Another question for JAVA SCWCD Certification Exam. This post is about security question, if you are interested in some design patterns question, see previous post: SCWCD Exam, design patterns questions.
---------------------------------------------------------------------------------
Questions
---------------------------------------------------------------------------------
1. Which of the following correctly defines data integrity? (Select one)
a) It guarantees that information is accessible only to certain users.
b) It guarantees that the information is kept in encrypted form on the server.
c) It guarantees that unintended parties cannot read the information during transmission between the client and the server.
d) It guarantees that the information is not altered during transmission between the client and the server.
2. Which of the following actions would you take to prevent your web site from being attacked? (Select three)
a) Block network traffic at all the ports except the HTTP port.
b) Audit the usage pattern of your server.
c) Audit the Servlet/JSP code.
d) Use HTTPS instead of HTTP.
e) Design and develop your web application using a software engineering methodology.
f) Use design patterns.
3. Which of the following statements regarding authentication mechanisms are correct? (Select two)
a) The HTTP Basic mechanism transmits the username/password “in the open.”
b) The HTTP Basic mechanism uses HTML FORMs to collect usernames/passwords.
c) The transmission method in the Basic and FORM mechanisms is the same.
d) The method of capturing the usernames/passwords in the Basic and FORM mechanisms is the same.
---------------------------------------------------------------------------------
Answers
---------------------------------------------------------------------------------
1. correct answer: d
Explanation:
Answers a and c describe authorization and confidentiality. Encrypting data kept on the server may be part of some security plans, but is not covered by the servlet specification.
2. correct answers: a, c, and d
Explanation:
Answer a is correct because this will prevent network congestion and will close all possible entry points to the server except HTTP. Answer b seems correct, but it is wrong because auditing the usage pattern will help you in finding out the culprits only after the site has been attacked—it will not prevent an attack. Answer c is correct because auditing the Servlet/JSP code will ensure that no malicious code exists inside your server that can open a backdoor for hackers. Answer d is correct because HTTPS will prevent hackers from sniffing the communication between the clients and the server, thereby preventing the leakage of sensitive information such as usernames and passwords. Answers e and f are good for developing an industrial-strength system but are not meant for making a system attack proof.
3. correct answers: a and c
Explanation:
The HTTP Basic mechanism uses a browser-specific way (usually a dialog box) to capture the username and password, while the FORM mechanism uses an HTML FORM to do the same. However, both mechanisms transmit the captured values in clear text without any encryption. Therefore, answers a and c are correct.
Sunday, October 7, 2007
Saturday, October 6, 2007
I’m not arrogant. I’m smarter than everyone else...
Steve Jobs and his statement, about his arrogancy...
I’m just so sick of being told that I’m arrogant. I’ve been hearing this all my life. I’m not arrogant. I’m smarter than everyone else, and I have better taste. That’s not arrogant. It’s just true.
I’m just so sick of being told that I’m arrogant. I’ve been hearing this all my life. I’m not arrogant. I’m smarter than everyone else, and I have better taste. That’s not arrogant. It’s just true. http://fakesteve.blogspot.com/2007/10/people-say-were-getting-arrogant-my.html
So, I'm not arrogant too, I'm just smarter .... :-)
Friday, October 5, 2007
openSUSE 10.3 is out
Team behind one of the most popular user friendly linux distro announced availability of final version openSUSE 10.3 . Spirit of new version is again back i the green look, but rather take a look below skirt of our new chameleon.
As heart of new distro was choosen pretty new kernel 2.6.22.5, farther glibc 2.6.1, gcc 4.2.1, bash 3.2, core-utils 6.8, X.Org 7.2 and others...
From application side I can mention GIMP 2.2.17, Firefox / Thunderbird 2.0.0.6, K3b 1.0.3 or emulator Wine 0.9.44
From desktop environments you can choose between KDE 3.5.7 with some backported parts from KDE 4 (games and applications for remote administration) and GNOME 2.20.
Distro offers install tool YaST even in GTK version with new 1-click-install technology, direct support of of MP3 (through Fluendo codecs for Amarok and Banshee) or pretty new YaST modules, akcelerated 3D desktop Compiz Fussion, new implementation of virtualization technolgies (Xen 3.1, QEMU), OpenOffice.org 2.3 ...
1-click-install is nowcooperating with relevant web service, so there is no needs to search (due to installation of specific application) non standard repository...
For quick sahring of local files you can use Giver. In comparison with previous version 10.0.2 boot period was cutted for a half.
If you wanna try SuSE distro, you can download your prefered version directly from source.
Thursday, October 4, 2007
SCWCD Exam, design patterns questions
I am preparing myself for JAVA certification exam SCWCD - Sun Certified Web Component Developer (SCWCD) . To the inbox I'm getting many samples - questions / answers from friends which successfully passed, so if you are interested in this field too, I'm sharing this for you...
For more about JAVA certification program visit » Java SE Certification Learning Path
These 2 are from design patterns.
---------------------------------------------------------------------------------
Questions
---------------------------------------------------------------------------------
1. What are the benefits of using the Transfer Object pattern? (Select two)
a) The type of the actual data source can be specified at deployment time.
b) The data clients are independent of the data source vendor API.
c) It increases the performance of data-accessing routines.
d) It allows the clients to access the data source through EJBs.
e) It allows resource locking in an efficient way.
2. Which design pattern allows you to decouple the business logic, data representation,
and data presentation? (Select one)
a) Model-View-Controller
b) Transfer Object
c) Bimodal Data Access
d) Business Delegate
---------------------------------------------------------------------------------
Answers
---------------------------------------------------------------------------------
1) correct answer: both a) and b)
Explanation:
This pattern is used to decouple business logic from data access logic. It hides the data access mechanism from the business objects so that the data source can be changed easily and transparently to the business objects.
For more about JAVA certification program visit » Java SE Certification Learning Path
These 2 are from design patterns.
---------------------------------------------------------------------------------
Questions
---------------------------------------------------------------------------------
1. What are the benefits of using the Transfer Object pattern? (Select two)
a) The type of the actual data source can be specified at deployment time.
b) The data clients are independent of the data source vendor API.
c) It increases the performance of data-accessing routines.
d) It allows the clients to access the data source through EJBs.
e) It allows resource locking in an efficient way.
2. Which design pattern allows you to decouple the business logic, data representation,
and data presentation? (Select one)
a) Model-View-Controller
b) Transfer Object
c) Bimodal Data Access
d) Business Delegate
---------------------------------------------------------------------------------
Answers
---------------------------------------------------------------------------------
1) correct answer: both a) and b)
Explanation:
This pattern is used to decouple business logic from data access logic. It hides the data access mechanism from the business objects so that the data source can be changed easily and transparently to the business objects.
2) correct answer: a)
Explanation:
In the Model-View-Controller pattern, Model is the data representation, View is the data presentation, and Controller is the implementation of business logic. Therefore, a is the correct answer.
Wednesday, October 3, 2007
Free Solaris Express Developer Edition DVD/CD
Interested in the leading edge of Solaris technology? Click below to download Solaris Express Developer Edition or have a DVD mailed to you: http://www.sun.com/software/solaris/solaris-express/get.jsp
Solaris Express Developer Edition is a version of Solaris built through the open source OpenSolaris project. It provides the latest in Solaris enhancements. With its simplified installation experience, modern desktop environment and the most up to date support for laptops and desktops, Solaris Express Developer Edition offers the best environment for Solaris, Java, and Web 2.0 application development.
Learn more about Solaris Express Developer Edition .
Solaris Express Developer Edition is a version of Solaris built through the open source OpenSolaris project. It provides the latest in Solaris enhancements. With its simplified installation experience, modern desktop environment and the most up to date support for laptops and desktops, Solaris Express Developer Edition offers the best environment for Solaris, Java, and Web 2.0 application development.
Learn more about Solaris Express Developer Edition .
SQuirreL, Universal SQL Client
SQuirreL SQL Client is a graphical Java program that will allow you to view the structure of a JDBC compliant database, browse the data in tables, issue SQL commands etc, see Introduction.
The minimum version of Java supported is 1.5.x as of SQuirreL version 2.4. See the Old Versions page for versions of SQuirreL that will work with older versions of Java.
Features:
- Object Tree of Session window - right-click to access the popup menu which provides access to advanced script generation and graphing features. The graph plugin allows the user to create table charts
- SQL Editor with code completion popup (ctrl+space) open - code completion can be used to access drop-down lists of options that include keywords, tables, columns, views, stored procedures. Code completion also provides join generation functions. For example, look at the table structure here. Hitting ctrl+space after the expression
- SQL Editor with tools popup menu (ctrl+t) shown - with the tools popup any editor function can be located with only a single short cut: ctrl+t Additionally, the list can be searched incrementally with just a few keystrokes
- SQL Editor with bookmark selection popup (ctrl+j) shown - bookmarks are user-defined code templates. SQuirreL comes with several pre-defined example bookmarks for the most common SQL and DDL statements
- Abbreviations and auto corrections dialog - this feature works much like auto corrects in common office products. With the entries shown in the dialog you may for example type 'sf' which will expand to 'SELECT * FROM'
- Editing of SQL results - the result tabs of SQL queries support editing the rows returned from a query on a single table. You may also edit the contents tab of tables in the Object tree
- Graph: Charts of tables and their relations - To create new charts or to add tables to existing charts right mouse click tables in the Object tree and choose the 'Add to graph' menu. Graph manipulation functions can be accessed by using the right-click context popup menu
- Graph: Scaling and distributing tables on configurable page sizes to prepare for printing - use the right-click context popup menu to switch to the scaling and printing mode
For more detailed description see the paper by Gerd Wagner:
- English version
- German version
In theory SQuirreL should work with any DBMS that has a JDBC 2.0 driver. However not all drivers/DBMS's are fully complient with the JDBC 2.0 specification.
Reported working databases:
- Axion Java RDBMS
- Daffodil (One$DB)
- Apache Derby (formerly Cloudscape)
- Fujitsu Siemens SESAM/SQL-Server with the SESAM/SQL JDBC driver
- Firebird with the JayBird JCA/JDBC Driver
- FrontBase
- HSQL
- Hypersonic SQL
- H2
- IBM DB2 for Linux, OS/400 and Windows
- Informix
- CA Ingres 2.6 SP2 with EDBC driver v1.8
- InstantDB
- Interbase with the Interclient JDBC driver
- Mckoi SQL
- Microsoft Access with the JDBC/ODBC bridge
- Microsoft SQL Server with the Microsoft, WebLogic and jTDS JDBC drivers
- Mimer SQL
- MySQL with the MM MySQL JDBC driver
- Oracle 8i, 9i and 10g with the Oracle thin and OCI drivers
- Pointbase
- PostgreSQL 7.1.3 and higher
- Progress OpenEdge 10.1x
- SAPDB
- Sybase
- Sunopsis XML Driver (JDBC Edition)
- Teradata Warehouse
- ThinkSQL RDBMS
Available translations:
- Spanish
- Brizilian
- Czech
- Bulgarian
- Chinese
- French
- Italian
- German
- Russian
The minimum version of Java supported is 1.5.x as of SQuirreL version 2.4. See the Old Versions page for versions of SQuirreL that will work with older versions of Java.
The SQuirreL desktop in Ocean Theme:
Features:
- Object Tree of Session window - right-click to access the popup menu which provides access to advanced script generation and graphing features. The graph plugin allows the user to create table charts
- SQL Editor with code completion popup (ctrl+space) open - code completion can be used to access drop-down lists of options that include keywords, tables, columns, views, stored procedures. Code completion also provides join generation functions. For example, look at the table structure here. Hitting ctrl+space after the expression
- SQL Editor with tools popup menu (ctrl+t) shown - with the tools popup any editor function can be located with only a single short cut: ctrl+t Additionally, the list can be searched incrementally with just a few keystrokes
- SQL Editor with bookmark selection popup (ctrl+j) shown - bookmarks are user-defined code templates. SQuirreL comes with several pre-defined example bookmarks for the most common SQL and DDL statements
- Abbreviations and auto corrections dialog - this feature works much like auto corrects in common office products. With the entries shown in the dialog you may for example type 'sf
- Editing of SQL results - the result tabs of SQL queries support editing the rows returned from a query on a single table. You may also edit the contents tab of tables in the Object tree
- Graph: Charts of tables and their relations - To create new charts or to add tables to existing charts right mouse click tables in the Object tree and choose the 'Add to graph' menu. Graph manipulation functions can be accessed by using the right-click context popup menu
- Graph: Scaling and distributing tables on configurable page sizes to prepare for printing - use the right-click context popup menu to switch to the scaling and printing mode
For more detailed description see the paper by Gerd Wagner:
- English version
- German version
In theory SQuirreL should work with any DBMS that has a JDBC 2.0 driver. However not all drivers/DBMS's are fully complient with the JDBC 2.0 specification.
Reported working databases:
- Axion Java RDBMS
- Daffodil (One$DB)
- Apache Derby (formerly Cloudscape)
- Fujitsu Siemens SESAM/SQL-Server with the SESAM/SQL JDBC driver
- Firebird with the JayBird JCA/JDBC Driver
- FrontBase
- HSQL
- Hypersonic SQL
- H2
- IBM DB2 for Linux, OS/400 and Windows
- Informix
- CA Ingres 2.6 SP2 with EDBC driver v1.8
- InstantDB
- Interbase with the Interclient JDBC driver
- Mckoi SQL
- Microsoft Access with the JDBC/ODBC bridge
- Microsoft SQL Server with the Microsoft, WebLogic and jTDS JDBC drivers
- Mimer SQL
- MySQL with the MM MySQL JDBC driver
- Oracle 8i, 9i and 10g with the Oracle thin and OCI drivers
- Pointbase
- PostgreSQL 7.1.3 and higher
- Progress OpenEdge 10.1x
- SAPDB
- Sybase
- Sunopsis XML Driver (JDBC Edition)
- Teradata Warehouse
- ThinkSQL RDBMS
Available translations:
- Spanish
- Brizilian
- Czech
- Bulgarian
- Chinese
- French
- Italian
- German
- Russian
Subscribe to:
Posts (Atom)