Which two statements apply to the following code snippet? (Choose two.)
< servlet >
< servlet-name >
< /servlet-name >
< servlet-class >
< /servlet-class >
< /servlet >
A. It is a mapping between a servlet name and the fully-qualified name of the servlet class.
B. It is a map between a URL and a servlet.
C. This code belongs in the WebApp deployment descriptor.
D. It tells the container where to install the servlet.
Which two of the following statements most closely relate to HTTPS Client Authentication?
A. It uses a Status-Code element (three-digit integer).
B. It uses predefined form fields.
C. It is the most secure form of authentication.
D. It uses SSL.
Which directory is the location for myApp.jar?
C. /WEB-INF/lib/D. /
In which two elements can you define initialization parameters?
Which three of the following are elements of the Web Application Descriptor?
What is the configuration that the deployment descriptor uses to handle each exception?
What is the deployment descriptor file named?
Which directory is the location for Web application class files?
What does the security-role element do?
A. It configures the authentication method that should be used by the form login mechanism.
B. It defines the status codes for security breaches.
C. It contains a mapping between an error code or exception type to the path of a resource in the Web application.
D. It describes and names the security role.
Which directory is the location for the deployment descriptor?
C. /WEB-INF/lib/D. /
Which of the following best defines authentication?
A. The means used to prove that information has not been modified by a third party while in transit.
B. This is access control where interactions with resources are limited to collections of users or programs for the purpose of enforcing integrity, confidentiality, or availability constraints.
C. You have permission to use a given page.
D. The means by which communicating entities prove to one another that they are acting on behalf of specific identities.
What is the best definition for auditing?
A. This is access control where it defines who can interact with what resources.
B. Maintaining a record of Web application activity.
C. This is a check of the Web application when it is used for commercial transactions.
D. This prevents Web site attacks.
A and C. The servlet element establishes a mapping between a servlet name and the fully-qualified name of the servlet class. You would place this code in the WebApp deployment descriptor.
C and D. This is end user authentication using HTTPS (HTTP over SSL). This mechanism uses public key encryption that requires the user to possess a Public Key Certificate (PKC). This is the highest level security of the four here.
C. The jar files go in the /WEB-INF/lib/ directory.
A and B. The initialization parameters are defined in both the context-param and the servlet elements of the Web deployment descriptor.
A, B, and C. All of these are elements except there is no error element. It should have been error-page.
A. The error-page element, which defines what resource the container should use for a given exception.
< web-app >
< error-page >
< error-code >404< / error-code >
< location > /404.html < /location >
< /error-page >
< /web-app >
C. web.xml is the deployment descriptor file.
B. You place your servlets and utility classes in /WEB-INF/classes/.
D. The security-role element contains the definition of a security role. The definition consists of an optional description of the security role, and the security role name.
A. web.xml is the deployment descriptor file in /WEB-INF/web.xml.
D. Authentication is the means by which communicating entities prove to one another that they are acting on behalf of specific identities. In other words, it is the attempt to prove that you are really you.
B. Maintain a record of Web application activity. For example, you can log resource accesses including times and requester IP and ID. This usually involves a log somewhere.
Previous Chapter: Quick Recap - Chapters 47 to 50
Next Chapter: Chapter 51 - Introduction to Design Patterns
© 2013 by www.inheritingjava.blogspot.com. All rights reserved. No part of this blog or its contents may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the Author.