Skip to content

Free Download Pass4sure GIAC Software Security GSSP-JAVA Exam Pracitce Tests

Posted in GIAC

GIAC Secure Software Programmer-Java: GSSP-JAVA Exam
GSSP-JAVA Questions & Answers
Exam Code: GSSP-JAVA
Exam Name: GIAC Secure Software Programmer-Java
Q & A: 275 Q&As

QUESTION NO: 1
Which of the following elements are the subelements of the mime-mapping element in a
deployment descriptor file?
Each correct answer represents a complete solution. Choose all that apply.
A. exception-type
B. error-code
C. extension
D. mime-type
E. servlet-class
Answer: C,D

QUESTION NO: 2
John works as a Software Developer for VenTech Inc. He writes the following code using Java.
public class vClass extends Thread
{
public static void main(String args[])
{
vClass vc=new vClass();
vc.run();
}
public void start()
{
for(int k=0;k<20;k++)
{
System.out.println(“The value of k = “+k);
}
}
}
What will happen when he attempts to compile and execute the application?
A. The application will compile successfully and the values from 0 to 19 will be displayed as the
output.
B. A compile-time error will occur indicating that no run() method is defined for the Thread class.
C. A runtime error will occur indicating that no run() method is defined for the Thread class.
D. The application will compile successfully but will not display anything as the output.
Answer: D

QUESTION NO: 3
Which of the following classes is an engine class that provides an opaque representation of
cryptographic parameters?
A. DSAPublicKeySpec
B. AlgorithmParameterGenerator
C. DSAParameterSpec
D. AlgorithmParameters
Answer: D

QUESTION NO: 4
Which of the following statements about programmatic security are true?
Each correct answer represents a complete solution. Choose all that apply.
A. The bean provider is responsible for writing code for programmatic security.
B. It is also called as instance level security.
C. It is implemented using methods of the EJBContext interface.
D. It is implemented using the methods of the UserTransaction interface.
Answer: A,B,C

QUESTION NO: 5
Which of the following functions are performed by methods of the
HttpSessionActivationListener interface?
Each correct answer represents a complete solution. Choose all that apply.
A. Notifying the object when it is bound to a session.
B. Notifying an attribute that a session has just migrated from one JVM to another.
C. Notifying the object when it is unbound from a session.
D. Notifying an attribute that a session is about to migrate from one JVM to another.
Answer: B,D

QUESTION NO: 6
Mark works as a Programmer for InfoTech Inc. He develops the following deployment descriptor
code.
<web-app . . . .>
<display-name>A Secure Application</display-name><servlet>

<security-role-ref >
<role-name>Manager</role-name>
<role-link>Admin</role-link>
</security-role-ref></servlet>
<security-role>
<role-name>Programmer</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>Employee</role-name>
</security-role>
</web-app>
Which of the following is a valid isUserInRole() method call that can be made if request is the
HttpServletRequest request?
A. request.isUserInRole(“Programmer”);
B. request.isUserInRole(“Manager”);
C. request.isUserInRole(“Admin”);
D. request.isUserInRole(“Employee”);
Answer: B

QUESTION NO: 7
Which of the following methods of the EJBContext interface can be called by both the BMT and
CMT beans?
Each correct answer represents a complete solution. Choose all that apply.
A. getCallerPrincipal()
B. getRollbackOnly()
C. getUserTransaction()
D. isCallerInRole()
Answer: A,D

QUESTION NO: 8
Mark works as a Programmer for InfoTech Inc. He develops a deployment descriptor code that
contains three valid
<security-constraint> elements.
All of them constraining a Web resource Res1, the
<auth-constraint> sub-element of the <security-constraint>
elements are as follows.
<auth-constraint>Admin</auth-constraint><auth-constraint>Manager</auth-constraint>
<auth-constraint/>
Which of the following can access the resource Res1?
A. Only Manager can access the resource.
B. No one can access the resource.
C. Everyone can access the resource.
D. Only Admin can access the resource.
Answer: B

QUESTION NO: 9
Which of the following statements correctly describe the features of the singleton pattern?
Each correct answer represents a complete solution. Choose all that apply.
A. Singletons are used to control object creation by limiting the number to one but allowing the
flexibility to create more objects if the situation changes.
B. Singletons can only be stateless, providing utility functions that need no more information than
their parameters.
C. A singleton class may disappear if no object holds a reference to the Singleton object, and it will
be reloaded later when the singleton is needed again.
D. The behavior of a singleton can be obtained by static fields and methods such as
java.lang.Math.sin(double).
Answer: A,C,D

QUESTION NO: 10
Which of the following deployment descriptor elements must contain the <transport-guarantee>
element as its mandatory sub-element?
A. <user-data-constraint>
B. <web-resource-collection>
C. <auth-constraint>
D. <login-config>
Answer: A

…go to http://www.lead2pass.com/gssp-java.html to download the lastest full version.