CSCI315 chp 12-20

Ace your homework & exams now with Quizwiz!

Since this type of authentication does not automatically encrypt the username and password before sending them to the server, it is typically used over a secure connection.

-basic authentication -form-based authentication BOTH A AND B

To code a filter, you must

-code a class that implements the Filter interface -add a filter-mapping element to the web.xml file -add a filter element to the web.xml file ALL OF THE ABOVE

In a SQL injection attack, an attacker attempts to

-execute SQL statements against your database -modify data -delete data ALL OF THE ABOVE

To use a secure connection, you need to

-install a digital secure certificate on your web server -configure your web server so it defines a secure connection BOTH A AND B

You can use the ________________ method of the entity manager to insert, update, and delete data.

-persist -merge -remove ALL OF THE ABOVE

init, doFilter, and destroy methods

-the URL pattern that the filter should be used for -the servlet or servlets that the filter should be used for BOTH A AND B

SSL strength can depend on

-the strength provided by the certificate -the strength supported by the web server -the strength supported by the browser ALL OF THE ABOVE

A user can be associated with

-zero roles -one role -multiple roles ALL OF THE ABOVE

Which is a JPA implementation?

-Hibernate -EclipseLink -TopLink ALL OF THE ABOVE

Write the EL code for accessing the time property in an attribute named clock.

(${clock.time})

To specify the relationships between your business classes, you can use the ________________ annotation.

-@OneToMany -@ManyToOne -@OneToOne ALL OF THE ABOVE

To specify that a business class in an entity, you use the ________________ annotation.

@Entity

To specify the SQL type for the java.util.Date and java.util.Calendar types, you can use the ________________ annotation.

@Temporal

A company that issues and manages security credentials is called a/an

CA

To specify a named parameter in a JPQL query string, code a/an ________________ followed by the name of the parameter.

Colon (:)

To create a Statement object, you use one of the methods of the ________________ object.

Connection

The ____________________ provides a way to use connection pooling to access usernames, passwords, and roles that have been stored in a database.

DataSourceRealm

________________ don't use the get and set methods of the class to get and set the values of the fields. Instead they access the fields directly.

Field annotations

________________ use the get and set methods of the class to get and set the values of the fields.

Getter annotations

When you use form-based authentication, you can use ________________ to code the login form that's displayed when someone attempts to access a restricted resource.

HTML

The getSession method of the HttpSessionEvent class returns the ________________ object that was created or destroyed.

HTTPSession

For more serious web applications, the ________________ provides a way to access usernames, passwords, and roles that have been stored in a relational database.

JDBCRealm

________________ is a standard API for working with databases in Java that makes object-oriented data easier to work with than JDBC.

JPA

You can convert a business class to an entity by adding ________________ to the class.

JPA Annotations

________________ is an object-oriented query language defined as part of the JPA specification.

JPQL (Java persistence query language)

You can use a filter to do some processing before a requested servlet or __________________ is executed.

JSP

The ________________ API is a collection of Java classes that let you use secure connections within your Java programs by implementing a version of the SSL and TLS protocols.

Java Secure Socket Extension

The accept header in an HTTP request indicates the __________________________ types that are accepted by the browser.

MIME

To hash a string, you use the ________________ class.

MessageDigest

________________ is when you pass a message through an algorithm that produces a scrambled version of it that can't be reversed.

One-way hashing

_________________ is useful for encrypting things such as passwords, where there is no need for anyone to read the original value of the password.

One-way hashing

You can use a filter to do all but one of the following. Which one is it?

Provide initialization code when an application starts

To move the cursor through a result set, you can use the methods of the

ResultSet Object

To get information about a result set like the number of columns and names of the columns, you can use the methods of the

ResultSetMetaData Object

________________ encrypts data against a key, which can be used to decrypt the data at a later date when it needs to be read by a user.

Reversible Encryption

________________ prevents rainbow table attacks.

Salting

Which listener should you use to initialize variables when the web application is started for the first time?

ServletContextListener

Which listener must implement the sessionCreated and sessionDestroyed methods?

ServletSessionListener

_________________ are when an attacker attempts to gain unauthorized access to a system by tricking users rather than exploiting technical flaws.

Social engineering attacks

________________ is the successor to SSL, and it works similarly.

TLS

For simple web applications, the ________________ provides a quick and easy way to implement a realm.

UserDatabaseRealm

________________ attacks allow an attacker to inject JavaScript into your page.

XSS

When an application uses basic authentication,

a dialog box automatically prompts the user for a username and password

Connection pooling improves database performance because

a pool of connections are available for users of the application to share

Before a secure connection is established, the server uses a ________________ to authenticate itself.

a server certificate

The getXXX methods can be used to return ________________ of the eight primitve types.

all

The cookie header in an HTTP request provides

all cookies sent by the browser

The process of asking users to identify themselves before they can access restricted portions of a web site is referred to as _________________________.

authentication

The process of determining whether a server or client is who and what it claims to be is called ________________.

authentication

To salt a password, you append the salt value to the original password ________________ hashing it.

before

You can ________________ two or more filters together.

chain

To code a filter that executes code after a requested servlet is executed but before the response is returned to the client, you code all of the processing statements after you call the doFilter method of the ______________________ parameter.

chain, Filterchain

A/an ________________ occurs when two input strings hash to the same value.

collision

Most modern servlet containers such as Tomcat provide a built-in way to restrict access to certain parts of a web application. This is known as ________________.

container-managed security

Once you establish a secure connection, the application

continues to use a secure connection until an absolute URL specifies a non-secure connection

To get the cookies that are available from an HTTP request, you can use the getCookies method to work with the ___________________________ header.

cookie

Filters are ideal for addressing ________________, which are aspects of an application that cut across different parts of an application.

cross-cutting concerns

The process of taking readable data and changing it in some way so it is no longer readable as the original text is called _______________.

cryptography

Before you can use JDBC to connect to a database, you must make a/an ________________ available to your application.

database driver

When a secure connection is used, the data that's passed between client and server is ________________.

encrypted

All of the methods for a listener have a/an _______________ object as the sole parameter.

event

To retrieve a result set by executing a SELECT statement from a Statement object, you use the ________________ method of the Statement object.

executeQuery

To execute an INSERT statement from a Statement object, you use the ________________ method of the Statement object.

executeUpdate

Instead of using a dialog box to request the username and password, ________________ authentication uses a web form.

form-based

To create a Connection object in a web application, you use the ________________ method of the DriverManager class.

getConnection

What method is available from the ServletContextEvent object?

getServletContext()

The primary protocol that is used to transfer data between a browser and a server is

http

The URL that uses a secure connection to connect to www.company.com is ________________.

https://www.company.com

The Filter interface includes the

init, doFilter, and destroy methods

To create a listener, you must code a class that implements one of the listener ________________.

interfaces

To create a self-signed certificate, you need to create a/an ________________ file.

keystore

A/an ________________ is a class that listens for various events that can occur during the lifecycle of a web application.

listener

To create a listener, you must register the listener by adding a/an ________________ to the application's web.xml file.

listener element

A listener provides ________________ that are executed when specific events occur.

methods

When you use a wrapper class for the request or response of a filter, you can add new _____________________ to the request or response that is passed along the chain.

methods

Filters allow you to store code in a single location that can be applied to ________________ parts of an application.

multiple

You can code ________________ init-param element(s) for a single filter.

multiple

Which, if any, of the following statements is equivalent to this code: String type = request.getHeader("Content-Type");

none of the above

Creating a Student object from data that's stored in a Student table in a database is a partial implementation of ________________ mapping.

object-relational

To specify the location of a/an ________________ in the SQL statement for a prepared statement, you type a question mark (?) in the SQL statement.

parameter

JPQL uses ________________ expressions to refer to the fields of an entity.

path

To improve the performance of database operations, an application can use a connection ________________.

pool

One technique that can help prevent SQL injection attacks is to use ________________ statements.

prepared

When a browser makes an initial attempt to communicate with a server over a secure connection, the server authenticates itself by

providing a digital secure certificate to the client

Educating your users about password strength and the dangers of giving out information to unknown persons can help prevent

rainbow table attack

An interface that's used to authenticate users so they can access web resources that have been restricted is called a

realm

After the first line of a request, the browser sends ________________ that give information about the browser and its request.

request headers

The line in an HTTP request that specifies the request method, the URL of the request, and the version of HTTP is the

request line

To control how a browser caches a page, you would set the cache-control header in the ___________________________ object.

response

To get data from a result set, you use the get methods of the ________________ object.

resultSet

A/an ________________ is a random string that's appended to a password.

salt

SSL (Secure Sockets Layer) is an older protocol used by the Internet that lets clients and servers communicate over a ________________.

secure connection

To restrict access to a web resource, you add a ______________ element to the web.xml file.

security-constraint

A ________________ digital secure certificate enables you to test SSL connections in a local environment without purchasing a secure certificate.

self-signed

A type of digital secure certificate issued to a trusted server so client computers can connect to them using secure connections is called a/an ___________________.

server certificate

A status code of 500 informs the user that the

server encountered a problem

You can write a class that can tell when a/an ________________ is created or destroyed by implementing the HttpSessionListener.

session object

If ps is a PreparedStatement object and product is a Product object, then the following statement ps.setDouble(3, product.getPrice());

sets the third parameter in the prepared statement to the value that's returned by the getPrice method

To execute the DELETE statement that follows, which statement would you use? String query = "DELETE FROM Invoices " + "WHERE InvoiceTotal = 0 "; Statement statement = connection.createStatement();

statement.executeUpdate(query);

An HTTP response consists of the following:

status code, response headers, and response body

The line in an HTTP response that specifies the HTTP version, a status code, and a brief description associated with the status code is the

status line

SSL ________________ refers to the length of the generated key that is created during the encryption process.

strength

Which of the following is not part of the request line in an HTTP request?

the MIME type

Which of the following is NOT included in a security constraint?

the authorized usernames for accessing the restricted resources

The maximum SSL strength for an application's connections is determined by

the digital secure certificate

What does the following code get? Enumeration<String> headerNames = request.getHeaderNames();

the names of all request headers

After you code the request-side processing statements for a filter class, you pass

the request and response objects to the next filter or servlet in the chain

To use SSL to transmit data, the ________________ must provide authentication.

the server

By default, Tomcat stores usernames, passwords, and roles in the

the tomcat-users.xml file

The initParam implicit object lets you use EL

to get the value of a servlet initialization parameter

Which of the following isn't a case in which you would use response headers?

to specify the authentication type to be used

Passwords that are stored in the database without being encrypted are called ________________ passwords.

unhashed

The security realm provides the authorized

usernames, passwords, and roles

A digital secure certificate is provided

usually for a fee from a certificate authority

Before you can use a filter class, you must configure it in the ___________________ file for the application.

web.xml

You use the ________________ file to specify the type of authentication that's going to be used by the application.

web.xml

The HttpServletRequestWrapper and HttpServletResponseWrapper classes implement a design pattern known as the ________________.

wrapper pattern


Related study sets

Sadlier Oxford Vocabulary Workshop Level B Unit 1-6

View Set

Evaluation and Measurement Study Guide

View Set

Landforms Exam 1 (Ch1,Ch2,Chp3) University of Memphis

View Set

Math 32: Module III Linear Equations and Inequalities in One Variable

View Set

ARM 402 Practice Exam Questions - Ch 4, 5, and 6

View Set

Chapter 3: Recruiting the Best Staff for Your Facility

View Set

Chapter 34: Management of Patients With Hematologic Neoplasms

View Set