Another question for JAVA SCWCD Certification Exam. This post is about security question, if you are interested in some design patterns question, see previous post: SCWCD Exam, design patterns questions.
---------------------------------------------------------------------------------
Questions
---------------------------------------------------------------------------------
1. Which of the following correctly defines data integrity? (Select one)
a) It guarantees that information is accessible only to certain users.
b) It guarantees that the information is kept in encrypted form on the server.
c) It guarantees that unintended parties cannot read the information during transmission between the client and the server.
d) It guarantees that the information is not altered during transmission between the client and the server.
2. Which of the following actions would you take to prevent your web site from being attacked? (Select three)
a) Block network traffic at all the ports except the HTTP port.
b) Audit the usage pattern of your server.
c) Audit the Servlet/JSP code.
d) Use HTTPS instead of HTTP.
e) Design and develop your web application using a software engineering methodology.
f) Use design patterns.
3. Which of the following statements regarding authentication mechanisms are correct? (Select two)
a) The HTTP Basic mechanism transmits the username/password “in the open.”
b) The HTTP Basic mechanism uses HTML FORMs to collect usernames/passwords.
c) The transmission method in the Basic and FORM mechanisms is the same.
d) The method of capturing the usernames/passwords in the Basic and FORM mechanisms is the same.
---------------------------------------------------------------------------------
Answers
---------------------------------------------------------------------------------
1. correct answer: d
Explanation:
Answers a and c describe authorization and confidentiality. Encrypting data kept on the server may be part of some security plans, but is not covered by the servlet specification.
2. correct answers: a, c, and d
Explanation:
Answer a is correct because this will prevent network congestion and will close all possible entry points to the server except HTTP. Answer b seems correct, but it is wrong because auditing the usage pattern will help you in finding out the culprits only after the site has been attacked—it will not prevent an attack. Answer c is correct because auditing the Servlet/JSP code will ensure that no malicious code exists inside your server that can open a backdoor for hackers. Answer d is correct because HTTPS will prevent hackers from sniffing the communication between the clients and the server, thereby preventing the leakage of sensitive information such as usernames and passwords. Answers e and f are good for developing an industrial-strength system but are not meant for making a system attack proof.
3. correct answers: a and c
Explanation:
The HTTP Basic mechanism uses a browser-specific way (usually a dialog box) to capture the username and password, while the FORM mechanism uses an HTML FORM to do the same. However, both mechanisms transmit the captured values in clear text without any encryption. Therefore, answers a and c are correct.
Showing posts with label scwcd. Show all posts
Showing posts with label scwcd. Show all posts
Sunday, October 7, 2007
Thursday, October 4, 2007
SCWCD Exam, design patterns questions
I am preparing myself for JAVA certification exam SCWCD - Sun Certified Web Component Developer (SCWCD) . To the inbox I'm getting many samples - questions / answers from friends which successfully passed, so if you are interested in this field too, I'm sharing this for you...
For more about JAVA certification program visit » Java SE Certification Learning Path
These 2 are from design patterns.
---------------------------------------------------------------------------------
Questions
---------------------------------------------------------------------------------
1. What are the benefits of using the Transfer Object pattern? (Select two)
a) The type of the actual data source can be specified at deployment time.
b) The data clients are independent of the data source vendor API.
c) It increases the performance of data-accessing routines.
d) It allows the clients to access the data source through EJBs.
e) It allows resource locking in an efficient way.
2. Which design pattern allows you to decouple the business logic, data representation,
and data presentation? (Select one)
a) Model-View-Controller
b) Transfer Object
c) Bimodal Data Access
d) Business Delegate
---------------------------------------------------------------------------------
Answers
---------------------------------------------------------------------------------
1) correct answer: both a) and b)
Explanation:
This pattern is used to decouple business logic from data access logic. It hides the data access mechanism from the business objects so that the data source can be changed easily and transparently to the business objects.
For more about JAVA certification program visit » Java SE Certification Learning Path
These 2 are from design patterns.
---------------------------------------------------------------------------------
Questions
---------------------------------------------------------------------------------
1. What are the benefits of using the Transfer Object pattern? (Select two)
a) The type of the actual data source can be specified at deployment time.
b) The data clients are independent of the data source vendor API.
c) It increases the performance of data-accessing routines.
d) It allows the clients to access the data source through EJBs.
e) It allows resource locking in an efficient way.
2. Which design pattern allows you to decouple the business logic, data representation,
and data presentation? (Select one)
a) Model-View-Controller
b) Transfer Object
c) Bimodal Data Access
d) Business Delegate
---------------------------------------------------------------------------------
Answers
---------------------------------------------------------------------------------
1) correct answer: both a) and b)
Explanation:
This pattern is used to decouple business logic from data access logic. It hides the data access mechanism from the business objects so that the data source can be changed easily and transparently to the business objects.
2) correct answer: a)
Explanation:
In the Model-View-Controller pattern, Model is the data representation, View is the data presentation, and Controller is the implementation of business logic. Therefore, a is the correct answer.
Subscribe to:
Posts (Atom)