GIAC Secure Software Programmer – Java v6.0 (GSSP-Java)

Page:    1 / 19   
Total 275 questions

Which of the following is a mandatory sub-element of the <web-resource-collection> element of the deployment descriptor?

  • A. <web-resource-name>
  • B. <description>
  • C. <http-method>
  • D. <url-pattern>


Answer : A

Which of the following statements are true?
Each correct answer represents a complete solution. Choose all that apply.

  • A. StringBuffer is thread safe, but StringBuilder is not.
  • B. The String class is final.
  • C. StringBuilder offers faster performance than StringBuffer.
  • D. The size of the String can be obtained using the length property.


Answer : A,B,C

The following JSP scriptlet is given.
<% response.setContentType("text/html; charset=ISO-8859-1"); %>
Which of the following directives is the equivalent directive for the scriptlet given above?

  • A. <%@ include contentType="text/html; pageEncoding=ISO-8859-1" %>
  • B. <%@ include contentType="text/html; charset=ISO-8859-1" %>
  • C. <%@ page contentType="text/html; charset=ISO-8859-1" %>
  • D. <%@ taglib contentType="text/html; pageEncoding=ISO-8859-1" %>


Answer : C

You write the following code.
class Father {public void Method() {System.out.println("I am Father");}} public class Son extends Father {public static void main(String argv[]) {Son son = new
Son();son.Method();}
private void Method() {System.out.println("I am Son");}}
Which of the following will be the result, when you try to compile and run the code?

  • A. I am Father will be displayed as the output.
  • B. A runtime error will result.
  • C. I am Son will be displayed as the output.
  • D. The code will execute but without displaying any output.
  • E. A compile-time error will result.


Answer : E

Given below are top-level class declarations. Which of these class declarations would not produce a compile-time error? abstract class P {} //1 private class Q {} //2 static class R {} //3 transient class S {} //4

  • A. Line 3
  • B. Line 1
  • C. Line 2
  • D. Line 4


Answer : B

Which of the following statements about the <auth-constraint> element are true?
Each correct answer represents a complete solution. Choose all that apply.

  • A. It is an optional sub-element of the <security-constraint> element.
  • B. It has <role-name> and <role-type> as its sub-elements.
  • C. If the <auth-constraint> element is not present, all users can access the resource.
  • D. If the <auth-constraint> element has no <role-name> sub-element, all users can access the resource.


Answer : A,C

Which of the following methods is used to authenticate the users, and if the user has not been authenticated, the method returns false?

  • A. getCallerPrincipal()
  • B. getRemoteUser()
  • C. isUserInRole()
  • D. getCallerIdentity()


Answer : C

Which of the following mechanisms is closely related to authorization?

  • A. Sending data so that no one can alter it on the way.
  • B. Allowing access to a particular resource.
  • C. Verifying username and password.
  • D. Sending secret data such as credit card information.


Answer : B

You work as a Programmer for InfoTech Inc. You develop two html pages named authenticate.jsp and error.jsp, which are deployed directly at the root of the Web application named Authentication. Which of the following deployment descriptor code declarations will be used to ensure that the error.jsp page will be displayed automatically if the client is not authenticated?

  • A. <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/authenticate.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config>
  • B. <user-data-constraint> <auth-method>FORM</auth-method> <login-page>/authenticate.jsp</login-page> <form-error-page>/error.jsp</form-error-page> </user-data-constraint>
  • C. <auth-constraint> <auth-method>FORM</auth-method> <login-page>/authenticate.jsp</login-page> <form-error-page>/error.jsp</form-error-page> </auth-constraint>
  • D. <error-page> <auth-method>FORM</auth-method> <form-login-page>/authenticate.jsp</form-login-page> <location>/error.jsp</location> </error-page>


Answer : A

Which of the following are advantages of client-side JavaScript?
Each correct answer represents a complete solution. Choose two.

  • A. It is fast.
  • B. It provides graphical components.
  • C. It is secure.
  • D. It provides form-validation at client side.


Answer : A,D

You work as a Software Developer for NewTech Inc. You want to configure the deployment descriptor so as to specify the error pages used in the FORM based authentication. Which of the following elements will you use to accomplish the task?

  • A. The <realm-name> sub-element of the <login-config> element.
  • B. The <role-link> sub-element of the <security-role-ref> element.
  • C. The <method> sub-element of the <method-permission> element.
  • D. The <form-login-config> sub-element of the <login-config> element.


Answer : D

Mark works as a Programmer for InfoTech Inc. He develops a class named Data that imports all the required packages. The class Data uses a method named PrintData(), which uses a method that checks whether the caller has a BeanUser security role. Which of the following code of the method PrintData() will satisfy the requirement?

  • A. public void PrintData() { @DeclareRoles("BeanUser") @Resource SessionContext ctx; @RolesAllowed("BeanUser") Principal caller = ctx.getCallerPrincipal(); if (ctx.getCallerIdentity("BeanUser")) { System.out.println("It is the correct user");} else{System.out.println("It is the incorrect user");}//more code}
  • B. public void PrintData() {@DeclareRoles("BeanUser") @Resource SessionContext ctx; @RolesAllowed("BeanUser") Principal caller = ctx.getEJBHome(); if (!isCallerInRole(ctx)) {System.out.println("It is the correct user");} else{System.out.println("It is the incorrect user");}//more code}
  • C. public void PrintData() {@DeclareRoles("BeanUser") @Resource SessionContext ctx; @RolesAllowed("BeanUser") Principal caller = ctx.getCallerPrincipal(); if (ctx.isCallerInRole("BeanUser")) { System.out.println("It is the correct user");} else{System.out.println("It is the incorrect user");}//more code}
  • D. public void PrintData() {@DeclareRoles("BeanUser") @Resource SessionContext ctx; @RolesAllowed("BeanUser") Principal caller = ctx.getCallerPrincipal(); if (ctx.getStatus("BeanUser")) {System.out.println("It is the correct user");} else{System.out.println("It is the incorrect user");}//more code}


Answer : C

Which of the following methods can be invoked from the ejbStore() method of an entity bean class?
Each correct answer represents a complete solution. Choose all that apply.

  • A. getPrimaryKey()
  • B. getUserTransaction()
  • C. getRollbackOnly()
  • D. isCallerInRole()
  • E. getEJBObject()


Answer : A,C,D,E

Harry works as a Software Developer for SoftTech Inc. He has developed a Java application to perform various SQL statements such as INSERT, UPDATE, etc., against a database table named Employee. He has used the executeUpdate() method to perform various SQL queries and to know the exact affected rows in the database if any of the operations is performed against the database table.
Which of the following types of values is returned by this method?

  • A. Double
  • B. Integer
  • C. Float
  • D. String


Answer : B

Drag and drop the appropriate authentication types from the given options to match their properties.

  • A.


Answer : A

Page:    1 / 19   
Total 275 questions