Eccouncil 312-96 Exam Practice Test Instant Access

Question 1

Suppose there is a productList.jsp page, which displays the list of products from the database for the requested product category. The product category comes as a request parameter value. Which of the following line of code will you use to strictly validate request parameter value before processing it for execution?

Apublic boolean validateUserName() {String CategoryId= request.getParameter('CatId');}

Bpublic boolean validateUserName() { Pattern p = Pattern.compile('[a-zA-Z0-9]*$'); Matcher m = p.matcher(request.getParameter(CatId')); boolean result = m.matches(); return result;}

Cpublic boolean validateUserName() { if(request.getParameter('CatId')!=null ) String CategoryId=request.getParameter('CatId');}

Dpublic.boolean validateUserName() { if(!request.getParamcter('CatId').equals('null'))}

Answer : B

Question 2

Identify the type of encryption depicted in the following figure.

AAsymmetric Encryption

BDigital Signature

CSymmetric Encryption

DHashing

Answer : C

Question 3

The developer wants to remove the HttpSessionobject and its values from the client' system.

Which of the following method should he use for the above purpose?

Asessionlnvalidateil

BInvalidate(session JSESSIONID)

CisValidateQ

DinvalidateQ

Answer : D

Question 4

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

AHe is trying to use Whitelisting Input Validation

BHe is trying to use Non-parametrized SQL query

CHe is trying to use Blacklisting Input Validation

DHe is trying to use Parametrized SQL Query

Answer : B

Question 5

Identify the type of attack depicted in the figure below:

ASQL injection attack

BParameter/form attack

CDirectory traversal attack

DSession fixation attack

Answer : D

Question 6

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

ADenial-of-Service attack

BClient-Side Scripts Attack

CSQL Injection Attack

DDirectory Traversal Attack

Answer : B

Question 7

Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?

Aex.StackTrace.getError();

Bex.message();

Cex.getMessage();

Dex.getError();

Answer : C

Eccouncil 312-96 Certified Application Security Engineer (CASE) JAVA Exam Practice Test