Last Updated on March 20, 2022 by Admin 2

GSSP-Java : GIAC Secure Software Programmer-Java : Part 02

  1. Which of the following attribute scopes does not exist for a Servlet?

    • Request
    • Session
    • Context
    • Page
  2. Which of the following elements is used as a parameter in the EJBContext.isCallerInRole() method?

    • ejb-name
    • initial-value
    • role-name
    • role-link
  3. Which of the following methods is used by the AccessController to determine whether or not a requested permission is used by another permission that is known to be valid in the current execution context?

    • equals
    • checkPermission
    • implies
    • validate
  4. Which of the following elements can be used to obtain a database connection?

    • <resource-name>
    • <ejb-ref>
    • <resource-type>
    • <resource-ref>
    • <resource-link>
  5. According to the EJB programming restrictions, which of the following should be used to access the files or directories?

    • A resource manager API
    • An output device such as screen display
    • An enterprise bean
    • An input device such as a keyboard
  6. Which of the following exceptions will be thrown if the commit() method fails?

    • DestroyFailedException
    • NullPointerException
    • LoginException
    • SecurityException
  7. Which of the following exceptions will be thrown by the validate method if the result type does not match the Source type, or if the specified source is neither SAXSource nor DOM Source?

    • SAXException
    • NullPointerException
    • IllegalArgumentException
    • IOException
  8. Which of the following CLDC connector modes is used only for data input over a connection?

    • READ_WRITE
    • READ
    • WRITE
  9. Mark works as a Programmer for InfoNet Inc. He writes the following programs.

    1. package book;
    2. public class read
    3. {
    4. (access modifier) int r1=10;
    5. }
    1. package book1;
    2. import book.read;
    3. class Doread extends read
    4. {
    5. public void test()
    6. {
    7. System.out.println(“The value of r1 is.” +r1);
    8. }
    9. }
    Which of the following access modifiers will be put in the place of the word, (access modifier), to compile the program successfully?

    • default
    • public
    • protected
    • private
    • volatile
  10. Which of the following data type values is returned by the System.in.read() console input function?

    • String
    • Integer
    • Float
    • Character
  11. Which of the following fields is required when a user is authenticated using FORM authentication?

    • j_security_check
    • password
    • j_pw
    • jid
    • _jid
    • jpassword
  12. Identify whether the given statement is true or false.

    “If the isUserInRole() method is called on an unauthenticated user, the container returns false.”

    • True
    • False
  13. Which of the following is a valid constructor for the DataInputStream class?

    • DataInputStream(File file)
    • DataInputStream(FileInputStream fin)
    • DataInputStream(String str)
    • DataInputStream(FileInputStream fin, int size)
  14. Which of the following TextField constraints hides the input while a user is entering the data in the text box?

    • ANY
    • NUMERIC
    • PASSWORD
    • CONSTRAINT_MASK
  15. Mark develops an application using Java language. He writes the following code snippet in the application.

    public class mClass{
        public static void main(String args[]){
              try{
                    return;
               }
    finally{System.out.print(“Finally”);}}}
    What will happen when Mark attempts to compile and execute the code snippet?

    • The code snippet will compile successfully and the output will be displayed as “Finally”.
    • The code snippet will compile successfully, but an exception message will be displayed at runtime.
    • A compile time error will occur because the catch block is not defined.
    • The code snippet will compile successfully, but nothing will be displayed as output on execution.
  16. Mark works as a Programmer for InfoTech Inc. He develops an application named AccountServlet. He wants to ensure that no body can access his application, i.e., he does not want any role to have access on his application. He defines the following security constraint for his application.

    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AccountServlet</web-resource-name>
    <url-pattern>/acme/Account</url-pattern>
    <http-method>GET</http-method>
    <http-method>PUT</http-method>
    </web-resource-collection>
    //code
    </security-constraint>

    Which of the following options will be used to secure his application?

    • <auth-constraint/>
    • Skip the <auth-constraint> element in the security constraint code.
    • <auth-constraint>
      
      <role-name>*</role-name>
      
      </auth-constraint>
    • <auth-constraint>
      
      <role-name>NONE</role-name>
      
      </auth-constraint>
  17. Which of the following exceptions will be thrown if a program fails to implement the Serializable interface?

    • UnableToImplementException
    • NonSerializableException
    • NotSerializableException
    • IllegalSerializationError
  18. You work as a developer for PassGuide Inc. You have implemented a session bean with a method doPrint(), which behaves differently depending on the caller’s security role. Only MANAGER in the security roles “ADMIN” and “MANAGER” are allowed to call the method. Which of the following actions are appropriate to accomplish if there is no security-related metadata in the deployment descriptor?

    Each correct answer represents a complete solution. Choose all that apply.

    • If EJBContext.getCallerPrincipal returns role “ADMIN”, implement the behavior for MANAGER in role ADMIN.
    • If EJBContext.isCallerInRole(“ADMIN”) returns true, implement the behavior defined for MANAGER in role “ADMIN”.
    • Annotate method doPrint() with @RolesAllowed({“ADMIN”,”MANAGER”}).
    • Annotate method doPrint() with @PermitAll.
  19. You work as a Software Developer for BlueWell Inc. Your team creates a Web site for online shopping.

    All payments are made through credit cards. Hence, you want to ensure that the information transferred between the customers and your Web site is encrypted. Which of the following authentication mechanisms will you use to accomplish the task?

    • FORM
    • DIGEST
    • BASIC
    • CLIENT-CERT
  20. A security manager is an object that defines a security policy for an application. Which of the following is used by security managers to indicate security domains?

    • Deployer
    • Container provider
    • Class loader
    • Bean provider