QUESTION NO: 101
In your web application, you need to execute a block of code whenever the session object is first
created. Which design will accomplish this goal?
A. Create an HttpSessionListener class and implement the sessionInitialized method with that
block of code.
B. Create an HttpSessionActivationListener class and implement the sessionCreated method with
that block of code.
C. Create a Filter class, call the getSession(false) method, and if the result was null, then execute
that block of code.
D. Create an HttpSessionListener class and implement the sessionCreated method with that block
of code.
E. Create a Filter class, call the getSession(true) method, and if the result was NOT null, then
execute that block of code.
Answer: D
QUESTION NO: 102
Which interface must a class implement so that instances of the class are notified after any object
is added to a session?
A. javax.servlet.http.HttpSessionListener
B. javax.servlet.http.HttpSessionValueListener
C. javax.servlet.http.HttpSessionBindingListener
D. javax.servlet.http.HttpSessionAttributeListener
Answer: D
QUESTION NO: 103
Which method must be used to encode a URL passed as an argument to
HttpServletResponse.sendRedirect when using URL rewriting for session tracking?
A. ServletResponse.encodeURL
B. HttpServletResponse.encodeURL
C. ServletResponse.encodeRedirectURL
D. HttpServletResponse.encodeRedirectURL
Answer: D
QUESTION NO: 104
Users of your web application have requested that they should be able to set the duration of their
sessions. So for example, one user might want a webapp to stay connected for an hour rather
than the webapp's default of fifteen minutes; another user might want to stay connected for a
whole day.
Furthermore, you have a special login servlet that performs user authentication and retrieves the
User object from the database. You want to augment this code to set up the user's specified
session duration.
Which code snippet in the login servlet will accomplish this goal?
A. User user = // retrieve the User object from the database
session.setDurationInterval(user.getSessionDuration());
B. User user = // retrieve the User object from the database
session.setMaxDuration(user.getSessionDuration());
C. User user = // retrieve the User object from the database
session.setInactiveInterval(user.getSessionDuration());
D. User user = // retrieve the User object from the database
session.setDuration(user.getSessionDuration());
E. User user = // retrieve the User object from the database
session.setMaxInactiveInterval(user.getSessionDuration());
F. User user = // retrieve the User object from the database
session.setMaxDurationInterval(user.getSessionDuration());
Answer: E
QUESTION NO: 105
Which two classes or interfaces provide a getSession method? (Choose two.)
A. javax.servlet.http.HttpServletRequest
B. javax.servlet.http.HttpSessionContext
C. javax.servlet.http.HttpServletResponse
D. javax.servlet.http.HttpSessionBindingEvent
E. javax.servlet.http.HttpSessionAttributeEvent
Answer: A,D
QUESTION NO: 106
Given the security constraint in a DD:
101. <security-constraint>
102. <web-resource-collection>
103. <web-resource-name>Foo</web-resource-name>
104. <url-pattern>/Bar/Baz/*</url-pattern>
105. <http-method>POST</http-method>
106. </web-resource-collection>
107. <auth-constraint>
108. <role-name>DEVELOPER</role-name>
109. </auth-constraint>
110. </security-constraint>
And given that "MANAGER" is a valid role-name, which four are true for this security constraint?
(Choose four.)
A. MANAGER can do a GET on resources in the /Bar/Baz directory.
B. MANAGER can do a POST on any resource in the /Bar/Baz directory.
C. MANAGER can do a TRACE on any resource in the /Bar/Baz directory.
D. DEVELOPER can do a GET on resources in the /Bar/Baz directory.
E. DEVELOPER can do only a POST on resources in the /Bar/Baz directory.
F. DEVELOPER can do a TRACE on any resource in the /Bar/Baz directory.
Answer: A,C,D,F
QUESTION NO: 107
Which activity supports the data integrity requirements of an application?
A. using HTTPS as a protocol
B. using an LDAP security realm
C. using HTTP Basic authentication
D. using forms-based authentication
Answer: A
QUESTION NO: 108
Which mechanism requires the client to provide its public key certificate?
A. HTTP Basic Authentication
B. Form Based Authentication
C. HTTP Digest Authentication
D. HTTPS Client Authentication
Answer: D
QUESTION NO: 109
Given the two security constraints in a deployment descriptor:
101. <security-constraint>
102. <!--a correct url-pattern and http-method goes here-->
103. <auth-constraint><role-name>SALES</role-name></auth-
103. <auth-constraint>
104. <role-name>SALES</role-name>
105. </auth-constraint>
106. </security-constraint>
107. <security-constraint>
108. <!--a correct url-pattern and http-method goes here-->
109. <!-- Insert an auth-constraint here -->
110. </security-constraint>
If the two security constraints have the same url-pattern and http-method, which two, inserted
independently at line 109, will allow users with role names of either SALES or MARKETING to
access this resource? (Choose two.)
A. <auth-constraint/>
B. <auth-constraint>
<role-name>*</role-name>
</auth-constraint>
C. <auth-constraint>
<role-name>ANY</role-name>
</auth-constraint>
D. <auth-constraint>
<role-name>MARKETING</role-name>
</auth-constraint>
Answer: B,D
QUESTION NO: 110
Given this fragment in a servlet:
23. if(req.isUserInRole("Admin")) {
24. // do stuff
25. }
And the following fragment from the related Java EE deployment descriptor:
812. <security-role-ref>
813. <role-name>Admin</role-name>
814. <role-link>Administrator</role-link>
815. </security-role-ref>
900. <security-role>
901. <role-name>Admin</role-name>
902. <role-name>Administrator</role-name>
903. </security-role>
What is the result?
A. Line 24 can never be reached.
B. The deployment descriptor is NOT valid.
C. If line 24 executes, the user's role will be Admin.
D. If line 24 executes, the user's role will be Administrator.
E. If line 24 executes the user's role will NOT be predictable.
Answer: D
No comments:
Post a Comment