Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

mutiple choice questions regarding security in SCEA-1

 
aruna sydu
Ranch Hand
Posts: 98
MyEclipse IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I got the below questions from one of the Blogs written in course of preparing for SCEA.
Please help me getting the most correct answer to this questions as I have problem figuring out.


Which is an appropriate technique for minimizing the consequences of a successful attack?

A. Input validation
B. Principle of least privilege
C. Encryption of wire transmissions
D. Use of strong/two-factor authentication


Your company is going through an extensive security audit and it has been identified that your internet-facing web site is vulnerable to SQL injection from authenticated users. Which two are appropriate for mitigating this threat? (Choose two.)

A. Using security roles in the deployment descriptor
B. In stored procedures called with prepared statements
C. Adding an intercepting validation filter to your system,
D. Requiring SSL in the deployment descriptor transport guarantee.




Thanks!
Aruna.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34839
369
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Questions were from http://mycollectivematerial.blogspot.com/.

What do you think the answer is. Also, the site gives a correct answer. What was it? Do you agree? Why or why not?
 
aruna sydu
Ranch Hand
Posts: 98
MyEclipse IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi Jeanne,

Please bear with me as I am not very good at security.

For first question the answer is B.Principle of least privilege.When I read the question I thought all of the choices are required for minimizing the consequences of a successful attack.

And the answer to second question is B and C , I absolutely agree with option C , however i could not understand why procedure should be introduced in the design to mitigate the threat.

Please clarify.

Thanks & Regards,
Aruna.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34839
369
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Aruna,
I agree with the sample answers.

For the first one, A/C/D reduce the chance of an attack. B reduces the impact of the attack one the user is in.

For the second one, B prevents SQL injection because binding variables are used instead of raw strings.
 
aruna sydu
Ranch Hand
Posts: 98
MyEclipse IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Thanks a lot Jeanne
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic