Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Coffee Cram: Chapter 12 Answers

Which security mechanisms always operate independently of the transport layer? (Choose all that apply.)
(servlet spec: chap 12 )
A.
authorization
B.
data integrity
C.
authentication
D.
confidentiality
Note
-Option A is correct. Authorization operates completely within the container once authentication has occurred. Authentication can affect the transport layer based on how the <auth-method> element is set.
Given a deployment descriptor with three valid <security-constraint> elements, all constraining web resource A, whose respective <auth-constraint> sub-elements are:
(servlet spec: 12.8.1)
```
<auth-constraint>
    <role-name>Bob</role-name>
</auth-constraint>
<auth-constraint/>
<auth-constraint>
    <role-name>Alice</role-name>
</auth-constraint>
```
Who can access resource A?
A.
no one
B.
anyone
C.
only Bob
D.
only Alice
E.
only Bob and Alice
F.
anyone but Bob or Alice
Note
-Option A is correct. The existence of an empty <auth-constraint> element overrides all other <auth-constraint> elements that refer to that resource, precluding access.

Which activities would be addressed via a J2EE 1.4 container’s data integrity mechanism? (Choose all that apply.)

(Servlet spec., 12.1)

	A.	Verifying that a specific user is allowed access to a specific HTML page.
	B.	Ensuring that an eavesdropper can’t read an HTTP message being sent from the client to the container.
	C.	Verifying that a client making a request for a constrained JSP has the proper role credentials to access the JSP.
	D.	Ensuring that a hacker can’t alter the contents of an HTTP message while it is in transit from the container to a client.

Note

-Option B describes confidentiality.

-Option D is correct. This would typically be accomplished through the use of HTTPS.

Which are required fields in the login form when using Form Based Authentication? (Choose all that apply.)
(Servlet spec., 12.5.3:)
A.
pw
B.
id
C.
j_pw
D.
j_id
E.
password
F.
j_password
Note
-Option F is correct, the user’s password must be stored in a field called j_password. In addition, the user’s name must be stored in j_username.
Which authentication types require a specific type of HTML action? (Choose all that apply.)
(Servlet spec., 12.5.3.1)
A.
HTTP Basic Authentication
B.
Form Based Authentication
C.
HTTP Digest Authentication
D.
HTTPS Client Authentication.
Note
-Option B is correct. For form based authentication to work, the action of the login form must be j_security_check.
Which security mechanisms can be implemented by using a method in the HttpServletRequest interface? (Choose all that apply.)
(Servlet spec., 12.3)
A.
authorization
B.
data integrity
C.
authentication
D.
confidentiality
Note
-Option A is correct. The isUserInRole method can be used programatically, to help determine whether a client’s role is authorized to access a given resource.
-Option C is correct. The getRemoteUser method can be used programatically, to help determine whether a client has been authenticated.
Which HttpServletRequest method is most closely associated with the use of the <security-role-ref> element?
(Servlet spec., 12.3)
A.
getHeader
B.
getCookies
C.
isUserInRole
D.
getUserPrincipal
E.
isRequestedSessionIDValid
Note
-Option C is correct. The <security-role-ref> element is used to map roles hardcoded in a servlet to roles declared in the deployment descriptor. The isUserInRole method is used in a servlet to test the contents of <security-role-ref> elements..
Which deployment descriptor elements can contain a <transport-guarantee> sub-element? (Choose all that apply.)
(Servlet spec., 13.4)
A.
<auth-constraint>
B.
<security-role-ref>
C.
<form-login-config>
D.
<user-data-constraint>
Note
-Option D is correct. A <transport-guarantee> element is used within a <user-data-constraint> element to specify whether a web resource collection should be transmitted using a mechanism such as SSL.
Which authentication mechanism is recommended to be used only if cookies or SSL session tracking is in place?
(Servlet spec., 12.5.3.1)
A.
HTTP Basic Authentication
B.
Form Based Authentication
C.
HTTP Digest Authentication
D.
HTTPS Client Authentication
Note
-Option B is correct. Form based login session tracking can be difficult to implement, therefore a separate session tracking mechanism is recommended.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

	A.	authorization
	B.	data integrity
	C.	authentication
	D.	confidentiality

	A.	no one
	B.	anyone
	C.	only Bob
	D.	only Alice
	E.	only Bob and Alice
	F.	anyone but Bob or Alice

	A.	`pw`
	B.	`id`
	C.	`j_pw`
	D.	`j_id`
	E.	`password`
	F.	`j_password`

	A.	HTTP Basic Authentication
	B.	Form Based Authentication
	C.	HTTP Digest Authentication
	D.	HTTPS Client Authentication.

Table of Contents for Coffee Cram: Chapter 12 Answers

Create new playlist

Sign In

Sign Up

Coffee Cram: Chapter 12 Answers

Note

Note

Note

Note

Note

Note

Note

Note

Note

Table of Contents for
Coffee Cram: Chapter 12 Answers