Home » Oracle » 1z0-858 » Which two statements are true about the security-related tags in a valid Java EE deployment descriptor?
Which two statements are true about the security-related tags in a valid Java EE deployment descriptor? (Choose two.)
A. Every <security-constraint> tag must have at least one <http-method> tag.
B. A <security-constraint> tag can have many <web-resource-collection> tags.
C. A given <auth-constraint> tag can apply to only one <web-resource-collection> tag.
D. A given <web-resource-collection> tag can contain from zero to many <url-pattern> tags.
E. It is possible to construct a valid <security-constraint> tag such that, for a given resource, no user roles can access that resource.
Correct Answer: BE
Explanation/Reference:
A. The-The <security-constraint> subtab <http-method> in is optional, if the label does not ban so the HTTP method.
B. The <security-constraint> tag body multiple <web-resource-collection> label.
E. can have no role to be able to access resources.
Configuration format:
<security-constraint>
<web-resource-coolection>
<web-resource-name> Proprietary </ web-resource-name>
<url-pattern> / propritary / * </ url-pattern>
</ web-resource-coolection>
<- … ->
</ security-constraint>
Download Printable PDF. VALID exam to help you PASS.
|
|