Following are questions I guess need correction. Page # 831 Qn 6 .When creating session listeners which are true? (Choose all that apply) A. They are all declared in the DD B. Not all of them must be declared in the DD C. The DD tag used to declare them is <listener>. D. The DD tag used to declare them is <session-listener>. E. The DD tag used to declare them is placed within the <web-app> tag. F. The DD tag used to declare them is placed within the <servlet> tag.
Answers given are B and E. Option c is also correct, but it's not selected as an answer.
Page # 833 Qn 11 - Given these fragments from within a single tag in a Java EE DD:
which are true? (Choose all that apply)
A. A Java EE DD can contain a single tag in which all of these tags can legally co-exist. B. It is valid for more instances of <auth-constraint> to exist within the single tag described above. C. It is valid for more instances of <user-data-constraint> to exist within the single tag described above. D. It is valid for more instances of <url-pattern> to exist within the <web-resource-collection> tag desccribed above. E. It is valid for other tags of the same type as the single encasing tag described above to have the same <url-pattern> as the tag above. F. This tag implies that authorization, authentication and data integrity security features are all declared for the web application.
Answers given are A,B,D,E,F But, options B and F should not be correct. - Only one instance of <auth-constraint> will exist within one <security-constraint> tag. The deployment descriptor DTD has the following definition for <security-constraint> as per servlet spec is <!ELEMENT security-constraint (web-resource-collection+, auth-constraint?, user-data-constraint?)> - This tag implies that authorization, data integrity and confidentiality security features are all declared for the wen application. And not authentication. Authentication is declared using the <login-config> tag. As per the servlet spec - The login-config element is used to configure the authentication method that should be used, the realm name that should be used for this application, and the attributes that are needed by the form login mechanism. <!ELEMENT login-config (auth-method?, realm-name?, form-loginconfig?)>
Page # 841 Qn 26 - Given
Which of the following lines of code, is inserted independently at Line 5, will cause the text within the c therwise tag to display? (Choose all that apply)
A. books.add(""); B. books.add(null); C. books.clear(); D. books.add("HeadFirst") E: books = null;
The options marked are B and D. Clearly, those two will not satisfy empty operators and will execute the code inside the <c:when> tag. Shouldn't the answers be C and E which staisfies the empty operator and hence will execute the code inside <c therwise> tag? the hand written comments correctly mentions that E will satisfy empty operator.
Page # 845 Qn 34 - Given this portion of Java EE.war files directory structure:
MyApp |-- META-INF ||-- MANIFEST.MF ||-- web.xml | |-- WEB-INF ||-- index.html ||-- TLDs ||-- Header.tag What changes are necessary to make this structure valid and the resources accessible? (choose all that apply) A. No changes necessary B. The web.xml file must be moved. C. The index.html file must be moved. D. The Header.tag file must be moved. E. The MANIFEST.MF file must be moved. F. The WEB-INF directory must be moved. G. The META-INF directory must be moved.
Answers given are B and D. I agree structure is valid with index.html being under WEB-INF directory.But, since the question also asks about changes necessary to make resources accessible, shouldn't option C also be an answer?
Page # 851 Qn 49 - Given:
What about the taglib directives would cause the JSP not to function? A. Line 4 is wrong because prefix attribute must come before the uri attribute B. Line 3 is wrong because there is no uri attribute. C. Line 4 is wrong because the uri value must begin with http:// D. Line 3 is wrong because the prefix jsp is reserved for standard actions.
Answer given is C. Whereas the answer should be D.Hand written comment agrees with this statement.
Page # 863 Qn 69. Your web application has a valid dd with a single <security-constraint> tag. Within this tag exists: - a single http method that declares GET All of the resources in your application exist within directory1 and directory2 and the only defined roles are BEGINNER and EXPERT. If you want to restrict BEGINNERs from using resources in directory2 , which are true about the url and role tags you should declare? (Choose all that apply)
A. A single url tag should declare directory1 and single role tag should declare EXPERT. B. A single url tag should declare directory2 and single role tag should declare EXPERT. C. A single url tag should declare directory1 and single role tag should declare BEGINNER. D. A single url tag should declare directory2 and single role tag should declare BEGINNER. E. One url tag should declare ANY and its role tag should declare EXPERT, and another url tag should declare directory2 and its role tag should declare BEGINNER F. One url tag should declare both directories and its role tag should declare EXPERT, and another url tag should declare directory1 and its role tag should declare BEGINNER
Answer given is D, which is wrong because that allows the BEGINNERs to access resources in directory2. B should be the answer.
I'd reported these questions in the errata and both of them are confirmed errors.
Please see below comments from errata
6. Added a checkmark to option C
34. THE WORDING OF THE STEM FORCES OPTION C TO BE VALID Added a checkmark to option C. Changed the note for option C to "Option C: index.html must be outside of the WEB-INF/ directory to be accessible."