This is a sample question from Sun's Certificate Success Guide. 9. Which statement is true? A. Classes loaded into a browser from the local network are trusted. B. Classes loaded into a browser from remote sources are trusted if they are signed. C. Classes loaded into a browser from remote sources are trusted if they are in a signed jarfile. D. Classes loaded from a jarfile on a remote source can sometimes be trusted even if the jarfile is unsigned. E. Classes loaded from a signed jarfile are trusted if the public key associated with the jarfile's signature is marked as trusted in the keystore. The suggested answer is D. On the contrary, I think all options are right except D. Should the question be "Which statement is false" instead?
I have to agree that that question is so tricky as to be almost unfair, but I think that their answer is correct. Notice that D is the only answer that says "sometimes", so the other answers imply "always". Since I can think of subtle things that are wrong with ALL the answers, D looks like the "least incorrect" answer. IIRC, if a jarfile is from a site that you have configued as trusted, then it's trusted. You can even specify that you trust everything and everyone, so D is literally true.