Sun Java Solaris Communities My SDN Account Join SDN
» search tips 
Sun Developer Network
Developers Home > Products & Technologies > Java Technology > J2SE > Core Java > Security > Community > Books & Authors > Inside Java 2 Platform Security, Second Edition: Architecture, API Design and Implementation >
 
Inside Java 2 Platform Security, Second Edition: Architecture, API Design and Implementation

"QUIZ: Inside Java 2 Platform Security, Second Edition: Architecture, API Design and Implementation"

 
  Print-friendly VersionPrint-friendly Version

Quizzes Index


By Gary Ellison
October 2003
Duke

This quiz is based on the book, Inside Java 2 Platform Security, Second Edition: Architecture, API Design and Implementation published by Addison-Wesley. The quiz is based on material throughout the book. Test your knowledge of the Java 2 platform security features. If you do not know an answer, take your best guess.

Choose the best answer(s) for each question, then click Submit to see how you scored.

 

1. A security model which enforces a dominate relationship of read-down and write-up is known as:

  A. Chinese Wall
  B. Biba
  C. Bell-Lapadula
  D. Sandbox

2. Type safety in the Java language prevents the following attack vectors:

  A. Buffer overflows
  B. Data access violations
  C. Execution of malicious code
  D. Choices A and B
  E. Choices A and C

3. The type of a class is specified by:

  A. Its fully qualified class name
  B. Its code source
  C. Its defining class loader
  D. Choices A and B
  E. Choices A and C

4. Calling AccessController.doPrivileged will:

  A. Increase the privileges of the calling class
  B. Decrease the privileges of the calling class
  C. Assert the privileges of the calling class
  D. None of the above

5. In J2SE, all signed classes are implicitly trusted and granted full access:

  A. true
  B. false

6. Security policy enforcement may be performed by:

  A. The installed instance of the java.security.Policy class
  B. The installed instance of the java.lang.SecurityManager class
  C. The java.security.AccessController class
  D. Choices B and C
  E. All of the above

7. The method Subject.doAs associates a Subject with the thread of execution by:

  A. Updating the principals bound to the ProtectionDomains on the calling thread.
  B. Associating a DomainCombiner with an AccessControlContext and binding it to the execution thread by invoking AccessController.doPrivileged
  C. Associating itself with a ThreadLocal variable of the calling thread
  D. None of the above

8. The principal role of a TrustManager is to:

  A. Challenge the user for credentials
  B. Determine if presented authentication credentials should be trusted
  C. Verify signed JAR files
  D. Make policy decisions based on the trustworthiness of mobile code

9. Effectively, permissions are accorded to a class:

  A. Statically when the class is defined
  B. Dynamically during a security check
  C. Both of the above
  D. None of the above

10. A class is allowed access to package private (a.k.a. default access) members of another class:

  A. If both classes are defined by the same class loader
  B. If both classes are in the same package and defined by the same class loader
  C. Never
  D. Always

11. In J2SE, security policy is expressed

  A. Programmatically
  B. Declaratively
  C. Both of the above

12. The MessageDigest class provides

  A. A mechanism to compute a cryptographically secure hash
  B. A mechanism to build MIME messages
  C. A digital signature
  D. A summary of the contents of a mail message



About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment
How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
Copyright Sun Microsystems, Inc.
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Sun Developer RSS Feeds