Hi Ranchers,
I've seen this question has been asked before, but I still have one question on it.
So here's the question:
Your web application has a valid dd with a single <security-constraint> tag.
Within this tag exists:
-
a single http method that declares GET All of the resources in your application exist within directory1 and
directory2 and the only defined roles are BEGINNER and EXPERT.
If you want to restrict BEGINNERs from using resources in directory2, which are true about the url and role tag(s)
you should declare? (Choose all that apply.)
A. A single url tag should declare directory1 and a single role tag should declare EXPERT.
B. A single url tag should declare directory2 and a single role tag should declare EXPERT.
C. A single url tag should declare directory1 and a single role tag should declare BEGINNER.
D. A single url tag should declare directory2 and a single role tag should declare BEGINNER.
E. One url tag should declare ANY and its role tag should declare EXPERT,
and another url tag should declare directory2 and its role tag should declare BEGINNER.
F. One url tag should declare both directories, and its role tag should declare EXPERT, and another url tag should declare directory1 and its role tag should declare BEGINNER.
The correct answer is B. The exam question is asking to restrict BEGINNERs from using resources in directory2. So with the current setting, we are only restricting BEGINNERs from GET, then shouldn't BEGINNERs will allow to access through other http methods?