Page: 4
Unit-5 : Web Application Security
Q8. Which mechanism requires the client to provide its public key certificate? A. HTTP Basic Authentication B. Form Based Authentication C. HTTP Digest Authentication D. HTTPS Client Authentication Answer: D Q9. Given the two security constraints in a deployment descriptor: 101. <security-constraint> 102. <!--a correct url-pattern and http-method goes here--> 103. <auth-constraint><role-name>SALES</role-name></auth- 103. <auth-constraint> 104. <role-name>SALES</role-name> 105. </auth-constraint> 106. </security-constraint> 107. <security-constraint> 108. <!--a correct url-pattern and http-method goes here--> 109. <!-- Insert an auth-constraint here --> 110. </security-constraint> If the two security constraints have the same url-pattern and http-method, which two, inserted independently at line 109, will allow users with role names of either SALES or MARKETING to access this resource? (Choose two.) A. <auth-constraint/> B. <auth-constraint> <role-name>*</role-name> </auth-constraint> C. <auth-constraint> <role-name>ANY</role-name> </auth-constraint> D. <auth-constraint> <role-name>MARKETING</role-name> </auth-constraint> Answer: B, D Q10. Given this fragment in a servlet: 23. if(req.isUserInRole("Admin")) { 24. // do stuff 25. } And the following fragment from the related Java EE deployment descriptor: 812. <security-role-ref> 813. <role-name>Admin</role-name> 814. <role-link>Administrator</role-link> 815. </security-role-ref> 900. <security-role> 901. <role-name>Admin</role-name> 902. <role-name>Administrator</role-name> 903. </security-role> What is the result? A. Line 24 can never be reached. B. The deployment descriptor is NOT valid. C. If line 24 executes, the user's role will be Admin. D. If line 24 executes, the user's role will be Administrator. E. If line 24 executes the user's role will NOT be predictable. Answer: D
Page: 4
1
2
3
4
5
6
7
8
9
10
|