this is question from marcus green mock exam I .
what i know is that an empty <auth-constraint/> is the final word which allows nobody to access the specified resource.
is there any effect of multiple <security-constraint> declaration.???
to avoid ambiguity while typing i an attaching the screen shot of the question.