efthymia armanidi

Greenhorn
+ Follow
since Dec 16, 2012
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by efthymia armanidi

Thank you guys,
Satya you are right, I should complete the submission form in PearsonVUE which is the 7th step in the track.
No I am requested for an authentication code and I have contacted Oracle helpdesk for this.
If I find something not straightforward in the procedure I will share it with you.
//BR
Hello Guys,

I have just passed the exam(OCMJEA 6 ) and I have also attended the on demand course.
Now in CertView I can see that the status is passed however I was wondering how could I verify in my account that I have also attended the course.
Shouldn't it be somehow integrated in the account?
Thank you,
//BR
Hello,

this can be negated by smart IP filters.
//BR
Hello,

First of all i believe that there is no definite action to take regarding any security issue.

However, i think that TLS could possibly protect us from man in the middle and denial of service.
With two-way SSL (SSL with client authentication), the server presents a certificate to the client and the client presents a certificate to the server. WebLogic Server can be configured to require clients to submit valid and trusted certificates before completing the SSL connection.(http://docs.oracle.com/cd/E23943_01/web.1111/e13707/ssl.htm).
So if we configure ssl appropriately(i.e. two way SSL) we can be protected by DOS attacks, because client would be trusted.
Session hijacking is not negated only by SSL, because as Rahul stated, it could still be possible to perform some other kind of session hijack(i.e cookie or url rewriting).

//BR

Mikalai Zaikin wrote:

Elizaba Thomas wrote:Thanks for the prompt reply Mikalai ... I did the production one ...

Let me also add, There was one question regarding message level security ... It goes like this


Q- Which two statements are true about security strategies at the message level?
A. Messages are secured during transport and after arrival at their destination
B. Each portion of a compound message is secured.
C. SSL is required to ensure authenticity, integrity, and confidentiality.
D. Message attachments are secured without the need for a dedicated API.
E. Security is dependent on the application environment or the transport protocol.

I got the question from one of the mock exams i found online (after I attempted the exam ! ) They have answered C,E (I know for sure E is not an answer !! )

I answered, A and C - And I am pretty much sure the answer is correct

My exam results details that I had answered the one of message level security wrongly !!!

I realize most of the exams published online give wrong answers!

I am wondering if Oracle accepts re-evaluation !




Hello,

I would answer the same:

A (Messages are secured during transport and after arrival at their destination)
C (SSL is required to ensure authenticity, integrity, and confidentiality.)

It explained in Java EE 6 tutorial here: http://docs.oracle.com/cd/E19798-01/821-1841/bnbxd/index.html

A – true (Security stays with the message over all hops and after the message arrives at its destination.)
B – false (For example, a portion of the message may be signed by a sender and encrypted for a particular receiver.)
C – true
D – false (Security can be selectively applied to different portions of a message and, if using XML Web Services Security, to attachments.)
E – false (Message security is independent of the application environment or transport protocol.)

So, I believe you answered this question correctly

Best regards,
MZ

P.S. Note, the online sample tests may be totally wrong, so take those questions and answers with caution.



Hello,

How could C be a correct answer since this is a correct statement for transport level security and the question is about message level strategies...


//BR