MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: Which of the following can be derived from abuse cases to elicit security requirements for software system?
Question2: Which of the threat classification model is used to classify threats during threat modeling process?
Question3: A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?
Question4: During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?
Question5: Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.Alice wrote the following code on page load to read the file name.String myfilename = request.getParameter("filename");String txtFileNameVariable = myfilename;String locationVariable = request.getServletContext().getRealPath("/"); String PathVariable = ""; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?
Question6: Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?
Question7: Which of the following is used to mapCustom Exceptions to Statuscode?
Question8: Which line of the following example of Java Code can make application vulnerable to a session attack?
Question9: The software developer has implemented encryption in the code as shown in the following screenshot.However, using the DES algorithm for encryption is considered to be an insecure coding practice as DES is a weak encryption algorithm. Which of the following symmetric encryption algorithms will you suggest for strong encryption?
Question10: According to secure logging practices, programmers should ensure that logging processes are not disrupted by:
Question11: The developer wants to remove the HttpSessionobject and its values from the client' system.Which of the following method should he use for the above purpose?
Question12: Which of the following DFD component is used to represent the change in privilege levels?
Question13: A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class
Question14: In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.
Question15: Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp< form Id="form1" method="post" action="SearchProperty.jsp" >< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >< input type="Submit" Id="Btn_Search" value="Search" / >< /form >However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?
Question16: Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability.Identify the attack that could exploit the vulnerability in the above case.
Question17: Which of the following method will help you check if DEBUG level is enabled?
Question18: Identify the type of attack depicted in the following figure.
Question19: Which of the following configuration settings in server.xml will allow Tomcat server administrator to impose limit on uploading file based on their size?
Question20: Oliver is a web server admin and wants to configure the Tomcat server in such a way that it should not serve index pages in the absence of welcome files. Which of the following settings in CATALINA_HOME/conf/ in web.xml will solve his problem?
Question21: Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?