Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-96

Free 312-96 Exam Braindumps (page: 4)

Page 3 of 12
PDF with 49 Questions

In which phase of secure development lifecycle the threat modeling is performed?

  1. Coding phase
  2. Testing phase
  3. Deployment phase
  4. Design phase

Answer(s): D



Identify the type of attack depicted in the figure below:

  1. XSS
  2. Cross-Site Request Forgery (CSRF) attack
  3. SQL injection attack
  4. Denial-of-Service attack

Answer(s): B



Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp

< form Id="form1" method="post" action="SearchProperty.jsp" >
< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >
< input type="Submit" Id="Btn_Search" value="Search" / >
< /form >

However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?

  1. He should write code like out-Write ("You Searched for:"+ESAPI.encoder().encodeForHTML(search));
  2. He should write code like out.write ("You Searched for:" + request.qetParameter("search"l.toStrinq(ll;
  3. He should write code like out.write ("You Searched for:" + request.qetParameterf'txt Search"));
  4. He should write code like out.write (("You Searched for:" +(search));

Answer(s): A



Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.
Which type of security assessment activity Jacob is currently performing?

  1. ISCST
  2. CAST
  3. CAST
  4. SAST

Answer(s): D






Post your Comments and Discuss EC-Council 312-96 exam with other Community members: