GIAC GSSP-Java - GIAC Secure Software Programmer – Java Exam
Page: 2 / 55
Total 275 questions
Question #6 (Topic: Topic 1)
Mark works as a Programmer for InfoTech Inc. He develops the following deployment
descriptor code.
<web-app . . . .>
<display-name>A Secure Application</display-name><servlet>
...
<security-role-ref >
<role-name>Manager</role-name>
<role-link>Admin</role-link>
</security-role-ref>
</servlet>
<security-role>
<role-name>Programmer</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>Employee</role-name>
</security-role>
</web-app>
Which of the following is a valid isUserInRole() method call that can be made if request is
the
HttpServletRequest request?
descriptor code.
<web-app . . . .>
<display-name>A Secure Application</display-name><servlet>
...
<security-role-ref >
<role-name>Manager</role-name>
<role-link>Admin</role-link>
</security-role-ref>
</servlet>
<security-role>
<role-name>Programmer</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>Employee</role-name>
</security-role>
</web-app>
Which of the following is a valid isUserInRole() method call that can be made if request is
the
HttpServletRequest request?
A. request.isUserInRole("Programmer");
B. request.isUserInRole("Manager");
C. request.isUserInRole("Admin");
D. request.isUserInRole("Employee");
Answer: B
Question #7 (Topic: Topic 1)
Which of the following methods of the EJBContext interface can be called by both the BMT
and CMT beans?
Each correct answer represents a complete solution. Choose all that apply.
and CMT beans?
Each correct answer represents a complete solution. Choose all that apply.
A. getCallerPrincipal()
B. getRollbackOnly()
C. getUserTransaction()
D. isCallerInRole()
Answer: A,D
Question #8 (Topic: Topic 1)
Mark works as a Programmer for InfoTech Inc. He develops a deployment descriptor code
that contains three valid
<security-constraint> elements.
All of them constraining a Web resource Res1, the
<auth-constraint> sub-element of the <security-constraint>
elements are as follows.
<auth-constraint>Admin</auth-constraint>
<auth-constraint>Manager</auth-constraint>
<auth-constraint/>
Which of the following can access the resource Res1?
that contains three valid
<security-constraint> elements.
All of them constraining a Web resource Res1, the
<auth-constraint> sub-element of the <security-constraint>
elements are as follows.
<auth-constraint>Admin</auth-constraint>
<auth-constraint>Manager</auth-constraint>
<auth-constraint/>
Which of the following can access the resource Res1?
A. Only Manager can access the resource.
B. No one can access the resource.
C. Everyone can access the resource.
D. Only Admin can access the resource.
Answer: B
Question #9 (Topic: Topic 1)
Which of the following statements correctly describe the features of the singleton pattern?
Each correct answer represents a complete solution. Choose all that apply.
Each correct answer represents a complete solution. Choose all that apply.
A. Singletons are used to control object creation by limiting the number to one but allowing the flexibility to create more objects if the situation changes.
B. Singletons can only be stateless, providing utility functions that need no more information than their parameters.
C. A singleton class may disappear if no object holds a reference to the Singleton object, and it will be reloaded later when the singleton is needed again.
D. The behavior of a singleton can be obtained by static fields and methods such as java.lang.Math.sin(double).
Answer: A,C,D
Question #10 (Topic: Topic 1)
Which of the following deployment descriptor elements must contain the <transport-
guarantee> element as its mandatory sub-element?
guarantee> element as its mandatory sub-element?
A. <user-data-constraint>
B. <web-resource-collection>
C. <auth-constraint>
D. <login-config>
Answer: A
