1. In a web application, is it better to handle security Declaratively or Programmatically?
I feel the generic answer should be Declaratively. However, as the question mentions specifically about security, I would answer programmatically. Setting the securities using the annotations makes sure they are not altered easily(unless a new jar is built and deployed).
Whizlabs says Declaratively. What is your opinion?
2. How many HTTP methods are there?
Whizlabs says 7. In my opinion answer is 9[ GET, POST, PUT, DELETE, TRACE, OPTIONS, HEAD, CONNECT, PATCH ]. What do you think?