Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

312-96 Questions and Answers

Question # 6

Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.

A.

< server port="" shutdown-"' >

B.

< server port="-1" shutdown-*" >

C.

< server port="-1" shutdown="SHUTDOWN" >

D.

< server port="8080" shutdown="SHUTDOWN" >

Full Access
Question # 7

A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?

A.

Maintained session by creating a Session variable user with value stored in uname variable.

B.

Maintained session by creating a HTTP variable user with value stored in uname variable.

C.

Maintained session by creating a Cookie user with value stored in uname variable.

D.

Maintained session by creating a hidden variable user with value stored in uname variable.

Full Access
Question # 8

Identify the type of attack depicted in the figure below:

A.

XSS

B.

Cross-Site Request Forgery (CSRF) attack

C.

SQL injection attack

D.

Denial-of-Service attack

Full Access
Question # 9

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

A.

Denial-of-Service attack

B.

Client-Side Scripts Attack

C.

SQL Injection Attack

D.

Directory Traversal Attack

Full Access
Question # 10

Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?

A.

< int-param > < param-name>directory-listinqs < param-value>true < /init-param >

B.

< int param > < param-name>directorv-listinqs < param-value>false < /init-param >

C.

< int-param > < param-name>listinqs < param-value>true < /init-param

D.

< int-param > < param-name>listinqs < param-value>false < /init-param >

Full Access
Question # 11

The developer wants to remove the HttpSessionobject and its values from the client' system.

Which of the following method should he use for the above purpose?

A.

sessionlnvalidateil

B.

Invalidate(session JSESSIONID)

C.

isValidateQ

D.

invalidateQ

Full Access
Question # 12

Which of the following authentication mechanism does J2EE support?

A.

Windows, Form based. Role Based, Client/Server Mutual Authentication

B.

Role Based, Http Basic, Windows, Http Digest Authentication

C.

Http Basic, Form Based, Client/Server Mutual, Role Based Authentication

D.

Http Basic, Form Based, Client/Server Mutual, HTTP Digest Authentication

Full Access
Question # 13

Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

A.

< connector lsSSLEnabled="Yes" / >

B.

< connector EnableSSL="true" / >

C.

< connector SSLEnabled="false" / >

D.

< connector SSLEnabled="true" / >

Full Access
Question # 14

Ted is an application security engineer who ensures application security activities are being followed during the entire lifecycle of the project. One day, he was analyzing various interactions of users depicted in the use cases of the project under inception. Based on the use case in hand, he started depicting the scenarios where attacker could misuse the application. Can you identify the activity on which Ted is working?

A.

Ted was depicting abuse cases

B.

Ted was depicting abstract use cases

C.

Ted was depicting lower-level use cases

D.

Ted was depicting security use cases

Full Access