GIAC GSSP-Java today updated questions - Verified by GIAC Experts

GIAC Secure Software Programmer – Java Questions and Answers

Question 1

Which of the following statements about a filter are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

Like a servlet, a filter is also declared in the deployment descriptor.

The life cycle of a filter is managed by the container.

The life cycle of a filter has three methods, namely init(), service(), and destroy().

Every filter must implement the Filter interface.

Question 2

Peter works as a Software Developer for Neon Inc. He is developing an application in Java. He declares an interface. Which of the following field declarations are valid within the body of an interface?

Each correct answer represents a complete solution. Choose three.

Options:

final static int answer=42;

public static int answer = 42;

private final static int answer=42;

public int answer=42;

int answer;

Question 3

Which of the following methods can be invoked by a message-driven bean?

Each correct answer represents a complete solution. Choose all that apply.

Options:

MessageDrivenContext.isCallerInRole()

MessageDrivenContext.getUserTransaction()

MessageDrivenContext.getEJBHome()

MessageDrivenContext.getRollbackOnly()

Question 4

Which of the following code fragments will compile without error?

Each correct answer represents a complete solution. Choose all that apply.

Options:

boolean a = false;

if(a)

System.out.println(a);

int a = 10;

if(a != 10)

System.out.println(a);

int a = 0;

if(a)

System.out.println(a);

boolean a = true;

if(!a);

Question 5

Which of the following are correct if LoginContext enforces the requisite flag to each LoginModule in the configuration file?

Each correct answer represents a complete solution. Choose all that apply.

Options:

If LoginModule succeeds, authentication continues down the LoginModule list.

If LoginModule succeeds or fails, authentication still continues to proceed down the LoginModule list.

The LoginModule is required to succeed.

If LoginModule fails, control immediately returns to the application (authentication does not proceed down the LoginModule list).

Question 6

Which of the following are the advantages of JAR files over TAR files?

Each correct answer represents a complete solution. Choose all that apply.

Options:

It cannot be digitally signed.

It provides package sealing.

It can be compressed.

It provides package versioning.

Question 7

Which of the following methods of the java.util.logging package logs a message, specifying source class and method, with associated Throwable information?

Options:

logrb

log

logp

logth

Question 8

Which of the following methods is defined by ObjectOutputStream?

Options:

char readChar()

int readInt()

void write(byte buffer[])

int available()

Question 9

Mark works as a Programmer for InfoTech Inc. He develops a program that defines a class named Inventory that has an instance variable named NumOfItems. Which of the following properties will be applied by NumOfItems?

Each correct answer represents a complete solution. Choose all that apply.

Options:

It will not be visible in Static methods if it passed as a parameter.

It will be visible in Static methods if it passed as a parameter.

It will be available for all the instance methods of the class.

It becomes available for garbage collection if it is no longer in scope.

Question 10

Which of the following declarations are the valid declaration for the element?

Each correct answer represents a complete solution. Choose all that apply.

Options:

AccountServlet

/acme/Account

GET

PUT

<auth-constraint>

Accountant

</auth-constraint>

AssistantServlet

GET

PUT

<auth-constraint>

Assistant

</auth-constraint>

AccountServlet

/acme/Account

<auth-constraint>

Accountant

</auth-constraint>

<auth-constraint>

Assistant

</auth-constraint>

AssistantServlet

<auth-constraint>

Assistant

GET

PUT

</auth-constraint>

Question 11

Mark works as a Programmer for InfoTech Inc. He develops the following deployment descriptor code for specifying the security roles for a Web application.

Manager

Admin

Member

Which of the following are the valid <auth-constraint> element that will allow the users to access resources constrained by the security role declared given above?

Each correct answer represents a complete solution. Choose all that apply.

Options:

<auth-constraint>

</auth-constraint>

<auth-constraint/>

<auth-constraint>

Admin

Manager

</auth-constraint>

<auth-constraint>

admin

</auth-constraint>

<auth-constraint>

Admin

</auth-constraint>

<auth-constraint>

Manager

</auth-constraint>

Question 12

Mark works as a Programmer for InfoTech Inc. He develops an application named JavaServices. He wants to declare a security constraint that will restrict everything in the com/files directory so that security role of Admin can invoke any http methods on the resources. Which of the following element declarations will be used to accomplish the task?

Options:

JavaServices

com/files

<auth-constraint>

Admin

</auth-constraint>

JavaServices

com/files/*

Admin

JavaServices

com/files/*

<auth-constraint>

Admin

</auth-constraint>

JavaServices

com/files/*

<auth-constraint>

Admin

</auth-constraint>

Question 13

You work as a Software Developer for UcTech Inc. You want to ensure that a class is informed whenever an attribute is added, removed, or replaced in a session. Which of the following is the event that you will use to accomplish the task?

Options:

HttpSessionEvent

HttpSessionAttributeEvent

HttpAttributeEvent

HttpSessionBindingEvent

Question 14

Mark works as a Programmer for InfoTech Inc. He develops the following code for a Web application named JavaSecurity Application.

A JavaSecurity Application

...

Manager

Admin

Programmer

Admin

Employee

Which of the following will be the action of the container if the request is HttpServletRequest, and request.isUserInRole("Admin"); has been called in a servlet code?

Options:

The container will throw a system exception.

The container will return true.

The container will throw an application exception.

The container will return false.

Question 15

You work as a Programmer for InfoTech Inc. You develop two html pages named authenticate.jsp and error.jsp, which are deployed directly at the root of the Web application named Authentication. Which of the following deployment descriptor code declarations will be used to ensure that the error.jsp page will be displayed automatically if the client is not authenticated?

Options:

<auth-method>FORM</auth-method>

<form-login-config>

<form-login-page>/authenticate.jsp

<form-error-page>/error.jsp

<auth-method>FORM</auth-method>

/authenticate.jsp

<form-error-page>/error.jsp

<auth-constraint>

<auth-method>FORM</auth-method>

/authenticate.jsp

<form-error-page>/error.jsp

</auth-constraint>

<auth-method>FORM</auth-method>

<form-login-page>/authenticate.jsp

/error.jsp

Question 16

Which of the following statements is true?

Options:

All UTF characters are eight bits long.

All UTF characters are all sixteen bits long.

All UTF characters are twenty four bits long.

All bytecode characters are sixteen bits long.

All unicode characters are sixteen bits long.

Question 17

Which of the following are valid method signatures of the getInstance() method of the Policy class?

Each correct answer represents a complete solution. Choose all that apply.

Options:

getInstance(ProtectionDomain domain)

static Policy getInstance(String type, Policy.Parameters params, Provider provider)

getInstance(String type, Policy.Parameters params)

static Policy getInstance(String type, Policy.Parameters params, String provider)

Question 18

The following JSP scriptlet is given.

<% response.setContentType("text/html; charset=ISO-8859-1"); %>

Which of the following directives is the equivalent directive for the scriptlet given above?

Options:

<%@ include contentType="text/html; pageEncoding=ISO-8859-1" %>

<%@ include contentType="text/html; charset=ISO-8859-1" %>

<%@ page contentType="text/html; charset=ISO-8859-1" %>

<%@ taglib contentType="text/html; pageEncoding=ISO-8859-1" %>

Question 19

You have created a Java application that will retrieve and insert data into a database table. Which of the following objects will you use to pass the JDBC Driver to obtain a connection to the database server?

Options:

DriverManager

ResultSet

Connection

Statement

Question 20

Sam works as a Software Developer for Gentech Inc. He writes the following code.

1. class TryFinallyTest {

2. public static void main(String[] args) {

3. try {

4. int i=15/0;

5. System.out.println("Testing Try");

6. }

7. catch(ArithmeticException ae) {

8. System.out.println("Arithmetic exception");

9. }

10. System.out.println("Correct");

11. finally {

12. System.out.println("Must execute");

13. }

14. }

15. }

What will happen when he attempts to compile and execute the code?

Options:

It will compile successfully and run with output Arithmetic exception.

It will compile successfully and run with output Must execute.

It will compile successfully and run with output Correct.

It will give a compile-time error.

Question 21

Mark works as a Programmer for InfoTech Inc. He develops a deployment descriptor code that contains three valid

elements.

All of them constraining a Web resource Res1, the

<auth-constraint> sub-element of the

elements are as follows.

<auth-constraint>Admin</auth-constraint>

<auth-constraint>Manager</auth-constraint>

<auth-constraint/>

Which of the following can access the resource Res1?

Options:

Only Manager can access the resource.

No one can access the resource.

Everyone can access the resource.

Only Admin can access the resource.

Question 22

Which of the following statements about programmatic security are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

The bean provider is responsible for writing code for programmatic security.

It is also called as instance level security.

It is implemented using methods of the EJBContext interface.

It is implemented using the methods of the UserTransaction interface.

Question 23

Which of the following methods of the EJBContext interface can be called by both the BMT and CMT beans?

Each correct answer represents a complete solution. Choose all that apply.

Options:

getCallerPrincipal()

getRollbackOnly()

getUserTransaction()

isCallerInRole()

Question 24

Mark works as a Programmer for InfoTech Inc. He develops a session bean class named

accountService. Which of the following rules must be conformed by the session bean class?

Each correct answer represents a complete solution. Choose all that apply.

Options:

It can be used without the @Stateful or @Stateless annotation.

It must implement the business methods defined in the business interface.

It can implement any optional business method annotated by the @Remove annotation.

It must have a public constructor that takes a string as its parameter.

It requires helper classes to meet the needs of an application.

Question 25

Which of the following code is used to create an object of security manager?

Options:

SecurityManager appsm = getClassContext();

SecurityManager appsm = System.getSecurityDescriptor();

SecurityManager appsm = System.getSecurityManager();

SecurityManager appsm = getSecurityContext();

Question 26

Which of the following are marker interfaces?

Each correct answer represents a complete solution. Choose all that apply.

Options:

The Clonable interface

The Serializable interface

The Comparable interface

The Runnable interface

Question 27

Which of the following rules must be followed while determining a class loader?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A new instance of the AppletClassLoader is used while loading the first class of an applet.

If the request to load a class is triggered by a reference to it from an existing class, the class loader for the existing class is asked to load the class.

A new instance of the URLClassLoader is used while loading the first class of an application.

The primordial class loader is used if java.lang.Class.ForName is directly called.

Question 28

The following JSP scriptlet is given.

<% response.setContentType("text/html; charset=ISO-8859-1"); %>

Which of the following directives is the equivalent directive for the scriptlet given above?

Options:

<%@ include contentType="text/html; pageEncoding=ISO-8859-1" %>

<%@ include contentType="text/html; charset=ISO-8859-1" %>

<%@ page contentType="text/html; charset=ISO-8859-1" %>

<%@ taglib contentType="text/html; pageEncoding=ISO-8859-1" %>

Question 29

Maria works as a Software Developer for Bluetech Inc. She develops a class named Warden that needs to access a class named Hostel, which is deployed in a JAR named City.JAR. What will she do in order to enable the Warden class to have access to the Hostel class during compilation?

Options:

She will place the JAR file in javaprog/City.JAR and set the class path environment to include javaprog/City.JAR/Warden.class.

She will place the JAR file in javaprog/City.JAR and set the class path environment to include javaprog/City.JAR/Hostel.class.

She will place the JAR file in $ JAVA_HOME/jre/lib/ext/City.JAR.

She will place the JAR file in $ JAVA_HOME/jre/classes/City.JAR.

Question 30

Which of the following JAR file options is used for creating an archive?

Options:

-v

-u

-x

-c

Question 31

You work as a programmer for PassGuide.Inc. You have a session object named session1 with an attribute named Attribute1, and an HttpSessionBindingEvent object binding1 bound to session1.

Which of the following will be used to retrieve Attribute1?

Each correct answer represents a complete solution. Choose all that apply.

Options:

Object obj=binding1.getSession().getAttribute("Attribute1");

Object obj=binding1.getAttribute("Attribute1");

Long MyAttribute=session1.getAttribute("Attribute1");

String str1=session1.getAttribute("Attribute1");

Object obj=session1.getAttribute("Attribute1");

Question 32

Identify whether the given statement is true or false.

"An object becomes eligible for garbage collection when it becomes unreachable by any code."

Options:

False

True

Question 33

Which of the following exceptions will be thrown if a cipher is in decryption mode but the decrypted data is not bounded by the appropriate bytes?

Options:

IllegalArgumentException

ShortBufferException

ReadOnlyException

BadPaddingException

Question 34

The __________ interface accepts results from a SQL SELECT statement.

Options:

Connection

PreparedStatement

DatabaseMetaData

ResultSet

Question 35

Which of the following methods reinitializes the logging properties?

Options:

reset

addlogger

reinitialize

readConfiguration

Question 36

Identify whether the given statement is true or false.

"JAR files can be used while compiling but not while executing other files."

Options:

False

True

Question 37

Identify whether the given statement is true or false.

"There is no method to create a new thread other than extending the Thread class."

Options:

True

False

Question 38

You have written the following code snippet.

1. public class Read {

2. protected int ReadText(int x) { return 0; }

3. }

4. class Text extends Read {

5. /*insert code here*/

6. }

Which of the following methods, inserted independently at line 5, will compile?

Each correct answer represents a complete solution. Choose all that apply.

Options:

private int ReadText(long x) { return 0; }

protected long ReadText(int x, int y) { return 0; }

protected long ReadText(long x) { return 0; }

protected int ReadText(long x) { return 0; }

private int ReadText(int x) { return 0; }

public int ReadText(int x) { return 0; }

protected long ReadText(int x) { return 0; }

Question 39

Which of the following exceptions will be thrown if the commit() method fails?

Options:

DestroyFailedException

NullPointerException

LoginException

SecurityException

Question 40

Which of the following statements are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

An inner class cannot be defined as private.

An inner class cannot be defined as protected.

An inner class can be defined as private.

An inner class can extend another class.

Load More GSSP-Java Questions

Winter Sale Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

GIAC GSSP-Java GIAC Secure Software Programmer – Java Exam Practice Test

GIAC Secure Software Programmer – Java Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options: