File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes mutiple choice questions regarding security in SCEA-1 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "mutiple choice questions regarding security in SCEA-1" Watch "mutiple choice questions regarding security in SCEA-1" New topic
Author

mutiple choice questions regarding security in SCEA-1

aruna sydu
Ranch Hand

Joined: Jan 21, 2008
Posts: 98

Hi All,

I got the below questions from one of the Blogs written in course of preparing for SCEA.
Please help me getting the most correct answer to this questions as I have problem figuring out.


Which is an appropriate technique for minimizing the consequences of a successful attack?

A. Input validation
B. Principle of least privilege
C. Encryption of wire transmissions
D. Use of strong/two-factor authentication


Your company is going through an extensive security audit and it has been identified that your internet-facing web site is vulnerable to SQL injection from authenticated users. Which two are appropriate for mitigating this threat? (Choose two.)

A. Using security roles in the deployment descriptor
B. In stored procedures called with prepared statements
C. Adding an intercepting validation filter to your system,
D. Requiring SSL in the deployment descriptor transport guarantee.




Thanks!
Aruna.


Attitude Determines Altitude

SCJP4/SCWCD4/SCDJWS5/Preparing SCEA Part I
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30506
    
150

Questions were from http://mycollectivematerial.blogspot.com/.

What do you think the answer is. Also, the site gives a correct answer. What was it? Do you agree? Why or why not?


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
aruna sydu
Ranch Hand

Joined: Jan 21, 2008
Posts: 98


Hi Jeanne,

Please bear with me as I am not very good at security.

For first question the answer is B.Principle of least privilege.When I read the question I thought all of the choices are required for minimizing the consequences of a successful attack.

And the answer to second question is B and C , I absolutely agree with option C , however i could not understand why procedure should be introduced in the design to mitigate the threat.

Please clarify.

Thanks & Regards,
Aruna.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30506
    
150

Aruna,
I agree with the sample answers.

For the first one, A/C/D reduce the chance of an attack. B reduces the impact of the attack one the user is in.

For the second one, B prevents SQL injection because binding variables are used instead of raw strings.
aruna sydu
Ranch Hand

Joined: Jan 21, 2008
Posts: 98


Thanks a lot Jeanne
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: mutiple choice questions regarding security in SCEA-1