Current 312-96 Exam Dumps [2024] Complete ECCouncil Exam Smoothly [Q14-Q31]

Current 312-96  Exam Dumps [2024] Complete ECCouncil Exam Smoothly

312-96 Premium PDF & Test Engine Files with 49 Questions & Answers

EC-Council 312-96 Exam Syllabus Topics:

Topic	Details	Weights
Secure Coding Practices for Error Handling	- Explain Exception and Error Handling in Java -Explain erroneous exceptional behaviors -Demonstrate the knowledge of do's and don'ts in error handling -Explain Spring MVC error handing -Explain Exception Handling in Struts2 -Demonstrate the knowledge of best practices for error handling -Explain to Logging in Java -Demonstrate the knowledge of Log4j for logging -Demonstrate the knowledge of coding techniques for secure logging -Demonstrate the knowledge of best practices for logging	16%
Secure Coding Practices for Session Management	- Explain session management in Java -Demonstrate the knowledge of session management in Spring framework -Demonstrate the knowledge of session vulnerabilities and their mitigation techniques -Demonstrate the knowledge of best practices and guidelines for secure session management	10%
Secure Coding Practices for Input Validation	- Understand the need of input validation -Explain data validation techniques -Explain data validation in strut framework -Explain data validation in Spring framework -Demonstrate the knowledge of common input validation errors -Demonstrate the knowledge of common secure coding practices for input validation	8%
Secure Deployment andMaintenance	- Understand the importance of secure deployment -Explain security practices at host level -Explain security practices at network level -Explain security practices at application level -Explain security practices at web container level (Tomcat) -Explain security practices at Oracle database level -Demonstrate the knowledge of security maintenance and monitoring activities	10%
Static and Dynamic Application Security 'resting (SAST & DAST)	- Understand Static Application Security Testing (SAST) -Demonstrate the knowledge of manual secure code review techniques for most common vulnerabilities -Explain Dynamic Application Security Testing -Demonstrate the knowledge of Automated Application Vulnerability Scanning Toolsfor DAST -Demonstrate the knowledge of Proxy-based Security Testing Tools for DAST	8%
Security Requirements Gathering	-Understand the importance of gathering security requirements -Explain Security Requirement Engineering (SRE) and its phases -Demonstrate the understanding of Abuse Cases and Abuse Case Modeling - Demonstrate the understanding of Security Use Cases and Security Use Case Modeling -Demonstrate the understanding of Abuser and Security Stories -Explain Security Quality Requirements Engineering (SQUARE) Model -Explain Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Model	8%
Secure Coding Practices for Cryptography	- Understand fundamental concepts and need of cryptography In Java -Explain encryption and secret keys -Demonstrate the knowledge of cipher class Implementation -Demonstrate the knowledge of digital signature and Its Implementation -Demonstrate the knowledge of Secure Socket Layer ISSUand Its Implementation -Explain Secure Key Management -Demonstrate the knowledgeofdigital certificate and its implementation - Demonstrate the knowledge of Hash implementation -Explain Java Card Cryptography -Explain Crypto Module in Spring Security -Demonstrate the understanding of Do's and Don'ts in Java Cryptography	6%
Understanding Application Security, Threats, and Attacks	-Understand the need and benefits of application security -Demonstrate the understanding of common application-level attacks -Explain the causes of application-level vulnerabilities -Explain various components of comprehensive application security -Explain the need and advantages of integrating security in Software Development Life Cycle (SDLQ) -Differentiate functional vs security activities in SDLC -Explain Microsoft Security Development Lifecycle (SDU) -Demonstrate the understanding of various software security reference standards, models, and frameworks	18%
Secure Coding Practices for Authentication and Authorization	- Understand authentication concepts -Explain authentication implementation in Java -Demonstrate the knowledge of authentication weaknesses and prevention -Understand authorization concepts -Explain Access Control Model -Explain EJB authorization -Explain Java Authentication and Authorization (JAAS) -Demonstrate the knowledge of authorization common mistakes and countermeasures -Explain Java EE security -Demonstrate the knowledge of authentication and authorization in Spring Security Framework -Demonstrate the knowledge of defensive coding practices against broken authentication and authorization	4%

EC-Council CASE Java Exam Certification Details:

Books / Training	Master Class
Sample Questions	EC-Council CASE Java Sample Questions
Number of Questions	50
Duration	120 mins
Exam Price	$450 (USD)
Exam Code	312-96

 

NEW QUESTION # 14
Identify the type of attack depicted in the figure below:

• A. Directory traversal attack
• B. Parameter/form attack
• C. SQL injection attack
• D. Session fixation attack

Answer: D

NEW QUESTION # 15
A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class

• A. @ControllerAdvice
• B. @globalControllerAdvice
• C. @Advice
• D. @GlobalAdvice

Answer: A

NEW QUESTION # 16
Identify the type of attack depicted in the following figure.

• A. Form Tampering Attack
• B. SQL Injection attack
• C. Directory Traversal Attack
• D. Denial-of-service attack

Answer: C

NEW QUESTION # 17
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

• A. Directory Traversal Attack
• B. SQL Injection Attack
• C. Client-Side Scripts Attack
• D. Denial-of-Service attack

Answer: C

NEW QUESTION # 18
A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?

• A. Maintained session by creating a hidden variable user with value stored in uname variable.
• B. Maintained session by creating a Cookie user with value stored in uname variable.
• C. Maintained session by creating a Session variable user with value stored in uname variable.
• D. Maintained session by creating a HTTP variable user with value stored in uname variable.

Answer: C

NEW QUESTION # 19
Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

• A. DREAD
• B. STRIDE
• C. RED
• D. SMART

Answer: B

NEW QUESTION # 20
Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?

• A. session-fixation-protection ="enabled"
• B. session-fixation-protection =".
• C. session-fixation-protection ="newSessionlD"
• D. session-fixation-protection =".

Answer: B

NEW QUESTION # 21
In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.

• A. Failure to Restrict URL
• B. Denial-of-Service [Do
• C. Unvalidated Redirects and Forwards
• D. Broken Authentication

Answer: B

NEW QUESTION # 22
Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp
< form Id="form1" method="post" action="SearchProperty.jsp" >
< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >
< input type="Submit" Id="Btn_Search" value="Search" / >
< /form >
However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?

• A. He should write code like out.write ("You Searched for:" + request.qetParameterf'txt Search"));
• B. He should write code like out-Write ("You Searched for:" +ESAPI.encoder().encodeForHTML(search));
• C. He should write code like out.write ("You Searched for:" + request.qetParameter("search"l.toStrinq(ll;
• D. He should write code like out.write (("You Searched for:" +(search));

Answer: B

NEW QUESTION # 23
Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.
Alice wrote the following code on page load to read the file name.
String myfilename = request.getParameter("filename");
String txtFileNameVariable = myfilename;
String locationVariable = request.getServletContext().getRealPath("/"); String PathVariable = ""; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

• A. XSS vulnerability
• B. Directory Traversal vulnerability
• C. Form Tampering vulnerability
• D. URL Tampering vulnerability

Answer: B

NEW QUESTION # 24
Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.

• A. < server port="-1" shutdown="SHUTDOWN" >
• B. < server port="" shutdown-"' >
• C. < server port="8080" shutdown="SHUTDOWN" >
• D. < server port="-1" shutdown-*" >

Answer: D

NEW QUESTION # 25
Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?

• A. ex.StackTrace.getError();
• B. ex.message();
• C. ex.getMessage();
• D. ex.getError();

Answer: C

NEW QUESTION # 26
Which of the following relationship is used to describe abuse case scenarios?

• A. Threatens Relationship
• B. Mitigates Relationship
• C. Include Relationship
• D. Extend Relationship

Answer: A

NEW QUESTION # 27
Which of the following DFD component is used to represent the change in privilege levels?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: A

NEW QUESTION # 28
Which of the following relationship is used to describe security use case scenario?

• A. Mitigates Relationship
• B. Include Relationship
• C. Threatens Relationship
• D. Extend Relationship

Answer: D

NEW QUESTION # 29
In which phase of secure development lifecycle the threat modeling is performed?

• A. Deployment phase
• B. Coding phase
• C. Testing phase
• D. Design phase

Answer: D

NEW QUESTION # 30
Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.
Which type of security assessment activity Jacob is currently performing?

• A. ISCST
• B. CAST
• C. CAST
• D. SAST

Answer: D

NEW QUESTION # 31
......

312-96 Premium Files Practice Valid Exam Dumps Question: https://www.updatedumps.com/ECCouncil/312-96-updated-exam-dumps.html

Get 100% Real 312-96 Accurate & Verified Answers As Seen in the Real Exam!: https://drive.google.com/open?id=1cJVeawKGapD-Su2xMh0yRIMCapfozFK0