| JavaBeat |
|
|
SCBCD Mock Questions - 31)Assuming that ctx is a reference to the SessionContext, which of the following statements can be used to check whether the caller has a role of "manager"?1)ctx.isUserInRole("manager")2)ctx.isCallerInRole("manager") 3)ctx.getCallerPrincipal("manager") 2)Which of the following statements regarding EJB security are true? [Select all correct answers]1)A security role or a method can only appear once in a method-permission element.2)A security role or a method may appear in multiple method-permission elements. 3)The Application Assembler uses the unchecked element instead of a role name in the method-permission element to indicate that a method should not be checked for authorization. 4)If a security role is defined but not used in any method-permission elements that role has permission over all methods of any EJBs within the Enterprise Javabean application. 3)Which one of the following is a responsibility of the EJB Container with regards to EJB security?1)The EJB Container is required to provide a security domain and one or more principal realms to the enterprise bean's.2)The EJB Container is required to provide tools for the Bean provider to allow them to debug enterprise bean's once they have been deployed. 3)The EJB Container is required to link security role references to security roles. 4)The EJB Container is responsible for configuring the principal delegation for inter-component calls. 4)The exhibit excerpt is from a container managed persistence entity bean, which one of the following statements is correct?2)There will not be an entry in the log as the code will not execute log(callerPrincipal.getName()). 3)There will be an entry in the log of "null". 4)This code will not compile as the method getCallerPrincipal() on the javax.ejb.EntityContext returns a boolean result not a reference to an instance of java.security.Principal. 5)Based on the exhibit which of the following statements is correct? [Select all correct answers]2)A caller with the role of Manager is guaranteed to have permission to use the method create on the ProductCatalogService's Home interface. 3)A caller with the role of Boss is guaranteed to have permission to use the method create on the ProductCatalogService's Home interface and the method create on the ProductCatalogService's Remote interface. 4)A caller with the role of Secretary is guaranteed to have permission to use the method create on the ProductCatalogService's Remote interface. 6)Which of the following are responsibilities of the Application Assembler? [Select all correct answers]1)The Application Assembler should hard-code security policies in the enterprise bean's business methods2)The Application Assembler is responsible for defining security roles in the deployment descriptor. 3)The Application Assembler assigns principals (such as individual users) used for managing security in the operational environment to the security roles defined in the security-role elements of the deployment descriptor. 4)The Application Assembler is responsible for defining method permissions. 7)Identify responsibilities for the EJB deployer from the options below? [Select all correct answers]1)Along with the Application Assembler define the appropriate security policies for the application.2)Setting up the appropriate security policy for the enterprise bean application. 3)Along with the System Administrator setting up of the principal delegation in a Container-specific way. 4)Describe all the requirements for the caller's principal management of inter-enterprise bean invocations as part of the description. 8)Which of the following are available within EJB security management? [Select all correct answers]1)Declarative security does not allow you to specify that the Local interface's version of a method is accessible, but that the Remote interface's version of the method is not accessible to anyone.2)Using declarative security you can specify that you do not want anyone to have access to methods of your bean. 3)Using declarative security it is possible to specify that the caller of a bean will appear to be running as a different role for calls that are made from that bean to other bean. 4)EJB security management means that users of EJBs must change their passwords and usernames on a frequent basis. 9)Type in the tag name (without opening and closing braces) that allows you to assign the role required to have access to an EJB method. ______10)Please select the following statements that correctly describe EJB support for security management? [Select all correct answers]1)Authorisation to invoke a bean's method can be defined at a bean's method level.2)Authorisation to invoke a bean's method can be defined at the bean instance level using tags within the deployment descriptor. 3)Authorisation to invoke a bean's method cannot be controlled. EJB supports only authentication which is controlled through the deployment descriptor. 4)Authorisation to invoke a bean's method can be controlled using either programmatic security or declaratively. SCBCD Mock Questions 3 - Answers |
|
|
|
|
|
|
| JavaBeat Media (2004-2008), India | |
| javabeat | planetoss | links directory | advertise | |
|