EPractice Lab mock exam 5 question 47 about authentication
posted 7 months ago
47.What is true about Java EE authentication mechanisms? (Choose one)
A. If your deployment descriptor correctly declares an authentication type of CLIENT_CERT, your users must have a certificate from an official source before they can use your application.
B. If your deployment descriptor correctly declares an authentication type of BASIC, the container automatically requests a user name and password whenever a user starts a new session.
C. If you want your web application to support the widest possible array of browsers, and you want to perform authentication, the best choice of Java EE authentication mechanisms is DIGEST.
D. To use Java EE form authentication, you must declare two HTML files in your deployment descriptor and you must use a pre-denfined action in the HTML file that handles your user's login.
Given answer : D
To use Java EE form authentication, you must declare two HTML files (login and login error) in your deployment descriptor, and you must use a predefined action in the HTML file that handles your users' login.
I think the options can be A, B or D.
For A, the client presents its certificate from a trust source like VeriSign to the server to authenticate itself.