ECCouncil 312-96 - Certified Application Security Engineer (CASE) - JAVA Exam
Page: 1 / 10
Total 49 questions
Question #1 (Topic: Exam A)
Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Java. He found that the developer has used a piece of code as shown in the following screenshot. Identify the security mistakes that the developer has coded?

A. He is attempting to use client-side validation
B. He is attempting to use whitelist input validation approach
C. He is attempting to use regular expression for validation
D. He is attempting to use blacklist input validation approach
Answer: D
Question #2 (Topic: Exam A)
Identify the type of attack depicted in the following figure.

A. SQL Injection Attacks
B. Session Fixation Attack
C. Parameter Tampering Attack
D. Denial-of-Service Attack
Answer: C
Question #3 (Topic: Exam A)
According to secure logging practices, programmers should ensure that logging processes are not disrupted by:
A. Catching incorrect exceptions
B. Multiple catching of incorrect exceptions
C. Re-throwing incorrect exceptions
D. Throwing incorrect exceptions
Answer: D
Question #4 (Topic: Exam A)
Which of the threat classification model is used to classify threats during threat modeling process?
A. RED
B. STRIDE
C. DREAD
D. SMART
Answer: B
Question #5 (Topic: Exam A)
Which line of the following example of Java Code can make application vulnerable to a session attack?

A. Line No. 1
B. Line No. 3
C. Line No. 4
D. Line No. 5
Answer: B