Last Updated on March 20, 2022 by Admin 2

GSSP-Java : GIAC Secure Software Programmer-Java : Part 08

  1. Mark works as a Programmer for InfoTech Inc. He develops a Java application that uses the encryption and compression techniques. Which of the following interfaces will he use to control the serialization and deserialization processes?

    • Flushable
    • Closeable
    • Serializable
    • Externalizable
  2. Which of the following methods is used to encrypt or decrypt data in a single step?

    • wrap()
    • update()
    • digest()
    • doFinal()
  3. What will be the output of the following program?

    class Stringtest
    {
    public static void main(String args[])
    {
    String s= "test";
    s.concat("paper");
    System.out.println(s);
    }
    }
    • It will display test.
    • It will display testpaper.
    • It will generate a compile-time error.
    • It will display paper.
  4. Mark works as an Application Developer for XYZ Solutions Inc. He writes the following code.

    public class TestDemo{public static void main(String[] args){

    {try{int x =0;int d= 5/x;}catch(Exception ex){System.out.println(“Exception”);}

    catch(ArithmeticException ae){System.out.println(“Arithmetic Exception”);}}}

    What is the result when Mark tries to compile and execute the code?

    • Exception
    • An exception is thrown at runtime.
    • Compilation fails.
    • Arithmetic Exception
  5. Mark works as a Programmer for InfoTech Inc. He develops a session bean class named accountService. Which of the following rules must be conformed by the session bean class?

    Each correct answer represents a complete solution. Choose all that apply.

    • It can be used without the @Stateful or @Stateless annotation.
    • It must implement the business methods defined in the business interface.
    • It can implement any optional business method annotated by the @Remove annotation.
    • It must have a public constructor that takes a string as its parameter.
    • It requires helper classes to meet the needs of an application.
  6. Which of the following methods performs the authentication of subject and, if successful, associates Principals and Credentials with the authenticated Subject?

    • The getSubject() method of the LoginContext class
    • The login() method of the LoginModule interface
    • The login() method of the LoginContext class
    • The initialize() method of the LoginModule class
  7. You work as a Programmer for InfoTech Inc and develop the following two

    <security-constraint>
    declarations.
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Manager</web-resource-name>
    <url-pattern>/acme/Manager/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint/>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Manager</web-resource-name>
    <url-pattern>/acme/Manager/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>Manager</role-name>
    </auth-constraint>
    </security-constraint>

    Which of the following statements is true about the <auth-constraint> in the code given above?

    • Nobody is allowed to access the specified resources.
    • Only Manager is allowed to access the specified resources.
    • The first <security-constraint> element declaration is incorrect.
    • It is not possible to define the multiple security constraint on a single resource.
  8. Martin works as a Programmer in Data Net Inc. He writes the following code.

    1. class Ques0191{

    2. public static void main(String[] argv){

    3. byte a = 1;

    4. switch(a+1){

    5. case 1.

    6. System.out.println(“One”);

    7. case 2.

    8. System.out.println(“2”);

    9. case 2.

    10. System.out.println(“Two”); break;

    11. }

    12. }

    13. }

    What will happen when Martin attempts to compile and execute the code?

    • The code will compile successfully, but a runtime error will occur because of the duplicate case label at line number 9.
    • The code will not compile because of the duplicate case label at line number 9.
    • The code will compile successfully and will execute displaying 2 followed by Two.
    • The code will not compile because an argument to the switch must be a constant.
  9. You work as a Software Developer for UcTech Inc. You want to declare a security constraint in the deployment descriptor using the <transport-guarantee> element. Which of the following can be the possible values for the element?

    Each correct answer represents a complete solution. Choose all that apply.

    • CONFIDENTIAL
    • ALL
    • NONE
    • INTEGRAL
  10. Which of the following is the appropriate deployment descriptor elements entry for the code given below?

    @RunAs(“admin”)

    @Stateless public class StudentBean implements Student {

    //more code …

    }

    • <enterprise-beans>
      ...
      <session>
      .
      <ejb-name>Student</ejb-name>
      ...
      <security-identity>
      <run-as>
      <method-permission>admin</method-permission>
      </run-as>
      </security-identity>
      ...
      </session>
      ..
      </enterprise-beans>
    • <enterprise-beans>
      ...
      <session>
      .
      <ejb-name>Student</ejb-name>
      ...
      <security-identity>
      <run-as>
      <role-name>admin</role-name>
      </run-as>
      </security-identity>
      ...
      </session>
      ..
      </enterprise-beans>
    • <enterprise-beans>
      ...
      <session>
      .
      <ejb-name>Student</ejb-name>
      ...
      <security-identity>
      <run-as>
      < security-role-ref>admin</ security-role-ref>
      </run-as>
      /security-identity>
      ...
      </session>
      ..
      </enterprise-beans>
    • <enterprise-beans>
      ...
      <session>
      .
      <ejb-name>Student</ejb-name>
      ...
      <security-identity>
      <run-as>admin</run-as>
      </security-identity>
      ...
      </session>
      ..
      /enterprise-beans>
  11. Which of the following methods is used to request that any pending finalizers be run for objects eligible for garbage collection?

    • freeMemory()
    • gc()
    • runFinalization()
    • runFinalizers()
  12. Which of the following is used to restore the objects that have been previously serialized by a stream?

    • FileInputStream
    • ObjectOutputStream
    • ObjectInputStream
    • FileOutputStream
  13. You work as a Software Developer for UcTech Inc. You build an online book shop, so that users can purchase books using their credit cards. You want to ensure that only the administrator can access the credit card information sent by users. Which security mechanism will you use to accomplish the task?

    • Confidentiality
    • Authorization
    • Authentication
    • Data integrity
  14. Which of the following methods must be implemented by each subclass of the Permission class to compare permissions?

    • hashcode
    • implies
    • newPermissionCollection
    • equals
  15. You work as a Software Developer for UcTech Inc. You want to write a filter that will implement the Filter interface. Which of the following methods will you use to accomplish the task?

    Each correct answer represents a complete solution. Choose all that apply.

    • doPostFilter()
    • doGetFilter()
    • doFilter()
    • init()
    • service()
  16. The following JSP scriptlet is given.

    <% response.setContentType(“text/html; charset=ISO-8859-1”); %>

    Which of the following directives is the equivalent directive for the scriptlet given above?

    • <%@ include contentType=”text/html; pageEncoding=ISO-8859-1″ %>
    • <%@ include contentType=”text/html; charset=ISO-8859-1″ %>
    • <%@ page contentType=”text/html; charset=ISO-8859-1″ %>
    • <%@ taglib contentType=”text/html; pageEncoding=ISO-8859-1″ %>
  17. You write the following code.

    class Father {public void Method() {System.out.println(“I am Father”);}}

    public class Son extends Father {public static void main(String argv[]) {Son son = new Son();son.Method();}

    private void Method() {System.out.println(“I am Son”);}}

    Which of the following will be the result, when you try to compile and run the code?

    • I am Father will be displayed as the output.
    • A runtime error will result.
    • I am Son will be displayed as the output.
    • The code will execute but without displaying any output.
    • A compile-time error will result.
  18. Which of the following is a mandatory sub-element of the <web-resource-collection> element of the deployment descriptor?

    • <web-resource-name>
    • <description>
    • <http-method>
    • ​<url-pattern>
  19. Which of the following statements are true?

    Each correct answer represents a complete solution. Choose all that apply.

    • StringBuffer is thread safe, but StringBuilder is not.
    • The String class is final.
    • StringBuilder offers faster performance than StringBuffer.
    • The size of the String can be obtained using the length property.
  20. Which of the following methods is used to authenticate the users, and if the user has not been authenticated, the method returns false?

    • getCallerPrincipal()
    • getRemoteUser()
    • isUserInRole()
    • getCallerIdentity()