Do anyone recall what type of question(s) is given on session management ?
Section 5 - Designing and Developing
Servlets Using Session Management
5.1 Identify the interface and method for each of the following:
�Retrieve a session object across multiple requests to the same or different servlets within the same WebApp
�Store objects into a session object
�Retrieve objects from a session object
�Respond to the event when a particular object is added to a session
�Respond to the event when a session is created and destroyed
�Expunge a session object
5.2 Given a scenario, state whether a session object will be invalidated.
5.3 Given that URL-rewriting must be used for session management, identify the design requirement on session-related HTML pages.
Also, in HTTP security is there any authentication mechanism outside the 4 (BASIC/DIGEST/FORM/CLIEN-CERT) given in the objectives ?
For the exam, no.
6.1 Identify correct descriptions or statements about the security issues:
�Authentication, authorization
�Data integrity
�Auditing
�Malicious code
�Web site attacks
6.2 Identify the deployment descriptor element names, and their structure, that declare the following:
�A security constraint
�A Web resource
�The login configuration
�A security role
6.3 Given an authentication type: BASIC, DIGEST, FORM, and CLIENT-CERT, identify the correct definition of its mechanism.