SCWCD(310-083) 201~250

Q: 201 Which statement is true about web container session management?
A. Access to session-scoped attributes is guaranteed to be thread-safe by the web container.
B. To activate URL rewriting, the developer must use the HttpServletResponse.setURLRewriting method.
C. If the web application uses HTTPS, then the web container may use the data on the HTTPS request stream
to identify the client.
D. The JSESSIONID cookie is stored permanently on the client so that a user may return to the web
application and the web container will rejoin that session.
Answer: C
解析：(同25题)
B.URL重写用HttpServletResponse.encodeURL(或encodeRedirectURL)
D.JSESSIONID是禁用cookie时，URL重写产生的

Q: 202 You are designing an n-tier Java EE application. You have already
decided that some of your JSPs will need to get data from a Customer entity bean. You are trying to
decide whether to use a Customer stub object or a Transfer Object. Which two statements are true?
(Choose two.)
A.The stub will increase network traffic.
B.The Transfer Object will decrease data staleness.
C.The stub will increase the logic necessary in the JSPs.
D.In both cases, the JSPs can use EL expressions to get data.
E.Only the Transfer Object will need to use a Business Delegate.
F.Using the stub approach allows you to design the application without using a Service Locator.
Answer: A, D
解析：(同127题)
A.传输对象减少颗粒度，但会增加网络压力。
D.JSP能使用EL表达式获取数据。

Q: 203 Which two are characteristics of the Intercepting Filter pattern? (Choose
two.)
A.It provides centralized request handling for incoming requests.
B.It forces resource authentication to be distributed across web components.
C.It reduces coupling between presentation-tier clients and underlying business services.
D.It can be added and removed unobtrusively, without requiring changes to existing code.
E.It allows preprocessing and postprocessing on the incoming requests and outgoing responses.
Answer: D, E
解析:
D.拦截器提供抽插式的组件
E.拦截器能在请求之前或之后处理数据

Q: 204 A developer has created a web application that includes a servlet for each
use case in the application. These servlets have become rather difficult to maintain because the request
processing methods have become very large. There is also common processing code in many servlets
because these use cases are very similar. Which two design patterns can be used together to refactor and
simplify this web application? (Choose two.)
A. Proxy
B. View Helper
C. Front Controller
D. Session Facade
E. Business Delegate
F. Model-View-Controller
Answer: C, F
C.Front Controller(前端控制器)统一处理所有请求。
F.mvc模式减少耦合和重复代码

Q: 205 A developer is designing a multi-tier web application and discovers a need
to hide the details of establishing and maintaining remote communications from the client. In addition,
the application needs to find, in a transparent manner, the heterogeneous business components used to
service the client's requests. Which design patterns, working together, address these issues?
A.Business Delegate and Transfer Object
B.Business Delegate and Service Locator
C.Front Controller and Business Delegate
D.Intercepting Filter and Transfer Object
E.Model-View-Controller and Intercepting Filter
Answer: B
解析：
Business Delegate(业务代理)减少表示层和逻辑层的耦合，实现对业务逻辑的透明调用。
Service Locator(服务器定位)使用统一的服务访问，隐藏详细操作。

Q: 206 A developer is designing a web application that must support multiple
interfaces, including:
an XML web service for B2B
HTML for web-based clients
WML for wireless customers
Which design pattern provides a solution for this problem?
A.Session Facade
B.Business Delegate
C.Data Access Object
D.Model-View-Controller
E.Chain of Responsibility
Answer: D
解析：mvc模式使数据和页面分离，使相同的数据能对应不同的页面

Q: 207 A developer is designing a web application which extensively uses EJBs
and JMS. The developer finds that there is a lot of duplicated code to build the JNDI contexts to access
the beans and queues. Further, because of the complexity, there are numerous errors in the code. Which
J2EE design pattern provides a solution for this problem?
A.Command
B.Transfer Object
C.Service Locator
D.Session Facade
E.Business Delegate
F.Data Access Object
Answer: C
解析：Service Locator(服务器定位)，提供统一的服务器访问方法，减少重复代码。

Q: 208 A developer is designing a web application that must support multiple
interfaces, including:
an XML web service for B2B
HTML for web-based clients
WML for wireless customers
Which design pattern provides a solution for this problem?
A.Session Facade
B.Business Delegate
C.Data Access Object
D.Model-View-Controller
E.Chain of Responsibility
Answer: D
解析:(同206)mvc支持不同的页面使用相同的数据

Q: 209 Which two are characteristics of the Front Controller pattern? (Choose
two.)
A.It simplifies remote interfaces to distributed objects.
B.It promotes cleaner application partitioning and encourages reuse.
C.It provides an initial point of contact for handling all related requests.
D.It reduces maintainability due to the increased complexity of the design.
E.It provides loosely coupled handlers that can be combined in various permutations.
Answer: B, C
解析：
B.前端控制使程序结构更清晰和增加重用性.
C.提供一个联系的中心处理所以请求关系。

Q: 210 Squeaky Beans Inc. hired an outside consultant to develop their web
application. To finish the job quickly, the consultant created several dozen JSP pages that directly
communicate with the database. The Squeaky business team has since purchased a set of business objects
to model their system, and the Squeaky developer charged with maintaining the web application must
now refactor all the JSPs to work with the new system. Which pattern can the developer use to solve this
problem?
A.Transfer Object
B.Service Locator
C.Intercepting Filter
D.Business Delegate
Answer: D
解析：Business Delegate增加代理层访问数据（使新页面能用于原理的逻辑控制）。


Q: 211 A developer is designing the presentation tier for a web application that
relies on a complex session bean. The session bean is still being developed and the APIs for it are NOT
finalized. Any changes to the session bean API directly impacts the development of the presentation tier.
Which design pattern provides a means to manage the uncertainty in the API?
A.View Helper
B.Front Controller
C.Composite View
D.Intercepting Filter
E.Business Delegate
F.Chain of Responsibility
Answer: E
解析：Business Delegate业务代理能适应不同层之间的变化。

Q: 212 A developer is designing a multi-tier web application and discovers a need
to log each incoming client request. Which two patterns, taken independently, provide a solution for this
problem? (Choose two.)
A.Transfer Object
B.Service Locator
C.Front Controller
D.Intercepting Filter
E.Business Delegate
F.Model-View-Controller
Answer: C, D
解析：前端控制加拦截过滤记录每一个客户端的请求。

Q: 213 A developer is designing a multi-tier web application and discovers a need
to hide the details of establishing and maintaining remote communications from the client. In addition,
because the business and resource tiers are distributed, the application needs to minimize the inter-tier
network traffic related to servicing client requests. Which design patterns, working together, address
these issues?
A.Front Controller and Transfer Object
B.Front Controller and Service Locator
C.Business Delegate and Transfer Object
D.Business Delegate and Intercepting Filter
E.Model-View-Controller and Intercepting Filter
Answer: C
解析：Business Delegate隐藏访问细节,Transfer Object减少传输颗粒度提高网络质量。

Q: 214 Click the Task button.
Place the servlet name onto every request URL, relative to the web application context root, that will
invoke that servlet. Every request URL must be filled.
Answer: Check ExamWorx eEngine, Download from Member Center

解析：请求/data/*返回DataServlet,请求*.do返回ControServlet

Q: 215 Given a portion of a valid Java EE web application's directory structure:
MyApp
|
|-- File1.html
|
|-- Directory1
| |-- File2.html |
|-- META-INF
| |-- File3.html
You want to know whether File1.html, File2.html, and/or File3.html will be directly accessible by your
web client's browsers.
Which statement is true?
A.All three files are directly accessible.
B.Only File1.html is directly accessible.
C.Only File2.html is directly accessible.
D.Only File3.html is directly accessible.
E.Only File1.html and File2.html are directly accessible.
F.Only File1.html and File3.html are directly accessible.
G.Only File2.html and File3.html are directly accessible.
Answer: E
解析：META-INF和WEB-INF目录默认禁止访问

Q: 216 Which three are described in the standard web application deployment
descriptor? (Choose three.)
A.session configuration
B.MIME type mappings
C.context root for the application
D.servlet instance pool configuration
E.web container default port bindings
F.ServletContext initialization parameters
Answer: A, B, F
解析：(同82)C.上下文路径，D.servlet初始化实例池，E.容器默认端口都不是web程序部署的内容。

Q: 217 You have created a servlet that generates weather maps. The data for these
maps is calculated by a remote host. The IP address of this host is usually stable, but occasionally does
have to change as the corporate network grows and changes. This IP address used to be hard coded, but
after the fifth change to the IP address in two years, you have decided that this value should be declared
in the deployment descriptor so you do NOT have the recompile the web application every time the IP
address changes. Which deployment descriptor snippet accomplishes this goal?
A. <serlvet-param>
<name>WeatherServlet.hostIP</name>
<value>127.0.4.20</value>
</servlet-param>
B. <init-param>
<name>WeatherServlet.hostIP</name>
<value>127.0.4.20</value>
</init-param>
C. <servlet>
<!-- servlet definition here -->
<param-name>WeatherServlet.hostIP</param-name>
<param-value>127.0.4.20</param-value>
</servlet>
D. <init-param>
<param-name>WeatherServlet.hostIP</param-name>
<param-value>127.0.4.20</param-value>
</init-param>
E. <serlvet-param>
<param-name>WeatherServlet.hostIP</param-name>
<param-value>127.0.4.20</param-value>
</servlet-param>
Answer: D
解析：
application范围内的参数：
<context-param>
<param-name></param-name>
<param-value></param-value>
</context-param>
servlet范围内参数：
<init-param>
<param-name></param-name>
<param-value></param-value>
</init-param>

Q: 218 In which two locations can library dependencies be defined for a web
application? (Choose two.)
A.the web application deployment descriptor
B.the /META-INF/dependencies.xml file
C.the /META-INF/MANIFEST.MF manifest file
D.the /META-INF/MANIFEST.MF manifest of a JAR in the web application classpath
Answer: C, D
解析：声明库依赖:在/META-INF/MANIFEST.MF文件中描述，或者导入jar包

Q: 219 Which two about WAR files are true? (Choose two.)
A.WAR files must be located in the web application library directory.
B.WAR files must contain the web application deployment descriptor.
C.WAR files must be created by using archive tools designed specifically for that purpose.
D.The web container must serve the content of any META-INF directory located in a WAR file.
E.The web container must allow access to resources in JARs in the web application library directory.
Answer: B, E
解析：(同47)
B.WAR文件必须包含web应用程序的部署文件。
D.WAR中的META-INF文件夹存放一些配置文件。
E.web容器能访问库文件夹内jar文件中的资源。

Q: 220 Given this fragment from a Java EE deployment descriptor:
341.<error-page>
342.<exception-type>java.lang.Throwable</exception-type>
343.<location>/mainError.jsp</location>
344.</error-page>
345.<error-page>
346.<exception-type>java.lang.ClassCastException</exception-type>
347.<location>/castError.jsp</location>
348.</error-page>
If the web application associated with the fragment above throws a ClassCastException.
Which statement is true?
A.The deployment descriptor is invalid.
B.The container invokes mainError.jsp.
C.The container invokes castError.jsp.
D.Neither mainError.jsp nor castError.jsp is invoked.
Answer: C
解析：ClassCastException异常返回castError.jsp页面

Q: 221 Which defines the welcome files in a web application deployment
descriptor?
A. <welcome>
<welcome-file>/welcome.jsp</welcome-file>
</welcome>
<welcome>
<welcome-file>/index.html</welcome-file>
</welcome>
B. <welcome-file-list>
<welcome-file>welcome.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
C. <welcome>
<welcome-file>welcome.jsp</welcome-file>
</welcome>
<welcome>
<welcome-file>index.html</welcome-file>
</welcome>
D. <welcome-file-list>
<welcome-file>/welcome.jsp</welcome-file>
<welcome-file>/index.html</welcome-file>
</welcome-file-list>
E. <welcome>
<welcome-file>
<welcome-name>Welcome</welcome-name>
<location>welcome.jsp</location>
</welcome-file>
<welcome-file>
<welcome-name>Index</welcome-name>
<location>index.html</location>
</welcome-file>
</welcome>
Answer: B
解析：B.设置欢迎页面，D也不会错，但是默认生成的是不带'/'

Q: 222 Click the Exhibit button.
Assume the product attribute does NOT yet exist in any scope.
Which two create an instance of com.example.Product and initialize the name and price properties to the
name and price request parameters? (Choose two.)
package com.example;
public class Product{
    private String name;
    private double price;
    public Product(){
        this("Default",0.0);
    }
    public Product(String name,double price){
        this.name=name;
        this.price=price;
    }
    public String getName(){
        return name;
    }
    public setName(String name){
        this.name=name;
    }
    public double getPrice(){
        return price;
    }
    public void setPrice(double price){
        this.price=price;
    }
}

A. <jsp:useBean id="product" class="com.example.Product" />
   <jsp:setProperty name="product" property="*" />
B. <jsp:useBean id="product" class="com.example.Product" />
   <% product.setName( request.getParameter( "name" ) ); %>
   <% product.setPrice( request.getParameter( "price" ) ); %>
C. <jsp:useBean id="product" class="com.example.Product" />
   <jsp:setProperty name="product" property="name"value="${param.name}" />
   <jsp:setProperty name="product" property="price"value="${param.price}" />
D. <jsp:useBean id="product" class="com.example.Product">
   <jsp:setProperty name="product" property="name"value="${name}" />
   <jsp:setProperty name="product" property="price"value="${price}" />
   </jsp:useBean>
Answer: A, C
解析：
A.property="*"表示所有名字和bean名字匹配的请教参数都会传递给相应的get方法。
B.scriptlet不能设置bean的属性。
C.EL表达式获取传递参数：${param.name}

Q: 223 Click the Exhibit button.
A session-scoped attribute, product, is stored by a servlet. That servlet then forwards to a JSP page. This
attribute holds an instance of the com.example.Product class with a name property of "The Matrix" and
price property of 39.95.
Given the JSP page code snippet:
1. <jsp:useBean id='product' class='com.example.Product'>
2. <jsp:setProperty name='product' property='price' value='49.95'/>
3. </jsp:useBean>
4. <%= product.getName() %> costs <%= product.getPrice() %>
What is the response output of this JSP page code snippet?
package com.example;
public class Product{
    private String name;
    private double price;
    public Product(){
        this("Default",0.0);
    }
    public Product(String name,double price){
        this.name=name;
        this.price=price;
    }
    public String getName(){
        return name;
    }
    public setName(String name){
        this.name=name;
    }
    public double getPrice(){
        return price;
    }
    public void setPrice(double price){
        this.price=price;
    }
}
A.Default costs 0.0
B.Default costs 49.95
C.Default costs 39.95
D.The Matrix costs 0.0
E.The Matrix costs 49.95
F.The Matrix costs 39.95
Answer: B
解析：jsp:useBean指定id和scope能找已存在的实例，因为scope默认是page所以E不对。

Q: 224 Click the Exhibit button.
A servlet sets a session-scoped attribute product with an instance of com.example.Product and forwards
to a JSP.
Which two output the name of the product in the response? (Choose two.)
package com.example;
public class Product{
    private String name;
    private double price;
    public Product(){
        this("Default",0.0);
    }
    public Product(String name,double price){
        this.name=name;
        this.price=price;
    }
    public String getName(){
        return name;
    }
    public setName(String name){
        this.name=name;
    }
    public double getPrice(){
        return price;
    }
    public void setPrice(double price){
        this.price=price;
    }
}
A. ${product.name}
B. <jsp:getProperty name="product" property="name" />
C. <jsp:useBean id="com.example.Product" />
   <%= product.getName() %>
D. <jsp:getProperty name="product" class="com.example.Product" property="name" />
E. <jsp:useBean id="product" type="com.example.Product">
   <%= product.getName() %>
   </jsp:useBean>
Answer: A, B
解析：只问怎么输出bean的值，C、E没指定scope，Djsp:getProperty没有class属性

Q: 225 You have built your own light-weight templating mechanism. Your
servlets, which handle each request, dispatch the request to one of a small set of template JSP pages. Each
template JSP controls the layout of the view by inserting the header, body, and footer elements into
specific locations within the template page. The URLs for these three elements are stored in
request-scoped variables called, headerURL, bodyURL, and footerURL, respectively. These attribute
names are never used for other purposes. Which JSP code snippet should be used in the template JSP to
insert the JSP content for the body of the page?
A.<jsp:insert page='${bodyURL}' />
B.<jsp:insert file='${bodyURL}' />
C.<jsp:include page='${bodyURL}' />
D.<jsp:include file='${bodyURL}' />
E.<jsp:insert page='<%= bodyURL %>' />
F.<jsp:include page='<%= bodyURL %>' />
Answer: C
解析：
<jsp:include  page=“ “/>动作是在请求时，装入该page所指页面。
<%@ include file=“ ”%>转译时与该页面一起翻译成java代码；

Q: 226 Given:
3. public class MyTagHandler extends TagSupport {
4. public int doStartTag() {
5. // insert code here
6. // return an int
7. }
8. // more code here
...
18. }
There is a single attribute foo in the session scope.
Which three code fragments, inserted independently at line 5, return the value of the attribute? (Choose
three.)
A. Object o = pageContext.getAttribute("foo");
B. Object o = pageContext.findAttribute("foo");
C. Object o = pageContext.getAttribute("foo",PageContext.SESSION_SCOPE);
D. HttpSession s = pageContext.getSession();
   Object o = s.getAttribute("foo");
E. HttpServletRequest r = pageContext.getRequest();
   Object o = r.getAttribute("foo");
Answer: B, C, D
解析：findAttribute能在所以范围中查找属性，pageContext为上下文，getSession恩能从上下文中获取会话

Q: 227 You are creating a content management system (CMS) with a web
application front-end. The JSP that displays a given document in the CMS has the following general
structure:
1. <%-- tag declaration --%>
2. <t:document>
...
11. <t:paragraph>... <t:citation docID='xyz' /> ...</t:paragraph>
...
99. </t:document>
The citation tag must store information in the document tag for the document tag to generate a reference
section at the end of the generated web page.
The document tag handler follows the Classic tag model and the citation tag handler follows the Simple
tag model. Furthermore, the citation tag could also be embedded in other custom tags that could have
either the Classic or Simple tag handler model.
Which tag handler method allows the citation tag to access the document tag?
A. public void doTag() {
   JspTag docTag = findAncestorWithClass(this, DocumentTag.class);
   ((DocumentTag)docTag).addCitation(this.docID);
}
B. public void doStartTag() {
   JspTag docTag = findAncestorWithClass(this, DocumentTag.class);
   ((DocumentTag)docTag).addCitation(this.docID);
}
C. public void doTag() {
   Tag docTag = findAncestor(this, DocumentTag.class);
   ((DocumentTag)docTag).addCitation(this.docID);
}
D. public void doStartTag() {
   Tag docTag = findAncestor(this, DocumentTag.class);
   ((DocumentTag)docTag).addCitation(this.docID);
}
Answer: A
解析：SimpleTag只有doTag()方法,BodyTag才有doStartTag()方法。
findAncestor递归查找tag标签.

Q: 228 Given:
6. <myTag:foo bar='42'>
7. <%="processing" %>
8. </myTag:foo>
and a custom tag handler for foo which extends TagSupport.
Which two are true about the tag handler referenced by foo? (Choose two.)
A.The doStartTag method is called once.
B.The doAfterBody method is NOT called.
C.The EVAL_PAGE constant is a valid return value for the doEndTag method.
D.The SKIP_PAGE constant is a valid return value for the doStartTag method.
E.The EVAL_BODY_BUFFERED constant is a valid return value for the doStartTag method.
Answer: A, C
解析：继承TagSupport类：
A.doStartTag方法会被第一个调用
B.doAfterBody处理标签体。
C.EVAL_PAGE继续处理页面，由doEndTag返回
D.SKIP_PAGE停止处理页面，有doEndTag返回
E.BodyTag的doStartTag方法才能返回EVAL_BODY_BUFFERED

Q: 229 Which two are true concerning the objects available to developers creating
tag files? (Choose two.)
A.The session object must be declared explicitly.
B.The request and response objects are available implicitly.
C.The output stream is available through the implicit outStream object.
D.The servlet context is available through the implicit servletContext object.
E.The JspContext for the tag file is available through the implicit jspContext object.
Answer: B, E
解析：
tag file中的out.config.request.response.session.application能够隐式调用。
E.tag file中的JspContext编译时会转为jspContext对象

Q: 230 You web application uses a lot of Java enumerated types in the domain
model of the application. Built into each enum type is a method, getDisplay(), which returns a localized,
user-oriented string. There are many uses for presenting enums within the web application, so your
manager has asked you to create a custom tag that iterates over the set of enum values and processes the
body of the tag once for each value; setting the value into a page-scoped attribute called, enumValue.
Here is an example of how this tag is used:
10. <select name='season'>
11. <t:everyEnum type='com.example.Season'>
12. <option value='${enumValue}'>${enumValue.display}</option>
13. </t:everyEnum>
14. </select>
You have decided to use the Simple tag model to create this tag handler.
Which tag handler method will accomplish this goal?
A. public void doTag() throw JspException {
try {
    for ( Enum value : getEnumValues() ) {
        pageContext.setAttribute("enumValue", value);
        getJspBody().invoke(getOut());
    }
    } (Exception e) { throw new JspException(e); }
}
B. public void doTag() throw JspException {
try {
    for ( Enum value : getEnumValues() ) {
        getJspContext().setAttribute("enumValue", value);
        getJspBody().invoke(null);
    }
    } (Exception e) { throw new JspException(e); }
}
C. public void doTag() throw JspException {
try {
    for ( Enum value : getEnumValues() ) {
        getJspContext().setAttribute("enumValue", value);
        getJspBody().invoke(getJspContext().getWriter());
    }
   } (Exception e) { throw new JspException(e); }
}
D. public void doTag() throw JspException {
try {
    for ( Enum value : getEnumValues() ) {
        pageContext.setAttribute("enumValue", value);
        getJspBody().invoke(getJspContext().getWriter());
    }
    } (Exception e) { throw new JspException(e); }
}
Answer: B
解析：SimpleTag的doTag()可以设置标签体使用的一个属性，要先调用getJspContext().setAttribute(),再调用getJspBody().invoke()
invoke(null)输出的结果不被缓存。

Q: 231 Which two statements are true about the security-related tags in a valid
Java EE deployment descriptor? (Choose two.)
A. Every <security-constraint> tag must have at least one <http-method> tag.
B. A <security-constraint> tag can have many <web-resource-collection> tags.
C. A given <auth-constraint> tag can apply to only one <web-resource-collection> tag.
D. A given <web-resource-collection> tag can contain from zero to many <url-pattern> tags.
E. It is possible to construct a valid <security-constraint> tag such that, for a given resource, no user roles can
access that resource.
Answer: B, E
解析：
A.<security-constraint>的子标签<http-method>是可选的，如果没有该标签表示禁止所以HTTP方法。
B.<security-constraint>标签体内能有多个<web-resource-collection>标签。
E.可以有没有角色能访问的资源。
配置格式：
<security-constraint>
　　<web-resource-coolection>
　　<web-resource-name>Proprietary</web-resource-name>
　　<url-pattern>/propritary/*</url-pattern>
　　</web-resource-coolection>
　　<!-- ... -->
</security-constraint>

Q: 232 Which element of a web application deployment descriptor
<security-constraint> element is required?
A.<realm-name>
B.<auth-method>
C.<security-role>
D.<transport-guarantee>
E.<web-resource-collection>
Answer: E
解析：<security-constraint>必须有资源列表

Q: 233 Which two are required elements for the <web-resource-collection>
element of a web application deployment descriptor? (Choose two.)
A.<realm-name>
B.<url-pattern>
C.<description>
D.<web-resource-name>
E.<transport-guarantee>
Answer: B, D
解析：<web-resource-colection>必须有<web-resource-name>和<url-pattern>,可选<description>和<http-method>

Q: 234 Given:
3. class MyServlet extends HttpServlet {
4. public void doPut(HttpServletRequest req,HttpServletResponse resp)throws ServletException, IOException {
5. // servlet code here
...
26. }
27. }
If the DD contains a single security constraint associated with MyServlet and its only <http-method> tags
and <auth-constraint> tags are:
<http-method>GET</http-method>
<http-method>PUT</http-method>
<auth-constraint>Admin</auth-constraint>
Which four requests would be allowed by the container? (Choose four.)
A.A user whose role is Admin can perform a PUT.
B.A user whose role is Admin can perform a GET.
C.A user whose role is Admin can perform a POST.
D.A user whose role is Member can perform a PUT.
E.A user whose role is Member can perform a POST.
F.A user whose role is Member can perform a GET.
Answer: A, B, C, E
解析：(同36)只有Admin用户有GET、PUT方法的访问权。

Q: 235 What is true about Java EE authentication mechanisms?
A. If your deployment descriptor correctly declares an authentication type of CLIENT_CERT, your users must
have a certificate from an official source before they can use your application.
B. If your deployment descriptor correctly declares an authentication type of BASIC, the container
automatically requests a user name and password whenever a user starts a new session.
C. If you want your web application to support the widest possible array of browsers, and you want to perform
authentication, the best choice of Java EE authentication mechanisms is DIGEST.
D. To use Java EE FORM authentication, you must declare two HTML files in your deployment descriptor,
and you must use a predefined action in the HTML file that handles your user's login.
Answer: D
解析：(同37)
BASIC：HTTP规范
DIGEST：HTTP规范，数据完整性强一些，但不算SSL
FORM：J2EE规范，数据完整性非常弱，没有加密，允许有登录界面。
CLIENT-CERT：J2EE规范，数据完整性很强，公共钥匙

Q: 236 Which two statements are true about using the isUserInRole method to
implement security in a Java EE application? (Choose two.)
A. It can be invoked only from the doGet or doPost methods.
B. It can be used independently of the getRemoteUser method.
C. Can return "true" even when its argument is NOT defined as a valid role name in the deployment descriptor.
D. Using the isUserInRole method overrides any declarative authentication related to the method in which it is
invoked.
E. Using the isUserInRole method overrides any declarative authorization related to the method in which it is
invoked.
Answer: B, C
解析：
B.isUserInRole能单独用于getRemoteUser方法中
C.如果角色没有定义，isUserInRole返回trus

Q: 237 Given an HttpServletRequest request and an HttpServletResponse
response:
41. HttpSession session = null;
42. // insert code here
43. if(session == null) {
44. // do something if session does not exist
45. } else {
46. // do something if session exists
47. }
To implement the design intent, which statement must be inserted at line 42?
A.session = response.getSession();
B.session = request.getSession();
C.session = request.getSession(true);
D.session = request.getSession(false);
E.session = request.getSession("jsessionid");
Answer: D
解析：
C.getSession(true)如果没有该域中没有session就新建一个并返回
D.getSession(false)如果没有session,返回null

Q: 238 You need to store a floating point number, called Tsquare, in the session
scope. Which two code snippets allow you to retrieve this value? (Choose two.)
A. float Tsquare = session.getFloatAttribute("Tsquare");
B. float Tsquare = (Float) session.getAttribute("Tsquare");
C. float Tsquare = (float) session.getNumericAttribute("Tsquare");
D. float Tsquare = ((Float) session.getAttribute.("Tsquare")).floatValue();
E. float Tsquare = ((Float) session.getFloatAttribute.("Tsquare")).floatValue;
F. float Tsquare = ((Float) session.getNumericAttribute.("Tsquare")).floatValue;
Answer: B, D
解析：从session中获取参数getAttribute,其它选项都不对。

Q: 239 A web application uses the HttpSession mechanism to determine if a user
is "logged in." When a user supplies a valid user name and password, an HttpSession is created for that
user.
The user has access to the application for only 15 minutes after logging in. The code must determine how
long the user has been logged in, and if this time is greater than 15 minutes, must destroy the
HttpSession.
Which method in HttpSession is used to accomplish this?
A.getCreationTime
B.invalidateAfter
C.getLastAccessedTime
D.getMaxInactiveInterval
Answer: A
解析：
A.getCreationTime获得session创建时间，比较当前时间就可以知道会话产生时间。
D.getMaxInactiveInterval获得session存活时间。

Q: 240 Which method must be used to encode a URL passed as an argument to
HttpServletResponse.sendRedirect when using URL rewriting for session tracking?
A.ServletResponse.encodeURL
B.HttpServletResponse.encodeURL
C.ServletResponse.encodeRedirectURL
D.HttpServletResponse.encodeRedirectURL
Answer: D
解析：encodeRedirectURL通过sendRedirect方法重定向地址。

Q: 241 Which interface must a session attribute implement if it needs to be
notified when a web container persists a session?
A. javax.servlet.http.HttpSessionListener
B. javax.servlet.http.HttpSessionBindingListener
C. javax.servlet.http.HttpSessionAttributeListener
D. javax.servlet.http.HttpSessionActivationListener
Answer: D
解析：HttpSessionActivationListener监听session的活动状态。

Q: 242 What is the purpose of session management?
A. To manage the user's login and logout activities.
B. To store information on the client-side between HTTP requests.
C. To store information on the server-side between HTTP requests.
D. To tell the web container to keep the HTTP connection alive so it can make subsequent requests without the
delay of making the TCP connection.
Answer: C
解析：session会话的一般用途是保存信息在服务器端。

Q: 243 You need to store a Java long primitive attribute, called customerOID, into
the session scope. Which two code snippets allow you to insert this value into the session? (Choose two.)
A. long customerOID = 47L;
   session.setAttribute("customerOID", new Long(customerOID));
B. long customerOID = 47L;
   session.setLongAttribute("customerOID", new Long(customerOID));
C. long customerOID = 47L;
   session.setAttribute("customerOID", customerOID);
D. long customerOID = 47L;
   session.setNumericAttribute("customerOID", new Long(customerOID));
E. long customerOID = 47L;
   session.setLongAttribute("customerOID", customerOID);
F. long customerOID = 47L;
   session.setNumericAttribute("customerOID", customerOID);
Answer: A, C
解析：设置参数用setAttribute，其它选项的方法都不正确

Q: 244 Click the Exhibit button.
Assuming the tag library in the exhibit is imported with the prefix forum, which custom tag invocation
produces a translation error in a JSP page?
<?xml version="1.0" encoding="UTF-8"?>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee web-jsptaglibrary_2_0.xsd" version="2.0">
    <tlib-version>1.0</tlib-version>
    <short-name>forum</short-name>
    <uri>http://example.com/tld/forum</uri>
    <tag>
        <name>message</name>
        <tag-class>com.example.MessageTag</tag-class>
        <body-content>scriptless</body-content>
        <attribute>
            <name>from</name>
            <rtexprvalue>true</rtexprvalue>
        </attribute>
        <attribute>
            <name>subject</name>
            <required>false</required>
            <rtexprvalue>true</rtexprvalue>
        </attribute>
    </tag>
</taglib>

A. <forum:message from="My Name" subject="My Subject" />
B. <forum:message subject="My Subject">
     My message body.
   </forum:message>
C. <forum:message from="My Name" subject="${param.subject}">
    ${param.body}
   </forum:message>
D. <forum:message from="My Name" subject="My Subject">
    <%= request.getParameter( "body" ) %>
   </forum:message>
E. <forum:message from="My Name"subject="<%= request.getParameter( "subject" ) %>">
    My message body.
   </forum:message>
Answer: D

解析：(同176)题目要求选择产生编译错误的选项。
<body-content>设置可以使用scriptless但是不能使用scriptlet，所以D不正确
<rtexprvalue>设置属性取动态值还是静态值，如果true即可以取动态值例如EL表达式

Q: 245 Given in a single JSP page:
<%@ taglib prefix='java' uri='myTags' %>
<%@ taglib prefix='JAVA' uri='moreTags' %>
Which two are true? (Choose two.)
A. The prefix 'java' is reserved.
B. The URI 'myTags' must be properly mapped to a TLD file by the web container.
C. A translation error occurs because the prefix is considered identical by the web container.
D. For the tag usage <java:tag1/>, the tag1 must be unique in the union of tag names in 'myTags' and
'moreTags'.
Answer: A, B
解析：
A.java是保留关键字
B.uri指定标签库文件
C.prefix并没有重复
D.不同标签库中的标签名可以重复。

Q: 246 In a JSP-centric shopping cart application, you need to move a client's
home address of the Customer object into the shipping address of the Order object. The address data is
stored in a value object class called Address with properties for: street address, city, province, country,
and postal code. Which two JSP code snippets can be used to accomplish this goal? (Choose two.)
A. <c:set var='order' property='shipAddress' value='${client.homeAddress}' />
B. <c:set target='${order}' property='shipAddress' value='${client.homeAddress}' />
C. <jsp:setProperty name='${order}' property='shipAddress' value='${client.homeAddress}' />
D. <c:set var='order' property='shipAddress'>
       <jsp:getProperty name='client' property='homeAddress' />
   </c:store>
E. <c:set target='${order}' property='shipAddress'>
    <jsp:getProperty name='client' property='homeAddress' />
   </c:set>
F. <c:setProperty name='${order}' property='shipAddress'>
    <jsp:getProperty name='client' property='homeAddress' />
   </c:setProperty>
Answer: B, E
解析：
<c:set target="">设定bean或者map属性。
<c:set var="">设定变量范围比如：session

Q: 247 Given that a scoped attribute cart exists only in a user's session, which two,
taken independently, ensure the scoped attribute cart no longer exists? (Choose two.)
A.${cart = null}
B.<c:remove var="cart" />
C.<c:remove var="${cart}" />
D.<c:remove var="cart" scope="session" />
E.<c:remove scope="session">cart</c:remove>
F.<c:remove var="${cart}" scope="session" />
G.<c:remove scope="session">${cart}</c:remove>
Answer: B, D
解析：<c:remove var="" scope="">移除范围变量，var指定变量，scope指定范围。

Q: 248 In which three directories, relative to a web application's root, may a tag
library descriptor file reside when deployed directly into a web application? (Choose three.)
A./WEB-INF
B./META-INF
C./WEB-INF/tlds
D./META-INF/tlds
E./WEB-INF/resources
F./META-INF/resources
Answer: A, C, E
解析：除了/META-INF路径，该路径保存配置信息。

Q: 249 You have been contracted to create a web site for a free dating service.
One feature is the ability for one client to send a message to another client, which is displayed in the latter
client's private page. Your contract explicitly states that security is a high priority. Therefore, you need to
prevent cross-site hacking in which one user inserts JavaScript code that is then rendered and invoked
when another user views that content. Which two JSTL code snippets will prevent cross-site hacking in
the scenario above? (Choose two.)
A.<c:out>${message}</c:out>
B.<c:out value='${message}' />
C.<c:out value='${message}' escapeXml='true' />
D.<c:out eliminateXml='true'>${message}</c:out>
E.<c:out value='${message}' eliminateXml='true' />
Answer: B, C
解析：(同175)<c:out>标签有一个escapeXml属性，默认为true，将html标签转为转义字符。

Q: 250 A custom tag is defined to take three attributes. Which two correctly
invoke the tag within a JSP page? (Choose two.)
A. <prefix:myTag a="foo" b="bar" c="baz" />
B. <prefix:myTag attributes={"foo","bar","baz"} />
C. <prefix:myTag jsp:attribute a="foo" b="bar" c="baz" />
D. <prefix:myTag>
    <jsp:attribute a:foo b:bar c:baz />
   </prefix:myTag>
E. <prefix:myTag>
    <jsp:attribute ${"foo", "bar", "baz"} />
   </prefix:myTag>
F. <prefix:myTag>
    <jsp:attribute a="foo" b="bar" c="baz"/>
   </prefix:myTag>
G. <prefix:myTag>
    <jsp:attribute name="a">foo</jsp:attribute>
    <jsp:attribute name="b">bar</jsp:attribute>
   <jsp:attribute name="c">baz</jsp:attribute>
</prefix:myTag>
Answer: A, G
解析：(同173)其它选项attribute属性设置不正确。