March 2008
Intermediate to advanced
911 pages
20h 31m
English
Which security mechanisms always operate independently of the transport layer? (Choose all that apply.)
(servlet spec: chap 12 )
| A. | authorization |
| B. | data integrity |
| C. | authentication |
| D. | confidentiality |
-Option A is correct. Authorization operates completely within the container once authentication has occurred. Authentication can affect the transport layer based on how the <auth-method> element is set.
Given a deployment descriptor with three valid <security-constraint> elements, all constraining web resource A, whose respective <auth-constraint> sub-elements are:
(servlet spec: 12.8.1)
<auth-constraint> <role-name>Bob</role-name> </auth-constraint> <auth-constraint/> <auth-constraint> <role-name>Alice</role-name> </auth-constraint>
Who can access resource A?
| A. | no one |
| B. | anyone |
C. | only Bob | |
D. | only Alice | |
E. | only Bob and Alice | |
F. | anyone but Bob or Alice |
-Option A is correct. The ...
Read now
Unlock full access