You have been contracted to create a web site for a free dating service. One feature is the ability for one client to send a message to another client, which is displayed in the latter client's private page. Your contract explicitly states that security is a high priority. Therefore, you need to prevent cross-site hacking in which one user inserts JavaScript code that is then rendered and invoked when another user views that content. Which two JSTL code snippets will prevent cross-site hacking in the scenario above? (Choose two.)
A.
B.
C.
D.
E.
A custom tag is defined to take three attributes. Which two correctly invoke the tag within a JSP page? (Choose two.)
A.
B.
C.
D.
E.
F.
G.
Which two statements are true about the security-related tags in a valid Java EE deployment descriptor? (Choose two.)
A. Every
B. A
C. A given
D. A given
E. It is possible to construct a valid
Which element of a web application deployment descriptor
A.
B.
C.
D.
E.
Which two are required elements for the
A.
B.
C.
D.
E.
Given:
3.
class MyServlet extends HttpServlet {
4.
public void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
5.
// servlet code here ...
26.
}
27.
}
If the DD contains a single security constraint associated with MyServlet and its only
Which four requests would be allowed by the container? (Choose four.)
A. A user whose role is Admin can perform a PUT.
B. A user whose role is Admin can perform a GET.
C. A user whose role is Admin can perform a POST.
D. A user whose role is Member can perform a PUT.
E. A user whose role is Member can perform a POST.
F. A user whose role is Member can perform a GET.
What is true about Java EE authentication mechanisms?
A. If your deployment descriptor correctly declares an authentication type of CLIENT_CERT, your users must have a certificate from an official source before they can use your application.
B. If your deployment descriptor correctly declares an authentication type of BASIC, the container automatically requests a user name and password whenever a user starts a new session.
C. If you want your web application to support the widest possible array of browsers, and you want to perform authentication, the best choice of Java EE authentication mechanisms is DIGEST.
D. To use Java EE FORM authentication, you must declare two HTML files in your deployment descriptor, and you must use a predefined action in the HTML file that handles your user's login.
Which two statements are true about using the isUserInRole method to implement security in a Java EE application? (Choose two.)
A. It can be invoked only from the doGet or doPost methods.
B. It can be used independently of the getRemoteUser method.
C. Can return "true" even when its argument is NOT defined as a valid role name in the deployment descriptor.
D. Using the isUserInRole method overrides any declarative authentication related to the method in which it is invoked.
E. Using the isUserInRole method overrides any declarative authorization related to the method in which it is invoked.
Given an HttpServletRequest request and an HttpServletResponse response:
41.
HttpSession session = null;
42.
// insert code here
43.
if(session == null) {
44.
// do something if session does not exist
45.
} else {
46.
// do something if session exists
47.
}
To implement the design intent, which statement must be inserted at line 42?
A. session = response.getSession();
B. session = request.getSession();
C. session = request.getSession(true);
D. session = request.getSession(false);
E. session = request.getSession("jsessionid");
You need to store a floating point number, called Tsquare, in the session scope. Which two code snippets allow you to retrieve this value? (Choose two.)
A. float Tsquare = session.getFloatAttribute("Tsquare");
B. float Tsquare = (Float) session.getAttribute("Tsquare");
C. float Tsquare = (float) session.getNumericAttribute("Tsquare");
D. float Tsquare = ((Float) session.getAttribute.("Tsquare")).floatValue();
E. float Tsquare = ((Float) session.getFloatAttribute.("Tsquare")).floatValue;
F. float Tsquare = ((Float) session.getNumericAttribute.("Tsquare")).floatValue;
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Oracle exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 1Z0-858 exam preparations and Oracle certification application, do not hesitate to visit our Vcedump.com to find your solutions here.