CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-96

Free 312-96 Exam Braindumps (page: 5)

Page 4 of 12
PDF with 47 Questions

Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot.
What is he trying to achieve?

  1. He wants to transfer the entire data over encrypted channel
  2. He wants to transfer only response parameter data over encrypted channel
  3. He wants to transfer only request parameter data over encrypted channel
  4. He wants to transfer only Session cookies over encrypted channel

Answer(s): A



Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.

Alice wrote the following code on page load to read the file name.
String myfilename = request.getParameter("filename");
String txtFileNameVariable = myfilename;
String locationVariable = request.getServletContext().getRealPath("/");
String PathVariable = "";
PathVariable = locationVariable + txtFileNameVariable;
BufferedInputStream bufferedInputStream = null;
Path filepath = Paths.get(PathVariable);

After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?

  1. URL Tampering vulnerability
  2. Form Tampering vulnerability
  3. XSS vulnerability
  4. Directory Traversal vulnerability

Answer(s): D



In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform attack.

  1. Failure to Restrict URL
  2. Broken Authentication
  3. Unvalidated Redirects and Forwards
  4. Denial-of-Service [Do

Answer(s): D



Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

  1. DREAD
  2. SMART
  3. STRIDE
  4. RED

Answer(s): C






Post your Comments and Discuss EC-Council 312-96 exam with other Community members:

312-96 Discussions & Posts