Oracle 1Z Java Enterprise Edition 5 Enterprise Architect Certified Master Upgrade.

Transcription

1 Oracle 1Z0-868 Java Enterprise Edition 5 Enterprise Architect Certified Master Upgrade

2 DEMO Find some pages taken from full version Following pages are for demo purpose only. Demo pages are randomly taken from full version. Full version can be different from the demo version. You can request the updated Demo by contacting For Details about Full version Click

3 F. JSP with the Expression Language Answer: B,E,F QUESTION: 127 DRAG DROP Click the Task button. Answer: 52

4 QUESTION: 128 You are concerned about the threat of arbitrary code execution on your server. Which action should you take to address this? A. install a firewall and create a demilitarized zone B. move the vulnerable server onto a VLAN segment C. enable "data execution prevention" in the host OS D. require digital signatures on all communications to and from the server Answer: C QUESTION: 129 Which approach is best suited to combat cross-site scripting attacks? A. authentication B. positive validation of input 53

5 C. principle of least privilege D. negative/blacklist validation of input Answer: B QUESTION: 130 DRAG DROP Click the Task button. Answer: 54

6 QUESTION: 131 Your company's new Internet application has complex requirements for the restriction of web page access, and you know the site's current security requirements are subject to change. You have recommended to your Chief Technology Officer that the Java Authentication and Authorization Service (JAAS) should be used for security. Which three security features influenced your decision? (Choose three.) A. single sign-on support B. a framework for SOA governance C. Pluggable Authentication Modules D. secure Internet connections using sockets E. a framework for encryption, key generation, and key agreement F. a flexible access control policy for user-based, group-based, and role-based authorization Answer: A,C,F QUESTION: 132 Security restrictions in a use-case require that the behavior of an EJB business method vary according to the role of the user. How should this be achieved? A. The deployment descriptor is written using the roles determined by the programmer. 55

7 B. The programmer determines a role reference and uses it in the code. This is mapped to a role in the deployment descriptor. C. The business method determines the role of the user using JNDI and configuration information in the deployment descriptor. D. The business method determines the role of the user using JAAS and configuration information in the deployment descriptor. Answer: B QUESTION: 133 You have been asked to improve the performance of a company's main stock market application. The application has been instrumented and the statistics have revealed that the client spends roughly 40 percent of its time waiting for results from the server. The API between the thick client and the server is fine-grained. Which design pattern should be investigated and prototyped to improve the network performance? A. Transfer Object B. Front Controller C. Service Locator D. Service Activator Answer: A QUESTION: 134 You are architecting a web service-based system that wraps existing remote business objects. The object interactions are complex, fine-grained, and expose proprietary business processes. Which pattern do you use to provide external access to these business objects? A. Adapter B. Session Facade C. Application Controller D. Model View Controller E. Chain of Responsibility Answer: B QUESTION:

8 Your company is a startup that created an application to support a local insurance company. Insurance forms have a complicated object model with several levels of whole-part relationships. Currently, the code to create insurance forms is complex and embedded in object model classes. Your company has just won a bid from a major insurance corporation that handles clients across multiple countries, and each country has its own rules about how insurance forms are constructed. You need to separate the model creation from the model classes and support different construction rules. Which two patterns should you apply? (Choose two.) A. State B. Proxy C. Builder D. Strategy E. Prototype Answer: C,D QUESTION: 136 You are building a web application that must integrate to a content management system (CMS). Your company currently has a homegrown CMS, but management is considering purchasing a new CMS. Unfortunately, you have little confidence that their latest choice, BigCMS, is likely to be the final decision. After analyzing the interface to BigCMS, you find that its interface is different from the homegrown CMS. Furthermore, you suspect that any other third-party CMS will have yet another interface. What is the simplest pattern that would isolate your web application from the interface of the CMS tool? A. Proxy B. Bridge C. Adapter D. Service Locator E. Business Delegate Answer: C QUESTION: 137 What are two capabilities of the Abstract Factory pattern? (Choose two.) A. creates whole-part hierarchies 57

9 B. creates families of related objects C. enforces dependencies between concrete classes D. specifies the types of objects to create using a sample instance E. separates the construction of a complex object from its representation Answer: B,C QUESTION: 138 In which three situations is it best to use messaging with the Service Activator? (Choose three.) A. when high availability is required B. when you want to carry data across a tier C. when interactive client conversations are required D. when subtasks can be processed in random order E. when you need to listen for and process messages F. when you need to publish messages to multiple receivers Answer: D,E,F QUESTION: 139 What is a major design characteristic of the Service To Worker pattern? A. control of transactions B. separation of concerns C. control of network traffic D. integration of legacy systems Answer: B QUESTION: 140 Which pattern exists primarily to separate concerns? A. DAO B. Transfer Object 58

10 C. Session Facade D. Composite Entity Answer: A QUESTION: 141 With which two is the service-oriented architecture concerned? (Choose two.) A. low cohesion B. loose coupling C. XML web services D. stateful session handling E. well-defined contracts Answer: B,E QUESTION: 142 You are architecting a document storage system for next season's fashion designs. The system must support many different encryption algorithms to secure those documents. Security of the documents is the highest priority of the system. What are two valid concerns in this situation? (Choose two.) A. The most scalable solution is to use public key encryption for all encryption. B. The system software must be able to be updated without decrypting all the files in the system. C. A single API should be used for all encryption algorithms allowing them to be used interchangeably. D. Each encryption algorithm should be deployed to its own server to keep deployment and configuration simple. E. Documents in the system can be stored unencrypted if the storage servers are properly secured behind a firewall and DMZ. Answer: B,C QUESTION:

11 As a project architect, you are selecting technologies for a complex, n-tier web application's virtual platform. At this stage in the project, which two technologies should be of primary consideration? (Choose two.) A. RMI B. Linux C. JDBC D. Firefox E. Tomcat Answer: A,C QUESTION: 144 DRAG DROP Click the Task button. Answer: 60

12 61

13 For More exams visit Kill your exam at First Attempt...Guaranteed!