Eccouncil 312-96 Exam Questions - Real Practice Questions for Guaranteed Success

Question 1

Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp

< form Id="form1" method="post" action="SearchProperty.jsp" >

< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >

< input type="Submit" Id="Btn_Search" value="Search" / >

< /form >

However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?

AHe should write code like out-Write ('You Searched for:' +ESAPI.encoder().encodeForHTML(search));

BHe should write code like out.write ('You Searched for:' + request.qetParameter('search'l.toStrinq(ll;

CHe should write code like out.write ('You Searched for:' + request.qetParameterf'txt Search'));

DHe should write code like out.write (('You Searched for:' +(search));

Correct : A

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AHe should write code like out-Write ('You Searched for:' +ESAPI.encoder().encodeForHTML(search));

BHe should write code like out.write ('You Searched for:' + request.qetParameter('search'l.toStrinq(ll;

CHe should write code like out.write ('You Searched for:' + request.qetParameterf'txt Search'));

DHe should write code like out.write (('You Searched for:' +(search));

0 / 1500

Question 2

Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.

Which type of security assessment activity Jacob is currently performing?

AISCST

BCAST

CCAST

DSAST

Correct : D

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AISCST

BCAST

CCAST

DSAST

0 / 1500

Question 3

Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?

AHe wants to transfer the entire data over encrypted channel

BHe wants to transfer only response parameter data over encrypted channel

CHe wants to transfer only request parameter data over encrypted channel

DHe wants to transfer only Session cookies over encrypted channel

Correct : A

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AHe wants to transfer the entire data over encrypted channel

BHe wants to transfer only response parameter data over encrypted channel

CHe wants to transfer only request parameter data over encrypted channel

DHe wants to transfer only Session cookies over encrypted channel

0 / 1500

Question 4

Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.

Alice wrote the following code on page load to read the file name.

String myfilename = request.getParameter("filename");

String txtFileNameVariable = myfilename;

String locationVariable = request.getServletContext().getRealPath("/");

String PathVariable = "";

PathVariable = locationVariable + txtFileNameVariable;

BufferedInputStream bufferedInputStream = null;

Path filepath = Paths.get(PathVariable);

After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

AURL Tampering vulnerability

BForm Tampering vulnerability

CXSS vulnerability

DDirectory Traversal vulnerability

Correct : D

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AURL Tampering vulnerability

BForm Tampering vulnerability

CXSS vulnerability

DDirectory Traversal vulnerability

0 / 1500

Question 5

Which of the following is used to mapCustom Exceptions to Statuscode?

A@ResponseStatus

B@ResponseStatusCode

C@ResponseCode

D@ScacusCode

Correct : A

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

A@ResponseStatus

B@ResponseStatusCode

C@ResponseCode

D@ScacusCode

0 / 1500

Master Eccouncil 312-96 Exam with Reliable Practice Questions

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users: