• Home
  • Articles
  • Get Latest Nov-2023 Real 312-96 Exam Questions and Answers FREE [Q14-Q38]

Get Latest Nov-2023 Real 312-96 Exam Questions and Answers FREE [Q14-Q38]

Share

Get Latest Nov-2023 Real 312-96 Exam Questions and Answers FREE

Truly Beneficial For Your ECCouncil Exam (Updated 49 Questions)


EC-Council CASE Java Exam Certification Details:

Exam NameEC-Council Certified Application Security Engineer (CASE) - Java
Sample QuestionsEC-Council CASE Java Sample Questions
Books / TrainingMaster Class
Exam Price$450 (USD)
Schedule ExamPearson VUE OREC-Council Store,ECC Exam Center


EC-Council 312-96 Exam Syllabus Topics:

TopicDetailsWeights
Secure Application Design and Architecture- Understand the importance of secure application design
-Explain various secure design principles
-Demonstrate the understanding of threat modeling
-Explain threat modeling process
-Explain STRIDE and DREAD Model
-Demonstrate the understanding of Secure Application Architecture Design		12%
Secure Deployment andMaintenance- Understand the importance of secure deployment
-Explain security practices at host level
-Explain security practices at network level
-Explain security practices at application level
-Explain security practices at web container level (Tomcat)
-Explain security practices at Oracle database level
-Demonstrate the knowledge of security maintenance and monitoring activities		10%
Secure Coding Practices for Authentication and Authorization- Understand authentication concepts
-Explain authentication implementation in Java
-Demonstrate the knowledge of authentication weaknesses and prevention
-Understand authorization concepts
-Explain Access Control Model
-Explain EJB authorization
-Explain Java Authentication and Authorization (JAAS)
-Demonstrate the knowledge of authorization common mistakes and countermeasures
-Explain Java EE security
-Demonstrate the knowledge of authentication and authorization in Spring Security Framework
-Demonstrate the knowledge of defensive coding practices against broken authentication and authorization		4%
Static and Dynamic Application Security 'resting (SAST & DAST)- Understand Static Application Security Testing (SAST)
-Demonstrate the knowledge of manual secure code review techniques for most common vulnerabilities
-Explain Dynamic Application Security Testing
-Demonstrate the knowledge of Automated Application Vulnerability Scanning Toolsfor DAST
-Demonstrate the knowledge of Proxy-based Security Testing Tools for DAST		8%
Secure Coding Practices for Error Handling- Explain Exception and Error Handling in Java
-Explain erroneous exceptional behaviors
-Demonstrate the knowledge of do's and don'ts in error handling
-Explain Spring MVC error handing
-Explain Exception Handling in Struts2
-Demonstrate the knowledge of best practices for error handling
-Explain to Logging in Java
-Demonstrate the knowledge of Log4j for logging
-Demonstrate the knowledge of coding techniques for secure logging
-Demonstrate the knowledge of best practices for logging		16%

 

NEW QUESTION # 14
A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?

  • A. Maintained session by creating a HTTP variable user with value stored in uname variable.
  • B. Maintained session by creating a Cookie user with value stored in uname variable.
  • C. Maintained session by creating a Session variable user with value stored in uname variable.
  • D. Maintained session by creating a hidden variable user with value stored in uname variable.

Answer: C


NEW QUESTION # 15
Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?

  • A. session-fixation-protection ="enabled"
  • B. session-fixation-protection =".
  • C. session-fixation-protection =".
  • D. session-fixation-protection ="newSessionlD"

Answer: C


NEW QUESTION # 16
Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

  • A. SMART
  • B. STRIDE
  • C. DREAD
  • D. RED

Answer: B


NEW QUESTION # 17
James is a Java developer working INFR INC. He has written Java code to open a file, read it line by line and display its content in the text editor. He wants to ensure that any unhandled exception raised by the code should automatically close the opened file stream. Which of the following exception handling block should he use for the above purpose?

  • A. Try-Catch-Finally block
  • B. Try-With-Resources block
  • C. Try-Catch block
  • D. Try-Catch-Resources block

Answer: B


NEW QUESTION # 18
A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to

  • A. SQL Injection attack
  • B. Cross Site Request Forgery attack
  • C. Session Hijacking attack
  • D. Brute force attack

Answer: A


NEW QUESTION # 19
Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?

  • A. < connector... maxFileLimit="file size" / >
  • B. < connector... maxPostSize="0"/>
  • C. < connector... maxFileSize="file size" / >
  • D. < connector... maxPostSize="file size" / >

Answer: D


NEW QUESTION # 20
Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.
Which type of security assessment activity Jacob is currently performing?

  • A. CAST
  • B. CAST
  • C. SAST
  • D. ISCST

Answer: C


NEW QUESTION # 21
The threat modeling phase where applications are decomposed and their entry points are reviewed from an attacker's perspective is known as ________

  • A. Impact Analysis
  • B. Threat Classification
  • C. Attack Surface Evaluation
  • D. Threat Identification

Answer: C


NEW QUESTION # 22
Which of the following method will help you check if DEBUG level is enabled?

  • A. IsEnableDebug ()
  • B. isDebugEnabled()
  • C. EnableDebug ()
  • D. DebugEnabled()

Answer: B


NEW QUESTION # 23
Identify the formula for calculating the risk during threat modeling.

  • A. RISK = PROBABILITY "Attack
  • B. RISK = PROBABILITY * DAMAGE POTENTIAL
  • C. RISK = PROBABILITY " ASSETS
  • D. IRISK = PROBABILITY * VULNERABILITY

Answer: B


NEW QUESTION # 24
Which line of the following example of Java Code can make application vulnerable to a session attack?

  • A. Line No. 3
  • B. Line No. 5
  • C. Line No. 1
  • D. Line No. 4

Answer: A


NEW QUESTION # 25
The developer wants to remove the HttpSessionobject and its values from the client' system.
Which of the following method should he use for the above purpose?

  • A. invalidateQ
  • B. isValidateQ
  • C. Invalidate(session JSESSIONID)
  • D. sessionlnvalidateil

Answer: A


NEW QUESTION # 26
Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?

  • A. He wants to transfer only response parameter data over encrypted channel
  • B. He wants to transfer the entire data over encrypted channel
  • C. He wants to transfer only request parameter data over encrypted channel
  • D. He wants to transfer only Session cookies over encrypted channel

Answer: B


NEW QUESTION # 27
Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.

  • A. < server port="" shutdown-"' >
  • B. < server port="-1" shutdown-*" >
  • C. < server port="8080" shutdown="SHUTDOWN" >
  • D. < server port="-1" shutdown="SHUTDOWN" >

Answer: B


NEW QUESTION # 28
Identify the type of attack depicted in the following figure.

  • A. SQL Injection Attacks
  • B. Session Fixation Attack
  • C. Denial-of-Service Attack
  • D. Parameter Tampering Attack

Answer: D


NEW QUESTION # 29
Which of the following relationship is used to describe abuse case scenarios?

  • A. Include Relationship
  • B. Extend Relationship
  • C. Threatens Relationship
  • D. Mitigates Relationship

Answer: C


NEW QUESTION # 30
Identify the type of attack depicted in the figure below:

  • A. SQL injection attack
  • B. Directory traversal attack
  • C. Parameter/form attack
  • D. Session fixation attack

Answer: D


NEW QUESTION # 31
According to secure logging practices, programmers should ensure that logging processes are not disrupted by:

  • A. Multiple catching of incorrect exceptions
  • B. Throwing incorrect exceptions
  • C. Re-throwing incorrect exceptions
  • D. Catching incorrect exceptions

Answer: B


NEW QUESTION # 32
Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?

  • A. < servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >
  • B. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >
  • C. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >
  • D. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >

Answer: C


NEW QUESTION # 33
......

312-96 dumps Free Test Engine Verified By It Certified Experts: https://www.testsdumps.com/312-96_real-exam-dumps.html

View All 312-96 Actual Exam Questions, Answers and Explanations for Free: https://drive.google.com/open?id=1KbyTKpTI9JdKHGMQSTZ-RqvemtowGZuO

Related Articles

more
ECCouncil 312-96 Certification Practice Exam

TestsDumps is an experienced and credible website offering you the latest test questions and professional study materials which help you pass the IT test exam with higher hit-rate.

Latest Test Dump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 TestsDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimers:
TestsDumps material do not contain actual Business Architecture Guild Exam Questions or materials.
SAP, Microsoft, Google, Amazon, Certiport, Qualtrics are Registered Trade Mark.
TestsDumps website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon.
TestsDumps offers only Probable Questions and Answers. TestsDumps offer learning materials and practice tests created by subject matter experts to assist and help learner prepare for those exams.
All Certification Brands used on the website are owned by the respective brand owners. TestsDumps does not own or claim any ownership on any of the brands. The site www.testsdumps.com is in no way affiliated with SAP SE.