CSCI315 chp 12-20
Since this type of authentication does not automatically encrypt the username and password before sending them to the server, it is typically used over a secure connection.
-basic authentication -form-based authentication BOTH A AND B
To code a filter, you must
-code a class that implements the Filter interface -add a filter-mapping element to the web.xml file -add a filter element to the web.xml file ALL OF THE ABOVE
In a SQL injection attack, an attacker attempts to
-execute SQL statements against your database -modify data -delete data ALL OF THE ABOVE
To use a secure connection, you need to
-install a digital secure certificate on your web server -configure your web server so it defines a secure connection BOTH A AND B
You can use the ________________ method of the entity manager to insert, update, and delete data.
-persist -merge -remove ALL OF THE ABOVE
init, doFilter, and destroy methods
-the URL pattern that the filter should be used for -the servlet or servlets that the filter should be used for BOTH A AND B
SSL strength can depend on
-the strength provided by the certificate -the strength supported by the web server -the strength supported by the browser ALL OF THE ABOVE
A user can be associated with
-zero roles -one role -multiple roles ALL OF THE ABOVE
Which is a JPA implementation?
-Hibernate -EclipseLink -TopLink ALL OF THE ABOVE
Write the EL code for accessing the time property in an attribute named clock.
(${clock.time})
To specify the relationships between your business classes, you can use the ________________ annotation.
-@OneToMany -@ManyToOne -@OneToOne ALL OF THE ABOVE
To specify that a business class in an entity, you use the ________________ annotation.
@Entity
To specify the SQL type for the java.util.Date and java.util.Calendar types, you can use the ________________ annotation.
@Temporal
A company that issues and manages security credentials is called a/an
CA
To specify a named parameter in a JPQL query string, code a/an ________________ followed by the name of the parameter.
Colon (:)
To create a Statement object, you use one of the methods of the ________________ object.
Connection
The ____________________ provides a way to use connection pooling to access usernames, passwords, and roles that have been stored in a database.
DataSourceRealm
________________ don't use the get and set methods of the class to get and set the values of the fields. Instead they access the fields directly.
Field annotations
________________ use the get and set methods of the class to get and set the values of the fields.
Getter annotations
When you use form-based authentication, you can use ________________ to code the login form that's displayed when someone attempts to access a restricted resource.
HTML
The getSession method of the HttpSessionEvent class returns the ________________ object that was created or destroyed.
HTTPSession
For more serious web applications, the ________________ provides a way to access usernames, passwords, and roles that have been stored in a relational database.
JDBCRealm
________________ is a standard API for working with databases in Java that makes object-oriented data easier to work with than JDBC.
JPA
You can convert a business class to an entity by adding ________________ to the class.
JPA Annotations
________________ is an object-oriented query language defined as part of the JPA specification.
JPQL (Java persistence query language)
You can use a filter to do some processing before a requested servlet or __________________ is executed.
JSP
The ________________ API is a collection of Java classes that let you use secure connections within your Java programs by implementing a version of the SSL and TLS protocols.
Java Secure Socket Extension
The accept header in an HTTP request indicates the __________________________ types that are accepted by the browser.
MIME
To hash a string, you use the ________________ class.
MessageDigest
________________ is when you pass a message through an algorithm that produces a scrambled version of it that can't be reversed.
One-way hashing
_________________ is useful for encrypting things such as passwords, where there is no need for anyone to read the original value of the password.
One-way hashing
You can use a filter to do all but one of the following. Which one is it?
Provide initialization code when an application starts
To move the cursor through a result set, you can use the methods of the
ResultSet Object
To get information about a result set like the number of columns and names of the columns, you can use the methods of the
ResultSetMetaData Object
________________ encrypts data against a key, which can be used to decrypt the data at a later date when it needs to be read by a user.
Reversible Encryption
________________ prevents rainbow table attacks.
Salting
Which listener should you use to initialize variables when the web application is started for the first time?
ServletContextListener
Which listener must implement the sessionCreated and sessionDestroyed methods?
ServletSessionListener
_________________ are when an attacker attempts to gain unauthorized access to a system by tricking users rather than exploiting technical flaws.
Social engineering attacks
________________ is the successor to SSL, and it works similarly.
TLS
For simple web applications, the ________________ provides a quick and easy way to implement a realm.
UserDatabaseRealm
________________ attacks allow an attacker to inject JavaScript into your page.
XSS
When an application uses basic authentication,
a dialog box automatically prompts the user for a username and password
Connection pooling improves database performance because
a pool of connections are available for users of the application to share
Before a secure connection is established, the server uses a ________________ to authenticate itself.
a server certificate
The getXXX methods can be used to return ________________ of the eight primitve types.
all
The cookie header in an HTTP request provides
all cookies sent by the browser
The process of asking users to identify themselves before they can access restricted portions of a web site is referred to as _________________________.
authentication
The process of determining whether a server or client is who and what it claims to be is called ________________.
authentication
To salt a password, you append the salt value to the original password ________________ hashing it.
before
You can ________________ two or more filters together.
chain
To code a filter that executes code after a requested servlet is executed but before the response is returned to the client, you code all of the processing statements after you call the doFilter method of the ______________________ parameter.
chain, Filterchain
A/an ________________ occurs when two input strings hash to the same value.
collision
Most modern servlet containers such as Tomcat provide a built-in way to restrict access to certain parts of a web application. This is known as ________________.
container-managed security
Once you establish a secure connection, the application
continues to use a secure connection until an absolute URL specifies a non-secure connection
To get the cookies that are available from an HTTP request, you can use the getCookies method to work with the ___________________________ header.
cookie
Filters are ideal for addressing ________________, which are aspects of an application that cut across different parts of an application.
cross-cutting concerns
The process of taking readable data and changing it in some way so it is no longer readable as the original text is called _______________.
cryptography
Before you can use JDBC to connect to a database, you must make a/an ________________ available to your application.
database driver
When a secure connection is used, the data that's passed between client and server is ________________.
encrypted
All of the methods for a listener have a/an _______________ object as the sole parameter.
event
To retrieve a result set by executing a SELECT statement from a Statement object, you use the ________________ method of the Statement object.
executeQuery
To execute an INSERT statement from a Statement object, you use the ________________ method of the Statement object.
executeUpdate
Instead of using a dialog box to request the username and password, ________________ authentication uses a web form.
form-based
To create a Connection object in a web application, you use the ________________ method of the DriverManager class.
getConnection
What method is available from the ServletContextEvent object?
getServletContext()
The primary protocol that is used to transfer data between a browser and a server is
http
The URL that uses a secure connection to connect to www.company.com is ________________.
https://www.company.com
The Filter interface includes the
init, doFilter, and destroy methods
To create a listener, you must code a class that implements one of the listener ________________.
interfaces
To create a self-signed certificate, you need to create a/an ________________ file.
keystore
A/an ________________ is a class that listens for various events that can occur during the lifecycle of a web application.
listener
To create a listener, you must register the listener by adding a/an ________________ to the application's web.xml file.
listener element
A listener provides ________________ that are executed when specific events occur.
methods
When you use a wrapper class for the request or response of a filter, you can add new _____________________ to the request or response that is passed along the chain.
methods
Filters allow you to store code in a single location that can be applied to ________________ parts of an application.
multiple
You can code ________________ init-param element(s) for a single filter.
multiple
Which, if any, of the following statements is equivalent to this code: String type = request.getHeader("Content-Type");
none of the above
Creating a Student object from data that's stored in a Student table in a database is a partial implementation of ________________ mapping.
object-relational
To specify the location of a/an ________________ in the SQL statement for a prepared statement, you type a question mark (?) in the SQL statement.
parameter
JPQL uses ________________ expressions to refer to the fields of an entity.
path
To improve the performance of database operations, an application can use a connection ________________.
pool
One technique that can help prevent SQL injection attacks is to use ________________ statements.
prepared
When a browser makes an initial attempt to communicate with a server over a secure connection, the server authenticates itself by
providing a digital secure certificate to the client
Educating your users about password strength and the dangers of giving out information to unknown persons can help prevent
rainbow table attack
An interface that's used to authenticate users so they can access web resources that have been restricted is called a
realm
After the first line of a request, the browser sends ________________ that give information about the browser and its request.
request headers
The line in an HTTP request that specifies the request method, the URL of the request, and the version of HTTP is the
request line
To control how a browser caches a page, you would set the cache-control header in the ___________________________ object.
response
To get data from a result set, you use the get methods of the ________________ object.
resultSet
A/an ________________ is a random string that's appended to a password.
salt
SSL (Secure Sockets Layer) is an older protocol used by the Internet that lets clients and servers communicate over a ________________.
secure connection
To restrict access to a web resource, you add a ______________ element to the web.xml file.
security-constraint
A ________________ digital secure certificate enables you to test SSL connections in a local environment without purchasing a secure certificate.
self-signed
A type of digital secure certificate issued to a trusted server so client computers can connect to them using secure connections is called a/an ___________________.
server certificate
A status code of 500 informs the user that the
server encountered a problem
You can write a class that can tell when a/an ________________ is created or destroyed by implementing the HttpSessionListener.
session object
If ps is a PreparedStatement object and product is a Product object, then the following statement ps.setDouble(3, product.getPrice());
sets the third parameter in the prepared statement to the value that's returned by the getPrice method
To execute the DELETE statement that follows, which statement would you use? String query = "DELETE FROM Invoices " + "WHERE InvoiceTotal = 0 "; Statement statement = connection.createStatement();
statement.executeUpdate(query);
An HTTP response consists of the following:
status code, response headers, and response body
The line in an HTTP response that specifies the HTTP version, a status code, and a brief description associated with the status code is the
status line
SSL ________________ refers to the length of the generated key that is created during the encryption process.
strength
Which of the following is not part of the request line in an HTTP request?
the MIME type
Which of the following is NOT included in a security constraint?
the authorized usernames for accessing the restricted resources
The maximum SSL strength for an application's connections is determined by
the digital secure certificate
What does the following code get? Enumeration<String> headerNames = request.getHeaderNames();
the names of all request headers
After you code the request-side processing statements for a filter class, you pass
the request and response objects to the next filter or servlet in the chain
To use SSL to transmit data, the ________________ must provide authentication.
the server
By default, Tomcat stores usernames, passwords, and roles in the
the tomcat-users.xml file
The initParam implicit object lets you use EL
to get the value of a servlet initialization parameter
Which of the following isn't a case in which you would use response headers?
to specify the authentication type to be used
Passwords that are stored in the database without being encrypted are called ________________ passwords.
unhashed
The security realm provides the authorized
usernames, passwords, and roles
A digital secure certificate is provided
usually for a fee from a certificate authority
Before you can use a filter class, you must configure it in the ___________________ file for the application.
web.xml
You use the ________________ file to specify the type of authentication that's going to be used by the application.
web.xml
The HttpServletRequestWrapper and HttpServletResponseWrapper classes implement a design pattern known as the ________________.
wrapper pattern