HFSJ Mock Exam 1.5 Errata Discussion

Your web application has a valid dd with a single <security-constraint> tag.
Within this tag exists:
- a single http method that declares GET
All of the resources in your application exist within directory1 and directory2 and the only defined roles are BEGINNER and EXPERT.
If you want to restrict BEGINNERs from using resources in directory2, which are true about the url and role tag(s) you should declare? (Choose all that apply.)
A. A single url tag should declare directory1 and a single role tag should declare EXPERT.
B. A single url tag should declare directory2 and a single role tag should declare EXPERT.
C. A single url tag should declare directory1 and a single role tag should declare BEGINNER.
D. A single url tag should declare directory2 and a single role tag should declare BEGINNER.
E. One url tag should declare ANY and its role tag should declare EXPERT, and another url tag should declare directory2 and its role tag should declare BEGINNER.
F. One url tag should declare both directories, and its role tag should declare EXPERT, and another url tag should declare directory1 and its role

Answer Given : D, Answer Shoild be: B

since if we mention any role in the <auth-constratint>, the role is allowd to make the request and others are not. Same way here, if ansder D is true, then Beginner would be able to make request.

Please correct me If I got the answer wrong?

I agree with you on this. It should be B not D. Many answers in final mock exam of HFSJ 1.5 is debatable and open to interpretation. I would love to list all the questions but it might take few hrs of work. Please do not rely on the answers given. If you have any doubt try to build your own code to test the answer and also refer to JSP and J2EE specs for clarification.

Next Question 58:

Your Java EE web application is gaining in popularity and you decide to add a second server to support the volume of client requests. Which are true about the migration of a session from one server to the other? (Choose all that apply.)
A. Such migrations are not possible within a session.
B. When a session is migrated, its HttpSession goes with it.
C. When a session is migrated, its ServletContext goes with it.
D. When a session is migrated, its HttpServletRequest goes with it.
E. If an object is added using HttpSession.setAttribute, the object must be Serializable in order to be migrated from one server to the other.
F. If an object is added using HttpSession.setAttribute, and the object�s class has implemented Serializable.readObject and Serializable.writeObject, and the session is migrated, the container will invoke these readObject and writeObject methods.
G. If a session attribute implements HttpSessionActivationListener, the container�s only requirement is to notify listeners once the session has been activated on the new server

Answer Given is : B and E,

But option E is debatble : because as per HFSJ page - 260: "make sure your attribute class types are Serializable and you never have to worry about it.But if they�re not Serializable (which could be because one of the attribute object�s instance variables is not Serializable), have your attribute object class implement HttpSessionActivationListener and use the activation/passivation callbacks to work around it"

So object must be serializable doesn't holds true according to the comment?

Please make your statements...

Thanks
Amit

Amit Prakash Singh wrote:Your web application has a valid dd with a single <security-constraint> tag.
Within this tag exists:
- a single http method that declares GET
All of the resources in your application exist within directory1 and directory2 and the only defined roles are BEGINNER and EXPERT.
If you want to restrict BEGINNERs from using resources in directory2, which are true about the url and role tag(s) you should declare? (Choose all that apply.)
A. A single url tag should declare directory1 and a single role tag should declare EXPERT.
B. A single url tag should declare directory2 and a single role tag should declare EXPERT.
C. A single url tag should declare directory1 and a single role tag should declare BEGINNER.
D. A single url tag should declare directory2 and a single role tag should declare BEGINNER.
E. One url tag should declare ANY and its role tag should declare EXPERT, and another url tag should declare directory2 and its role tag should declare BEGINNER.
F. One url tag should declare both directories, and its role tag should declare EXPERT, and another url tag should declare directory1 and its role

Answer Given : D, Answer Shoild be: B

since if we mention any role in the <auth-constratint>, the role is allowd to make the request and others are not. Same way here, if ansder D is true, then Beginner would be able to make request.

Please correct me If I got the answer wrong?

Sorry to open an old thread...but I feel even B is not the right answer as BEGINNER will still be able to access resources in directory2 using HTTP methods other than GET..Please correct me if I'm wrong.

sridhar row wrote:
Sorry to open an old thread...but I feel even B is not the right answer as BEGINNER will still be able to access resources in directory2 using HTTP methods other than GET..Please correct me if I'm wrong.

That's very true. BEGINNER can use other HTTP methods to access the resource. I think the question maker left out something in it by mistake.

Amit Prakash Singh wrote:
But option E is debatble : because as per HFSJ page - 260: "make sure your attribute class types are Serializable and you never have to worry about it.But if they�re not Serializable (which could be because one of the attribute object�s instance variables is not Serializable), have your attribute object class implement HttpSessionActivationListener and use the activation/passivation callbacks to work around it"

So object must be serializable doesn't holds true according to the comment?

E is not debatable, it IS wrong. Option B is the only correct answer.