Sunday, October 7, 2007

SCWCD Exam, Security questions

Another question for JAVA SCWCD Certification Exam. This post is about security question, if you are interested in some design patterns question, see previous post: SCWCD Exam, design patterns questions.


---------------------------------------------------------------------------------
Questions
---------------------------------------------------------------------------------

1. Which of the following correctly defines data integrity? (Select one)

a) It guarantees that information is accessible only to certain users.
b) It guarantees that the information is kept in encrypted form on the server.
c) It guarantees that unintended parties cannot read the information during transmission between the client and the server.
d) It guarantees that the information is not altered during transmission between the client and the server.


2. Which of the following actions would you take to prevent your web site from being attacked? (Select three)

a) Block network traffic at all the ports except the HTTP port.
b) Audit the usage pattern of your server.
c) Audit the Servlet/JSP code.
d) Use HTTPS instead of HTTP.
e) Design and develop your web application using a software engineering methodology.
f) Use design patterns.


3. Which of the following statements regarding authentication mechanisms are correct? (Select two)

a) The HTTP Basic mechanism transmits the username/password “in the open.”
b) The HTTP Basic mechanism uses HTML FORMs to collect usernames/passwords.
c) The transmission method in the Basic and FORM mechanisms is the same.
d) The method of capturing the usernames/passwords in the Basic and FORM mechanisms is the same.


---------------------------------------------------------------------------------
Answers
---------------------------------------------------------------------------------

1. correct answer: d

Explanation:
Answers a and c describe authorization and confidentiality. Encrypting data kept on the server may be part of some security plans, but is not covered by the servlet specification.


2. correct answers: a, c, and d

Explanation:
Answer a is correct because this will prevent network congestion and will close all possible entry points to the server except HTTP. Answer b seems correct, but it is wrong because auditing the usage pattern will help you in finding out the culprits only after the site has been attacked—it will not prevent an attack. Answer c is correct because auditing the Servlet/JSP code will ensure that no malicious code exists inside your server that can open a backdoor for hackers. Answer d is correct because HTTPS will prevent hackers from sniffing the communication between the clients and the server, thereby preventing the leakage of sensitive information such as usernames and passwords. Answers e and f are good for developing an industrial-strength system but are not meant for making a system attack proof.


3. correct answers: a and c

Explanation:
The HTTP Basic mechanism uses a browser-specific way (usually a dialog box) to capture the username and password, while the FORM mechanism uses an HTML FORM to do the same. However, both mechanisms transmit the captured values in clear text without any encryption. Therefore, answers a and c are correct.

Saturday, October 6, 2007

I’m not arrogant. I’m smarter than everyone else...

Steve Jobs and his statement, about his arrogancy...


I’m just so sick of being told that I’m arrogant. I’ve been hearing this all my life. I’m not arrogant. I’m smarter than everyone else, and I have better taste. That’s not arrogant. It’s just true.

http://fakesteve.blogspot.com/2007/10/people-say-were-getting-arrogant-my.html


So, I'm not arrogant too, I'm just smarter .... :-)

Friday, October 5, 2007

openSUSE 10.3 is out

Team behind one of the most popular user friendly linux distro announced availability of final version openSUSE 10.3 . Spirit of new version is again back i the green look, but rather take a look below skirt of our new chameleon.



As heart of new distro was choosen pretty new kernel 2.6.22.5, farther glibc 2.6.1, gcc 4.2.1, bash 3.2, core-utils 6.8, X.Org 7.2 and others...




From application side I can mention GIMP 2.2.17, Firefox / Thunderbird 2.0.0.6, K3b 1.0.3 or emulator Wine 0.9.44




From desktop environments you can choose between KDE 3.5.7 with some backported parts from KDE 4 (games and applications for remote administration) and GNOME 2.20.




Distro offers install tool YaST even in GTK version with new 1-click-install technology, direct support of of MP3 (through Fluendo codecs for Amarok and Banshee) or pretty new YaST modules, akcelerated 3D desktop Compiz Fussion, new implementation of virtualization technolgies (Xen 3.1, QEMU), OpenOffice.org 2.3 ...



1-click-install is nowcooperating with relevant web service, so there is no needs to search (due to installation of specific application) non standard repository...



For quick sahring of local files you can use Giver. In comparison with previous version 10.0.2 boot period was cutted for a half.

If you wanna try SuSE distro, you can download your prefered version directly from source.




Thursday, October 4, 2007

SCWCD Exam, design patterns questions

I am preparing myself for JAVA certification exam SCWCD - Sun Certified Web Component Developer (SCWCD) . To the inbox I'm getting many samples - questions / answers from friends which successfully passed, so if you are interested in this field too, I'm sharing this for you...

For more about JAVA certification program visit » Java SE Certification Learning Path

These 2 are from design patterns.


---------------------------------------------------------------------------------
Questions
---------------------------------------------------------------------------------

1. What are the benefits of using the Transfer Object pattern? (Select two)

a) The type of the actual data source can be specified at deployment time.
b) The data clients are independent of the data source vendor API.
c) It increases the performance of data-accessing routines.
d) It allows the clients to access the data source through EJBs.
e) It allows resource locking in an efficient way.


2. Which design pattern allows you to decouple the business logic, data representation,
and data presentation? (Select one)

a) Model-View-Controller
b) Transfer Object
c) Bimodal Data Access
d) Business Delegate


---------------------------------------------------------------------------------
Answers
---------------------------------------------------------------------------------

1) correct answer: both a) and b)

Explanation:
This pattern is used to decouple business logic from data access logic. It hides the data access mechanism from the business objects so that the data source can be changed easily and transparently to the business objects.

2) correct answer: a)

Explanation:
In the Model-View-Controller pattern, Model is the data representation, View is the data presentation, and Controller is the implementation of business logic. Therefore, a is the correct answer.

Wednesday, October 3, 2007

Free Solaris Express Developer Edition DVD/CD

Interested in the leading edge of Solaris technology? Click below to download Solaris Express Developer Edition or have a DVD mailed to you: http://www.sun.com/software/solaris/solaris-express/get.jsp


Solaris Express Developer Edition is a version of Solaris built through the open source OpenSolaris project. It provides the latest in Solaris enhancements. With its simplified installation experience, modern desktop environment and the most up to date support for laptops and desktops, Solaris Express Developer Edition offers the best environment for Solaris, Java, and Web 2.0 application development.

Learn more about Solaris Express Developer Edition .