GIAC Secure Software Programmer - Java (GSSP-JaVa) Free Practice Test

Question 1

Which of the following declarations are the valid declaration for the <security-constraint> element?
Each correct answer represents a complete solution. Choose all that apply.

A. <security-constraint>
<web-resource-collection>
<web-resource-name>AccountServlet</web-resource-name>
<url-pattern>/acme/Account</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Accountant</role-name>
</auth-constraint>
</security-constraint>

B. <security-constraint>
<web-resource-collection>
<web-resource-name>AccountServlet</web-resource-name>
<url-pattern>/acme/Account</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Accountant</role-name>
</auth-constraint>
</security-constraint>

C. <security-constraint>
<web-resource-collection>
<web-resource-name>AssistantServlet</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Assistant</role-name> <http-method>GET</http-method> <http-method>PUT</http-method> </auth-constraint> </security-constraint>

D. <security-constraint>
<web-resource-collection>
<web-resource-name>AssistantServlet</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Assistant</role-name>
</auth-constraint>
</security-constraint>

E. <security-constraint>
<auth-constraint>
<role-name>Assistant</role-name>
</auth-constraint>
</security-constraint>

Correct Answer: A,B,D

Question 2

You work as an Application Deployer for UcTech Inc. You want to configure a filter for a Web application using the deployment descriptor. Which of the following attributes are mandatory for you to implement in order to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

A. <init-param>

B. <display-name>

C. <filter-class>

D. <filter-name>

Correct Answer: C,D

Question 3

Which of the following are the main basic difference between the POST and PUT request?
Each correct answer represents a complete solution. Choose all that apply.

A. The URI in a PUT request identifies the resource that will handle the enclosed entity.

B. The URI in a PUT request identifies the entity enclosed with the request and the user agent knows what URI is intended and the server MUST NOT attempt to apply the request to some other resource.

C. The PUT request does not have a corresponding doXXX method in the HttpServlet class. However, POST have a corresponding doXXX method in the HttpServlet class.

D. The URI in a POST request identifies the resource that will handle the enclosed entity.

Correct Answer: B,D

Question 4

Which of the following rules must be followed while determining a class loader?
Each correct answer represents a complete solution. Choose all that apply.

A. A new instance of the AppletClassLoader is used while loading the first class of an applet.

B. A new instance of the URLClassLoader is used while loading the first class of an application.

C. If the request to load a class is triggered by a reference to it from an existing class, the class loader for the existing class is asked to load the class.

D. The primordial class loader is used if java.lang.Class.ForName is directly called.

Correct Answer: A,B,C,D

Question 5

Which of the following methods performs the authentication of subject and, if successful, associates Principals and Credentials with the authenticated Subject?

A. The login() method of the LoginModule interface

B. The getSubject() method of the LoginContext class

C. The login() method of the LoginContext class

D. The initialize() method of the LoginModule class

Correct Answer: C

Question 6

Which of the following statements about a native modifier in Java are true?
Each correct answer represents a complete solution. Choose two.

A. It can be applied only to variables.

B. It can be applied to methods and variables.

C. It can be applied only to methods.

D. A separate Java class must be written to provide implementation for a native method.

E. A method with a native modifier must end with a semicolon.

Correct Answer: C,E

Question 7

John works as a Software Developer for VenTech Inc. He writes the following code using Java.
public class vClass extends Thread { public static void main(String args[]) { vClass vc=new vClass(); vc.run(); } public void start() { for(int k=0;k<20;k++) { System.out.println("The value of k = "+k); } }
}
What will happen when he attempts to compile and execute the application?

A. The application will compile successfully and the values from 0 to 19 will be displayed as the output.

B. A compile-time error will occur indicating that no run() method is defined for the Thread class.

C. A runtime error will occur indicating that no run() method is defined for the Thread class.

D. The application will compile successfully but will not display anything as the output.

Correct Answer: D

Question 8

Which of the following exceptions will be thrown if the name parameter is null in the constructor of AuthPermission?

A. IllegalArgumentException

B. IllegalStateException

C. ClassNotFoundException

D. NullPointerException

Correct Answer: D

Question 9

Which of the following statements correctly describe the features of the singleton pattern?
Each correct answer represents a complete solution. Choose all that apply.

A. The behavior of a singleton can be obtained by static fields and methods such as java.lang.Math.sin(double).

B. A singleton class may disappear if no object holds a reference to the Singleton object, and it will be reloaded later when the singleton is needed again.

C. Singletons are used to control object creation by limiting the number to one but allowing the flexibility to create more objects if the situation changes.

D. Singletons can only be stateless, providing utility functions that need no more information than their parameters.

Correct Answer: A,B,C

Question 10

Which of the following keywords is used to throw an exception object inside a method?

A. finally

B. assert

C. throws

D. throw

E. final

F. catch

Correct Answer: D

Question 11

Which of the following functions are performed by methods of the
HttpSessionActivationListener interface?
Each correct answer represents a complete solution. Choose all that apply.

A. Notifying the object when it is unbound from a session.

B. Notifying an attribute that a session is about to migrate from one JVM to another.

C. Notifying the object when it is bound to a session.

D. Notifying an attribute that a session has just migrated from one JVM to another.

Correct Answer: B,D

Question 12

You work as a Software Developer for UcTech Inc. You create a session using the HttpSession interface. You want the attributes to be informed when the session is moved from one JVM to another and also when an attribute is added or removed from the session. Which of the following interfaces can you use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

A. HttpSessionListener

B. HttpSessionActivationListener

C. HttpSessionBindingListener

D. HttpSessionAttributeListener

Correct Answer: B,D

Question 13

Which of the following is a Permission class whose permissions have no actions, and allows suppressing the standard Java programming language access checks?

A. java.lang.reflect.ReflectPermission

B. java.awt.RuntimePermission

C. java.lang.AllPermission

D. java.security.SecurityPermission

Correct Answer: A

Question 14

CORRECT TEXT
Fill in the______blank with the required interface name to complete the statement below.
An object of the interface is provided by the container to invoke the next filter in a chain of filters.

Correct Answer:

FilterChain

Welcome to TestSimulate

GIAC Secure Software Programmer - Java (GSSP-JaVa) Free Practice Test