SCJEA Sample questions on Sun's site

Hi all,
I'm taking part 1 tomorrow, I should be ok but there are a couple of things that are bothering me. Of the 10 sample questions on Sun's web site two have dubious answers. The first is the one that ask's about the features of https. The answer says that it's Connection-based and secure. Ok, secure is a given, but what about connection-based. It's reasonable to say that http is connectionless as it does not retain state, but https uses a negotiated key for communication between endpoints. I wonder if this is why they say that https is connection-based. The trouble is, it's still http regardless of what happens at the transport layer.
Also question 10, says that the following statement is true:
"Classes loaded from a jarfile on a remote source can sometimes be trusted even if the jarfile is unsigned. "
This appears to be false at first, but it may just be a case of semantics. I've been trying to think of a case where this would be true but I've not had any luck. Anyon have any idea's (on either question).
Thanks
Amanda

Hi lazyvixen,
Please refer to the JavaRanch naming policy and re-register with a name that follows the guidelines outlined there.
Thanks,
John

Java ranch is so stupid on naming convention..when some is posting a question..and has got a EXAM..NEXT DAY..some guy reply to him..saying that naming policy should be followed.. inspite of understaning his urgency to get SOLUTION from guys who visit javaranch....
I dont see any reason..why some one should have a valid name...

[This message has been edited by John Wetherbie (edited February 04, 2001).]

Hi John,
I'm sorry, I made a mistake.
I absolutely respect the lists naming policy and have re-registered and re-posted.
Thanks for the polite pointer.
Amanda

Hi, Amanda.
Thanks for re-registering. Sorry I couldn't help with the questions you asked.
John

Desi Raj,
I can understand your frustration but I would ask that you express it without profanity in the future.
I didn't answer the questions because I don't know what the correct answers are. (I have passed the SCEA part I but did pretty poorly on the protocol and security sections.) I did mention the naming policy because that is part of my job as the moderator of this forum.
If you can help point her in the right direction it would be appreciated.
John

Ok. I could be totally wrong here, but maybe it will stimulate an answer or two.
1) Connection based in the sense that with HTTP you establish a socket connection to get the data?
2) unsigned jar used by remote machine in same domain area?

------------------
Michael Finney
Sun Certified Programmer for the Java 2 Platform
Sun Certified Developer for the Java 2 Platform

I don't know much about the first question, but note that it has been discussed here and here.
For the second question, I suppose that if you are confident that all the individuals who have write access to the remote machine are trustworthy, then you can trust the jar file even if it's unsigned. For example if the remote source is a machine owned and controlled by you, and only you have the password, then you might not bother signing a jar file that you place there. Circumstances like this may not be very common, but they can occur.
Good luck!
[This message has been edited by Jim Yingst (edited February 04, 2001).]