For the topic EJB Security are we suppose to be following glassfish server or are we allowed to use any other, the reason I am asking this question is apache TomEE is so well documented with regards to examples unlike glassfish. for instance in this example http://tomee.apache.org/examples-trunk/webservice-security/README.html it is so clean and easy. So, the question can we use any application server for the exam?
For the exam, there is no specific application server /servlet container/EJB container you should use or learn about.
But in general, you need to know web.xml, sun-web.xml, ejb-jar.xml, sun-ejb-jar.xml, WAR, EAR files for you to configure security constraints and deploy the application.