Sunday, March 29, 2009

SCEA 5.0 Exam Questions - 5

Few more questions for the exam:

57. The Java system you are enhancing needs an integration point to an external system to gain access to data stored in a database. The application uses an open database connectivity data source to access data. What do you use to connect to the database ?

A. XML over HTTP
B. RPC-style SOAP
D. JDBC-ODBC bridge driver

Correct Answer: D

58. Java Connector Architecture (JCA) as a technology solution addresses certain needs for your Java applications. What is the best description of a JCA solution. ?

A. asynchronuous message-based interfaces
B. integration of slow responders in a loosely-coupled way
C. access tightly-coupled business logic of legacy systems
D. integration of systems/components and guaranteing message delivery

Correct Answer: C

59. Your client is interested in the benefits or integration with an external system using RMI-IIOP, RMI-JRMP, and CORBS for external inegration. What should you tell your client?

A. An RMI-JRMP client can call a CORBA server.
B. A CORBA client can call an RMI_JRMP server.
C. An RMI-JRMP client can call an RMI_IIOP server.
D. A CORBA client CANNOT call an RMI-IIOP server.

Correct Answer: C

60. Your online e-commerce application has a message driven bean (MDB) that calls an email server. Which statement about invoking the MDB is true?

A. The client can access the MDB directly.
B. The client accesses the MDB using an interface.
C. A message driven bean is simply a JMS message provider.
D. A JMS message is sent to the destination to which the MDB is listening.

Correct Answer: A

61. SOAP was selected as an integration technology for the flexibility of messaging styles it supports (in particular, how an XML payload can be presented in a SOAAP message). Which message style statement is correct?

A. The body of an RPC-style SOAP message cannot be a literal message.
B. The XML payload for a document-style message cannot be an encoded message.
C. The XML payload for RPC and document-style messages guarantee XML payload delivery.
D. An RPC-style message has the XML payload wrapped inside an operation element in a SOAP body

Correct Answer: D

62. As part or you Java application, you are required to integrate with an external system that has a Java web service. Tha java web service is using synchronous communication and exposes several methods with varying method signatures. Which technology do you use for this solution?


Correct Answer: B

63. Your company is going through an extensive security audit and it has been identified that your internet-facing web site is vulnerable to SQL injection from authenticated users. Which two are appropriate for mitigating this threar? (Choose two.)

A. Using security roles in the deployement descriptor
B. In stored procedures called with prepared statements
C. Adding an intercepting validation filter to your syste,
D. Requiring SSL in the deployement descriptor transport guarantee.

Correct Answers: B, C.

64. Your competitor is trying to crash your web site by using various Denial of Service attacks. Which two flaws should you protect against for this specific threat? (Choose two.)

A. SQL injection
B. buffer overflow
C. Man in the middle
D. session hijacking
E. weak password exploits

Correct Answers: A, B

65. Which is an appropriate technique for minimizing the consequences of a successful attack?

A. Input validation
B. Principle of least privilege
C. Encryption os wire transmissions
D. Use of strong/two-factor authentication

Correct Answer: B

66. What is the appropriate location to configure a JSP based application to require secure communication between a broswer and particular resources?

A. In the application code
B. In the business-tier code
C. In the broswer configuration
D. In the deployement descriptor
E. In the web server configuration

Correct Answer: D.

67. Service methodA(), implemented in a session bean, performs a highly sensitive operation. This operation must be available in limited ways to low privilege users to support a low sensitivity operationB()

Which approach addresses the requirements most securely?
A. mark the methodA() as accessible to all necessary roles
B. mark the methodA() as accessible to all appropriate roles, and use the programmatic security model to impose the necessary additional restrictions
C. mark the methodA() as accessible to all appropriate roles, and use the deployment desciptor to indicate the conditions under which each role can invoke the high priority method
D. mark methodA() as accessible only to a special role, then use a run-as element to invoke A() from B(); before making the call to A(), B() checks that conditions are appropriate for the call

Correct Answer: D.