This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Final Mock Test  Question 10 Head First and Servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Final Mock Test  Question 10 Head First and Servlets" Watch "Final Mock Test  Question 10 Head First and Servlets" New topic
Author

Final Mock Test Question 10 Head First and Servlets

Mohit G Gupta
Ranch Hand

Joined: May 18, 2010
Posts: 634

Final Mock Test Question 10 Head First and Servlets

You have determined that certain capabilities in your web application will require that
users be registered members. In addition, your web application sometimes deals with user
data that your users want you to keep confidential.
Which are true? (Choose all that apply.)

A. You can make transmitted data confidential only after your application has
verified the user’s password.
B. Of the various types of authentication guaranteed by a Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
C. No matter what type of Java EE authentication mechanism you use, it will only
be activated when an otherwise constrained resource is requested.
D. All of the Java EE guaranteed types of authentication provide strong data
security without the need to implement supporting security features

Correct answer:C
For authentication we use the login-config DD element and it can be used even if we dont specify a security-constraint element in DD i.e. we are using authentication with not authorization ,data integrity .
authentication is activated before authorization.
So ,C is Wrong.

what wrong with option B ?
Of the various types of authentication guaranteed by a Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
We are matching username and password as specified in Tomcat-users.xml


OCPJP 6.0 93%
OCPJWCD 5.0 98%
Mohit G Gupta
Ranch Hand

Joined: May 18, 2010
Posts: 634

Please Help me fellow ranchers.
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1662
    
  25


B. Of the various types of authentication guaranteed by a Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
what wrong with option B ?

This is a trick question (testing whether you know that DIGEST based authentication is required by the web-container or not)

Only BASIC annd FORM based authentication are mandated (i.e. guaranteed) by the specs,
this is what they write about DIGEST
jsp 2.0 SRV.12.5.2 HTTP Digest Authentication
As Digest Authentication is not currently in widespread use, servlet
containers are encouraged but not required to support it.


Regards,
Frits
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Final Mock Test Question 10 Head First and Servlets