Which of these statements about Java Security Model are true and which of these are false?. Which of these statements about setting up policy file to grant the required permission aretru
Trang 1ACCP i10 SEMESTER 2 APJ-II – Advanced Programming in Java - II
MODULAR QUIZ
FOR Module 4 – Java Security
1. Which of these statements about Java Security are true and which of these are false?
(A) JDK 1.1 introduced the signed applet, which is an applet packaged as a Java
(B) The Java 2 Security model provides for a consistent and flexible policy for
applets and applications
True
(C) The byte-code verifier tries to prove that a given series of Java byte codes are
illegal
False
(D) The Class Loader works in conjunction with the Security Manager and the
access controller to enforce security rules
True
(E) The Keystore is a password-protected database that holds public keys and
certificates
False
2. Which of these statements about Java Security Model are true and which of these are false?
(A) Object creation and garbage collection is handled by Java along with JVM True (B) In Java, objects can be directly manipulated by a programmer False (C) Protected members can only be accessed by the class that created them, the
(D) Private members in a class can be accessed by all classes in the same
3. Which of these statements about Applet restrictions are true and which of these are false?
(B) Security restrictions are same for any type of browser False (C) The applets can only make network connections back to the Web server they
(E) Applets cannot execute commands on the local system using the
Runtime.exec method
True
Trang 24. Which of these statements about setting up policy file to grant the required permission are
true and which of these are false?
(A) The Policy Tool is invoked by typing policy tool at the command prompt False
(C) Applets can access system resources if the corresponding policy file grants
it the permission
True
(D) You precede the path with file/ to indicate the file is located on local
system
False
(E) A "CodeBase" value indicates the code source location, and a "SignedBy"
value indicates the alias for a certificate stored in a keystore
True
5. Which of these statements about setting up policy file to grant the required permission are
true and which of these are false?
(A) Policy file entries in java.security file are written as policy.url False (B) The argument -J-Djava.security.policy is passed to appletvieraer command
(C) Policy files specified in java.security file are loaded only for applications False (D) You do not pass the -J-Djava security, policy argument if there exists a
corresponding entry in java.security file
True
(E) For policy files located on local system, you must precede its path with
6. Which of these statements about application freedom and restrictions are true and which
of these are false?
(A) The various system property values are “os.name”,
“java.version”, “user home” and “java.home”
True
(B) To apply the security policy to an application, the interpreter can be
invoked with -Djava.security.manager command line argument True (C) The command to execute a ViewProp application with the default security
manager is java Djava.security.manager
False
(E) A security manager is automatically installed when an application is
running
False
7. Which of these statements about setting up policy file to grant permissions to an
application are true and which of these are false?
(A) The Policy Tool utility is used to create policy files True (B) To start the Policy Tool, you type policytool on the command line True
Trang 3(D) The permission class used to grant permissions to access system properties
is Java.security.SystemPropertyPermission
False
(E) After completing the first step, the "Policy Tool" window contains the
information such as "policy file name" and the "CodeBase" part of the
policy entry
True
8. Which of these statements about policy file effects are true and which of these are false?
(A) When an unsigned applet is executed with the security manager, the policy
files that are loaded and used by default are the ones specified in "security
properties file"
True
(B) user.home indicates the directory into which the JRE was installed False (C) In the first approach to ensure policy file effects, you can specify the
additional policy file in a property passed to the runtime system
True
(D) In the second approach, specify the number of URLs in policy.url.n
properties in the security
True
(E) The application should be executed using Java
-Djava.security.manager VieraProp command
True
9. Which of these statements about authentication and authorization are true and which of these are false?
(A) Authentication is the process of confirming the identity of an entity True
(C) Authorization is defined as the process of granting or denying access to a
network resource
True
(D) Once a user is authorized, he/she may be authenticated for different types
of access or activity
False (E) Authorization makes use of user's profile or access control lists True
10. Which of these statements about JAAS are true and which of these are false?
(A) JAAS 1.0 is a set of Java packages that enable services to authenticate and
enforce access controls upon users
True (B) Methods of LoginContext class are used to authenticate a user True (C) A subject represents details such as password about an entity False (D) In JAAS, a user can be authorized with or without authentication False (E) JAAS authorization extends the existing user-centric access controls with
new code-centric access controls
True