attack

D.

Session fixation attack

Question 14

Which of the following configurations can help you avoid displaying server names in server response header?

Options:

A.

< Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort= "8443" / >

B.

< Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName=" disable" redirectPort="8443" / >

C.

< Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" Server = " " redirectPort="8443" / >

D.

< Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName ="null " redirectPort="8443'' / >

Demo: 14 questions
Total 47 questions