- Home
- Oracle
- Java EE 6 Web Component Developer Certified Expert Exam
- Oracle.1z0-899.v2018-04-11.q100
- Question 72
Valid 1Z0-899 Dumps shared by ExamDiscuss.com for Helping Passing 1Z0-899 Exam! ExamDiscuss.com now offer the newest 1Z0-899 exam dumps, the ExamDiscuss.com 1Z0-899 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 1Z0-899 dumps with Test Engine here:
Access 1Z0-899 Dumps Premium Version
(132 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 72/100
A web application uses a cookies to track a client as it navigates through the pages that constitutes the application. Which code snippet can be used by the web application to reduce the chance of a cross-site scripting attack by setting some property of the cookie before returning it to the client?
Correct Answer: A
Explanation/Reference:
When HTTPOnly flag is assigned to a cookie, the browser will restrict the access to such Cookie from Java Script code hence the cookie would only be sent to the subsequent request to server but cannot be accessed using client side script. In such a case even if website is vulnerable to Cross Site Scripting (XSS) attacks, still the browser would safeguard the data stored into cookies flagged as HTTPOnly.
Incorrect:
Not D: If Secure flag is set for Cookie then it may only be transmitted over secure channel (SSL/HTTPS) ensuring that data is always encrypted while transmitting from client to server.
When HTTPOnly flag is assigned to a cookie, the browser will restrict the access to such Cookie from Java Script code hence the cookie would only be sent to the subsequent request to server but cannot be accessed using client side script. In such a case even if website is vulnerable to Cross Site Scripting (XSS) attacks, still the browser would safeguard the data stored into cookies flagged as HTTPOnly.
Incorrect:
Not D: If Secure flag is set for Cookie then it may only be transmitted over secure channel (SSL/HTTPS) ensuring that data is always encrypted while transmitting from client to server.
- Question List (100q)
- Question 1: A web application for business expense reporting allows uplo...
- Question 2: A web application allows the HTML title banner to be set usi...
- Question 3: Which element of a web application deployment descriptor <...
- Question 4: To add a servlet to a context that has not been declared eit...
- Question 5: View the exhibit. (Exhibit) Assume the tag library in the ex...
- Question 6: A web application wants to expose to its clients an operatio...
- Question 7: Given the element from the web application deployment descri...
- Question 8: Which is a benefit of precompiling a JSP page?...
- Question 9: In ServletContext.getNamedDispatcher(string arg0) arg0 is th...
- Question 10: When using Servlet asynchronous API if you want to dispatch ...
- Question 11: Which is a valid value for the enum EmptyRoleSemantic in Jav...
- Question 12: Given: 3. class MyServlet extends HttpServlet { 4. public vo...
- Question 13: A popular Ajax framework and its companion widget library co...
- Question 14: A Client wants to retrieve a representation of a resource, e...
- Question 15: Which EL expression returns true if no session has been esta...
- Question 16: Your web application requires the adding and deleting of man...
- Question 17: Given an HttpServletRequestrequest and HttpResponseresponse,...
- Question 18: Users of your web application have requested that they shoul...
- Question 19: A Client wants to retrieve a representation of a resource, f...
- Question 20: A web application wants to register a new servlet at runtime...
- Question 21: Which annotation specifies the metadata as a javax.servlet.h...
- Question 22: All of your JSPs need to have a link that permits users to e...
- Question 23: When using the @WebListener annotation, the class on which t...
- Question 24: A servlet class is injected with a JDBC data source. After i...
- Question 25: You are creating a web form with this HTML: 11. <form act...
- Question 26: A developer chooses to avoid using singieThreadModel but wan...
- Question 27: You are creating a JSP page to display a collection of data....
- Question 28: ServletRegistration.Dynamic can be used to configure (Choose...
- Question 29: Given the fragment from Java EE deployment descriptor: 341. ...
- Question 30: Which security mechanism uses the concept of a realm?...
- Question 31: As a convenience feature, your web pages include an Ajax req...
- Question 32: Which two actions protect a resource file from direct HTTP a...
- Question 33: APIs for dynamically registering servlets and filters can be...
- Question 34: Which Java expression can be used to check whether the web c...
- Question 35: During initialization, a servlet finds that the database con...
- Question 36: Which two are true about the JSTL core iteration custom tags...
- Question 37: In a jsp-centric shopping cart application cart application ...
- Question 38: Which statement is true about web container session manageme...
- Question 39: You are creating a new ISP page and you need to execute some...
- Question 40: You want to create a filter for your web application and you...
- Question 41: Given an HttpServletRequest request: 22. String id = request...
- Question 42: Given that a web application consists of two HttpServlet cla...
- Question 43: ServletContextListeners are invoked in...
- Question 44: Which describes a trigger that causes a call to an AsyncList...
- Question 45: Given an EL function declared with: (Exhibit) Which two are ...
- Question 46: Refer to the Exhibit. (Exhibit) A servlet sets a session-sco...
- Question 47: A method call inside your servlet has thrown an IOException ...
- Question 48: Click the Exhibit button. Given the HTML form: 1. <html&g...
- Question 49: Assume a JavaBean com.example.GradedTestBean exists and has ...
- Question 50: Which of following annotations can be used in a servlet clas...
- Question 51: You have built a web application that you license to small b...
- Question 52: Given: (Exhibit) Which three EL expressions, inserted at lin...
- Question 53: You are building a dating web site. The client's date of bir...
- Question 54: You have a simple wpb application that has a single Front Co...
- Question 55: View the Exhibit. (Exhibit) Given: 10. <form action='crea...
- Question 56: Given this fragment in a servlet: 23. if(reg.isUserInRole("A...
- Question 57: Given: 1. <% int[] nums = {42,420,4200}; 2. request.setAt...
- Question 58: You are building a dating service web site. Part of the form...
- Question 59: Which EL expression evaluates to the request URI?...
- Question 60: Which two statements are true about the security-related tag...
- Question 61: Which JSP standard action can be used to import content from...
- Question 62: A web browser need NOT always perform a complete request for...
- Question 63: Which annotation enables a servlet to efficiently process re...
- Question 64: Given the annotation for MyServlet: @WebServlet{"/abc") @Ser...
- Question 65: Given a web fragment jar file, where should we put the web f...
- Question 66: Given the definition of Myobject and that an instance of Myo...
- Question 67: You are implementing a model component. You realize that an ...
- Question 68: You need to create a JavaBean object that is used only withi...
- Question 69: Which of the following are attributes of the annotation java...
- Question 70: The jquery_1_3_2.jar file contains the JQuery Ajax framework...
- Question 71: Which defines the welcome files in a web application deploym...
- Question 72: A web application uses a cookies to track a client as it nav...
- Question 73: For which three events can web application event listeners b...
- Question 74: Which java code snippet roles "MANAGER" and "EMPLOYEE" in a ...
- Question 75: Your web application requires the ability to load and remove...
- Question 76: Refer to the Exhibit. (Exhibit) Assuming the tag library in ...
- Question 77: To take advantage of the capabilities of modern browsers tha...
- Question 78: Which java code snippet checks whether the user is of the ro...
- Question 79: Which method must be used to encode a URL passed as an argum...
- Question 80: Given the java code snippet in contextInitialized method of ...
- Question 81: Given the portion of a valid Java EE web application's direc...
- Question 82: View the Exhibit. (Exhibit) Assume the product attribute doe...
- Question 83: Servlet A forwarded a request to servlet B using the forward...
- Question 84: Given a jar file packaged with three web fragments with name...
- Question 85: Given a header in an HI IP request: X-Retries: 4 A Which two...
- Question 86: You are building a web application with a scheduling compone...
- Question 87: Which code snippet specifies the metadata for a servlet with...
- Question 88: Which three are true about the HttpServletRequestWrapper cla...
- Question 89: You are working on a JSP that is intended to inform users ab...
- Question 90: Which JSTL code snippet can be used to import content from a...
- Question 91: A developer wants to make a name attribute available to all ...
- Question 92: A session-scoped attribute is stored by a servlet, and then ...
- Question 93: Given: 11. <% 12. request.setAttribute ("vals", new Strin...
- Question 94: You have a use in your web application that adds several ses...
- Question 95: Which of the following annotations relate to security in a s...
- Question 96: View the Exhibit. (Exhibit) Which two technologies would be ...
- Question 97: View the Exhibit. (Exhibit) Given the web application deploy...
- Question 98: Which interface must a class implement so that instances of ...
- Question 99: For manageability purposes, you have been told to add a "cou...
- Question 100: Given an HttpServletRequest request and an httpServletRespon...
