1. Definitely wrong. The bean provider adds the initial env-entries to the descriptor. The application assembler modifies their values. I'd argue that there isn't a deployer responsibility here at all, at least not from the standpoint of being examined on the spec. From a software engineering workflow standpoint, yes, it would be good for the deployer to know what was supposed to be in the descriptor, and throw the ejb-jar back in the lap of the application assembler if something is missing, but the spec isn't
testing us on our ideas for ways to create a deployment workflow with appropriate safeguards. The exam simply wants us to know the conceptual responsibilities of the various roles.
2 Definitely wrong. The bean gets the environment values via JNDI, not via the deployment descriptor. The container uses the deployment descriptor to populate the bean's private JNDI context, but the bean is oblivious to how that is done.