giac gssp-java practice test

GIAC Secure Software Programmer - Java Exam

Last exam update: Nov 18 ,2025
Page 1 out of 16. Viewing questions 1-15 out of 239

Question 1

Which of the following elements are the subelements of the mime-mapping element in a
deployment descriptor file? Each correct answer represents a complete solution. Choose all that
apply.

  • A. exception-type
  • B. error-code
  • C. extension
  • D. mime-type
  • E. servlet-class
Mark Question:
Answer:

C,D

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 2

John works as a Software Developer for VenTech Inc. He writes the following code using Java.
public class vClass extends Thread
{
public static void main(String args[])
{
vClass vc=new vClass();
vc.run();
}
public void start()
{
for(int k=0;k<20;k++)
{
System.out.println("The value of k = "+k);
}
}
}
What will happen when he attempts to compile and execute the application?

  • A. The application will compile successfully and the values from 0 to 19 will be displayed as the output.
  • B. A compile-time error will occur indicating that no run() method is defined for the Thread class.
  • C. A runtime error will occur indicating that no run() method is defined for the Thread class.
  • D. The application will compile successfully but will not display anything as the output.
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of the following classes is an engine class that provides an opaque representation of
cryptographic parameters?

  • A. DSAPublicKeySpec
  • B. AlgorithmParameterGenerator
  • C. DSAParameterSpec
  • D. AlgorithmParameters
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following statements about programmatic security are true? Each correct answer
represents a complete solution. Choose all that apply.

  • A. The bean provider is responsible for writing code for programmatic security.
  • B. It is also called as instance level security.
  • C. It is implemented using methods of the EJBContext interface.
  • D. It is implemented using the methods of the UserTransaction interface.
Mark Question:
Answer:

A,B,C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following functions are performed by methods of the HttpSessionActivationListener
interface? Each correct answer represents a complete solution. Choose all that apply.

  • A. Notifying the object when it is bound to a session.
  • B. Notifying an attribute that a session has just migrated from one JVM to another.
  • C. Notifying the object when it is unbound from a session.
  • D. Notifying an attribute that a session is about to migrate from one JVM to another.
Mark Question:
Answer:

B,D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Mark works as a Programmer for InfoTech Inc. He develops the following deployment descriptor
code.
<web-app . . . .>
<display-name>A Secure Application</display-name><servlet>
...
<security-role-ref >
<role-name>Manager</role-name>
<role-link>Admin</role-link>
</security-role-ref>
</servlet>
<security-role>
<role-name>Programmer</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>Employee</role-name>
</security-role>
</web-app>
Which of the following is a valid isUserInRole() method call that can be made if request is the
HttpServletRequest request?

  • A. request.isUserInRole("Programmer");
  • B. request.isUserInRole("Manager");
  • C. request.isUserInRole("Admin");
  • D. request.isUserInRole("Employee");
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which of the following methods of the EJBContext interface can be called by both the BMT and CMT
beans? Each correct answer represents a complete solution. Choose all that apply.

  • A. getCallerPrincipal()
  • B. getRollbackOnly()
  • C. getUserTransaction()
  • D. isCallerInRole()
Mark Question:
Answer:

A,D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Mark works as a Programmer for InfoTech Inc. He develops a deployment descriptor code that
contains three valid <security-constraint> elements. All of them constraining a Web resource Res1,
the <auth-constraint> sub-element of the <security-constraint> elements are as follows.
<auth-constraint>Admin</auth-constraint>
<auth-constraint>Manager</auth-constraint>
<auth-constraint/>
Which of the following can access the resource Res1?

  • A. Only Manager can access the resource.
  • B. No one can access the resource.
  • C. Everyone can access the resource.
  • D. Only Admin can access the resource.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which of the following statements correctly describe the features of the singleton pattern? Each
correct answer represents a complete solution. Choose all that apply.

  • A. Singletons are used to control object creation by limiting the number to one but allowing the flexibility to create more objects if the situation changes.
  • B. Singletons can only be stateless, providing utility functions that need no more information than their parameters.
  • C. A singleton class may disappear if no object holds a reference to the Singleton object, and it will be reloaded later when the singleton is needed again.
  • D. The behavior of a singleton can be obtained by static fields and methods such as java.lang.Math.sin(double).
Mark Question:
Answer:

A,C,D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following deployment descriptor elements must contain the <transport-guarantee>
element as its mandatory sub-element?

  • A. <user-data-constraint>
  • B. <web-resource-collection>
  • C. <auth-constraint>
  • D. <login-config>
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Given a code of a class named PrintString that prints a string.
1. public class PrintString{
2. public static void main(String args[]){
3. /*insert code here */
4. /* insert code here */
5. System.out.println(str);
6. }
7. }
Which of the following code fragments can be inserted in the class PrintString to print the output
"4247"?
Each correct answer represents a complete solution. Choose all that apply.

  • A. StringBuilder str= new StringBuilder("123456789"); str.delete(0,3).replace(1,3,"24").delete(4,6);
  • B. StringBuffer str= new StringBuffer("123456789"); str.delete(0,3).replace(1,3,"24").delete(4,6);
  • C. StringBuffer str=new StringBuffer("123456789"); str.substring(3,6).delete(1,2).insert(1,"24");
  • D. StringBuilder str= new StringBuilder("123456789"); str.deleteCharAt(6).replace(1,3,"24").delete(0,3);
  • E. String str="123456789"; str=(str-"123").replace(1,3,"24")-"89";
Mark Question:
Answer:

A,B

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 12

Mark writes a class Practice.java. This class needs to access the com.bar.Test class that is stored in the
Test.jar file in the directory /practice. How would you compile your code?

  • A. javac -classpath /practice/Test.jar Practice.java
  • B. javac -classpath /practice/ Practice.java
  • C. javac -classpath /practice/Test.jar/com/bar Practice.java
  • D. javac -classpath /practice Practice.java
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which of the following statements is true?

  • A. All UTF characters are eight bits long.
  • B. All UTF characters are all sixteen bits long.
  • C. All UTF characters are twenty four bits long.
  • D. All bytecode characters are sixteen bits long.
  • E. All unicode characters are sixteen bits long.
Mark Question:
Answer:

E

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 14

John works as a Programmer for Technostar Inc. He writes the following code using Java.
1. class WrapperClass{
2. public static void main(String[] argv){
3. String str2 = Double.toString(12);
4. String str1 = Double.toHexString(12);
5. System.out.println(str1+str2);
6. }
7. }
What will happen when John attempts to compile and execute the code?

  • A. It will not compile because the Double class does not contain the toHexString() method.
  • B. It will compile and execute successfully and will display 8p312 as the output.
  • C. It will compile and execute successfully and will display 0x1.8p312.0 as the output.
  • D. It will not compile because the Double class does not contain the toString() method.
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Mark works as a Programmer for InfoTech Inc. He develops a Website that uses HTML and processes
HTML validation. Which of the following are the advantages of the HTML application?
Each correct answer represents a complete solution. Choose all that apply.

  • A. It provides password protection for a Web page or directory
  • B. It can be accessed by more visitors.
  • C. It provides faster loading.
  • D. It is easier to update and maintain the site.
  • E. It protects the source or images of a HTML Web page.
  • F. It puts less load on the server.
Mark Question:
Answer:

B,C,D,F

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000
To page 2