[2024] Pass your 312-96 exam with this 100% Free 312-96 Braindump [Q28-Q50]

[2024] Pass your 312-96 exam with this 100% Free 312-96 Braindump

View All 312-96 Actual Exam Questions, Answers and Explanations for Free

NEW QUESTION # 28
In which phase of secure development lifecycle the threat modeling is performed?

• A. Coding phase
• B. Design phase
• C. Deployment phase
• D. Testing phase

Answer: B

NEW QUESTION # 29
Identify the type of attack depicted in the figure below:

• A. XSS
• B. SQL injection attack
• C. Cross-Site Request Forgery (CSRF) attack
• D. Denial-of-Service attack

Answer: C

NEW QUESTION # 30
It is recommended that you should not use return, break, continue or throw statements in _________

• A. Finally block
• B. Try block
• C. Catch block
• D. Try-With-Resources block

Answer: A

NEW QUESTION # 31
According to secure logging practices, programmers should ensure that logging processes are not disrupted by:

• A. Throwing incorrect exceptions
• B. Catching incorrect exceptions
• C. Re-throwing incorrect exceptions
• D. Multiple catching of incorrect exceptions

Answer: A

NEW QUESTION # 32
Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?

• A. < connector... maxPostSize="0"/>
• B. < connector... maxFileSize="file size" / >
• C. < connector... maxFileLimit="file size" / >
• D. < connector... maxPostSize="file size" / >

Answer: D

NEW QUESTION # 33
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

• A. Client-Side Scripts Attack
• B. Denial-of-Service attack
• C. SQL Injection Attack
• D. Directory Traversal Attack

Answer: A

NEW QUESTION # 34
The software developer has implemented encryption in the code as shown in the following screenshot.

However, using the DES algorithm for encryption is considered to be an insecure coding practice as DES is a weak encryption algorithm. Which of the following symmetric encryption algorithms will you suggest for strong encryption?

• A. Triple DES
• B. SHA-1
• C. AES
• D. MD5

Answer: C

NEW QUESTION # 35
Identify what should NOT be catched while handling exceptions.

• A. SecurityException
• B. IllegalAccessException
• C. NullPointerException
• D. EOFException

Answer: A

NEW QUESTION # 36
Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?

• A. He wants to transfer the entire data over encrypted channel
• B. He wants to transfer only Session cookies over encrypted channel
• C. He wants to transfer only response parameter data over encrypted channel
• D. He wants to transfer only request parameter data over encrypted channel

Answer: A

NEW QUESTION # 37
Which line of the following example of Java Code can make application vulnerable to a session attack?

• A. Line No. 4
• B. Line No. 5
• C. Line No. 1
• D. Line No. 3

Answer: D

NEW QUESTION # 38
A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?

• A. Maintained session by creating a hidden variable user with value stored in uname variable.
• B. Maintained session by creating a HTTP variable user with value stored in uname variable.
• C. Maintained session by creating a Cookie user with value stored in uname variable.
• D. Maintained session by creating a Session variable user with value stored in uname variable.

Answer: D

NEW QUESTION # 39
A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class

• A. @globalControllerAdvice
• B. @GlobalAdvice
• C. @ControllerAdvice
• D. @Advice

Answer: C

NEW QUESTION # 40
Which of the following can be derived from abuse cases to elicit security requirements for software system?

• A. Use cases
• B. Misuse cases
• C. Security use cases
• D. Data flow diagram

Answer: C

NEW QUESTION # 41
Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?

• A. < servlet > < servlet-name > default < servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name> < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > true < /param-value > < /init-param > < load-on-startup > l < /load-on-startup > < /servlet >
• B. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name>< param-value> 0 < /param value>< /init-param > < init-param > < param-name> listings < /param-name > < param-value > enable < /param-value > < /init-param > < load-on-startup> 1 < /load-on-startup > < /servlet >
• C. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > false < /param-value > < /init-param > < load-on-startup > 1 < /load-on-startup > < servlet >
• D. < servlet > < servlet-name > default < /servlet-name > < servlet-class > org.apache.catalina.servlets.DefaultServlet < /servlet-class > < init-param > < param-name > debug < /param-name > < param-value > 0 < /param-value > < /init-param > < init-param > < param-name > listings < /param-name > < param-value > disable < /param-value> < /init-param > < load-on-startup > 1 < /load-on-startup> < /servlet >

Answer: D

NEW QUESTION # 42
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?

• A. lsNotvalidate="disabled"
• B. lsNotvalidate="false"
• C. valid ate-'true"
• D. validate="enabled"

Answer: C

NEW QUESTION # 43
Which of the following method will help you check if DEBUG level is enabled?

• A. DebugEnabled()
• B. IsEnableDebug ()
• C. isDebugEnabled()
• D. EnableDebug ()

Answer: C

NEW QUESTION # 44
Which of the following DFD component is used to represent the change in privilege levels?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: A

NEW QUESTION # 45
Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

• A. < connector lsSSLEnabled="Yes" / >
• B. < connector SSLEnabled="false" / >
• C. < connector SSLEnabled="true" / >
• D. < connector EnableSSL="true" / >

Answer: C

NEW QUESTION # 46
Which of the following relationship is used to describe security use case scenario?

• A. Mitigates Relationship
• B. Include Relationship
• C. Threatens Relationship
• D. Extend Relationship

Answer: D

NEW QUESTION # 47
......

312-96 dumps Free Test Engine Verified By It Certified Experts: https://www.torrentexam.com/312-96-exam-latest-torrent.html

312-96 Exam Free Practice Test with100% Accurate Answers: https://drive.google.com/open?id=1oQdacBVvZqahUnha9n0kh7428JyuwEKF