QUESTION NO: 31
Which three are true about TLD files? (Choose three.)
A. The web container recognizes TLD files placed in any subdirectory of WEB-INF.
B. When deployed inside a JAR file, TLD files must be in the META-INF directory, or a
subdirectory of it.
C. A tag handler's attribute must be included in the TLD file only if the attribute can accept
request-time expressions.
D. The web container can generate an implicit TLD file for a tag library comprised of both simple
tag handlers and tag files.
E. The web container can automatically extend the tag library map described in a web.xml file by
including entries extracted from the web application's TLD files.
Answer: A,B,E
QUESTION NO: 32
Your management has required that all JSPs be created to generate XHTML-compliant content
and to facilitate that decision, you are required to create all JSPs using the JSP Document format.
In the reviewOrder.jspx page, you need to use several core JSTL tags to process the collection of
order items in the customer's shopping cart. Which JSP code snippets must you use in the
reviewOrder.jspx page?
A. <html xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0">
<jsp:directive.taglib prefix="c"
uri="http://java.sun.com/jsp/jstl/core" />
<!-- page content -->
</html>
B. <html xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0"
xmlns:c="http://java.sun.com/jsp/jstl/core">
<!-- page content -->
</html>
C. <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0">
<jsp:directive.taglib prefix="c"
uri="http://java.sun.com/jsp/jstl/core" />
<!-- page content -->
</jsp:root>
D. <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0"
xmlns:c="http://java.sun.com/jsp/jstl/core">
<!-- page content -->
</jsp:root>
Answer: D
QUESTION NO: 33
Which two JSTL URL-related tags perform URL rewriting? (Choose two.)
A. url
B. link
C. param
D. import
E. redirect
Answer: A,E
QUESTION NO: 34
A custom JSP tag must be able to support an arbitrary number of attributes whose names are
unknown when the tag class is designed. Which two are true? (Choose two.)
A. The <body-content> element in the echo tag TLD must have the value JSP.
B. The echo tag handler must define the setAttribute(String key, String value) method.
C. The <dynamic-attributes>true</dynamic-attributes> element must appear in the echo tag TLD.
D. The class implementing the echo tag handler must implement the
javax.servlet.jsp.tagext.IterationTag interface.
E. The class implementing the echo tag handler must implement the
javax.servlet.jsp.tagext.DynamicAttributes interface.
Answer: C,E
QUESTION NO: 35
A developer has used this code within a servlet:
62. if(request.isUserInRole("vip")) {
63. // VIP-related logic here
64. }
What else must the developer do to ensure that the intended security goal is achieved?
A. create a user called vip in the security realm
B. define a group within the security realm and call it vip
C. define a security-role named vip in the deployment descriptor
D. declare a security-role-ref for vip in the deployment descriptor
Answer: D
QUESTION NO: 36
Given:
3. class MyServlet extends HttpServlet {
4. public void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException,
IOException {
5. // servlet code here ...
26. }
27. }
If the DD contains a single security constraint associated with MyServlet and its only <httpmethod>
tags and <auth-constraint> tags are:
<http-method>GET</http-method>
<http-method>PUT</http-method>
<auth-constraint>Admin</auth-constraint>
Which four requests would be allowed by the container? (Choose four.)
A. A user whose role is Admin can perform a PUT.
B. A user whose role is Admin can perform a GET.
C. A user whose role is Admin can perform a POST.
D. A user whose role is Member can perform a PUT.
E. A user whose role is Member can perform a POST.
F. A user whose role is Member can perform a GET.
Answer: A,B,C,E
QUESTION NO: 37
What is true about Java EE authentication mechanisms?
A. If your deployment descriptor correctly declares an authentication type of CLIENT_CERT, your
users must have a certificate from an official source before they can use your application.
B. If your deployment descriptor correctly declares an authentication type of BASIC, the container
automatically requests a user name and password whenever a user starts a new session.
C. If you want your web application to support the widest possible array of browsers, and you want
to perform authentication, the best choice of Java EE authentication mechanisms is DIGEST.
D. To use Java EE FORM authentication, you must declare two HTML files in your deployment
descriptor, and you must use a predefined action in the HTML file that handles your user's login.
Answer: D
QUESTION NO: 38
If you want to use the Java EE platform's built-in type of authentication that uses a custom HTML
page for authentication, which two statements are true? (Choose two.)
A. Your deployment descriptor will need to contain this tag:
<auth-method>CUSTOM</auth-method>.
B. The related custom HTML login page must be named loginPage.html.
C. When you use this type of authentication, SSL is turned on automatically.
D. You must have a tag in your deployment descriptor that allows you to point to both a login
HTML page and an HTML page for handling any login errors.
E. In the HTML related to authentication for this application, you must use predefined variable
names for the variables that store the user and password values.
Answer: D,E
QUESTION NO: 39
Given this fragment in a servlet:
23. if(req.isUserInRole("Admin")) {
24. // do stuff
25. }
And the following fragment from the related Java EE deployment descriptor:
812. <security-role-ref>
813. <role-name>Admin</role-name>
814. <role-link>Administrator</role-link>
815. </security-role-ref>
900. <security-role>
901. <role-name>Admin</role-name>
902. <role-name>Administrator</role-name>
903. </security-role>
What is the result?
A. Line 24 can never be reached.
B. The deployment descriptor is NOT valid.
C. If line 24 executes, the user's role will be Admin.
D. If line 24 executes, the user's role will be Administrator.
E. If line 24 executes the user's role will NOT be predictable.
Answer: D
QUESTION NO: 40
Given the security constraint in a DD:
101. <security-constraint>
102. <web-resource-collection>
103. <web-resource-name>Foo</web-resource-name>
104. <url-pattern>/Bar/Baz/*</url-pattern>
105. <http-method>POST</http-method>
106. </web-resource-collection>
107. <auth-constraint>
108. <role-name>DEVELOPER</role-name>
109. </auth-constraint>
110. </security-constraint>
And given that "MANAGER" is a valid role-name, which four are true for this security constraint?
(Choose four.)
A. MANAGER can do a GET on resources in the /Bar/Baz directory.
B. MANAGER can do a POST on any resource in the /Bar/Baz directory.
C. MANAGER can do a TRACE on any resource in the /Bar/Baz directory.
D. DEVELOPER can do a GET on resources in the /Bar/Baz directory.
E. DEVELOPER can do only a POST on resources in the /Bar/Baz directory.
F. DEVELOPER can do a TRACE on any resource in the /Bar/Baz directory.
Answer: A,C,D,F
No comments:
Post a Comment