• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Final Mock Test Question 10 Head First and Servlets

 
Ranch Hand
Posts: 634
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Final Mock Test Question 10 Head First and Servlets


You have determined that certain capabilities in your web application will require that
users be registered members. In addition, your web application sometimes deals with user
data that your users want you to keep confidential.
Which are true? (Choose all that apply.)

A. You can make transmitted data confidential only after your application has
verified the user’s password.
B. Of the various types of authentication guaranteed by a Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
C. No matter what type of Java EE authentication mechanism you use, it will only
be activated when an otherwise constrained resource is requested.
D. All of the Java EE guaranteed types of authentication provide strong data
security without the need to implement supporting security features

Correct answer:C
For authentication we use the login-config DD element and it can be used even if we dont specify a security-constraint element in DD i.e. we are using authentication with not authorization ,data integrity .
authentication is activated before authorization.
So ,C is Wrong.

what wrong with option B ?
Of the various types of authentication guaranteed by a Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
We are matching username and password as specified in Tomcat-users.xml
 
Mohit G Gupta
Ranch Hand
Posts: 634
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please Help me fellow ranchers.
 
Creator of Enthuware JWS+ V6
Posts: 3411
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

B. Of the various types of authentication guaranteed by a Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
what wrong with option B ?


This is a trick question (testing whether you know that DIGEST based authentication is required by the web-container or not)

Only BASIC annd FORM based authentication are mandated (i.e. guaranteed) by the specs,
this is what they write about DIGEST

jsp 2.0 SRV.12.5.2 HTTP Digest Authentication
As Digest Authentication is not currently in widespread use, servlet
containers are encouraged but not required to support it.



Regards,
Frits
 
reply
    Bookmark Topic Watch Topic
  • New Topic