• Home
  • Articles
  • [Jan 20, 2024] 312-96 Practice Exam Dumps - 99% Marks In ECCouncil Exam [Q17-Q41]

[Jan 20, 2024] 312-96 Practice Exam Dumps - 99% Marks In ECCouncil Exam [Q17-Q41]

Share

[Jan 20, 2024] 312-96 Practice Exam Dumps - 99% Marks In ECCouncil Exam

Updated Verified 312-96 Q&As - Pass Guarantee or Full Refund

NEW QUESTION # 17
Which of the following state management method works only for a sequence of dynamically generated forms?

  • A. Hidden Field
  • B. Cookies
  • C. Sessions
  • D. URL-rewriting

Answer: A


NEW QUESTION # 18
Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?

  • A. session-fixation-protection ="newSessionlD"
  • B. session-fixation-protection =".
  • C. session-fixation-protection ="enabled"
  • D. session-fixation-protection =".

Answer: B


NEW QUESTION # 19
Identify the type of attack depicted in the figure below:

  • A. Session fixation attack
  • B. SQL injection attack
  • C. Parameter/form attack
  • D. Directory traversal attack

Answer: A


NEW QUESTION # 20
Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?

  • A. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >
  • B. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >
  • C. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >
  • D. < servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >

Answer: B


NEW QUESTION # 21
Identify the type of attack depicted in the figure below:

  • A. Denial-of-Service attack
  • B. Cross-Site Request Forgery (CSRF) attack
  • C. SQL injection attack
  • D. XSS

Answer: B


NEW QUESTION # 22
Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp
< form Id="form1" method="post" action="SearchProperty.jsp" >
< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >
< input type="Submit" Id="Btn_Search" value="Search" / >
< /form >
However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?

  • A. He should write code like out.write ("You Searched for:" + request.qetParameterf'txt Search"));
  • B. He should write code like out.write ("You Searched for:" + request.qetParameter("search"l.toStrinq(ll;
  • C. He should write code like out-Write ("You Searched for:" +ESAPI.encoder().encodeForHTML(search));
  • D. He should write code like out.write (("You Searched for:" +(search));

Answer: C


NEW QUESTION # 23
Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?

  • A. ex.getMessage();
  • B. ex.StackTrace.getError();
  • C. ex.message();
  • D. ex.getError();

Answer: A


NEW QUESTION # 24
Which of the following method will help you check if DEBUG level is enabled?

  • A. isDebugEnabled()
  • B. IsEnableDebug ()
  • C. DebugEnabled()
  • D. EnableDebug ()

Answer: A


NEW QUESTION # 25
Which line of the following example of Java Code can make application vulnerable to a session attack?

  • A. Line No. 1
  • B. Line No. 5
  • C. Line No. 4
  • D. Line No. 3

Answer: D


NEW QUESTION # 26
Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

  • A. DREAD
  • B. STRIDE
  • C. RED
  • D. SMART

Answer: B


NEW QUESTION # 27
A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class

  • A. @ControllerAdvice
  • B. @GlobalAdvice
  • C. @Advice
  • D. @globalControllerAdvice

Answer: A


NEW QUESTION # 28
Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Jav a. He found that the developer has used a piece of code as shown in the following screenshot. Identify the security mistakes that the developer has coded?

  • A. He is attempting to use regular expression for validation
  • B. He is attempting to use client-side validation
  • C. He is attempting to use whitelist input validation approach
  • D. He is attempting to use blacklist input validation approach

Answer: D


NEW QUESTION # 29
Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.
Which type of security assessment activity Jacob is currently performing?

  • A. CAST
  • B. CAST
  • C. SAST
  • D. ISCST

Answer: C


NEW QUESTION # 30
Identify what should NOT be catched while handling exceptions.

  • A. NullPointerException
  • B. IllegalAccessException
  • C. SecurityException
  • D. EOFException

Answer: C


NEW QUESTION # 31
Which of the threat classification model is used to classify threats during threat modeling process?

  • A. DREAD
  • B. STRIDE
  • C. RED
  • D. SMART

Answer: B


NEW QUESTION # 32
Identify the type of attack depicted in the following figure.

  • A. Session Fixation Attack
  • B. Parameter Tampering Attack
  • C. Denial-of-Service Attack
  • D. SQL Injection Attacks

Answer: B


NEW QUESTION # 33
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?

  • A. lsNotvalidate="false"
  • B. valid ate-'true"
  • C. lsNotvalidate="disabled"
  • D. validate="enabled"

Answer: B


NEW QUESTION # 34
The developer wants to remove the HttpSessionobject and its values from the client' system.
Which of the following method should he use for the above purpose?

  • A. invalidateQ
  • B. Invalidate(session JSESSIONID)
  • C. isValidateQ
  • D. sessionlnvalidateil

Answer: A


NEW QUESTION # 35
Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.

  • A. < server port="-1" shutdown="SHUTDOWN" >
  • B. < server port="" shutdown-"' >
  • C. < server port="8080" shutdown="SHUTDOWN" >
  • D. < server port="-1" shutdown-*" >

Answer: D


NEW QUESTION # 36
......

312-96 Real Valid Brain Dumps With 49 Questions: https://protechtraining.actualtestsit.com/ECCouncil/312-96-exam-prep-dumps.html

Related Articles

more
ECCouncil 312-96 Certification Practice Exam