Security in Java EE 6
The course is part of this learning path
This course takes an in-depth look at security in Java Enterprise Edition. We'll cover a wide range of topics as listed below. Finally, we'll round off the course by taking a look at some example exam questions similar to those you can expect to find on the Oracle Certified Java EE exams.
- Understand the fundamentals of security in Java EE
- Learn the following concepts and features:
- Securing GlassFish server
- Working with users, groups, and roles
- Securing your web applications
- Securing enterprise beans
- Digital certificates
- Security architecture
- Security threats
- And much more...
This course is intended for anyone who already has basic knowledge of Java and now wants to learn about Java Enterprise Edition.
Basic knowledge of Java programming
Hello dear friends. In this video, we will start to solve some questions about this topic to make more practice. Let's begin with the first question. 1. Which of the following options is not part of the security features or security model of the Java SE environment?
A, WS-Security. B, Web Start. C, JAAS. D, Applet. Answer, A. 2. Which of the following options is possible for an unsigned Java application? A, Access local file system. B, Access system clipboard. C, Print a document. D, Run an executable file. E, None of the above. Answer, E. 3. Which of the following is the mechanism that restricts all applications installed over a network from accessing security sensitive resources such as the local file system? A, Java SDK. B, IPSec. C, Sandbox. D, JAAS. Answer, C. 4. Which of the following options is not an available location for Java EE security features in a UML diagram? A, DMZ. B, SSL transport. C, Firewall. D, Load balancer. Answer, D. 5. Which of the following options is an example of a mitigation strategy for a distributed denial of service (DDoS) attack? A, Secret keys. B, Switch filter. C, Encryption. D, Encoding input and output. Answer, B. 6. The support helpdesk has reported you too many incidents with locked customers whose passwords need to be reset. Which of the following is the most likely type of attack? A, Eavesdropping. B, Brute force. C, Code injection. D, Phishing. Answer, B. 7. Which of the following options is the recommended approach to prevent reoccurring attacks? A, Encrypt messages. B, Use nonce in messages. C, Digital signature. D, Port filtering. Answer, B. 8. Which of the following could be caused by failing to validate input from an HTML form? A, Code injection. B, Session hacking. C, Phishing. D, Unsafe object. Answer, A. 9. Which of the following options would be an example of a valid security disclosure for a Java EE web component? A, @ServeletSecurity. B, @Deny. C, @Permit. D, @Login. Answer, A. 10. Which of the following options is a valid security deployment identifier for a Java EE web component? A<deny-role>, deny-role. B, web-resource-collection. C, auth-permit. D, login-schema. Answer, B. 11. Which of the following options can be represented as a valid security method for the Java EE web component? A, getCallerPrincipal. B, getProtocol. C, isUserInRole. D, isCallerInRole. Answer, D. 12.
Which of the following options is an example of a valid security disclosure for the Java EE enterprise bean component? A, @Deny. B, @Permit. C, @RunAs. D, @Roles. Answer, C. 13. Which of the following options will show as a valid security deployment descriptor for a Java EE enterprise bean component? A, method-permission. B, ejb-home. C, identity. D, ejb-security. Answer, A. 14. Which of the following options is a valid security method for the Java EE enterprise bean component? A, isCallerInRole. B, getRemoteUser. C, getUserPrincipal. D, getRemotePrincipal. Answer, A. 15. Which of the following security technologies can be used in the application layer? A, Declarative security. B, All of the above. C, Programmatic security. D, Firewalls. Answer, B. 16. Which of the following security technologies can be used in the message layer? A, Firewalls. B, All of the above. C, WS-Security. D, IPSec. Answer, C. 17. Which of the following security technologies can be used in the transport layer? A, Secure Sockets Layer. B, Digital fingerprint. C, Message digest. D, Intercepting filter. Answer, A.
OAK Academy is made up of tech experts who have been in the sector for years and years and are deeply rooted in the tech world. They specialize in critical areas like cybersecurity, coding, IT, game development, app monetization, and mobile development.