Sunday, October 7, 2007
SCWCD Exam, Security questions
---------------------------------------------------------------------------------
Questions
---------------------------------------------------------------------------------
1. Which of the following correctly defines data integrity? (Select one)
a) It guarantees that information is accessible only to certain users.
b) It guarantees that the information is kept in encrypted form on the server.
c) It guarantees that unintended parties cannot read the information during transmission between the client and the server.
d) It guarantees that the information is not altered during transmission between the client and the server.
2. Which of the following actions would you take to prevent your web site from being attacked? (Select three)
a) Block network traffic at all the ports except the HTTP port.
b) Audit the usage pattern of your server.
c) Audit the Servlet/JSP code.
d) Use HTTPS instead of HTTP.
e) Design and develop your web application using a software engineering methodology.
f) Use design patterns.
3. Which of the following statements regarding authentication mechanisms are correct? (Select two)
a) The HTTP Basic mechanism transmits the username/password “in the open.”
b) The HTTP Basic mechanism uses HTML FORMs to collect usernames/passwords.
c) The transmission method in the Basic and FORM mechanisms is the same.
d) The method of capturing the usernames/passwords in the Basic and FORM mechanisms is the same.
---------------------------------------------------------------------------------
Answers
---------------------------------------------------------------------------------
1. correct answer: d
Explanation:
Answers a and c describe authorization and confidentiality. Encrypting data kept on the server may be part of some security plans, but is not covered by the servlet specification.
2. correct answers: a, c, and d
Explanation:
Answer a is correct because this will prevent network congestion and will close all possible entry points to the server except HTTP. Answer b seems correct, but it is wrong because auditing the usage pattern will help you in finding out the culprits only after the site has been attacked—it will not prevent an attack. Answer c is correct because auditing the Servlet/JSP code will ensure that no malicious code exists inside your server that can open a backdoor for hackers. Answer d is correct because HTTPS will prevent hackers from sniffing the communication between the clients and the server, thereby preventing the leakage of sensitive information such as usernames and passwords. Answers e and f are good for developing an industrial-strength system but are not meant for making a system attack proof.
3. correct answers: a and c
Explanation:
The HTTP Basic mechanism uses a browser-specific way (usually a dialog box) to capture the username and password, while the FORM mechanism uses an HTML FORM to do the same. However, both mechanisms transmit the captured values in clear text without any encryption. Therefore, answers a and c are correct.
Saturday, October 6, 2007
I’m not arrogant. I’m smarter than everyone else...
I’m just so sick of being told that I’m arrogant. I’ve been hearing this all my life. I’m not arrogant. I’m smarter than everyone else, and I have better taste. That’s not arrogant. It’s just true.
http://fakesteve.blogspot.com/2007/10/people-say-were-getting-arrogant-my.html
Friday, October 5, 2007
openSUSE 10.3 is out
As heart of new distro was choosen pretty new kernel 2.6.22.5, farther glibc 2.6.1, gcc 4.2.1, bash 3.2, core-utils 6.8, X.Org 7.2 and others...
From application side I can mention GIMP 2.2.17, Firefox / Thunderbird 2.0.0.6, K3b 1.0.3 or emulator Wine 0.9.44
From desktop environments you can choose between KDE 3.5.7 with some backported parts from KDE 4 (games and applications for remote administration) and GNOME 2.20.
Distro offers install tool YaST even in GTK version with new 1-click-install technology, direct support of of MP3 (through Fluendo codecs for Amarok and Banshee) or pretty new YaST modules, akcelerated 3D desktop Compiz Fussion, new implementation of virtualization technolgies (Xen 3.1, QEMU), OpenOffice.org 2.3 ...
1-click-install is nowcooperating with relevant web service, so there is no needs to search (due to installation of specific application) non standard repository...
For quick sahring of local files you can use Giver. In comparison with previous version 10.0.2 boot period was cutted for a half.
If you wanna try SuSE distro, you can download your prefered version directly from source.
Thursday, October 4, 2007
SCWCD Exam, design patterns questions
For more about JAVA certification program visit » Java SE Certification Learning Path
These 2 are from design patterns.
---------------------------------------------------------------------------------
Questions
---------------------------------------------------------------------------------
1. What are the benefits of using the Transfer Object pattern? (Select two)
a) The type of the actual data source can be specified at deployment time.
b) The data clients are independent of the data source vendor API.
c) It increases the performance of data-accessing routines.
d) It allows the clients to access the data source through EJBs.
e) It allows resource locking in an efficient way.
2. Which design pattern allows you to decouple the business logic, data representation,
and data presentation? (Select one)
a) Model-View-Controller
b) Transfer Object
c) Bimodal Data Access
d) Business Delegate
---------------------------------------------------------------------------------
Answers
---------------------------------------------------------------------------------
1) correct answer: both a) and b)
Explanation:
This pattern is used to decouple business logic from data access logic. It hides the data access mechanism from the business objects so that the data source can be changed easily and transparently to the business objects.
2) correct answer: a)
Explanation:
In the Model-View-Controller pattern, Model is the data representation, View is the data presentation, and Controller is the implementation of business logic. Therefore, a is the correct answer.
Wednesday, October 3, 2007
Free Solaris Express Developer Edition DVD/CD
Solaris Express Developer Edition is a version of Solaris built through the open source OpenSolaris project. It provides the latest in Solaris enhancements. With its simplified installation experience, modern desktop environment and the most up to date support for laptops and desktops, Solaris Express Developer Edition offers the best environment for Solaris, Java, and Web 2.0 application development.
Learn more about Solaris Express Developer Edition .