Last Updated on March 20, 2022 by Admin 2

GSSP-Java : GIAC Secure Software Programmer-Java : Part 13

  1. Which of the following classes implements the java.lang.Cloneable and java.lang.Runnable interfaces correctly?

    • public class DemoThread implements Runnable, Cloneable {
      public void run() { /* some code here */ }
      protected boolean clone() throws CloneNotSupportedException { /* some code here */ }
      . . . .
      }
    • public class PrintData implements Runnable, Cloneable {
      public void run() { /* some code here */ }
      protected Object clone() throws CloneNotSupportedException { /* some code here */ }
      . . . .
      }
    • public class CloneCheck implements Runnable, Cloneable {
      public int run() { /* some code here */ }
      public Object clone() throws CloneNotSupportedException { /* some code here */ }
      . . . .
      }
    • public class Demo implements Runnable, Cloneable {
      public void run() { /* some code here */ }
      . . . .
      }
  2. Which of the following are valid code samples for creating file permissions?

    Each correct answer represents a complete solution. Choose all that apply.

    • FilePermission per = new FilePermission(“-“, “read, execute”);
    • FilePermission per = new FilePermission(“<<ALL FILES>>”, “read”);
    • FilePermission per = new FilePermission(“file1”, “read, write”);
    • FilePermission per = new FilePermission(“/bin/*”, “execute”);
    • FilePermission per = new FilePermission(“/tmp/myfile”, “read, delete”);
    • FilePermission per = new FilePermission(“/*”, “read”);
  3. Which of the following code declarations are valid error-page declarations?

    Each correct answer represents a complete solution. Choose all that apply.

    • <error-page>
      <exception-type>java.lang.ArithmeticException</exception-type>
      <error-code>304</error-code>
      <location>NumericalException.jsp</location>
      </error-page>
    • <error-page>
      <error-code>304</error-code>
      <location>NumericalException.jsp</location>
      </error-page>
    • <error-page>
      <exception-type>304</exception-type>
      <targetSource>NumericalException.jsp</targetSource>
      </error-page>
    • <error-page>
      <exception-type>java.lang.ArithmeticException</exception-type>
      <location>NumericalException.jsp</location>
      </error-page>
    • <error-page>
      <exception-type>304</exception-type>
      <location>NumericalException.jsp</location>
      </error-page>
  4. Which of the following actions can you take to seal two packages, PackageA and PackageB, in the JAR file MyJar.jar?

    Each correct answer represents a complete solution. Choose all that apply.

    • Execute the following command.
      jar cvf MyJar.jar Manifest.txt MyPackage/*.class
    • Create a text file named Manifest.txt with the following contents.
      Name. myCompany/*Sealed. true
    • Execute the following command.
      jar cmf MyJar.jar Manifest.txt MyPackage/*.class
    • Create a text file named Manifest.txt with the following contents.
      Name. myCompany/PackageA/Sealed. true
      Name. myCompany/PackageB/
      Sealed. true
  5. Sam works as a Software Developer for Gentech Inc. He writes the following code.

    1. class TryFinallyTest {

    2. public static void main(String[] args) {

    3. try {

    4. int i=15/0;

    5. System.out.println(“Testing Try”);

    6. }

    7. catch(ArithmeticException ae) {

    8. System.out.println(“Arithmetic exception”);

    9. }

    10. System.out.println(“Correct”);

    11. finally {

    12. System.out.println(“Must execute”);

    13. }

    14. }

    15. }

    What will happen when he attempts to compile and execute the code?

    • It will compile successfully and run with output Arithmetic exception.
    • It will compile successfully and run with output Must execute.
    • It will compile successfully and run with output Correct.
    • It will give a compile-time error.
  6. Which of the following is the correct syntax for the JVM garbage collection?

    • System.out.gc();
    • System.gc();
    • System.free();
    • System.setGarbageCollection();
  7. Which of the following methods are overridden by the FileInputStream class?

    Each correct answer represents a complete solution. Choose all that apply.

    • void reset()
    • void write(int b)
    • void flush()
    • long skip(long numBytes)
  8. What will be the output of the following code snippet?

    class test22
    {
         public static void main(String args[])
      {
         String str= new String("Hello");
         str.insert(3,"bye");
         System.out.println(str);
      }
    }
    • It will display Hello.
    • It will display Helbyelo.
    • It will throw NFE.
    • It will generate a compile-time error.
  9. Which of the following authentication flag values will force authentication to continue to proceed down the LoginModule list, irrespective of whether the LoginModule succeeds or fails?

    Each correct answer represents a complete solution. Choose all that apply.

    • Optional
    • Composite
    • Requisite
    • Required
  10. Which of the following statements about the isCallerInRole() method are true?

    Each correct answer represents a complete solution. Choose all that apply.

    • It can be called from the PostConstruct and PreDestroy callback methods of a stateful session bean.
    • It is present in the UserTransaction interface.
    • It cannot be called from a message-driven bean.
    • It can be invoked only from the business method of an enterprise bean.
  11. Mark works as a Programmer for InfoTech Inc. He develops a class named Data that imports all the required packages. The class Data uses a method named PrintData(), which uses a method that checks whether the caller has a BeanUser security role. Which of the following code of the method PrintData() will satisfy the requirement?

    • public void PrintData()
      {
      @DeclareRoles("BeanUser")
      @Resource SessionContext ctx;
      @RolesAllowed("BeanUser")
      Principal caller = ctx.getCallerPrincipal();
      if (ctx.getCallerIdentity("BeanUser")) {
      System.out.println("It is the correct user");}
      else{System.out.println("It is the incorrect user");}//more code}
    • public void PrintData()
      {@DeclareRoles("BeanUser")
      @Resource SessionContext ctx;
      @RolesAllowed("BeanUser")
      Principal caller = ctx.getEJBHome();
      if (!isCallerInRole(ctx)) {System.out.println("It is the correct user");}
      else{System.out.println("It is the incorrect user");}//more code}
    • public void PrintData()
      {@DeclareRoles("BeanUser")
      @Resource SessionContext ctx;
      @RolesAllowed("BeanUser")
      Principal caller = ctx.getCallerPrincipal();
      if (ctx.isCallerInRole("BeanUser")) {
      System.out.println("It is the correct user");}
      else{System.out.println("It is the incorrect user");}//more code}
    • public void PrintData()
      {@DeclareRoles("BeanUser")
      @Resource SessionContext ctx;
      @RolesAllowed("BeanUser")
      Principal caller = ctx.getCallerPrincipal();
      if (ctx.getStatus("BeanUser")) {System.out.println("It is the correct user");}
      else{System.out.println("It is the incorrect user");}//more code}
  12. Which of the following methods can be invoked from the ejbStore() method of an entity bean class?

    Each correct answer represents a complete solution. Choose all that apply.

    • getPrimaryKey()
    • getUserTransaction()
    • getRollbackOnly()
    • isCallerInRole()
    • getEJBObject()
  13. Which of the following are advantages of client-side JavaScript?

    Each correct answer represents a complete solution. Choose two.

    • It is fast.
    • It provides graphical components.
    • It is secure.
    • It provides form-validation at client side.
  14. You work as a Software Developer for NewTech Inc. You want to configure the deployment descriptor so as to specify the error pages used in the FORM based authentication. Which of the following elements will you use to accomplish the task?

    • The <realm-name> sub-element of the <login-config> element.
    • The <role-link> sub-element of the <security-role-ref> element.
    • The <method> sub-element of the <method-permission> element.
    • The <form-login-config> sub-element of the <login-config> element.
  15. Which of the following are valid class declarations?

    Each correct answer represents a complete solution. Choose all that apply.

    • public abstract final Ques0160c
    • public abstract class Ques0160a
    • final public class Ques0160b
    • native synchronized class Ques0160d
  16. Which of the following exceptions will be thrown if the caller does not have permission to invoke the doAsPrivileged method?

    • LoginException
    • NullPointerException
    • SecurityException
    • PrivilegedActionException
  17. Harry works as a Software Developer for SoftTech Inc. He has developed a Java application to perform various SQL statements such as INSERT, UPDATE, etc., against a database table named Employee. He has used the executeUpdate() method to perform various SQL queries and to know the exact affected rows in the database if any of the operations is performed against the database table.

    Which of the following types of values is returned by this method?

    • Double
    • Integer
    • Float
    • String
  18. DRAG DROP

    Drag and drop the appropriate authentication types from the given options to match their properties.

    GSSP-Java GIAC Secure Software Programmer-Java Part 13 Q18 002 Question
    GSSP-Java GIAC Secure Software Programmer-Java Part 13 Q18 002 Question
    GSSP-Java GIAC Secure Software Programmer-Java Part 13 Q18 002 Answer
    GSSP-Java GIAC Secure Software Programmer-Java Part 13 Q18 002 Answer
  19. Mark works as a Programmer for InfoTech Inc. He develops the following security-constraint code.

    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Manager</web-resource-name>
    <url-pattern>/acme/Manager/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    //<auth-constraint/> code
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Manager</web-resource-name>
    <url-pattern>/acme/Manager/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    //<auth-constraint/> code
    </security-constraint>
    Which of the following <auth-constraint> element declarations of the <security-constraint> will allow everybody to access the same resources?

    • Place the following code in the second <security-constraint> declaration.
      <auth-constraint>
      <role-name>*</role-name>
      </auth-constraint>
    • Place the following code in the first <security-constraint> declaration.
      <auth-constraint>
      <role-name>Manager</role-name>
      </auth-constraint>

      Place the following code in the second <security-constraint> declaration.
      <auth-constraint>
      <role-name>*</role-name>
      </auth-constraint>

    • Place the following code in the first <security-constraint> declaration.
      <auth-constraint>
      <role-name>Manager</role-name>
      </auth-constraint>
      Place the following code in the second <security-constraint> declaration.
      <auth-constraint>
      <role-name>ALL</role-name>
      </auth-constraint>
    • Place the following code in the first <security-constraint> declaration.
      <auth-constraint>
      <role-name>Manager</role-name>
      </auth-constraint>
      Place the following code in the second <security-constraint> declaration.
      <auth-constraint/>
  20. Mark works as a Programmer for InfoTech Inc. He develops an application named JavaServices. He wants to declare a security constraint that will restrict everything in the com/files directory so that security role of Admin can invoke any http methods on the resources. Which of the following element declarations will be used to accomplish the task?

    • <security-constraint>
      <web-resource-collection>
      <web-resource-name>JavaServices</web-resource-name>
      <url-pattern>com/files</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Admin</role-name>
      </auth-constraint>
      </security-constraint>
    • <security-constraint>
      <web-resource-collection>
      <web-resource-name>JavaServices</web-resource-name>
      <location>com/files/*</location>
      </web-resource-collection>
      <user-data-constraint>
      <role-name>Admin</role-name>
      </user-data-constraint>
      </security-constraint>
    • <security-constraint>
      <web-resource-collection>
      <web-resource-name>JavaServices</web-resource-name>
      <location>com/files/*</location>
      <http-method>*</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Admin</role-name>
      </auth-constraint>
      </security-constraint>
    • <security-constraint>
      <web-resource-collection>
      <web-resource-name>JavaServices</web-resource-name>
      <url-pattern>com/files/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Admin</role-name>
      </auth-constraint>
      </security-constraint>