Free Practice Questions for Eccouncil 312-96 Exam

Identify what should NOT be catched while handling exceptions. A EOFExceptionB. SecurityExceptionC. IllegalAccessExceptionD. NullPointerException

The developer wants to remove the HttpSessionobject and its values from the client' system. Which of the following method should he use for the above purpose?

• sessionlnvalidateil
• Invalidate(session JSESSIONID)
• isValidateQ
• invalidateQ

Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?

• < int-param > < param-name> directory-listinqs < param-value> true < /init-param >
• < int param > < param-name> directorv-listinqs < param-value> false < /init-param >
• < int-param > < param-name> listinqs < param-value> true < /init-param
• < int-param > < param-name> listinqs < param-value> false < /init-param >

Which of the following relationship is used to describe abuse case scenarios?

• Include Relationship
• Threatens Relationship
• Extend Relationship
• Mitigates Relationship

Suppose there is a productList.jsp page, which displays the list of products from the database for the requested product category. The product category comes as a request parameter value. Which of the following line of code will you use to strictly validate request parameter value before processing it for execution?

• public boolean validateUserName() {String CategoryId= request.getParameter("CatId");}
• public boolean validateUserName() { Pattern p = Pattern.compile("[a-zA-Z0-9]*$"); Matcher m = p.matcher(request.getParameter(CatId")); boolean result = m.matches(); return result;}
• public boolean validateUserName() { if(request.getParameter("CatId")!=null ) String CategoryId=request.getParameter("CatId");}
• public.boolean validateUserName() { if(!request.getParamcter("CatId").equals("null"))}

Which of the following state management method works only for a sequence of dynamically generated forms?

• Cookies
• Sessions
• Hidden Field
• URL-rewriting

Which of the following can be derived from abuse cases to elicit security requirements for software system?

• Misuse cases
• Data flow diagram
• Use cases
• Security use cases

Ted is an application security engineer who ensures application security activities are being followed during the entire lifecycle of the project. One day, he was analyzing various interactions of users depicted in the use cases of the project under inception. Based on the use case in hand, he started depicting the scenarios where attacker could misuse the application. Can you identify the activity on which Ted is working?

• Ted was depicting abuse cases
• Ted was depicting abstract use cases
• Ted was depicting lower-level use cases
• Ted was depicting security use cases

Which of the following configurations can help you avoid displaying server names in server response header?

• < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort= "8443"/ >
• < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName=" disable" redirectPort="8443" / >
• < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" Server = " " redirectPort="8443" / >
• < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName ="null " redirectPort="8443'' / >

A US-based ecommerce company has developed their website www.ec-sell.com to sell theirproducts online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to

• Session Hijacking attack
• Cross Site Request Forgery attack
• SQL Injection attack
• Brute force attack