Spring Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

  1. Home
  2. GIAC
  3. GIAC Certification
  4. GSSP-Java
  5. GIAC Secure Software Programmer – Java Questions and Answers

GSSP-Java GIAC Secure Software Programmer – Java Questions and Answers

Questions 4

Which of the following authentications uses HTTPS (HTTP over SSL) to verify a user?

Options:

A.

CLIENT-CERT

B.

BASIC

C.

FORM-based

D.

DIGEST

Buy Now
Questions 5

You work as a Software Developer for UcTech Inc. You are building a Web site that will contain study materials on the Java language. The company wants that members can access all the pages, but nonmembers have only limited access to the Web site pages. Which of the following security mechanisms will you use to accomplish the task?

Options:

A.

Authentication

B.

Data integrity

C.

Confidentiality

D.

Authorization

Buy Now
Questions 6

Which of the following statements about data integrity of a container are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It ensures that an eavesdropper cannot read an HTTP message being sent from a client to a container.

B.

Data integrity ensures that information has not been modified by a third party while it is in transit.

C.

It ensures that a hacker cannot alter the contents of an HTTP message while it is in transit from a container to a client.

D.

Data integrity ensures that information is made available to users who are authorized to access it.

Buy Now
Questions 7

Which of the following is the appropriate deployment descriptor elements entry for the code given below?

@RunAs( " admin " )

@Stateless public class StudentBean implements Student {

//more code ...

}

Options:

A.

< enterprise-beans >

...

< session >

.

< ejb-name > Student < /ejb-name >

...

< security-identity >

< run-as >

< method-permission > admin < /method-permission >

< /run-as >

< /security-identity >

...

< /session >

..

< /enterprise-beans >

B.

< enterprise-beans >

...

< session >

.

< ejb-name > Student < /ejb-name >

...

< security-identity >

< run-as >

< role-name > admin < /role-name >

< /run-as >

< /security-identity >

...

< /session >

..

< /enterprise-beans >

C.

< enterprise-beans >

...

< session >

.

< ejb-name > Student < /ejb-name >

...

< security-identity >

< run-as >

< security-role-ref > admin < / security-role-ref >

< /run-as >

< /security-identity >

...

< /session >

..

< /enterprise-beans >

D.

< enterprise-beans >

...

< session >

.

< ejb-name > Student < /ejb-name >

...

< security-identity >

< run-as > admin < /run-as >

< /security-identity >

...

< /session >

..

< /enterprise-beans >

Buy Now
Questions 8

Which of the following methods performs the authentication of subject and, if successful, associates Principals and Credentials with the authenticated Subject?

Options:

A.

The getSubject() method of the LoginContext class

B.

The login() method of the LoginModule interface

C.

The login() method of the LoginContext class

D.

The initialize() method of the LoginModule class

Buy Now
Questions 9

Given a code of a class named PrintString that prints a string.

1. public class PrintString{

2. public static void main(String args[]){

3. /*insert code here */

4. /* insert code here */

5. System.out.println(str);

6. }

7. }

Which of the following code fragments can be inserted in the class PrintString to print the output " 4247 " ?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

StringBuilder str= new StringBuilder( " 123456789 " );

str.delete(0,3).replace(1,3, " 24 " ).delete(4,6);

B.

StringBuffer str= new StringBuffer( " 123456789 " );

str.delete(0,3).replace(1,3, " 24 " ).delete(4,6);

C.

StringBuffer str=new StringBuffer( " 123456789 " );

str.substring(3,6).delete(1,2).insert(1, " 24 " );

D.

StringBuilder str= new StringBuilder( " 123456789 " );

str.deleteCharAt(6).replace(1,3, " 24 " ).delete(0,3);

E.

String str= " 123456789 " ;

str=(str- " 123 " ).replace(1,3, " 24 " )- " 89 " ;

Buy Now
Questions 10

Which of the following web-resource element descriptions will be used if you want to restrict all URL ' s in the application and perform authentication for the http delete method?

Options:

A.

< security-constraint >

< web-resource-collection >

< web-resource-name > AccountServlet < /web-resource-name >

< url-pattern > /* < /url-pattern >

< method-name > GET < /method-name >

< method-name > DELETE < /method-name >

< /web-resource-collection >

< auth-constraint >

< role-name > Manager < /role-name >

< /auth-constraint >

< /security-constraint >

B.

< security-constraint >

< web-resource-collection >

< url-pattern > * < /url-pattern >

< method-name > GET < /method-name >

< method-name > DELETE < /method-name >

< /web-resource-collection >

< auth-constraint >

< role-name > Manager < /role-name >

< /auth-constraint >

< /security-constraint >

C.

< security-constraint >

< web-resource-collection >

< web-resource-name > AccountServlet < /web-resource-name >

< url-pattern > /* < /url-pattern >

< http-method > GET < /http-method >

< http-method > DELETE < /http-method >

< /web-resource-collection >

< auth-constraint >

< role-name > Manager < /role-name >

< /auth-constraint >

< /security-constraint >

D.

< security-constraint >

< web-resource-collection >

< web-resource-name > AccountServlet < /web-resource-name >

< url-pattern > * < /url-pattern >

< http-method > GET < /http-method >

< http-method > DELETE < /http-method >

< /web-resource-collection >

< auth-constraint >

< role-name > Manager < /role-name >

< /auth-constraint >

< /security-constraint >

Buy Now
Questions 11

Mark works as a Programmer for InfoTech Inc. He develops the following deployment descriptor code.

< web-app . . . . >

< display-name > A Secure Application < /display-name > < servlet >

...

< security-role-ref >

< role-name > Manager < /role-name >

< role-link > Admin < /role-link >

< /security-role-ref >

< /servlet >

< security-role >

< role-name > Programmer < /role-name >

< /security-role >

< security-role >

< role-name > Admin < /role-name >

< /security-role >

< security-role >

< role-name > Employee < /role-name >

< /security-role >

< /web-app >

Which of the following is a valid isUserInRole() method call that can be made if request is the

HttpServletRequest request?

Options:

A.

request.isUserInRole( " Programmer " );

B.

request.isUserInRole( " Manager " );

C.

request.isUserInRole( " Admin " );

D.

request.isUserInRole( " Employee " );

Buy Now
Questions 12

Which of the following exceptions will be thrown if the caller does not have permission to invoke the doAsPrivileged method?

Options:

A.

LoginException

B.

NullPointerException

C.

SecurityException

D.

PrivilegedActionException

Buy Now
Questions 13

Identify whether the given statement is true or false.

" JAR files can be used while compiling but not while executing other files. "

Options:

A.

False

B.

True

Buy Now
Questions 14

Which of the following exceptions will be thrown if the commit() method fails?

Options:

A.

DestroyFailedException

B.

NullPointerException

C.

LoginException

D.

SecurityException

Buy Now
Questions 15

Which of the following methods of the HttpServletResponse interface is used for URL rewriting?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

encodeURL

B.

encodeRedirectURL

C.

sendRedirect

D.

getRequestURL()

Buy Now
Questions 16

Which of the following statements is true about the Java synchronized keyword?

Options:

A.

It prevents multiple threads from accessing a block of code at the same time.

B.

It allows the class to be loaded as soon as the JRE starts.

C.

It prevents multiple developers from code redundancy.

D.

It allows two different functions to execute in a shared manner.

Buy Now
Questions 17

Which of the following methods reinitializes the logging properties?

Options:

A.

reset

B.

addlogger

C.

reinitialize

D.

readConfiguration

Buy Now
Questions 18

Which of the following modifiers is not an access modifier?

Options:

A.

protected

B.

abstract

C.

public

D.

private

Buy Now
Questions 19

Identify whether the given statement is true or false.

" When an exception occurs in a try block, each catch statement following the try block is inspected in sequential order, and the last one whose type matches that type of exception is executed. "

Options:

A.

False

B.

True

Buy Now
Questions 20

Which of the following deployment descriptor elements is used to declare the reference of a

client ' s application to an external resource?

Options:

A.

< ejb-ref >

B.

< resource-ref >

C.

< remote >

D.

< ejb-link >

Buy Now
Questions 21

Which of the following attribute scopes does not exist for a Servlet?

Options:

A.

Request

B.

Session

C.

Context

D.

Page

Buy Now
Questions 22

You work as a programmer for PassGuide.Inc. You have a session object named session1 with an attribute named Attribute1, and an HttpSessionBindingEvent object binding1 bound to session1.

Which of the following will be used to retrieve Attribute1?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Object obj=binding1.getSession().getAttribute( " Attribute1 " );

B.

Object obj=binding1.getAttribute( " Attribute1 " );

C.

Long MyAttribute=session1.getAttribute( " Attribute1 " );

D.

String str1=session1.getAttribute( " Attribute1 " );

E.

Object obj=session1.getAttribute( " Attribute1 " );

Buy Now
Questions 23

Which of the following listeners causes an object of the implementing class to be notified when it is added to or removed from a session?

Options:

A.

HttpSessionListener

B.

HttpSessionActivationListener

C.

HttpSessionAttributeListener

D.

HttpSessionBindingListener

Buy Now
Questions 24

Which of the following methods is used to request that any pending finalizers be run for objects eligible for garbage collection?

Options:

A.

freeMemory()

B.

gc()

C.

runFinalization()

D.

runFinalizers()

Buy Now
Questions 25

Which directory in JAR files is used to store package and extension configuration data?

Options:

A.

META-INF

B.

GAMMA-INF

C.

ZIP-INF

D.

TAR-INF

Buy Now
Questions 26

In which of the following directories will files be searched when the classpath is specified by the syntax below.-classpath uc\JavaFiles\NewFiles;uc\ServletFiles;.;

Options:

A.

The current directory, the NewFiles directory, and the ServletFiles directory

B.

The current directory, the uc directory, the NewFiles directory, and the ServletFiles directory

C.

The current directory, the uc directory, the JavaFiles directory, the NewFiles directory, and the ServletFiles directory

D.

The uc directory, the JavaFiles directory, the NewFiles directory, and the ServletFiles directory

Buy Now
Questions 27

Which of the following methods are overridden by the FileInputStream class?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

void reset()

B.

void write(int b)

C.

void flush()

D.

long skip(long numBytes)

Buy Now
Questions 28

Which of the following statements about a JAR file are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It cannot be accessed through a class path, nor they can be used by java and javac.

B.

It is used to compress and archive data.

C.

It can be moved from one computer to another.

D.

It is created by using the jar command.

Buy Now
Questions 29

Samantha works as a Software Developer for Bluetech Inc. She develops a class Warden that needs to access the Hostel class. The Hostel class is deployed in a JAR named City.JAR. What should be done so that during compilation the Warden class has access to the Hostel class?

Options:

A.

The JAR file should be located in $ JAVA_HOME/jre/classes/City.JAR.

B.

The JAR file should be located in javaprog/City.JAR and the class path environment should be set to include javaprog/City.JAR/Hostel.class.

C.

The JAR file should be located in $ JAVA_HOME/jre/lib/ext/City.JAR.

D.

The JAR file should be located in javaprog/City.JAR and the class path environment should be set to include javaprog/City.JAR/Warden.class.

Buy Now
Questions 30

Which of the following code fragments will compile without error?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

boolean a = false;

if(a)

System.out.println(a);

B.

int a = 10;

if(a != 10)

System.out.println(a);

C.

int a = 0;

if(a)

System.out.println(a);

D.

boolean a = true;

if(!a);

Buy Now
Questions 31

Which of the following exceptions will be thrown if a cipher is in decryption mode but the decrypted data is not bounded by the appropriate bytes?

Options:

A.

IllegalArgumentException

B.

ShortBufferException

C.

ReadOnlyException

D.

BadPaddingException

Buy Now
Questions 32

You work as a Software Developer for NewTech Inc. You write a bean class using Enterprise JavaBeans 3.0. The class uses the @DeclareRoles ( " ADMIN, HR, DBA, USER " ) annotation to declare the security roles. The class contains a method named showResult(). You want to ensure that the ADMIN role is granted privilege to the showResult() method. Moreover, if a role that is not allowed to access the method tries to call the method, an error message must be shown. Assuming that there is no security-related element in the deployment descriptor, which of the following will you use to accomplish the task?

Each correct answer represents a part of the solution. Choose two.

Options:

A.

The isCallerInRole() method

B.

The getCallerPrincipal() method

C.

The @RolesAllowed( " ADMIN " ) annotation

D.

The @PermitAll annotation

Buy Now
Questions 33

Which of the following elements indicates which users in specified roles are permitted access to a resource collection?

Options:

A.

auth-constraint

B.

user-data-constraint

C.

web-resource-collection

D.

login-config constraint

Buy Now
Questions 34

Which of the following annotations specifies the roles that are allowed to invoke a particular bean method?

Options:

A.

@DenyAll

B.

@RolesAllowed

C.

@RunAs

D.

@DeclareRoles

E.

@PermitAll

Buy Now
Questions 35

Which of the following exceptions is thrown to indicate that a servlet is temporarily unavailable?

Options:

A.

ServletException

B.

ApplicationException

C.

IllegalStateException

D.

IOException

E.

UnavailableException

F.

IllegalAccessException

Buy Now
Questions 36

Which of the following exceptions will a compiler throw when a number is divided by zero?

Options:

A.

ArithmeticException

B.

I/OException

C.

ArrayIndexOutOfBoundsException

D.

NullPointerException

Buy Now
Questions 37

The __________ interface accepts results from a SQL SELECT statement.

Options:

A.

Connection

B.

ResultSet

C.

PreparedStatement

D.

DatabaseMetaData

Buy Now
Questions 38

In which of the following locations the helper classes of a session bean class reside?

Options:

A.

EJB JAD file

B.

Deployment descriptor

C.

META-INF directory

D.

EJB JAR file

Buy Now
Questions 39

Which of the following is a mandatory sub-element of the < web-resource-collection > element of the deployment descriptor?

Options:

A.

< web-resource-name >

B.

< description >

C.

< http-method >

D.

< url-pattern >

Buy Now
Questions 40

Which of the following JDBC interfaces is described in the statement below?

" It provides support for executing SQL statements and stored procedures. "

Options:

A.

Driver

B.

ResultSet

C.

PreparedStatement

D.

Connection

Buy Now
Questions 41

Which of the following data type values is returned by the System.in.read() console input function?

Options:

A.

String

B.

Character

C.

Float

D.

Integer

Buy Now
Questions 42

Mark works as a Programmer for InfoTech Inc. He develops a Web application that takes input from users. Which of the following methods can be used by the client and server to validate the users input?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Validation through Servlets on the server side

B.

Validation using JavaScript on the client side

C.

Validation through Java Applets on the client side

D.

Validation through XML on the server side

Buy Now
Questions 43

Which of the following will be returned by the expression " string " instanceof String ?

Options:

A.

0

B.

1.0

C.

null

D.

false

E.

0.0

F.

true

Buy Now
Questions 44

Which of the following exceptions will be thrown by the getFeature() method if the feature value cannot be assigned or retrieved?

Options:

A.

IllegalArgumentException

B.

SAXNotSupportedException

C.

NullPointerException

D.

SAXNotRecognizedException

Buy Now
Questions 45

You work as a Software Developer for UcTech Inc. You create a session using the HttpSession interface. You want the attributes to be informed when the session is moved from one JVM to another and also when an attribute is added or removed from the session. Which of the following interfaces can you use to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

HttpSessionBindingListener

B.

HttpSessionListener

C.

HttpSessionActivationListener

D.

HttpSessionAttributeListener

Buy Now
Questions 46

Which of the following statements about the String, StringBuffer, and StringBuilder classes are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The StringBuffer class offers faster performance than the StringBuilder class.

B.

The StringBuffer class is thread-safe while the StringBuilder class is not.

C.

A character in a string can be searched using the indexOf() operator.

D.

The return type of the trim() method present in the String class is void.

Buy Now
Questions 47

Which of the following methods causes the currently executing thread object to temporarily pause and allow other threads to execute?

Options:

A.

sleep()

B.

notify()

C.

finalize()

D.

interrupted()

E.

yield()

F.

notifyAll()

Buy Now
Questions 48

Mark works as a Software Developer for ZenTech Inc. He writes the following code.

1. public class Ques0352 {

2. public static void main(String[] args) {

3. String s1= " JavaObject " ;

4. String s1= " ObjectJava " ;

5. String s2= " ObjectJava " ;

6. if(s2.equals(s1))

7. { System.out.println( " Equal " ); }

8. else

9. { System.out.println( " Unequal " ); }

10. }

11. }

Which of the following will happen to the code when he attempts to compile and run it?

Options:

A.

It will compile successfully and Unequal will be displayed as output.

B.

It will give a compile-time error at line 3.

C.

It will compile successfully and Equal will be displayed as output.

D.

It will give a compile-time error at line 4.

Buy Now
Questions 49

Mark works as a Programmer for InfoTech Inc. He develops an application named JavaServices. He wants to declare a security constraint that will restrict everything in the com/files directory so that security role of Admin can invoke any http methods on the resources. Which of the following element declarations will be used to accomplish the task?

Options:

A.

< security-constraint >

< web-resource-collection >

< web-resource-name > JavaServices < /web-resource-name >

< url-pattern > com/files < /url-pattern >

< /web-resource-collection >

< auth-constraint >

< role-name > Admin < /role-name >

< /auth-constraint >

< /security-constraint >

B.

< security-constraint >

< web-resource-collection >

< web-resource-name > JavaServices < /web-resource-name >

< location > com/files/* < /location >

< /web-resource-collection >

< user-data-constraint >

< role-name > Admin < /role-name >

< /user-data-constraint >

< /security-constraint >

C.

< security-constraint >

< web-resource-collection >

< web-resource-name > JavaServices < /web-resource-name >

< location > com/files/* < /location >

< http-method > * < /http-method >

< /web-resource-collection >

< auth-constraint >

< role-name > Admin < /role-name >

< /auth-constraint >

< /security-constraint >

D.

< security-constraint >

< web-resource-collection >

< web-resource-name > JavaServices < /web-resource-name >

< url-pattern > com/files/* < /url-pattern >

< /web-resource-collection >

< auth-constraint >

< role-name > Admin < /role-name >

< /auth-constraint >

< /security-constraint >

Buy Now
Questions 50

Which of the following exceptions will be thrown if a program fails to implement the Serializable interface?

Options:

A.

UnableToImplementException

B.

NonSerializableException

C.

NotSerializableException

D.

IllegalSerializationError

Buy Now
Questions 51

Mark works as a Programmer for InfoTech Inc. He develops a code snippet for a class named

servletClassA that extends the HttpServlet class. Which of the following HttpServlet class methods are not required to be overridden by the servletClassA?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

doDelete()

B.

doPost()

C.

doGet()

D.

doOptions()

E.

service()

Buy Now
Questions 52

You work as a Web Deployer for UcTech Inc. You write the < security constraint > element for an application in which you write the < auth-constraint > sub-element as follows.

< auth-constraint >

< role-name > * < /role-name >

< /auth-constraint >

Who will have access to the application?

Options:

A.

No user

B.

It depends on the application.

C.

Only the administrator

D.

All users

Buy Now
Questions 53

Mark works as a Programmer for InfoTech Inc. He develops a program that defines a class named Inventory that has an instance variable named NumOfItems. Which of the following properties will be applied by NumOfItems?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It will not be visible in Static methods if it passed as a parameter.

B.

It will be visible in Static methods if it passed as a parameter.

C.

It will be available for all the instance methods of the class.

D.

It becomes available for garbage collection if it is no longer in scope.

Buy Now
Questions 54

Which of the following statements about exceptions in message-driven beans are true?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Message-driven beans must not throw any application exception.

B.

The message-listener interface of a message-driven bean cannot generate system exceptions.

C.

The message-listener interface of a message-driven bean can throw the

java.rmi.RemoteException.

D.

The isCallerInRole() method called on a message-driven bean will throw an exception.

E.

Message-driven beans must not throw any checked exception.

Buy Now
Questions 55

Mark works as a Programmer for InfoTech Inc. He develops the following security-constraint code.

< security-constraint >

< web-resource-collection >

< web-resource-name > Manager < /web-resource-name >

< url-pattern > /acme/Manager/* < /url-pattern >

< http-method > GET < /http-method >

< http-method > POST < /http-method >

< /web-resource-collection >

// < auth-constraint/ > code

< /security-constraint >

< security-constraint >

< web-resource-collection >

< web-resource-name > Manager < /web-resource-name >

< url-pattern > /acme/Manager/* < /url-pattern >

< http-method > GET < /http-method >

< http-method > POST < /http-method >

< /web-resource-collection >

// < auth-constraint/ > code

< /security-constraint >

Which of the following < auth-constraint > element declarations of the < security-constraint > will allow everybody to access the same resources?

Options:

A.

Place the following code in the second < security-constraint > declaration.

< auth-constraint >

< role-name > * < /role-name >

< /auth-constraint >

B.

Place the following code in the first < security-constraint > declaration.

< auth-constraint >

< role-name > Manager < /role-name >

< /auth-constraint >

Place the following code in the second < security-constraint > declaration.

< auth-constraint >

< role-name > * < /role-name >

< /auth-constraint >

C.

Place the following code in the first < security-constraint > declaration.

< auth-constraint >

< role-name > Manager < /role-name >

< /auth-constraint >

Place the following code in the second < security-constraint > declaration.

< auth-constraint >

< role-name > ALL < /role-name >

< /auth-constraint >

D.

Place the following code in the first < security-constraint > declaration.

< auth-constraint >

< role-name > Manager < /role-name >

< /auth-constraint >

Place the following code in the second < security-constraint > declaration.

< auth-constraint/ >

Buy Now
Questions 56

Mark develops an application using Java language. He writes the following code snippet in the application.

public class mClass{

public static void main(String args[]){

try{

return;

}

finally{System.out.print( " Finally " );}}}

What will happen when Mark attempts to compile and execute the code snippet?

Options:

A.

The code snippet will compile successfully and the output will be displayed as " Finally " .

B.

The code snippet will compile successfully, but an exception message will be displayed at runtime.

C.

A compile time error will occur because the catch block is not defined.

D.

The code snippet will compile successfully, but nothing will be displayed as output on execution.

Buy Now
Questions 57

Mark works as a Programmer for InfoTech Inc. He develops the following code for a Web application named JavaSecurity Application.

< web-app . . . . >

< display-name > A JavaSecurity Application < /display-name >

< servlet >

...

< security-role-ref >

< role-name > Manager < /role-name >

< role-link > Admin < /role-link >

< /security-role-ref >

< /servlet >

< security-role >

< role-name > Programmer < /role-name >

< /security-role >

< security-role >

< role-name > Admin < /role-name >

< /security-role >

< security-role >

< role-name > Employee < /role-name >

< /security-role >

< /web-app >

Which of the following will be the action of the container if the request is HttpServletRequest, and request.isUserInRole( " Admin " ); has been called in a servlet code?

Options:

A.

The container will throw a system exception.

B.

The container will return true.

C.

The container will throw an application exception.

D.

The container will return false.

Buy Now
Questions 58

Which of the following statements are true about Vector and ArrayList?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

ArrayList is synchronized and Vector is not synchronized.

B.

Each vector tries to optimize storage management by maintaining a capacity and a

capacityIncrement.

C.

If multiple threads are trying to access an ArrayList instance concurrently, and at least one of the threads modifies the list structurally, it must be synchronized externally.

D.

Vector is an implementation of the List interface and implements all optional list operations, and permits all elements, excluding null.

Buy Now
Questions 59

Which of the following elements contains the < filter > element in the deployment descriptor?

Options:

A.

< servlet >

B.

< filters >

C.

< web-app >

D.

< filter-mapping >

E.

< servlet-mapping >

Buy Now
Questions 60

Which of the following statements about the isUserInRole() method are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It accepts a boolean argument.

B.

It is mapped in the deployment descriptor using the < security-role-ref > element.

C.

It belongs to the HttpServletResponse interface.

D.

The < role-link > sub-element of the < security-role-ref > element must match the < role-name > sub-element of the < security-role > element.

Buy Now
Questions 61

Peter works as a Software Developer for Neon Inc. He is developing an application in Java. He declares an interface. Which of the following field declarations are valid within the body of an interface?

Each correct answer represents a complete solution. Choose three.

Options:

A.

final static int answer=42;

B.

public static int answer = 42;

C.

private final static int answer=42;

D.

public int answer=42;

E.

int answer;

Buy Now
Questions 62

Which of the following statements about serialization are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Transient variables cannot be serialized.

B.

Externalizable is a marker interface and does not define any method.

C.

Serializable is a marker interface and does not define any method.

D.

Static variables cannot be serialized.

Buy Now
Questions 63

Which of the following statements are true about the doAs() and doAsPrivileged() methods?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The doAsPrivileged() method invokes AccessController.doPrivileged by passing it the provided PrivilegedAction.

B.

The doAs() and doAsPrivileged() methods perform privileged work as a particular Subject.

C.

The doAs() method retrieves the current Thread ' s AccessControlContext via

AccessController.getContext.

D.

The doAsPrivileged() method, instead of retrieving the current Thread ' s AccessControlContext, uses the provided AccessControlContext.

Buy Now
Questions 64

Mark works as a Programmer for InfoTech Inc. He develops the following code snippet.

import java.util.*;

public class DemoSet{

public static void main(String[] args){

TreeSet < String > ts = new TreeSet < String > ();

ts.add( " Sunday " );

ts.add( " Friday " );

ts.add( " Wednesday " );

ts.add( " Sunday " );

ts.add( " Monday " );

Iterator it = ts.iterator();

while(it.hasNext()){

System.out.print(it.next() + " " );

}

}

}

What will be the output when he tries to execute the given code snippet?

Options:

A.

Wednesday Sunday Monday Friday

B.

An exception will be thrown at runtime.

C.

Friday Monday Sunday Wednesday

D.

Sunday Monday Wednesday Friday

Buy Now
Questions 65

You develop an application. Now you want to ensure that data is sent between client and server in such a way that it cannot be changed in transit. Which of the following element declarations will be specified to satisfy the requirement of the application?

Options:

A.

< user-data-constraint >

< transport-guarantee > INTEGRAL < /transport- guarantee >

< /user-data-constraint >

B.

< user-data-constraint >

< transport-guarantee > CONFIDENTIAL < /transport- guarantee >

< /user-data-constraint >

C.

< user-data-constraint >

< transport-guarantee > NONE < /transport- guarantee >

< /user-data-constraint >

D.

< auth-constraint >

< transport-guarantee > CONFIDENTIAL < /transport- guarantee >

< /auth-constraint >

Buy Now
Questions 66

Which of the following are the main basic difference between the POST and PUT request?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The PUT request does not have a corresponding doXXX method in the HttpServlet class. However, POST have a corresponding doXXX method in the HttpServlet class.

B.

The URI in a PUT request identifies the entity enclosed with the request and the user agent knows what URI is intended and the server MUST NOT attempt to apply the request to some other resource.

C.

The URI in a PUT request identifies the resource that will handle the enclosed entity.

D.

The URI in a POST request identifies the resource that will handle the enclosed entity.

Buy Now
Questions 67

Which of the following statements about a filter are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Like a servlet, a filter is also declared in the deployment descriptor.

B.

The life cycle of a filter is managed by the container.

C.

The life cycle of a filter has three methods, namely init(), service(), and destroy().

D.

Every filter must implement the Filter interface.

Buy Now
Questions 68

You work as a Programmer for InfoTech Inc. You develop two html pages named authenticate.jsp and error.jsp, which are deployed directly at the root of the Web application named Authentication. Which of the following deployment descriptor code declarations will be used to ensure that the error.jsp page will be displayed automatically if the client is not authenticated?

Options:

A.

< login-config >

< auth-method > FORM < /auth-method >

< form-login-config >

< form-login-page > /authenticate.jsp < /form-login-page >

< form-error-page > /error.jsp < /form-error-page >

< /form-login-config >

< /login-config >

B.

< user-data-constraint >

< auth-method > FORM < /auth-method >

< login-page > /authenticate.jsp < /login-page >

< form-error-page > /error.jsp < /form-error-page >

< /user-data-constraint >

C.

< auth-constraint >

< auth-method > FORM < /auth-method >

< login-page > /authenticate.jsp < /login-page >

< form-error-page > /error.jsp < /form-error-page >

< /auth-constraint >

D.

< error-page >

< auth-method > FORM < /auth-method >

< form-login-page > /authenticate.jsp < /form-login-page >

< location > /error.jsp < /location >

< /error-page >

Buy Now
Questions 69

Which of the following elements of the java.util.logging package exports objects to a variety of destinations including memory, output streams, consoles, files, and sockets?

Options:

A.

LogRecord

B.

Filter

C.

Logger

D.

Handler

Buy Now
Questions 70

Which of the following are advantages of client-side JavaScript?

Each correct answer represents a complete solution. Choose two.

Options:

A.

It is fast.

B.

It provides graphical components.

C.

It is secure.

D.

It provides form-validation at client side.

Buy Now
Questions 71

Which of the following statements about programmatic security are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The bean provider is responsible for writing code for programmatic security.

B.

It is also called as instance level security.

C.

It is implemented using methods of the EJBContext interface.

D.

It is implemented using the methods of the UserTransaction interface.

Buy Now
Questions 72

Which of the following actions can you take to seal two packages, PackageA and PackageB, in the JAR file MyJar.jar?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Execute the following command.

jar cvf MyJar.jar Manifest.txt MyPackage/*.class

B.

Create a text file named Manifest.txt with the following contents.

Name. myCompany/*Sealed. true

C.

Execute the following command.

jar cmf MyJar.jar Manifest.txt MyPackage/*.class

D.

Create a text file named Manifest.txt with the following contents.

Name. myCompany/PackageA/Sealed. true

Name. myCompany/PackageB/

Sealed. true

Buy Now
Questions 73

Mark works as a Programmer for InfoTech Inc. He develops a class named Data that imports all the required packages. The class Data uses a method named PrintData(), which uses a method that checks whether the caller has a BeanUser security role. Which of the following code of the method PrintData() will satisfy the requirement?

Options:

A.

public void PrintData()

{

@DeclareRoles( " BeanUser " )

@Resource SessionContext ctx;

@RolesAllowed( " BeanUser " )

Principal caller = ctx.getCallerPrincipal();

if (ctx.getCallerIdentity( " BeanUser " )) {

System.out.println( " It is the correct user " );}

else{System.out.println( " It is the incorrect user " );}//more code}

B.

public void PrintData()

{@DeclareRoles( " BeanUser " )

@Resource SessionContext ctx;

@RolesAllowed( " BeanUser " )

Principal caller = ctx.getEJBHome();

if (!isCallerInRole(ctx)) {System.out.println( " It is the correct user " );}

else{System.out.println( " It is the incorrect user " );}//more code}

C.

public void PrintData()

{@DeclareRoles( " BeanUser " )

@Resource SessionContext ctx;

@RolesAllowed( " BeanUser " )

Principal caller = ctx.getCallerPrincipal();

if (ctx.isCallerInRole( " BeanUser " )) {

System.out.println( " It is the correct user " );}

else{System.out.println( " It is the incorrect user " );}//more code}

D.

public void PrintData()

{@DeclareRoles( " BeanUser " )

@Resource SessionContext ctx;

@RolesAllowed( " BeanUser " )

Principal caller = ctx.getCallerPrincipal();

if (ctx.getStatus( " BeanUser " )) {System.out.println( " It is the correct user " );}

else{System.out.println( " It is the incorrect user " );}//more code}

Buy Now
Questions 74

You work as a Software Developer for NewTech Inc. You want to configure the deployment descriptor so as to specify the error pages used in the FORM based authentication. Which of the following elements will you use to accomplish the task?

Options:

A.

The < realm-name > sub-element of the < login-config > element.

B.

The < role-link > sub-element of the < security-role-ref > element.

C.

The < method > sub-element of the < method-permission > element.

D.

The < form-login-config > sub-element of the < login-config > element.

Buy Now
Questions 75

Which of the following is the correct syntax for the JVM garbage collection?

Options:

A.

System.out.gc();

B.

System.gc();

C.

System.free();

D.

System.setGarbageCollection();

Buy Now
Questions 76

Which of the following code declarations are valid error-page declarations?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

< error-page >

< exception-type > java.lang.ArithmeticException < /exception-type >

< error-code > 304 < /error-code >

< location > NumericalException.jsp < /location >

< /error-page >

B.

< error-page >

< error-code > 304 < /error-code >

< location > NumericalException.jsp < /location >

< /error-page >

C.

< error-page >

< exception-type > 304 < /exception-type >

< targetSource > NumericalException.jsp < /targetSource >

< /error-page >

D.

< error-page >

< exception-type > java.lang.ArithmeticException < /exception-type >

< location > NumericalException.jsp < /location >

< /error-page >

E.

< error-page >

< exception-type > 304 < /exception-type >

< location > NumericalException.jsp < /location >

< /error-page >

Buy Now
Questions 77

Mark works as a Programmer for InfoTech Inc. He develops a Java application that uses the encryption and compression techniques. Which of the following interfaces will he use to control the serialization and deserialization processes?

Options:

A.

Flushable

B.

Closeable

C.

Serializable

D.

Externalizable

Buy Now
Questions 78

Which of the following methods of the HttpServletResponse interface is used for URL rewriting?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

encodeURL

B.

encodeRedirectURL

C.

sendRedirect

D.

getRequestURL()

Buy Now
Questions 79

Which of the following methods of the EJBContext interface can be called by both the BMT and CMT beans?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

getCallerPrincipal()

B.

getRollbackOnly()

C.

getUserTransaction()

D.

isCallerInRole()

Buy Now
Questions 80

What will be the output of the following program?

class Stringtest

{

public static void main(String args[])

{

String s= " test " ;

s.concat( " paper " );

System.out.println(s);

}

}

Options:

A.

It will display test.

B.

It will display testpaper.

C.

It will generate a compile-time error.

D.

It will display paper.

Buy Now
Questions 81

Which of the following methods must be implemented by each subclass of the Permission class to compare permissions?

Options:

A.

hashcode

B.

implies

C.

newPermissionCollection

D.

equals

Buy Now
Questions 82

Given below are top-level class declarations. Which of these class declarations would not produce a compile-time error?

abstract class P {} //1

private class Q {} //2

static class R {} //3

transient class S {} //4

Options:

A.

Line 3

B.

Line 1

C.

Line 2

D.

Line 4

Buy Now
Exam Code: GSSP-Java
Exam Name: GIAC Secure Software Programmer – Java
Last Update: Apr 30, 2026
Questions: 275

PDF + Testing Engine

$63.52  $181.49
buy now GSSP-Java pdf + testing engine

Testing Engine

$50.57  $144.49
buy now GSSP-Java testing engine

PDF (Q&A)

$43.57  $124.49
buy now GSSP-Java pdf