最新的ECCouncil 312-96免費考試真題

問題1

Which of the following can be derived from abuse cases to elicit security requirements for software system?

A. Security use cases

B. Data flow diagram

C. Use cases

D. Misuse cases

正確答案: D

說明：（僅 Fast2test 成員可見）

問題2

A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?

A. Maintained session by creating a Session variable user with value stored in uname variable.

B. Maintained session by creating a hidden variable user with value stored in uname variable.

C. Maintained session by creating a HTTP variable user with value stored in uname variable.

D. Maintained session by creating a Cookie user with value stored in uname variable.

正確答案: A

說明：（僅 Fast2test 成員可見）

問題3

Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.
Which type of security assessment activity Jacob is currently performing?

A. CAST

B. ISCST

C. CAST

D. SAST

正確答案: D

說明：（僅 Fast2test 成員可見）

問題4

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

A. He is trying to use Whitelisting Input Validation

B. He is trying to use Non-parametrized SQL query

C. He is trying to use Blacklisting Input Validation

D. He is trying to use Parametrized SQL Query

正確答案: B

說明：（僅 Fast2test 成員可見）

問題5

Which of the threat classification model is used to classify threats during threat modeling process?

A. STRIDE

B. SMART

C. RED

D. DREAD

正確答案: A

說明：（僅 Fast2test 成員可見）

最新的ECCouncil Certified Application Security Engineer (CASE) JAVA - 312-96免費考試真題

聯系我們

站內鏈接

最新更新