scea exam questions 4 copy

7/27/2019 scea Exam Questions 4 Copy

1/26

1.Your organization's chief architect has instructed you to implement a solutionthat focuses on run-time flexibility and a design approach that will favor objects forwarding certain method calls to another object.

What is this design concept commonly know as?

A.PolymorphismB.EncapsulationC.InheritanceD.Delegation

Reference CloseGang of Four - Delegation.

Option D is correct.Option A is incorrect. Polymorphism is a characteristic of being able to assigna different behavior or value in a subclass, to something that was declared in aparent class. For example, a method can be declared in a parent class, but eachsubclass can have a different implementation of that method.Option B is incorrect. Encapsulation refers to the bundling of data with the methods that operate on that data.Option C is incorrect. Inheritance is the ability of objects in Java to inheritproperties and methods of other objects.

2.You are architecting a new MVC web framework for your organization. A requirement from your application architecture oversight group is that your Java bean objects set in the session must be immutable.

What design approach is your architecture oversight group enforcing on your session objects?

A.InheritanceB.DelegationC.EncapsulationD.Polymorphism

Reference CloseGang of Four Encapsulation.

Option C is correct.Option A is incorrect because Inheritance is the ability of objects in Java to inherit properties and methods.Option B is incorrect because Delegation is the implementation of objects that forward certain method calls to another object, a delegate.Option D is incorrect. Polymorphism is a characteristic of being able to assigna different behavior or value in a subclass, to something that was declared in aparent class. For example, a method can be declared in a parent class, but eachsubclass can have a different implementation of that method.

3.Your application is in need of a significant upgrade. Currently, the application reads a robust database and displays information about catalog merchandise. The Phase Two release will allow people to do online transactions and you anticipate high volumes of traffic. Because of this, production deployments should be able to take place without bringing the application down. Your current web site utilizes servlets and JSP's with a single application server and single database.

Which architecture will you recommend for Phase Two?


2/26

A.Maintain servlets and JSP's, implement DAO's and JDBC for transaction layer.B.Maintain servlets and JSP's, introduce two new web servers to separate presentation layer, and implement DAO's and JDBC for transaction layer.C.Implement a solution with a single web server, three application servers, DAO's with JDBC, and round robin load balancing.D.Implement a solution with servlets and JSP's for presentation layer, an application server with significant memory/speed, and EJB's with Java Persistence API.E.Implement a solution with load balancing, web servers for presentation, a cluster of application servers, and EJB's with Java Persistence API

Reference CloseThe Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition.

Option E is correct.Options A, B, C are incorrect because you are upgrading to new functionality that will incorporate high volumes of transactional requests. This is best suited for an architecture that utilizes EJB's.Option D is a viable solution but does not account for the ability to deploy during production hours and provide a viable architectural approach to address thisrequirement. A cluster of application servers will allow you to deploy new codeto a single node and keep the other nodes up during production hours.

4.You will be implementing Web Services in the next release of your software. You need to address the following design issues: Web Services plumbing, business logic, and security. You will need to design an implementation such that the codespecification that handles each of these issues is clearly isolated from one another.

What are you addressing if you are interested in isolating code responsibilities?

A.Common reuse of objectsB.InheritanceC.Polymorphism

D.Separation of concerns


Option D is correct.Option A is incorrect because the issue you are addressing is not reuse of common objects but how to implement a solution where code responsibilities are divided amongst layers of your Web Service solution.Option B is incorrect because Inheritance is the ability of objects in Java to inherit properties and methods of other objects.Option C is incorrect because Polymorphism is a characteristic of being able toassign a different behavior or value in a subclass, to something that was declar

ed in a parent class. For example, a method can be declared in a parent class, but each subclass can have a different implementation of that method.

5.The Model-View-Controller (MVC) architecture pattern applies separation of concerns.

Which statement identifies how separations of concerns are applied to an MVC?

A.The MVC architecture is defined by a user interface (Model), data layer (View)


3/26

, and Controller component.B.Changes to the user interface will not affect data handling, and that the datahandling routines can be re-organized without changing the user interface.C.A standard implementation is usually seen in Two-Tier thick client applications.D.The Model and the View are tightly coupled to each other.

Reference CloseCore J2EE Patterns Second Edition: (Alur, Crupi, Malks).

Option B is correct.Option A is incorrect because the user interface is the view and the controllerseparates that from the data model.Option C is incorrect because the application is implemented in Three-Tier architectures using thin clients. Thick clients usually do not de-couple the views from the data model.Option D is incorrect because the Controller is the only part that knows about both the Model and the View.

6.Testing is an important concern for your new invoicing system. Ease of testingshould begin with the developers. You do not want to have to start the database, fill it with predefined data, and then launch the application to test that an

invoice is processed correctly.

Which solution addresses your concern?

A.Create HTML files that push static content to validate invoices and hot deployto the server.B.Write test scripts outside of the container in a separate WAR file and duplicate business logic.C.Implement a solution with abstract interfaces and utilize mock objects to simulate data.D.Tackle difficult invoices first to minimize up and down time of servers and then batch release additional invoices.

Reference ClosePractical Software Estimation: (M. A. Parthasarathy).

Option C is correct.Option A is incorrect because creating static HTML files to validate invoices will require additional time and effort that will not facilitate ease of testing.Option B is incorrect because you are duplicating the source code and running ina separate container. This will cause issues when you need to merge code lines.Option D is incorrect because by implementing abstract design methodologies youshould be able to run scripts locally and often to increase productivity.

7.You are responsible for a thick client application that is used by call centerstaff. You are the new architect and have been asked to argue maintainability and manageability of this two-tier system with regard to defect resolution and system health.

Which statement is correct?

A.Manageability is the ability to correct defects in the system, whereas maintainability is the ability to ensure the continued health of the system.B.Manageability addresses that the system is always reliable and free of defects


4/26

, whereas maintainability deals with the ability to add functionality to the system to ensure a healthy system.C.Defect resolution and health of the system are the same with regard to maintainability and manageability.D.Maintainability is the ability to correct defects in the system, where manageability is the ability to ensure the continued health of the system.


Option D is correct.Options A, B, are the inverse of the correct answers.Option C is incorrect because these non functional requirements are not the same.

8.The legacy system you will be replacing utilizes a thick client and database server. The application stores local data on the client and requires frequent client library updates using compact disks distributed weekly.

What are two weaknesses of this legacy system? (Choose two.)

A.SecurityB.MaintainabilityC.ScalabilityD.Performance


Options B, C are correct.Option A is incorrect because security with one-tier systems are generally easier than multi-tier applications that expose several application servers, web servers, database servers, and so on.Option D is incorrect because performance of a one-tier system should be better

than a Three-Tier, n-tier.

9.Which two statements define the relationship between performance and security?(Choose two.)

A.Implementing a security measure to encrypt all data in your request/response SOAP messages will decrease performance.B.Designing a system using an MVC framework will increase security and not performance.C.There is no relationship between security and performance.D.Implementing a solution to encrypt all data for outbound SOAP messages will no

t decrease performance.E.An increase in security, message encryption and/or data encryption, will affect performance to some degree.

Reference CloseCore Security Patterns: Best Practices and Strategies (Christopher Steel; RameshNagappan; Ray Lai)

Options A, E are correct.Option B is incorrect because utilizing an MVC framework does not guarantee secu


5/26

rity and based on the amount of layers implemented can affect performance.Option C is incorrect because there is an inverse relationship with security andperformance when you address certain scenarios.Option D is incorrect because encrypting the data in the SOAP envelope with inflate the size of the message and, depending on the encryption, will decrease theperformance.

10.Which statement is true when comparing a Three-Tier architecture to a Two-Tier architecture?

A.Three-Tier architectures can only scale horizontally. Two-Tier architectures can only scale vertically.B.Three-Tier architectures have significantly better performance measurements ascompared to Two-Tier architectures.C.Two-Tier architectures can only utilize thick clients and Three-Tier architectures can only utilize thin clients.D.Two-Tier architecture is less extensible than a Three-Tier architecture.E.Three-Tier architecture is easier to secure than a Two-Tier architecture.

Reference CloseThe Java EE 5 Tutorial, Third Edition: For Sun Java System Application Server Pl

atform Edition 9

Option D is correct.Option A is incorrect because a Two-Tier architecture can scale vertically and horizontally.Option B is incorrect because Two-Tier architectures generally have better performance characteristics as compared to Three-Tier architectures.Option C is incorrect because a Two-Tier architecture can have a thin client ifall of the business logic is placed in stored procedures.Option E is incorrect because a Three-Tier architecture introduces a higher degree of risk with more server vulnerabilities.

11.You are part of a large IT shop that has been purchased by your competitors to reduce competition for similar services. Servers that had been utilized by your web application will be re-allocated to the new system. Your current architecture consisting of multiple web and application servers will be reduced to a single web server and application server.

Which two will see negative impacts? (Choose two.)

A.MaintainabilityB.ManageabilityC.Security

D.ReliabilityE.Availability


Options D, E are correct.Option A is incorrect because there is a positive impact with regards to maintainability. You will only have to maintain defects on a single system and not worr


6/26

y about distributing fixes to multiple systems, coordinating libraries, scripts,and so on.Option B is incorrect because there is a positive impact with regards to manageability. You will only have to address the health of a single web and applicationserver.Option D is incorrect because there is a positive impact with regards to security. You will have fewer resources vulnerable to attacks and be able to focus yourefforts on a single web and application server.

12.This is an application design principle where the code implementation takes into consideration future growth. Your application running in a multi-tier architecture must be able to accommodate frequent modifications of existing functionality.

Which addresses modifications while minimizing impact?

A.SecurityB.ManageabilityC.MaintainabilityD.ExtensibilityE.Performance


Option D is correct.Option A is incorrect because security would be introducing encryption, secure socket layers, or adding single sign on.Option B is incorrect because manageability solutions refer to solutions that help maintain that a system stays in good working condition or healthy.Option C is incorrect because maintainability the ease with which a software system or component can be modified to correct faults, improve performance, or other attributes, or adapt to a changed environment [IEEE 90].Option E is incorrect because this scenario does not address expected performance measurements, but instead addresses the need for the system to be extensible i

n that future modifications do not require large re-factoring efforts of the source code.

13.For your new system, most processing should be done locally on the user's system because the database server will be accessed solely for storage purposes andyou want to make use of native API's.

What is the best solution for a local computing environment?

A.Thin browser-based clients deployed into a cluster.B.Three-Tier system that utilizes a web browser and application server.

C.Two-Tier system including single web server to minimize security.D.Thick client-based solution deployed locally to the users PC


Option D is correct.Option A, B, C are incorrect because they are browser-based solutions. You can develop a browser-based solution to do local processing but a thick client will p


7/26

erform better and have greater access to native API's.

14.Which statement identifies a benefit of using a browser based solutions?

A.Minimal installation conflicts and environment issues.B.No issues with cross-browser compatibility and support.C.Maximizes client security, persons without a client cannot access system.D.Maximizes the ability to access the client's PC utilities or Native API's.


Option A is correct.Option B is incorrect because there are issues with cross-browser support and compatibility between browsers.Option C is incorrect because there are inherent security issues with internet applications as compared to locally deployed application clients.Option D is incorrect because you will have greater access to the client nativeAPI's using thick client applications as compared to browser based applications.Browsers limit the amount of native API's you have access to for security reasons.

15.JAX-WS provides a set of API's for a Web Service client to invoke an operation on remotely deployed service endpoints and provides support for communication.

Which two define how you can invoke the operation and what communication is supported? (Choose two.)

A.Dynamically or staticallyB.Dynamically onlyC.Asynchronous onlyD.Asynchronous and Synchronous

E.Statically onlyF.Synchronous only


Options A, D are correct.Options B, C, E, and F are incorrect because JAX-WS provides a set of API's thatallow for dynamic and static invocation with support for asynchronous and synchronous communication.

16.Which two statements identify scenarios for implementing Web Services? (Choose two.)

A.You are implementing an asynchronous solution with an external application that is not written in Java.B.Implementing a solution with guaranteed message delivery.C.When there is a need to exchange data between different applications and different platforms.D.This single machine solution will be deployed as a desktop application using n


8/26

ative API's.


Options C, A are correct.Option B is incorrect because you would want to have a durable subscriber, JMS.Option D is incorrect because you would want to build a thick client for this situation.

17.You organization has numerous Java applications on their internal network that must send daily updates to their inventory tracking system. It is important tokeep the inventory system current. If the inventory system is unavailable whenit restarts, it must be able to process and maintain all updates.

How should the inventory system receive these updates?

A.As a JMS durable subscriber.B.Using XML over HTTP.C.Using SOAP over HTTP.D.Using EJB3 and Java Persistence API.


Option A is correct.Options B, C, D are incorrect because JMS is the only implementation that can guarantee message delivery.

18.The organization you work for has a legacy system that uses RMI-JRMP over CORBA.

What would be a valid reason for your organization to have selected RMI-JRMP over CORBA?

A.They decided to implement a solution that was going to be pure Java.B.They decided to implement a solution that was NOT going to be pure Java.C.They decided to implement a solution that integrated with an application written in another language.D.They decided to implement this based purely on performance.


Option A is correct.

Options B, C are incorrect because RMI-JRMP is for pure Java solutions only.Option D is incorrect because performance would not have been an issue with addressing RMI versus CORBA.

19.JAX-WS is the new Java API for Web Services development. It builds on the older JAX-RPC programming model, and adds numerous improvements.

Which two statements identify improvements? (Choose two.)


9/26

A.Requires far fewer descriptors for the deployment of Web Services by excludingsupport for annotations.B.Supports WS-I Basic Profile 1.1 for improved Web Services interoperability.C.Supports SOAP 1.2, as well as SOAP 1.1.D.Couples the data binding technology to the Web Services programming model.E.Increases the complexity of developing handlers


Options B, C are correct.Option A is incorrect because it adds a descriptor-less deployment of Web Services by including support for annotations defined in JSR 181 (Web Services Metadata for the Java Platform) and annotations defined with JAX-WS as well. Since allmetadata is in standardized annotations, the Web Service implementations are vendor-neutral.Option D is incorrect because it separates the data binding technology from theWeb Services programming model with support for Java Architecture for XML Binding (JAXB) 2.0.Option E is incorrect because it simplifies the development of handlers and provides a mechanism to allow handlers to collaborate with service clients and service endpoint implementations.

20.You want to use the JAX-WS Dispatch API to invoke a Web Service.

What are three reasons why you would use the Dispatch API? (Choose three.)

A.When interoperability with legacy JAX-RPC or non WS-I compliant Web Services is required.B.To invoke a Web Service with xml/http binding and not traditional SOAP binding.C.To invoke a Web Service by using a data binding other than JAXB.D.To invoke a Web Service with SOAP binding and not traditional xml/http binding.

E.When interoperability with legacy JAX-RPC or non WS-I complaint Web Services is not a requirement.

Reference CloseJava API for XML-Based Web Services (JAX-WS) JSR 224.

Options A, B, C are correct.Options D, E are incorrect because you want to use the Dispatch API for legacy Web Services, xml/http binding, and when you use a binding other than JAXB like Castor.

21.A company is in the business of online sales. They focus on high-end camerasand lenses. The online line web application is written using a Java EE technology stack. A consumer starts a transaction to purchase a camera and the result isthat a transaction attempts to insert into the inventory database using JDBC andthen sends a message to a message-driven bean over a transactional JMS queue. When the message is received by the message-driven bean, it attempts an insert into the sales database using JDBC.

Which statement cannot be a valid outcome of this transaction?


10/26

A.The message-driven bean does not perform an insert, the application does not perform an insert.B.The message-driven bean performs an insert, the application performs an insert.C.The message-driven bean does not perform an insert, the application performs an insert.D.The message-driven bean performs an insert, the application does not

Reference CloseJMS specification 1.1.

Option D is correct.Options A, D, C are all possible outcomes of this transaction.

22.You have an Enterprise Information System that needs to inform your Java EE application when an event occurs. A question has been asked by your enterprise architect group regarding the Java Connector Architecture (JCA). The group is interested in knowing how your Java EE application can utilize JCA with this EIS system.

How will your application receive EIS notifications?

A.Receive notifications using Web Services.B.Receive notifications using CORBA.C.Receive notifications using MDB.D.Receive notifications using RMI.

Reference CloseJCA specification 1.5.

Option C is correct because to receive a specific EIS message, the recipient (MDB) should show interest in consuming that message by implementing a message listener.Option A is incorrect because JCA can not leverage Web Services in this scenario

.Option B is incorrect because this is not a scenario where you need to generatea CORBA client using Java.Option C is incorrect because this is not a scenario of remote call of a clientmodule.

23.Your online inventory tracking system has a message-driven bean that uses anexchange server.

How will your online inventory tracking system client access the MDB?

A.Your client accesses the MDB through a home interface.B.Your client accesses the MDB using a client interface.C.Your client accesses the MDB directly.D.Your client accesses an MDB through JMS.


Option D is correct.Option A, B are incorrect because unlike other types of beans, MDB does not have


11/26

a client view (Remote/Home interfaces) and clients cannot look-up an MDB instance. It just listens for any incoming message on a JMS queue (or topic) and processes them automatically.Option C is incorrect because client components do not locate MDBs and invoke methods directly on them.

24.In your web application, your Servlet will need to cache the bean stub as anattribute in the HttpSession object. The HTTP session's state will therefore betracked and stored in the bean instance. If the client invokes method calls against the same bean stub, the calls are always tunneled to the same bean instancein the container.

Which bean will you utilize for this application?

A.Message-driven-beanB.Stateless session beanC.Stateful session beanD.Entity bean


Option C is correct.Option A is incorrect because a message-driven bean is an enterprise bean that allows Java EE applications to process messages asynchronously. It normally actsas a JMS message listener, which is similar to an event listener except that itreceives JMS messages instead of events. A message-driven bean's instances retain no data or conversational state for a specific client.Option B is incorrect because a stateless session bean does not maintain a conversational state with the client. When a client invokes the methods of a stateless bean, the bean's instance variables may contain a state specific to that client, but only for the duration of the invocation.Option D is incorrect because entity beans differ from session beans in severalways. Entity beans are persistent, allow shared access, have primary keys, and may participate in relationships with other entity beans.

25.EJB 3.0 is much easier to learn and use than was EJB 2.1 and should result infaster development of applications. With the inclusion of the Java PersistenceAPI, EJB 3.0 technology also offers developers an entity programming model thathas been simplified.

Which three statements describe these new simplified features with regard to EJB3.0 and Java Persistence API? (Choose three.)

A.EJB 3.0 technology, entity bean fields are identified as persistent fields inthe bean's deployment descriptor.

B.The persistent state of an entity is represented either by its persistent fields or persistent properties.C.For an EJB 3.0 entity, you no longer need to code interfaces such as LocalAddressHome and LocalAddress.D.In the Java Persistence API, you do not not need to provide an XML descriptorto specify an entity's primary key.E.The Java Persistence API does NOT require the backpointer reference in a bidirectional relationship to be set.F.Unlike EJB 2.1, the Java Persistence API removes support for inheritance and polymorphism to simplify the model.


12/26

Reference CloseJSR 220 Enterprise 3.0 JavaBeans specification 1.2.

Option B, C, D are correct.Option A is incorrect because this was for EJB 2.1. In the Java Persistence API,you no longer need to provide a deployment descriptor, called an XML descriptorin the Java Persistence API, to specify an entity's persistent fields.Option E is incorrect because unlike EJB 2.1, with Java Persistence API you willrequire the backpointer reference in a bidirectional relationship to be set.Option F is incorrect because the Java Persistence API adds support for inheritance and polymorphism.

26.There are a number of reasons to use an ORM(object-relational-mapping) approach to data persistence.

What are two reasons why you would use an ORM approach? (Choose two.)

A.Your application can be isolated from the database and the only connection toit is using the ORM framework and a JDBC driver.B.Manageability of a Java application by Java developers will increase because the code is generated and Java is used as the interface to access and manipulatedata.

C.ORM approaches perform much better than carefully tuned JDBC and are faster than going directly to the database.D.An ORM approach to data access provides the same level of complex data accessand complex code syntax as SQL does with direct access.E.ORM approaches are currently not supported by tool vendors and ORM does littleto improve developer productivity.


Options A, B are correct.Option C is wrong because one of the trade-offs for using an ORM approach is add

ing the additional layer for data integration and manipulation. This will implysome performance loss but when compared to direct access but an ORM approach will gain with regards to maintenance costs.Option D is wrong because ORM approaches are providing more robust frameworks but you can not fully achieve the same level of complex data access and manipulation of syntax.Option E is wrong because many vendors support ORM tools and an ORM approach because of these tools, like Spring framework, improve developer productivity.

27.This Java API is an event-driven, pull-parsing API for reading and writing XML documents. This Java API will enable you to create bidirectional XML parsers that are fast, relatively easy to program, and have a light memory footprint.

What Java API will you implement?

A.StAXB.JAXBC.JAXPD.SAAJReference CloseStreaming API for XML JSR 173 1.2.


13/26

Option A is correct.Option B is incorrect because JAXB provides a convenient way to process XML content using Java objects by binding its XML schema to Java representation.Option C is incorrect because JAXP enables applications to parse and transform XML documents independent of a particular XML processing implementation.Option D is incorrect because SAAJ enables developers to produce and consume messages conforming to the SOAP 1.1 specification and SOAP with Attachments note

28.You are interested in architecting a Java SOA solution for your firm. You areinterested in publishing, discovering, and using Web Services to integrate withexternal systems. This Java EE API provides rich metadata capabilities for classification and association, as well as rich query capabilities. As an abstraction-based API, this API gives developers the ability to write registry client programs that are portable across different target registries.

What Java API below is needed for this scenario?

A.JAXRB.JAXBC.JAXPD.SAAJ

Reference CloseJava API for XML-Based Web Services (JAX-WS) 1.3.

Option A is correct.Option B is incorrect because JAXB provides a convenient way to process XML content using Java objects by binding its XML schema to Java representation.Option C is incorrect because JAXP enables applications to parse and transform XML documents independent of a particular XML processing implementation.Option D is incorrect because SAAJ enables developers to produce and consume messages conforming to the SOAP 1.1 specification and SOAP with Attachments note.

29.Which two statements are true about the client view of session beans writtento the simplified EJB 3.0 API? (Choose two.)

A.The interface of and EJB 3.0 session bean is an ordinary Java interface.B.The new interface is one of the interface types EJBObject or EJBLocalObjectInterface.C.A client can obtain a session bean's interface through dependency injection.D.A client cannot obtain a session bean's interface through a lookup in the JNDInamespace.E.A client cannot obtain a session bean's interface through dependency injection.


Options A, C are correct.Option B is incorrect because these are defined in the EJB 2.1 API and is a plain Java interface.Option D is incorrect because you can obtain a session bean using JNDI lookup.Option E is incorrect because you can obtain a session bean through dependency injection.


14/26

30.Your server group has recently upgraded the servers to be Java EE compatibleand your developers are interested in the benefits of the new EJB 3.0 model.

What are two benefits of the new EJB 3.0 model? (Choose two.)

A.EJB 3.0 session bean is a POJO managed by the EJB container.B.EJB 3.0 stateless session beans require a home interface only.C.EJB 3.0 callback methods can be defined either in the bean class itself or ina bean listener class.D.EJB 3.0 requires all session beans and entity beans to have a business interface


Options A, C are correct.Option B is incorrect because stateless session beans do not require a home interface.Option D is incorrect because entity beans are not required to have a business interface.

31.You are building a new website that presents certain GUI controls and data onmultiple pages.

Which two will you implement to prevent redundant GUI code? (Choose two.)

A.Use a business delegate to decouple the GUI from the business service.B.Use a service locator to locate business services.C.Access the data using JDBC.D.Use templates to create composite view components.E.Custom Tag Libraries.F.Use Model-View-Controller.


Options D, E are correct.Options A, B, C, F are incorrect because they do not deal with the GUI.

32.You have the assignment to create a new architecture that will be used by your organization for all future web development.

Which three characteristics are important when choosing a web application framework? (Choose three.)

A.Billing rates of framework consultants.B.Code re-use.C.Ease of Use.D.It was featured in a computer magazine.E.Industry acceptance.F.We write our own web frameworks.

Reference CloseOptions B, C, E are correct.Options A,D are incorrect because they are not valid architectural concerns.


15/26

Option F is incorrect because this is generally not the best solution as existing frameworks are well refined.

33.A company wants to rewrite their legacy thick client application, and they are investigating new technologies for their GUI.

What are two appropriate uses for JSP's in a J2EE application? (Choose two.)

A.Encapsulates database connectivityB.Invokes Custom tagsC.Contains business logicD.Contains Expression LanguageE.Invokes Web ServicesF.Controls container default parameters

Reference CloseServlet 2.4 + JSP 2.0 specs.Core J2EE Patterns Second Edition: (Alur, Crupi, Malks).

Options B, D are correct.Option A is incorrect because database connectivity should not be included in the View.

Option C is incorrect because business logic should not be in the View.Option E is incorrect because Web Services invocation should happen in the Model.Option F is incorrect because the JSP should have no access to the container default parameters.

34.You are re-factoring your monolithic legacy Java application to use design patterns. You want to realize the benefits of the Model View Controller design approach.

Which two are viable options for implementing a Front Controller? (Choose two.)

A.DAO classB.EJB3 EntitiesC.ServletsD.Custom tag librariesE.JavaServer FacesF.Deployment descriptor

Reference CloseCore J2EE Patterns Second Edition: (Alur, Crupi, Malks).JSF 1.2 specs.

Options C, E are correct.Option A is incorrect because DAO's encapsulate database access.

Option B is incorrect because Entities represent database tables.Option D is incorrect because tag libraries are embedded in the GUI.Option F is incorrect because the deployment descriptor is an XML file.

35.You are part of a large IT department that is considering using Java Server Faces as their primary GUI development tool. You need to justify this choice to the Chief Technology Officer.

What is an advantage of using JSF for development of web applications?


16/26

A.JSF is easy to create in HTML editors.B.Backing beans can be tested outside the web container.C.JSF renders exactly the same in all browsers.D.JSF requires no programming knowledge

Reference CloseJSF 1.2 specs.

Option B is correct.Option A is incorrect because JSF works best with a custom editor.Option B is incorrect because it could render differently in different browsers.Option D is incorrect because programming knowledge is required to full use JSF.

36.The developers are complaining about your decision to use Java Server Faces in the new application you are architecting.

What is a disadvantage of using JSF for development of web applications?

A.JSF cannot be used with localization.B.JSF cannot be used in conjunction with Ajax.C.JSF cannot be previewed outside the container.

D.JSF does NOT save view state.


Option C is correct.Option A is incorrect. See reference jsf-1_2-fr-spec.pdf, pg. 70.Option B is incorrect because you can use it in conjunction with Ajax.Option D is incorrect. See reference jsf-1_2-fr-spec.pdf, pg. 75.

37.You have a legacy system where most of the calculations in the system are performed dynamically in stored procedures at request time. The same stored procedu

re may return totally different result sets depending on its input parameters. You are implementing a new rich client GUI front-end for the system.

Which two technologies are appropriate? (Choose two.)

A.EJB3 EntitiesB.Pojo's implementing DAO patternC.JAXRD.JSFE.Swing applets


Core J2EE Patterns Second Edition: (Alur, Crupi, Malks).

Options B, D are correct.Option A is incorrect because as the output is generated dynamically, it will betough to create an Entity mapping.Option C is incorrect because nothing indicates searching registries.Option E is incorrect because JSF is preferable for new GUI development over swing


17/26

38.The online music sales company that you work for is adding messaging to theiruser forums, so that customers can Instant Message, Text Message, and E-mail message each other. Communication will be asynchronous as the other users may notbe logged on currently.

What technology combination can help them achieve these goals?

A.Session Beans saving messages to a database.B.Send the messages using Web Services.C.Use a JMS queue using MDBs.D.Implement the Visitor pattern.E.Send an HTTP request to the receiver.

Reference CloseEJB3 specs.

Option C is correct.Options A, B, D, E are incorrect because they do not satisfy the requirements

39.You are designing a new Change Request management system using asynchronous communications with a workflow package. The GUI needs to implement Single Sign Onas a web service that will require some security inside the header.

Which two technologies would you use for this application? (Choose two.)

A.SSBB.MDBC.EJB3 EntitiesD.JCEE.SAXF.SAML.

Reference CloseEJB 3.0 specs.http://java.sun.com/javase/technologies/security/

Options B, F are correct.Option A is incorrect because SSB are not designed for asynchronous communication.Option C is incorrect because Entities are not indicated by the requirements.Option D is incorrect because encryption is not specified in the requirements.Option E is incorrect because XML parsing is not indicated by the requirements.

40.You are developing a new online application for a public entity that allows Law Enforcement officials to search for and maintain information about violent criminals. You have some business rules to enforce in the model, but you do not want to use stored procedures in your database. Confidential information must be e

ncrypted before it is stored in the database.

Which two technologies would you use for this application? (Choose two.)

A.JAXRB.MDBC.EJB3 EntitiesD.JSSEE.JCEF.SAML


18/26

Reference Closehttp://java.sun.com/javase/technologies/security/

Options C, E are correct.Option A is incorrect because UDDI registries are not mentioned in the requirements.Option B is incorrect because asynchronous communication is not indicated.Option D is incorrect because secure sockets are not indicated.Option F is incorrect because SSO is not called for in the requirements

41.You want to process XML data using an XML schema, but you do not want to implement the details of XML parsing.

What technology could you use to implement this?

A.JAXRB.JAXBC.JAXPD.JAX-RPCE.JAX-WSF.UDDI

Reference CloseJ2EE Web Services: XML SOAP WSDL UDDI WS-I JAX-RPC JAXR SAAJ JAXP (Paperback) byRichard Monson-Haefel.

Option B is correct.Option A is incorrect because JAXR gives you a uniform way to use business registries that are based on open standards (such as ebXML) or industry consortium-led specifications (such as UDDI).Option C is incorrect because JAXP enables applications to parse and transform XML documents independent of a particular XML processing implementation.Option D is incorrect because JAX-RPC allows invoking from a Java application aJava based Web Service with a known description while still being consistent wit

h its WSDL description.Option E is incorrect because JAX-WS is a fundamental technology for developingSOAP based and RESTful Java Web services. JAX-WS is designed to take the place of JAX-RPC in Web services and Web applications.Option F is incorrect because UDDI is a platform-independent, XML-based registryfor businesses worldwide to be listed on the Internet.

42.Your company needs to access web services that are viewed as resources and can be identified by their URLs. You will not be using HTTP.

What technology would you recommend to do this?

A.JAXBB.JAXPC.JAXRD.RESTE.SOAP

Reference Closehttp://java.sun.com/developer/technicalArticles/WebServices/restful/


19/26

Option D is correct.Option A is correct because JAXB provides a convenient way to process XML content using Java objects by binding its XML schema to Java representation.Option B is incorrect because JAXP enables applications to parse and transform XML documents independent of a particular XML processing implementation.Option C is incorrect because JAXR gives you a uniform way to use business registries that are based on open standards (such as ebXML) or industry consortium-led specifications (such as UDDI).Option E is incorrect because SOAP requires a separate resource discovery mechanism.

43.The new online sales application is a critical part of your business plan. Unfortunately, the system is not meetings its Service Level Agreements because ofsystem downtime. You thought that perhaps the system capacities were being maxedout, but when the system is up, the performance is acceptable and the CPU and memory utilization are acceptable.

What action should you take?

A.Switch to High-Availability servers.B.Refactor to use design patterns.C.Vertical Scaling of the system.D.Increase the heap size.


A is correct.B is incorrect because design patterns will not help availability.C is incorrect because performance is ok.D is incorrect unless you are getting out of memory errors.

44.Your online sales system is repeatedly going down due to Denial of Service attacks.

What action should you take?

A.Take your system off the Internet. Only take customer orders by phone.B.Install a firewall.C.Perform a rigorous security audit.D.Refactor the code to use design patterns.

Reference CloseCore Security Patterns: Best Practices and Strategies (Christopher Steel; RameshNagappan; Ray Lai).

C is correct because this will help tell you what the actual vulnerabilities are.

A is incorrect because these days Internet sales are critical for business success.B is incorrect because a firewall may not stop all attacks when you allow usersto access your website.D is incorrect because this will not necessarily aid with security.

45.You are architecting a new Change Request management system using asynchronous messaging. You have chosen to use a message-driven bean (MDB) to receive the message, interpret the client request, and locate the appropriate business servic


20/26

e to handle the request.

What design pattern is this an example of?

A.Transfer Object AssemblerB.Service LocatorC.Service to WorkerD.Service ActivatorE.Web Service Broker


Option D is correct.Option A is incorrect because that creates an aggregate transfer object.Option B is incorrect because it is not asynchronous.Option C is incorrect because it does not address the requirements.Option E is incorrect because we are not using Web Services.

46.You are implementing a custom search engine for your company. Users of the system may run searches that return thousands of rows, but they usually only lookat the first couple of pages. You want to allow them to run large searches, butyou want them to run efficiently.

What design pattern would you recommend in this situation?

A.DAOB.Transfer ObjectC.Value List HandlerD.Composite EntityE.MVC


Option C is correct.

Option A is incorrect because we are not talking about database encapsulation directly.Option B is incorrect because this does not address the requirements.Option D is incorrect because we are not talking about aggregated entities.Option E is incorrect because this does not deal with searches.

47.You work in the IT department of a large grocery chain, and you are implementing a system that allows customers to purchase groceries online and have them delivered to their homes. You need to allow users to select items and their quantities.Processing for products varies as some items are purchased by the pound andothers are purchased by quantity or case. For some items, all the stores' stockis on the shelves and for others it is in the building's storage room. Some ite

ms have special tasks that must be performed on the purchase, such as creditingcollege savings accounts. To further complicate the issue, your requirements allow customers to set up lists of items, such as a "Monthly Shopping List", whichthey will purchase on a regular basis, and then add specific items to the current order. During the checkout process, you must handle distinct operations on classes with differing interfaces, for each item in the shopping list.

What design pattern will you choose to implement this functionality?

A.Iterator


21/26

B.DecoratorC.BridgeD.MediatorE.VisitorF.Flyweight

Reference CloseDesign Patterns: Elements of Reusable Object-Oriented Software.

Option E is correct.Option A is incorrect because the objects have differing interfaces.Option B is incorrect because Decorator adds additional functionality to a classat runtime where subclassing would result in an exponential rise of new classes.Option C is incorrect because Bridge decouples an abstraction from its implementation so that the two can vary independently.Option D is incorrect because Mediator handles the interaction between differentobjects.Option F is incorrect because Flyweight ensures that a high quantity of objectsshare a common properties object to save space.

48.You are maintaining an existing Payroll system that has an Employee object wi

th public getters and setters for all items. This has worked fine in the past, but now the company has hired an independent auditing firm to create an application to analyze employee data. You need to provide them with access to your Employee object, but you cannot give them access to confidential information such as name and social security number. Additionally, other calculations may need to beadded. You do not want to modify your base classes as significant amounts of code would need to be regression tested.

What design pattern is required to implement this solution?

A.AdapterB.BridgeC.Facade

D.MediatorE.Decorator


Option E is correct.Option A is incorrect because Adapter "adapts" one interface for a class into one that a client expects.Option B is incorrect because Bridge decouples an abstraction from its implementation so that the two can vary independently.Option C is incorrect because Facade creates a simplified interface of an existing interface

Option D is incorrect because Mediator handles the interaction between differentobjects

49.What are two benefits of the Mediator design pattern? (Choose two.)

A.Promotes loose coupling.B.Promotes tight coupling.C.Represent an operation to be performed on the elements of an object structure.


22/26

D.Control and coordinate the interactions of a group of objects.E.Decouple sender and receiver by giving more than one object a chance to handlethe request.


Options A, D are correct.Option B is incorrect because Mediator promotes loose coupling.Option C is incorrect because "Represent an operation to be performed on the elements of an object structure" is Visitor.Option E is incorrect because "Decouple sender and receiver by giving more thanone object a chance to handle the request" is Chain of Responsibility.

50.Which three are NOT benefits of the Chain of Responsibility pattern? (Choosethree.)

A.Reduced coupling.B.Increased coupling.C.You want to issue a request to one of several objects without specifying the receiver explicitly.D.Define an object that defines how a set of objects interact.

E.Decouple sender and receiver by giving more than one object a chance to handlethe request.F.Define a one-to-many dependency between objects.

Reference CloseDesign Patterns: Elements of Reusable Object-Oriented Software.Gang of Four - pg 223-226.

Options B, D, F are correct because A,C,E ARE benefits of the Chain of Responsibility pattern.

51.Which two are NOT benefits of the Transfer Object pattern? (Choose two.)

A.Reduced remote requests across the network.B.You want to create a complex model to hand over to the client for presentationpurposes.C.Clients must access components in other tiers to retrieve and update data.D.You want to avoid network performance problems due to high network traffic.E.You want to centralize business logic and state in an application


Option B, E are correct.Options A, C, D are incorrect because they ARE benefits of the Transfer Object.

52.Which three are benefits of the Session Facade? (Choose three.)

A.Prevents tight coupling with the clients.B.You want to encapsulate the physical database design.C.You want pre and postprocessing components independent of each other.D.Reduces number of business objects exposed to clients.


23/26

E.You want common subviews reused in multiple views.F.Expose a coarse-grained service to remote clients.


Options A, D, F are correct.Option B is incorrect because "You want to encapsulate the physical database design" is Composite Entity.Option C is incorrect because "You want pre and post processing components independent of each other" is Intercepting Filter.Option E is incorrect because "You want common subviews reused in multiple views" is Composite View

53.You are going to deploy a new Java application from the IT development serverto all the machines in your company's network using Java Web Start.

Which two statements identify what an unsigned jar in the Java Web Start sandboxcan do? (Choose two.)

A.Use native libraries.B.Access network printers on the system.C.Access system properties.

D.Use the JNLP APIs to interact with the system clipboard.E.Access JAR files in an application downloaded from another server

Reference Closehttp://java.sun.com/developer/technicalArticles/WebServices/JWS_2/JWS_White_Paper.pdf

Options C, D are correct.Option A is incorrect because you cannot use native libraries.Option B is incorrect because you can only access local printers.Option C is incorrect because it has the same access to system properties as anapplet.Option D is incorrect because you can access the clipboard through the JNLP APIs

.Option E is incorrect because all jar files must be downloaded from the same server.

54.Which three statements identify what you can do with the JNLP APIs in the Java Web Start? (Choose three.)

A.Determine whether or not the application is online.B.Configure the server.C.Interact with the computer's clipboard.D.Deploy the application in Java Web Start.E.Access resources in a Jar file.

F.Work with files on the computer

Reference Closehttp://java.sun.com/developer/technicalArticles/WebServices/JWS_2/JWS_White_Paper.pdf

Options A, C, F are correct.Options B, D are incorrect because they are not functions of the JNLP API's.Option E is incorrect because you use the getResource command, not the JNLP API's.


24/26

55.Which three are considered best practices for the prevention of Session Theft? (Choose three.)

A.Audit Logs.B.Public key encryption of session information.C.Specifying user roles in the deployment descriptor.D.Requiring SSL in the deployment descriptor transport guarantee.E.Adding an Intercepting Validation filter to your system.F.Invalidate session after logout.

Reference CloseCore Security Patterns: Best Practices and Strategies (Christopher Steel; RameshNagappan; Ray Lai) pg14.

Options B, D, F are correct.Optiond A, C, E are incorrect because they do not not address the problem.

56.Which three benefits of implementing a Single Sign-on Delegator pattern? (Choose three.)

A.Better availability of remote security services.

B.Prevents Cross Site Scripting.C.Eliminates multiple sign-on issues.D.Reduces Buffer Overflow.E.Eliminates weak session identifiers.F.Preventing session theft.

Reference CloseCore Security Patterns: Best Practices and Strategies (Christopher Steel; RameshNagappan; Ray Lai) pg 786.

Options A, C, F are correct.Option B is incorrect because this does not address Cross Site Scripting.

Option D is incorrect because this does not address buffer overflow.Option E is incorrect because the session identifiers could still be weak

57.You have been notified that someone is trying to read business transactions between your website and your clients by stealing unencrypted packets.

What type of threat is this an example of?

A.SQL InjectionB.Man in the MiddleC.Cross Site ScriptingD.Session Hijacking

E.Buffer OverflowF.Weak Password Exploits

Reference CloseCore Security Patterns: Best Practices and Strategies (Christopher Steel; RameshNagappan; Ray Lai).

Option B is correct.Options A, C are incorrect because they do not deal with packet theft.


25/26

Option D is incorrect because session hijacking is an attempt to gain direct access to the system.Option E is incorrect because Buffer Overflow is a Denial of Service attack.Option F is incorrect because weak password exploits are an attempt to gain direct access to the system

58.You are architecting an online movie ticket sales application. After the users purchase their tickets online, they can later input reviews of the movies in afree-form text box that other users will see. The president of your company isconcerned about XSS schemes.

Which two precautions should you take for this specific concern? (Choose two.)

A.Require SSL in the deployment descriptor transport guarantee.B.Ensure that the database field is big enough to handle any amount of user input.C.Filtering special characters.D.Filtering HTML tags such as "applet", "iframe" and "script".E.Encrypt user input with Blowfish.

Reference CloseCore Security Patterns: Best Practices and Strategies (Christopher Steel; Ramesh

Nagappan; Ray Lai).

Options C, D are appropriate concerns in Cross Site scriptingOption A is incorrect because they are authenticated users.Option B is incorrect because that is buffer overflow.Option E is incorrect because encrypting the user input will not remove the special characters

59.Which two APIs support Single Sign On implementations? (Choose two.)

A.JCEB.JAAS

C.JSSED.SAMLE.JMSF.JAXP

Reference Closehttp://java.sun.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html

Options B, D are correct.Option A is incorrect because JCE is Java Cryptography Engine.Option C is incorrect because JSSE is Java Secure Socket Extension.Option E is incorrect because JMS is Java Messaging Service.

Option F is incorrect because JAXP is the Xml Parser.

60.Someone has been trying to expose application level information by intentionally causing exceptions. It is too late to change the JAVA source code before thebig release.

How can you prevent someone from seeing any unhandled error messages declaratively?


26/26

A.Use role level constraints in the deployment descriptor.B.Specify that the transmission should be run under SSL in the deployment descriptor.C.Specifying error pages in the deployment descriptor.D.Modify the firewall to filter out any exceptions

Reference CloseServlet 2.4 specs.

Option C is correct.Options A, B, and D are incorrect because they do not address the issue and D isnonsense.

scea exam questions 4 copy

Documents