Page: 8
Unit-5 : Web Application Security
Q21. Given: 3. class MyServlet extends HttpServlet { 4. public void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 5. // servlet code here ... 26. } 27. } If the DD contains a single security constraint associated with MyServlet and its only <http-method> tags and <auth-constraint> tags are: <http-method>GET</http-method> <http-method>PUT</http-method> <auth-constraint>Admin</auth-constraint> Which four requests would be allowed by the container? (Choose four.) A. A user whose role is Admin can perform a PUT. B. A user whose role is Admin can perform a GET. C. A user whose role is Admin can perform a POST. D. A user whose role is Member can perform a PUT. E. A user whose role is Member can perform a POST. F. A user whose role is Member can perform a GET. Answer: A, B, C, E Q22. What is true about Java EE authentication mechanisms? A. If your deployment descriptor correctly declares an authentication type of CLIENT_CERT, your users must have a certificate from an official source before they can use your application. B. If your deployment descriptor correctly declares an authentication type of BASIC, the container automatically requests a user name and password whenever a user starts a new session. C. If you want your web application to support the widest possible array of browsers, and you want to perform authentication, the best choice of Java EE authentication mechanisms is DIGEST. D. To use Java EE FORM authentication, you must declare two HTML files in your deployment descriptor, and you must use a predefined action in the HTML file that handles your user's login. Answer: D
Page: 8
1
2
3
4
5
6
7
8
9
10
|