2015F CST8277 MIDTERM #2 VERSION 122

One-Answer Multiple Choice
25 Questions - 7 of 15%

1. The database component bundled with the Glassfish Application Server implementation of Java EE is called
	a. Oracle
	b. JDBC
	c. SQL
	d. SQL Server
	e. None of these answers (correct)

2. Configuration of Hibernate can be specified by
	a. calls to the RMI Service Registry
	b. serialized Java Objects
	c. using @Config annotations
	d. retrieving configuration information from a database
	e. specifying values in an XML file typically named hibernate.cfg.xml (correct)

3. What aspects of an Enterprise Application do Java EE containers facilitate for the Java developer in ways that Java RMI does not?
	a. Remote connectivity
	b. Security and access to resources
	c. Java Naming and Directory Interface (JNDI) lookup services
	d. All of these answers (correct)
	e. Transaction Management

4. Which pairing of words best represents a correspondence in the context of Java Persistence?
	a. Class : Column
	b. Object : Row (correct)
	c. Table : Instance
	d. Entity : Field
	e. Column : Entity

5. In the Context of Web Application Attacks, Cross-Site Scripting (XSS) is a technique where
	a. A user writes a script intended to be run by another user's web browser (correct)
	b. A user writes a script intended to be run by a website's administrator
	c. A user tricks a server into running a script that was only tested on a different server
	d. None of these answers
	e. A user writes a script intended to be run by another user's web server

6. In the context of Enterprise Programming, Hibernate is
	a. an RDBMS for Java
	b. an implementation of JDBC for Java RMI programs
	c. a Java extension of mysql
	d. a Java implementation of SQL
	e. an implementation of the Java Persistence API (correct)

7. Which of the following is true about Remote Object garbage collection
	a. There is no such thing, remote objects do not get garbage collected
	b. A remote object is garbage collected after a configurable time period has elapsed
	c. A remote object is garbage collected after it is bound to a service name
	d. None of these answers (correct)
	e. A remote object is garbage collected when the server marks it as "dirty"

8. Object-Relational Mapping (ORM) deals with
	a. mapping methods of client objects to remote stubs on a server
	b. none of these answers (correct)
	c. matching stubs of objects on a client to remote objects on a server
	d. matching each attribute of an object to its corresponding row in a database table
	e. mapping static methods in OOP to relational entities in a database

9. Which of the following is true about Java EE components?
	a. None of these answers
	b. The lifecycle of components is handled completely by developer Java code, providing flexibility at deployment time
	c. They are self-contained and cannot communicate with other components, enhancing security
	d. Future versions will be automatically checked for compliance with the Java EE specification (current versions are not)
	e. They are assembled with related classes and files into Java EE applications (correct)
 
10. In the contact management AddressBook application we studied in this course, how are the Java Server Faces pages connected to the named or Managed Bean?
	a. JavaBeans expressions
	b. None of these answers
	c. Expression Language (EL) expressions (correct)
	d. Java Server Pages code
	e. Through a Named Servlet

11. Which pairing of words best represents a correspondence in the context of Java Persistence?
	a. Object : Class
	b. Column : Entity
	c. Table : Instance
	d. Attribute : Column (correct)
	e. Class : Column

12. In a Java EE application that involves a JavaServer Faces web component, the web pages will typically interact with a ____ through the Expression Language facility.
	a. Persistence Bean
	b. Session Bean
	c. Managed Bean or Named Bean (correct)
	d. Fava Bean
	e. Message-driven Bean

13. A Hibernate session factory is used to create Session objects that manage
	a. starting and stopping a database service
	b. the database schema with DDL statements
	c. entity annotations
	d. credentials for connecting to a database
	e. none of these answers (correct)

14. What is a JavaBeans component?
	a. A Java EE component that resides between the persistence layer and the JVM
	b. None of these answers
	c. A Java object that adheres to naming conventions for methods that access properties (correct)
	d. A Java component for implementing applets
	e. Any Java EE component for implementing business rules

15. What is an advantage of web components versus applets?
	a. No Java Plugin is required (correct)
	b. None of these answers
	c. Web components can provide a richer UI experience
	d. Applets provide better security than web components
	e. All of these answers

16. Which of the following is true about Java EE Annotations?
	a. They provide decreased separation of application settings from the source code of the component they affect (correct)
	b. They increase the use of marker interfaces in at least some cases
	c. They precede XML descriptor files for many purposes
	d. They are all defined in the Java Specifications (it is not possible to create custom annotations)
	e. None of these answers

17. Which of the following is a reason a developer might choose to implement a web front end rather than an application client?
	a. To take advantage of better decoupling of presentation from behavior (correct)
	b. Application clients are more secure
	c. The application requires a richer user interface than can be provided with a markup langnage
	d. HTTP is not available
	e. The Java Plugin for the browser might be turned off

18. In the contact management AddressBook application we studied in this course, which of the following is an Enterprise Java Bean (EJB)?
	a. ContactController. java
	b. ContactFacade. java (correct)
	c. Contact.java
	d. All of these answers
	e. AbstractFacade.java

19. In the contact management AddressBook application we studied in this course, which file implements the interface to the database?
	a. ContactController.java
	b. Contact.java
	c. index.xhtml
	d. create.xhtml
	e. ContactFacade.java (correct)

20. Which of the following is true of Java EE?
	a. Java EE includes server-side technologies in addition to Java SE (correct)
	b. All of these answers
	c. None of these answers
	d. Containers form the interface between the client and the low-level web-browser functionality
	e. Each web, enterprise bean, or application client component must be assembled into a Java Server Page and deployed in its EJB container

21. Which pairing of words best represents a correspondence in the context of Java Persistence?
	a. Column : Entity
	b. Entity : Table (correct)
	c. Class : Column
	d. Attribute : Row
	e. Table : Instance

22. SQL Injection is an attack on a server based application where an attacker
	a. bypasses the application to interact with the RDBMS directly
	b. inserts a back door into an RDBMS
	c. often uses SQL comment characters and/or semi-colon (correct)
	d. steals a database userid and password from an application
	e. uses stored procedures to steal information from the database

23. Which of the following is a Security-related annotation in Java EE
	a. @DeclareConstraints
	b. @HTTPDeclare
	c. None of these answers
	d. @LockDownConstraint
	e. @RolesAllowed (correct)

24. The role of Hibernate in a Java application with persistence is an
	a. alternative for JDBC
	b. alternative for SQL
	c. intermediary between Java and JDBC (correct)
	d. alternative for an RDBMS
	e. intermediary between JDBC and an RDBMS

25. Which of the following is a Java EE container type?
	a. None of these answers
	b. Web container (correct)
	c. Fava Bean container
	d. Named Bean container
	e. Managed Bean container


Written Answer Section

Marks for each question are indicated, with a total of 25 Marks (half of 15%).

1. Explain the notion of a container in the context of a Java EE application server. (5 marks)

	Each JEE component runs in a JEE container that manages the lifecycle of that component.  
	Application and Applet components run on the client 
	Web and EJB components run on the server 

	the Java EE server provides underlying services in the form of a container for every component type 

	Containers form the interface between the component and the low--level platform specific functionality 

	Each web, enterprise bean, or application client component must be assembled into a Java EE module and deployed in its container 

	Container settings customize the underlying support by the JavaEE server: 

	Security: Java EE security model lets you configure a web component or enterprise bean so that system resources are accessed only by authorized users. 

	Transaction Management: lets you specify relationships among methods that make up a single transaction so that all methods in one transaction are treated as a single unit. 

	Java Naming and Directory Interface (JNDI) lookup services: provide a unified interface to multiple naming and directory services in the enterprise so that application components can access these services. 

	Remote connectivity model manages low--level communications between clients and enterprise beans. After an enterprise bean is created, a client invokes methods on it as if it were in the same virtual machine. 

2. Explain the mechanism of SQL Injection attacks on a server-based application and summarize how programmers can prevent such attacks. (5 marks)

	The attacker uses SQL statement artifacts (especially comment characters and command separation characters) in fields or parameters of Web Requests, such as usernames or other identifiers that would be used by the Server in a SQL statement against the database.  The Resulting SQL statement is not what the programmer intended: for example, if the attacker enters a username of "x' or 1 = 1';", the SQL statement might end up with a where clause of username = 'x' or 1 = 1''  There exist tools to help the attacker guess at SQL fragments that could result in successful attacks. 
	These attacks can be prevented by:
	using stored procedures to implement SQL queries 
	using parameterized prepared SQL statements 
	sanitizing any user input on the server side, disallowing any characters typically found in SQL statements 

3. Describe the following Annotations. (2 marks each up to 15 marks total)

@Remote
	Used to indicate a remote interface where the interface is defined 
	A JEE session bean implements a remote interface, through which remote clients can access methods of the session bean.

@Stateless
	Used to indicate the annotated class is a JEE stateless session bean
	stateless session beans may be reused across multiple requests, as they perform their tasks without any state

@EJB
	Used to inject a dependency as an Enterprise Java Bean instance into another EJB.
	A common use is to inject a reference to a session bean that acts as a CRUD interface to the database

@SessionScoped
	Used to specify a session scope (as opposed to request scope) of a Named or Managed Bean.
	A session scoped bean maintains its state over the several requests of the session.

@Stateful
	Indicates the annotated class is a stateful session bean.
	Because these entail state, they cannot be reused.

@Singleton
	Indicates the annotated class is a singleton session bean.
	A singleton instance of the EJB is used across the entire application scope.

@Named
	The annotated class is a named managed bean whose name can be referenced in Expression Language expressions in web pages. 
	Requires only a web container.

@Entity
	The annotated class will be a persistent object (an entity) that can be stored in the database through the Java nPersistence API.
	Each entity instance is represented as a row in the database