Last Updated on February 20, 2022 by Admin 2

GSSP-Java : GIAC Secure Software Programmer-Java : Part 10

  1. Which of the following statements correctly describe the features of the singleton pattern?

    Each correct answer represents a complete solution. Choose all that apply.

    • Singletons are used to control object creation by limiting the number to one but allowing the flexibility to create more objects if the situation changes.
    • Singletons can only be stateless, providing utility functions that need no more information than their parameters.
    • A singleton class may disappear if no object holds a reference to the Singleton object, and it will be reloaded later when the singleton is needed again.
    • The behavior of a singleton can be obtained by static fields and methods such as java.lang.Math.sin(double).
  2. Which of the following classes is an engine class that provides an opaque representation of cryptographic parameters?

    • DSAPublicKeySpec
    • AlgorithmParameterGenerator
    • DSAParameterSpec
    • AlgorithmParameters
  3. Which of the following statements about programmatic security are true?

    Each correct answer represents a complete solution. Choose all that apply.

    • The bean provider is responsible for writing code for programmatic security.
    • It is also called as instance level security.
    • It is implemented using methods of the EJBContext interface.
    • It is implemented using the methods of the UserTransaction interface.
  4. Which of the following elements are the subelements of the mime-mapping element in a deployment descriptor file?

    Each correct answer represents a complete solution. Choose all that apply.

    • exception-type
    • error-code
    • extension
    • mime-type
    • servlet-class
  5. John works as a Software Developer for VenTech Inc. He writes the following code using Java.

    public class vClass extends Thread
    {
    public static void main(String args[])
    {
    vClass vc=new vClass();
    vc.run();
    }
    public void start()
    {
    for(int k=0;k<20;k++)
    {
    System.out.println(“The value of k = “+k);
    }
    }
    }
    What will happen when he attempts to compile and execute the application?

    • The application will compile successfully and the values from 0 to 19 will be displayed as the output.
    • A compile-time error will occur indicating that no run() method is defined for the Thread class.
    • A runtime error will occur indicating that no run() method is defined for the Thread class.
    • The application will compile successfully but will not display anything as the output.
  6. Which of the following methods of the EJBContext interface can be called by both the BMT and CMT beans?

    Each correct answer represents a complete solution. Choose all that apply.

    • getCallerPrincipal()
    • getRollbackOnly()
    • getUserTransaction()
    • isCallerInRole()
  7. Mark works as a Programmer for InfoTech Inc. He develops a deployment descriptor code that contains three valid

    <security-constraint> elements.

    All of them constraining a Web resource Res1, the

    <auth-constraint> sub-element of the <security-constraint>

    elements are as follows.

    <auth-constraint>Admin</auth-constraint>
    <auth-constraint>Manager</auth-constraint>
    <auth-constraint/>

    Which of the following can access the resource Res1?

    • Only Manager can access the resource.
    • No one can access the resource.
    • Everyone can access the resource.
    • Only Admin can access the resource.
  8. Which of the following functions are performed by methods of the HttpSessionActivationListener interface?

    Each correct answer represents a complete solution. Choose all that apply.

    • Notifying the object when it is bound to a session.
    • Notifying an attribute that a session has just migrated from one JVM to another.
    • Notifying the object when it is unbound from a session.
    • Notifying an attribute that a session is about to migrate from one JVM to another.
  9. Mark works as a Programmer for InfoTech Inc. He develops the following deployment descriptor code.

    <web-app . . . .>
    <display-name>A Secure Application</display-name><servlet>

    <security-role-ref >
    <role-name>Manager</role-name>
    <role-link>Admin</role-link>
    </security-role-ref>
    </servlet>
    <security-role>
    <role-name>Programmer</role-name>
    </security-role>
    <security-role>
    <role-name>Admin</role-name>
    </security-role>
    <security-role>
    <role-name>Employee</role-name>
    </security-role>
    </web-app>

    Which of the following is a valid isUserInRole() method call that can be made if request is the

    HttpServletRequest request?

    • request.isUserInRole(“Programmer”);
    • request.isUserInRole(“Manager”);
    • request.isUserInRole(“Admin”);
    • request.isUserInRole(“Employee”);
  10. Which of the following statements about the String, StringBuffer, and StringBuilder classes are true?

    Each correct answer represents a complete solution. Choose all that apply.

    • The StringBuffer class offers faster performance than the StringBuilder class.
    • The StringBuffer class is thread-safe while the StringBuilder class is not.
    • A character in a string can be searched using the indexOf() operator.
    • The return type of the trim() method present in the String class is void.
  11. Which of the following listeners causes an object of the implementing class to be notified when it is added to or removed from a session?

    • HttpSessionListener
    • HttpSessionActivationListener
    • HttpSessionAttributeListener
    • HttpSessionBindingListener
  12. Which of the following methods of the HttpServletResponse interface is used for URL rewriting?

    Each correct answer represents a complete solution. Choose all that apply.

    • encodeURL
    • encodeRedirectURL
    • sendRedirect
    • getRequestURL()
  13. You work as a Software Developer for NewTech Inc. You write a bean class using Enterprise

    JavaBeans 3.0. The class uses the @DeclareRoles (“ADMIN, HR, DBA, USER”) annotation to declare the security roles. The class contains a method named showResult(). You want to ensure that the ADMIN role is granted privilege to the showResult() method. Moreover, if a role that is not allowed to access the method tries to call the method, an error message must be shown. Assuming that there is no security-related element in the deployment descriptor, which of the following will you use to accomplish the task?
    Each correct answer represents a part of the solution. Choose two.

    • The isCallerInRole() method
    • The getCallerPrincipal() method
    • The @RolesAllowed(“ADMIN”) annotation
    • The @PermitAll annotation
  14. Which of the following <security-constraint> sub-elements specifies which users in specified roles are permitted access to a resource collection?

    • <user-data-constraint>
    • <web-resource-collection>
    • <url-pattern>
    • <auth-constraint>
  15. In which of the following directories will files be searched when the classpath is specified by the syntax below.-classpath uc\JavaFiles\NewFiles;uc\ServletFiles;.;

    • The current directory, the NewFiles directory, and the ServletFiles directory
    • The current directory, the uc directory, the NewFiles directory, and the ServletFiles directory
    • The current directory, the uc directory, the JavaFiles directory, the NewFiles directory, and the ServletFiles directory
    • The uc directory, the JavaFiles directory, the NewFiles directory, and the ServletFiles directory
  16. Which of the following fields must be present in the login page when using the form-based authentication?

    Each correct answer represents a part of the solution. Choose two.

    • j_login
    • j_password
    • get_pw
    • j_pw
    • j_username
    • user_pw
  17. Mark works as a Programmer for InfoTech Inc. He wants to define the security constraint for an application that allows users with the role of Manager access to the POST method of all resources with the URL pattern /acme/Manager/*, and also allow users with the role of Editor access to the POST method of all resources with the URL pattern /acme/Editor/*. Which of the following code will be used to declare the security element?

    • <security-constraint>
      <web-resource-collection>
      <web-resource-name>Manager</web-resource-name>
      <url-pattern>/acme/Manager/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Manager</role-name>
      </auth-constraint>
      </security-constraint>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Editor</web-resource-name>
      <url-pattern>/acme/Editor/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Editor</role-name>
      </auth-constraint>
      </security-constraint>
    • <security-constraint>
      <web-resource-collection>
      <web-resource-name>Manager</web-resource-name>
      <url-pattern>/acme/Manager/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Manager</role-name>
      </auth-constraint>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Editor</role-name>
      </auth-constraint>
      </security-constraint>
    • <security-constraint>
      <web-resource-collection>
      <web-resource-name>Manager</web-resource-name>
      <url-pattern>/acme/Manager/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Manager</role-name>
      </auth-constraint>
      <auth-constraint>
      <role-name>Editor</role-name>
      </auth-constraint>
      </security-constraint>
    • <security-constraint>
      <web-resource-collection>
      <web-resource-name>Manager</web-resource-name>
      <url-pattern>/acme/Manager/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <web-resource-collection>
      <web-resource-name>Editor</web-resource-name>
      <url-pattern>/acme/Editor/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Manager</role-name>
      </auth-constraint>
      </security-constraint>
  18. Which of the following statements are true about object serialization?

    Each correct answer represents a complete solution. Choose all that apply.

    • After deserialization, objects have the same state as it had when it was serialized.
    • It uses ObjectOutputStream to deserialize objects.
    • It uses the ObjectInput and ObjectOutput interfaces.
    • An object will have the same state at deserialization as it had at the time it was serialized if all its superclasses are also serializable.
  19. Which of the following statements about a JAR file are true?

    Each correct answer represents a complete solution. Choose all that apply.

    • It cannot be accessed through a class path, nor they can be used by java and javac.
    • It is used to compress and archive data.
    • It can be moved from one computer to another.
    • It is created by using the jar command.
  20. Which of the following statements is true about the Java synchronized keyword?

    • It prevents multiple threads from accessing a block of code at the same time.
    • It allows the class to be loaded as soon as the JRE starts.
    • It prevents multiple developers from code redundancy.
    • It allows two different functions to execute in a shared manner.