Easter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Certified Application Security Engineer (CASE) JAVA Question and Answers

Certified Application Security Engineer (CASE) JAVA

Last Update May 18, 2024
Total Questions : 47

We are offering FREE 312-96 ECCouncil exam questions. All you do is to just go and sign up. Give your details, prepare 312-96 free exam questions and then go for complete pool of Certified Application Security Engineer (CASE) JAVA test questions that will help you more.

312-96 pdf

312-96 PDF

$35  $99.99
 Add to Cart
312-96 Engine

312-96 Testing Engine

$42  $119.99
 Add to Cart
312-96 PDF + Engine

312-96 PDF + Testing Engine

$56  $159.99
 Add to Cart
Questions 1

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

Options:

A.  

He is trying to use Whitelisting Input Validation

B.  

He is trying to use Non-parametrized SQL query

C.  

He is trying to use Blacklisting Input Validation

D.  

He is trying to use Parametrized SQL Query

Discussion 0
Questions 2

Identify the type of attack depicted in the following figure.

Options:

A.  

Denial-of-service attack

B.  

SQL Injection attack

C.  

Directory Traversal Attack

D.  

Form Tampering Attack

Discussion 0
Questions 3

Which of the following relationship is used to describe security use case scenario?

Options:

A.  

Threatens Relationship

B.  

Extend Relationship

C.  

Mitigates Relationship

D.  

Include Relationship

Discussion 0
Questions 4

Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?

Options:

A.  

session-fixation-protection ="newSessionlD"

B.  

session-fixation-protection =".

C.  

session-fixation-protection ="enabled"

D.  

session-fixation-protection =".

Discussion 0
Questions 5

Identify what should NOT be catched while handling exceptions.

Options:

A.  

EOFException

B.  

SecurityException

C.  

IllegalAccessException

D.  

NullPointerException

Discussion 0
Questions 6

Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?

Options:

A.  

He wants to transfer the entire data over encrypted channel

B.  

He wants to transfer only response parameter data over encrypted channel

C.  

He wants to transfer only request parameter data over encrypted channel

D.  

He wants to transfer only Session cookies over encrypted channel

Discussion 0
Questions 7

Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?

Options:

A.  

< connector... maxFileLimit="file size" / >

B.  

< connector... maxPostSize="0"/>

C.  

< connector... maxFileSize="file size" / >

D.  

< connector... maxPostSize="file size" / >

Discussion 0
Questions 8

Which of the following relationship is used to describe abuse case scenarios?

Options:

A.  

Include Relationship

B.  

Threatens Relationship

C.  

Extend Relationship

D.  

Mitigates Relationship

Discussion 0
Questions 9

Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?

Options:

A.  

< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >

B.  

< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >

C.  

< servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >

D.  

< servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >

Discussion 0
Questions 10

Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

Options:

A.  

DREAD

B.  

SMART

C.  

STRIDE

D.  

RED

Discussion 0
Questions 11

Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

Options:

A.  

< connector lsSSLEnabled="Yes" / >

B.  

< connector EnableSSL="true" / >

C.  

< connector SSLEnabled="false" / >

D.  

< connector SSLEnabled="true" / >

Discussion 0
Questions 12

Which of the following is used to mapCustom Exceptions to Statuscode?

Options:

A.  

@ResponseStatus

B.  

@ResponseStatusCode

C.  

@ResponseCode

D.  

@ScacusCode

Discussion 0
Questions 13

Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.

Which type of security assessment activity Jacob is currently performing?

Options:

A.  

ISCST

B.  

CAST

C.  

CAST

D.  

SAST

Discussion 0
Questions 14

Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Java. He found that the developer has used a piece of code as shown in the following screenshot. Identify the security mistakes that the developer has coded?

Options:

A.  

He is attempting to use client-side validation

B.  

He is attempting to use whitelist input validation approach

C.  

He is attempting to use regular expression for validation

D.  

He is attempting to use blacklist input validation approach

Discussion 0