Page: 5
Unit-5 : Web Application Security
Q11.Which two are true about authentication? (Choose two.) A. Form-based logins should NOT be used with HTTPS. B. When using Basic Authentication the target server is NOT authenticated. C. J2EE compliant web containers are NOT required to support the HTTPS protocol. D. Web containers are required to support unauthenticated access to unprotected web resources. E. Form-based logins should NOT be used when sessions are maintained by cookies or SSL session information. Answer: B, D Q12. If you want to use the Java EE platform's built-in type of authentication that uses a custom HTML page for authentication, which two statements are true? (Choose two.) A. Your deployment descriptor will need to contain this tag: <auth-method>CUSTOM</auth-method>. B. The related custom HTML login page must be named loginPage.html. C. When you use this type of authentication, SSL is turned on automatically. D. You must have a tag in your deployment descriptor that allows you to point to both a login HTML page and an HTML page for handling any login errors. E. In the HTML related to authentication for this application, you must use predefined variable names for the variables that store the user and password values. Answer: D, E Q13. Given the two security constraints in a deployment descriptor: 101. <security-constraint> 102. <!--a correct url-pattern and http-method goes here--> 103. <auth-constraint><role-name>SALES</role-name></auth- 103. <auth-constraint> 104. <role-name>SALES</role-name> 105. </auth-constraint> 106. </security-constraint> 107. <security-constraint> 108. <!--a correct url-pattern and http-method goes here--> 109. <!-- Insert an auth-constraint here --> 110. </security-constraint> If the two security constraints have the same url-pattern and http-method, which two, inserted independently at line 109, will allow users with role names of either SALES or MARKETING to access this resource? (Choose two.) A. <auth-constraint/> B. <auth-constraint> <role-name>*</role-name> </auth-constraint> C. <auth-constraint> <role-name>ANY</role-name> </auth-constraint> D. <auth-constraint> <role-name>MARKETING</role-name> </auth-constraint> Answer: B, D
Page: 5
1
2
3
4
5
6
7
8
9
10
|