Certified Application Security Engineer (CASE) - JAVA v1.0

Page:    1 / 4   
Exam contains 49 questions
Expand All

Which of the following DFD component is used to represent the change in privilege levels?

  • A. 3
  • B. 4
  • C. 1
  • D. 2


Answer : C

Which of the following configurations can help you avoid displaying server names in server response header?

  • A. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort= "8443" / >
  • B. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName=" disable" redirectPort="8443" / >
  • C. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" Server = " " redirectPort="8443" / >
  • D. < Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" ServerName ="null " redirectPort="8443'' / >


Answer : C

Which of the following can be derived from abuse cases to elicit security requirements for software system?

  • A. Misuse cases
  • B. Data flow diagram
  • C. Use cases
  • D. Security use cases


Answer : D

Which of the following state management method works only for a sequence of dynamically generated forms?

  • A. Cookies
  • B. Sessions
  • C. Hidden Field
  • D. URL-rewriting


Answer : C

Which of the following authentication mechanism does J2EE support?

  • A. Windows, Form based, Role Based, Client/Server Mutual Authentication
  • B. Role Based, Http Basic, Windows, Http Digest Authentication
  • C. Http Basic, Form Based, Client/Server Mutual, Role Based Authentication
  • D. Http Basic, Form Based, Client/Server Mutual, HTTP Digest Authentication


Answer : D

Which of the following is used to mapCustom Exceptions to Statuscode?

  • A. @ResponseStatus
  • B. @ResponseStatusCode
  • C. @ResponseCode
  • D. @ScacusCode


Answer : A

It is recommended that you should not use return, break, continue or throw statements in _________

  • A. Finally block
  • B. Try-With-Resources block
  • C. Try block
  • D. Catch block


Answer : A

Which of the following relationship is used to describe abuse case scenarios?

  • A. Include Relationship
  • B. Threatens Relationship
  • C. Extend Relationship
  • D. Mitigates Relationship


Answer : B

To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?

  • A. validate="true''
  • B. IsNotvalidate="disabled"
  • C. IsNotvalidate="false"
  • D. validate="enabled"


Answer : A

Identify what should NOT be catched while handling exceptions.

  • A. EOFException
  • B. SecurityException
  • C. IllegalAccessException
  • D. NullPointerException


Answer : B

Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?

  • A. ex.StackTrace.getError();
  • B. ex.message();
  • C. ex.getMessage();
  • D. ex.getError();


Answer : C

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

  • A. Denial-of-Service attack
  • B. Client-Side Scripts Attack
  • C. SQL Injection Attack
  • D. Directory Traversal Attack


Answer : B

Identify the type of attack depicted in the figure below:

  • A. SQL injection attack
  • B. Parameter/form attack
  • C. Directory traversal attack
  • D. Session fixation attack


Answer : D

During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?

  • A. He is trying to use Whitelisting Input Validation
  • B. He is trying to use Non-parametrized SQL query
  • C. He is trying to use Blacklisting Input Validation
  • D. He is trying to use Parametrized SQL Query


Answer : B

The developer wants to remove the HttpSessionobject and its values from the client' system.
Which of the following method should he use for the above purpose?

  • A. sessionInvalidate()
  • B. Invalidate(session JSESSIONID)
  • C. isValidate()
  • D. invalidate()


Answer : D

Page:    1 / 4   
Exam contains 49 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy | Amazon Exams | Cisco Exams | CompTIA Exams | Databricks Exams | Fortinet Exams | Google Exams | Microsoft Exams | VMware Exams