wood burning stoves 2.0*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Doubts: Security, Related Question - Help Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Doubts: Security, Related Question - Help" Watch "Doubts: Security, Related Question - Help" New topic
Author

Doubts: Security, Related Question - Help

Manish S Malhotra
Ranch Hand

Joined: Jan 19, 2007
Posts: 61
Hi All,

Please find few Security related questions below I have given my answers for the questions for whom I can.

Please review and validate my answers so that it would be helpful for all the people who are appearing for this exam.
Thanks in advance

1)When does a problem with using persistent cookies or client certificates for
user authentication occur?
Choice 1
When a user changes computers.
Choice 2
When a user does not log on for more than 30 days.
Choice 3
When the IP address of the server changes.
Choice 4
When the IP address of the user changes.
Choice 5
When a user wishes to change preferences.

Ans: 4

2)Which layer of the OSI reference model is typically used to perform
cryptography?
Choice 1
Data Link
Choice 2
Presentation
Choice 3
Session
Choice 4
Transport
Choice 5
Network

Ans: 2

3)Which of the following could be characterized as a "denial-of-service"
attack on a system?
Choice 1
A Java applet is loaded that creates multiple threads that consume 99% of a
CPU for no useful purpose.
Choice 2
A JavaScript window mimics an operating system window to trick you into doing
something malicious.
Choice 3
A person uses a password sniffer to learn usernames and passwords and then
breaks in.
Choice 4
A virus captures and then transmits credit card numbers when they are entered
by a user.
Choice 5
An Active/X control secretly sends a password or configuration file to an Attacker
Ans: 1

4)List
A)Creating symmetric keys
B)Message authentication
C)Sender identification
D)Double encryption
E)Generating digital signatures

Which of the above can message digests be used for?
Choice 1
A only
Choice 2
C only
Choice 3
E only
Choice 4
A and B only
Choice 5
A, C, and D

Ans: 3, Because To generate Digital Signature we required the hash (message digest ) of the message and then we decrypt it using some key.

6)The packet filter above ensures all outbound requests must come from the
proxy server. Which of the following is an important security advantage of this
arrangement?
Choice 1
It processes all requests very efficiently.
Choice 2
The proxy can store all private keys assigned to internal users.
Choice 3
The outside network sees only one internal address.
Choice 4
The two networks can use different protocols.
Choice 5
The level of protection can be customized for each internal host.

Ans: 3

7)An Internet application uses certificates issued by your company to identify
users. What is the minimum information about each user that should be stored in
the certificate?
Choice 1
Information necessary to uniquely identify each user.
Choice 2
All information submitted by the user applying for the certificate.
Choice 3
The user's passphrase and name.
Choice 4
The user's name.
Choice 5
Name, logon ID, and password, if appropriate.

Ans: 1


8)Of the following, which one is NOT a potential weakness in firewalls using
packet filtration?
Choice 1
Programming is often specialized.
Choice 2
Most internal networks change daily, requiring programming changes.
Choice 3
Only works for TCP packets, not UDP.
Choice 4
Extensive filter lists slow the routing process.
Choice 5
Can be easily compromised or defeated.

Ans: 2

9)What is the part of an incoming IP packet that identifies the application
that requests data?
Choice 1
source port number
Choice 2
sequence count
Choice 3
destination address
Choice 4
destination port number
Choice 5
source address

Ans: 3






10)How would a person authenticate a digital certificate issued by a public
certificate authority?
Choice 1
Decrypt the subject identification information using the subject's private
key.
Choice 2
Check the certificate authority's digital signature.
Choice 3
Call the subject and have them repeat the digital signature of the
certificate.
Choice 4
Decrypt the subject identification information using the certificate
authority's private key.
Choice 5
Check the subject's digital signature.

Ans: 5 � Because authenticating person done by validating Digital Signature which is inside Digital Certificate


Regards,
Manish


"Abstraction is the key thing while designing"
Jacek Ostrowski
Greenhorn

Joined: Feb 09, 2007
Posts: 23
Hi,


I may be wrong with my answers, but I think it should be like this:

Q1: 1
Q2: 4
Q3: 1
Q4: 3
Q6: 3
Q7: 1
Q8: 2,3,5
Q9: 1
Q10: 2

Jacek


SCEA, SCWCD, SCJP, OCA AS10g
Manish S Malhotra
Ranch Hand

Joined: Jan 19, 2007
Posts: 61
Hi,

Thanks for your reply.
Can we please discuss the answers of these questions so that it will be clear for both of us.

Questions and your and mine answers were :

"
1)When does a problem with using persistent cookies or client certificates for user authentication occur?
Choice 1
When a user changes computers.
Choice 2
When a user does not log on for more than 30 days.
Choice 3
When the IP address of the server changes.
Choice 4
When the IP address of the user changes.
Choice 5
When a user wishes to change preferences.

Mine Ans: 4
Urs Ans: 1

I think you are correct, Initially I was stuck with the thinking that changing computer doesn't change the identity of the user as the certificate would be having IP address of the client and even the cookies would be having. But when computer changes then even the certificate and cookies which were stored on the comp. are destroyed so you can't send it to the server.

I think that's why you opted 1st one. Please confirm.


2)Which layer of the OSI reference model is typically used to perform
cryptography?
Choice 1
Data Link
Choice 2
Presentation
Choice 3
Session
Choice 4
Transport
Choice 5
Network

Mine Ans: 2
Urs Ans: 4

I think this I'm sure that Ans should be 2 as all the compression and cryptography is done in the "Presentation" layer.
Please refer this link
http://www.techiwarehouse.com/cms/engine.php?page_id=19caba64

3)Which of the following could be characterized as a "denial-of-service"
attack on a system?
Choice 1
A Java applet is loaded that creates multiple threads that consume 99% of a
CPU for no useful purpose.
Choice 2
A JavaScript window mimics an operating system window to trick you into doing
something malicious.
Choice 3
A person uses a password sniffer to learn usernames and passwords and then
breaks in.
Choice 4
A virus captures and then transmits credit card numbers when they are entered
by a user.
Choice 5
An Active/X control secretly sends a password or configuration file to an Attacker

Mine Ans: 1
Urs Ans: 1
So, no discussion


4)List
A)Creating symmetric keys
B)Message authentication
C)Sender identification
D)Double encryption
E)Generating digital signatures

Which of the above can message digests be used for?
Choice 1
A only
Choice 2
C only
Choice 3
E only
Choice 4
A and B only
Choice 5
A, C, and D

Ans: 3, Because To generate Digital Signature we required the hash (message digest ) of the message and then we decrypt it using some key.

Urs Ans: 3

6)The packet filter above ensures all outbound requests must come from the
proxy server. Which of the following is an important security advantage of this
arrangement?
Choice 1
It processes all requests very efficiently.
Choice 2
The proxy can store all private keys assigned to internal users.
Choice 3
The outside network sees only one internal address.
Choice 4
The two networks can use different protocols.
Choice 5
The level of protection can be customized for each internal host.

Ans: 3
Urs Ans: 3


7)An Internet application uses certificates issued by your company to identify
users. What is the minimum information about each user that should be stored in
the certificate?
Choice 1
Information necessary to uniquely identify each user.
Choice 2
All information submitted by the user applying for the certificate.
Choice 3
The user's passphrase and name.
Choice 4
The user's name.
Choice 5
Name, logon ID, and password, if appropriate.

Ans: 1
Urs Ans: 1

8)Of the following, which one is NOT a potential weakness in firewalls using
packet filtration?
Choice 1
Programming is often specialized.
Choice 2
Most internal networks change daily, requiring programming changes.
Choice 3
Only works for TCP packets, not UDP.
Choice 4
Extensive filter lists slow the routing process.
Choice 5
Can be easily compromised or defeated.

Ans: 2
Urs Ans: 2,3,5

I have chosen only 2 because Q; is to select only one.
But others are also possible as you said.

9)What is the part of an incoming IP packet that identifies the application
that requests data?
Choice 1
source port number
Choice 2
sequence count
Choice 3
destination address
Choice 4
destination port number
Choice 5
source address

Ans: 3
Urs Ans: 1

I think you are correct I haven't noticed the word identify the "Application" (e.g. HTTP, FTP etc.) which can be identified on the basis of ports.

10)How would a person authenticate a digital certificate issued by a public
certificate authority?
Choice 1
Decrypt the subject identification information using the subject's private
key.
Choice 2
Check the certificate authority's digital signature.
Choice 3
Call the subject and have them repeat the digital signature of the
certificate.
Choice 4
Decrypt the subject identification information using the certificate
authority's private key.
Choice 5
Check the subject's digital signature.

Ans: 5 � Because authenticating person done by validating Digital Signature which is inside Digital Certificate
Urs Ans: 2
Again you are correct .
Because the digital signature in the Dig. Cert. is of CA's which users validates using the CA's public key.
Now I'm correct I think.
"

Thanks a lot Jacke.

Please reply if I'm wrong anywhere.

Regards,
Manish
Jacek Ostrowski
Greenhorn

Joined: Feb 09, 2007
Posts: 23
Hi,

I see we can agree with most of the questions.

Only difference is in Q2.
I answered 4 (Transport) because of TLS which stands for Transport Layer Security TLS.
I was wrong because Transport Layer in TLS name refers to TCP/IP model.

Now I think that correct answer is 2 (Presentation) - Presentation Layer


Regards,
Jacek
Jacek Ostrowski
Greenhorn

Joined: Feb 09, 2007
Posts: 23
I missed that you answered 2 in Q2, so now we agree on all the questions.

Jacek
Igor Katkov
Greenhorn

Joined: Sep 12, 2007
Posts: 6
For question #8
Correct Answer is Choice 3

http://docs.rinet.ru/NeHi/ch10/ch10.htm

Choice 1 Programming is often specialized. true
Choice 2 Most internal networks change daily, requiring programming changes. true
Choice 3 Only works for TCP packets, not UDP. false
Choice 4 Extensive filter lists slow the routing process. true
Choice 5 Can be easily compromised or defeated. true
Igor Katkov
Greenhorn

Joined: Sep 12, 2007
Posts: 6
For this question

1)When does a problem with using persistent cookies or client certificates for
user authentication occur?
Choice 1 When a user changes computers.
Choice 2 When a user does not log on for more than 30 days.
Choice 3 When the IP address of the server changes.
Choice 4 When the IP address of the user changes.
Choice 5 When a user wishes to change preferences.


I'm in doubt - but if asked I would go for choice 1, as IP address change is irrelevant.
Juan Pablo Crossley
Ranch Hand

Joined: Oct 16, 2007
Posts: 128
Q1. 1,3
The cookies have the IP of the server, the client certificates and the cookies depends on server IP address
Q2. 4
The transport (Secure Socket Layer SSL) will do the crypto.
Q6. 5
the outside pc is not really the issue in here, if all the connections comes from the same server that means all the PCs uses that
server as proxy server, and this will be able to customize the security for each IP internal address
Q9. 4
Normally the destination port will be different in some cases, for example if the applications asks for something in the 80 port you will know that a browser or webservice client did the call, if the port matches with the ejb port then the client could be an EJB client.


SCJP, SCBCD, SCEA 5, MCP

How to pass SCEA 5 | 2, 3, N-tier which one should I pick? | Analysis of persistence layer from SCEA 5 perspective | Swing... why not?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Doubts: Security, Related Question - Help
 
Similar Threads
Java Security MOCK
A security question from Javacoding Mock Exam.
Assistance in the mock SCJA questions ...
SCEA Doubts and Comments Required
AXIS Security Transaction (Highest Protection)