I think the answer "false" is correct. Because Confidentiality means really confident i.e. even authorized persons or processed can not share or see the confidential data of each other like credit card info or pwd etc.
I used to have doubts on this question, but now I've come clear.
Defining "confidentiality" as "Confidentiality means the property that data or information is not made available or disclosed to unauthorized persons or processes" is acceptable, if we are talking about it as a general item.
But when we put it into the context of J2EE, confidentiality actually means the encryption of the data transmitted. Beyond the general definition that "the data should not be made available to others", confidentiality in J2EE means "even if others see it, they won't understand what is being sent because we encrypt our data".