GIAC Secure Software Programmer – Java v6.0

Page:    1 / 19   
Total 275 questions Expand All

Which of the following fields must be present in the login page when using the form-based authentication?
Each correct answer represents a part of the solution. Choose two.

  • A. j_login
  • B. j_password
  • C. get_pw
  • D. j_pw
  • E. j_username
  • F. user_pw


Answer : B,E

Mark works as a Programmer for InfoTech Inc. He wants to define the security constraint for an application that allows users with the role of Manager access to the POST method of all resources with the URL pattern /acme/Manager/*, and also allow users with the role of Editor access to the
POST method of all resources with the URL pattern /acme/Editor/*. Which of the following code will be used to declare the security element?

  • A. <security-constraint> <web-resource-collection> <web-resource-name>Manager</web-resource-name> <url-pattern>/acme/Manager/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>Manager</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Editor</web-resource-name> <url-pattern>/acme/Edito
  • B. <security-constraint> <web-resource-collection> <web-resource-name>Manager</web-resource-name> <url-pattern>/acme/Manager/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>Manager</role-name> </auth-constraint> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>Editor</role-nam
  • C. <security-constraint> <web-resource-collection> <web-resource-name>Manager</web-resource-name> <url-pattern>/acme/Manager/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>Manager</role-name> </auth-constraint> <auth-constraint> <role-name>Editor</role-name> </auth-constraint> </security-constraint>
  • D. <security-constraint> <web-resource-collection> <web-resource-name>Manager</web-resource-name> <url-pattern>/acme/Manager/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <web-resource-collection> <web-resource-name>Editor</web-resource-name> <url-pattern>/acme/Editor/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <a


Answer : A

Which of the following <security-constraint> sub-elements specifies which users in specified roles are permitted access to a resource collection?

  • A. <user-data-constraint>
  • B. <web-resource-collection>
  • C. <url-pattern>
  • D. <auth-constraint>


Answer : D

In which of the following directories will files be searched when the classpath is specified by the syntax below.-classpath uc\JavaFiles\NewFiles;uc\ServletFiles;.;

  • A. The current directory, the NewFiles directory, and the ServletFiles directory
  • B. The current directory, the uc directory, the NewFiles directory, and the ServletFiles directory
  • C. The current directory, the uc directory, the JavaFiles directory, the NewFiles directory, and the ServletFiles directory
  • D. The uc directory, the JavaFiles directory, the NewFiles directory, and the ServletFiles directory


Answer : A

Which of the following is the appropriate deployment descriptor elements entry for the code given below?
@RunAs("admin")
@Stateless public class StudentBean implements Student {
//more code ...

  • A. <enterprise-beans> ... <session> . <ejb-name>Student</ejb-name> ... <security-identity> <run-as> <method-permission>admin</method-permission> </run-as> </security-identity> ... </session> .. </enterprise-beans>
  • B. <enterprise-beans> ... <session> . <ejb-name>Student</ejb-name> ... <security-identity> <run-as> <role-name>admin</role-name> </run-as> </security-identity> ... </session> .. </enterprise-beans>
  • C. <enterprise-beans> ... <session> . <ejb-name>Student</ejb-name> ... <security-identity> <run-as> < security-role-ref>admin</ security-role-ref> </run-as> </security-identity> ... </session> .. </enterprise-beans>
  • D. <enterprise-beans> ... <session> . <ejb-name>Student</ejb-name> ... <security-identity> <run-as>admin</run-as> </security-identity> ... </session> .. </enterprise-beans>


Answer : B

Which of the following methods is used to request that any pending finalizers be run for objects eligible for garbage collection?

  • A. freeMemory()
  • B. gc()
  • C. runFinalization()
  • D. runFinalizers()


Answer : C

Martin works as a Programmer in Data Net Inc. He writes the following code.
1. class Ques0191{
2. public static void main(String[] argv){
3. byte a = 1;
4. switch(a+1){
5. case 1.
6. System.out.println("One");
7. case 2.
8. System.out.println("2");
9. case 2.
10. System.out.println("Two"); break;
11. }
12. }
13. }
What will happen when Martin attempts to compile and execute the code?

  • A. The code will compile successfully, but a runtime error will occur because of the duplicate case label at line number 9.
  • B. The code will not compile because of the duplicate case label at line number 9.
  • C. The code will compile successfully and will execute displaying 2 followed by Two.
  • D. The code will not compile because an argument to the switch must be a constant.


Answer : B

You work as a Software Developer for UcTech Inc. You want to declare a security constraint in the deployment descriptor using the <transport-guarantee> element. Which of the following can be the possible values for the element?
Each correct answer represents a complete solution. Choose all that apply.

  • A. CONFIDENTIAL
  • B. ALL
  • C. NONE
  • D. INTEGRAL


Answer : A,C,D

Which of the following methods must be implemented by each subclass of the Permission class to compare permissions?

  • A. hashcode
  • B. implies
  • C. newPermissionCollection
  • D. equals


Answer : B

You work as a Software Developer for UcTech Inc. You want to write a filter that will implement the Filter interface. Which of the following methods will you use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

  • A. doPostFilter()
  • B. doGetFilter()
  • C. doFilter()
  • D. init()
  • E. service()


Answer : C,D

Which of the following is used to restore the objects that have been previously serialized by a stream?

  • A. FileInputStream
  • B. ObjectOutputStream
  • C. ObjectInputStream
  • D. FileOutputStream


Answer : C

You work as a Software Developer for UcTech Inc. You build an online book shop, so that users can purchase books using their credit cards. You want to ensure that only the administrator can access the credit card information sent by users. Which security mechanism will you use to accomplish the task?

  • A. Confidentiality
  • B. Authorization
  • C. Authentication
  • D. Data integrity


Answer : A

You work as a Programmer for InfoTech Inc and develop the following two
<security-constraint>
declarations.
<security-constraint>
<web-resource-collection>
<web-resource-name>Manager</web-resource-name>
<url-pattern>/acme/Manager/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Manager</web-resource-name>
<url-pattern>/acme/Manager/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>
Which of the following statements is true about the <auth-constraint> in the code given above?

  • A. Nobody is allowed to access the specified resources.
  • B. Only Manager is allowed to access the specified resources.
  • C. The first <security-constraint> element declaration is incorrect.
  • D. It is not possible to define the multiple security constraint on a single resource.


Answer : A

Mark works as a Programmer for InfoTech Inc. He develops a Java application that uses the encryption and compression techniques. Which of the following interfaces will he use to control the serialization and deserialization processes?

  • A. Flushable
  • B. Closeable
  • C. Serializable
  • D. Externalizable


Answer : D

Which of the following methods is used to encrypt or decrypt data in a single step?

  • A. wrap()
  • B. update()
  • C. digest()
  • D. doFinal()


Answer : D

Page:    1 / 19   
Total 275 questions Expand All

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us