考题
An organization has decided to deploy an IBM Tivoli Access Manager for Enterprise Single-on solution to help address security and productivity issues. Per their corporate security policy, the organization has detailed requirements related to password management for their enterprise applications. Which password requirements need to be captured?()A、details related to application user ID requirementsB、policy requirements related to the number of applications that a user can accessC、policy requirements for application and user initiated password resets and password complexityD、do nothing as password policy requirements are best addressed within the application space rather than in an Enterprise Single Sign-On project
考题
Which step do you need to perform to enable a user with the SYSDBA privilege to log in as SYSDBA in iSQL*Plus?()A、The user must be granted the database administrator (DBA) privilege.B、The user must be listed in the password file for the authentication.C、No special setup is needed for the user to connect as SYSDBA in iSQL*Plus.D、Set up a user in the Oracle Application Server Containers for J2EE (OC4J) user manager,and grant the webDba role to the user.
考题
A web application uses the HttpSession mechanism to determine if a user is “logged in”. When a user supplies a valid user name and password, an HttpSession is created for that user. The user has access to the application for only 15 minutes after logging in. The code must determine how long the user has been logged in, and if this time is greater than 15 minutes, must destroy the HttpSession. Which method in HttpSession is used to accomplish this?()A、 getCreationTimeB、 invalidateAfterC、 getLastAccessedTimeD、 getMaxInactiveInterval
考题
Given a web application in which the cookie userName is expected to contain the name of the user. Which EL expression evaluates to that user name?()A、${userName}B、${cookie.userName}C、${cookie.user.name}D、${cookies.userName[0]}
考题
Upon a user’s first visit to the website, which two operations are always performed when the getSession method is called with no arguments in a servlet?()A、 All URLs returned by the server are rewritten.B、 An HttpSession object is created if necessary.C、 The user name and password of the user are checked.D、 The session ID is stored in the HTTP response as a cookie.
考题
A technician needs to use Remote Assistance with a user. The user is asked to use an email application to send the technician an invitation to remotely access the user’s computer. The email application has not been configured in the user’s computer. Which of the following would be another way for the user to send the Remote Assistance invitation? ()A、Configuring the Windows Firewall exceptions.B、Using Windows Messenger.C、Configuring My Network Places.D、Using Internet Explorer.
考题
In form-based authentication, what must be included in the HTML returned from the URL specified by the element?()A、 a base-64 encoded user name and passwordB、 a form that POSTs to the j_security_check URLC、 an applet that requests the user name and password from the userD、 a hidden field that supplies the login-constraint used by the application
考题
A web application uses the HttpSession mechanism to determine if a user is "logged in." When a usersupplies a valid user name and password, an HttpSession is created for that user. The user has access tothe application for only 15 minutes after logging in. The code must determine how long the user has beenlogged in, and if this time is greater than 15 minutes, must destroy the HttpSession. Which method in HttpSession is used to accomplish this?()A、GetcreationtimeB、InvalidateafterC、GetlastaccessedtimeD、Getmaxinactiveinterval
考题
Which statement is true regarding this setting?()A、It drops the connection after the specified number of login attempts fail for any user.B、It is enforced only if the password profile is enabled for the user. C、It locks the user account after the specified number of attempts. D、It drops the connection after the specified number of login attempts fail only for users who have the SYSDBA privilege.
考题
In your database instance, the user sessions are connected to the database server from the remotemachines. You want to achieve the following for these users: 1:The user account must be locked after four unsuccessful login attempts.PASSWORD_LOCK_TIME 2:The user must be prompted to change the password at regular intervals.PASSWORD_LIFE_TIME 3:The user may not have more than three simultaneous sessions.SESSIONS_PER_USER 4:The user session must automatically be logged off if more than 10 minutes elapsed time used.CONNECT_TIME How would you accomplish the above()A、by assigning profiles for the usersB、by implementing Fine-Grained Auditing (FGA)C、by granting a secure application role to the usersD、by implementing the Database Resource Manager plan
考题
You are developing a Web application. The Web application restricts access to an administrative page. The Web application uses the following code segment to protect the page.If Page.User.Identity.Name "CONTOSO/Administrator" Then Response.Redirect("login.aspx")End IfYou are logged on as Administrator. When you display the page, you are redirected to Login.aspx. You discover that the User.Identity.Name property is not being correctly populated. You need to ensure that you can access the page when you are logged on as Administrator. Which two actions should you perform? ()A、In the Web.config file, enable impersonation.B、In IIS, enable anonymous access.C、In IIS, disable anonymous access.D、In the Web.config file, set the authentication mode to Windows.
考题
You are developing a Web application. The Web application restricts access to an administrative page. The Web application uses the following code segment to protect the page.if (Page.User.Identity.Name != @"CONTOSO/Administrator") { the page, you are redirected to Login.aspx. You discover that the User.Identity.Name property is not being correctly populated. You need to ensure that you can access the page when you are logged on as Administrator. Which two actions should you perform? ()A、In the Web.config file, enable impersonation.B、In IIS, enable anonymous access.C、In IIS, disable anonymous access.D、In the Web.config file, set the authentication mode to Windows.
考题
You are implementing an ASP.NET Web application. Users will authenticate to the application with an ID. The application will allow new users to register for an account. The application will generate an ID for the user based on the users full name. You need to implement this registration functionality. Which two actions should you perform?()A、Configure the SqlMembershipProvider in the web.config file.B、Configure the SqlProfileProvider in the web.config file.C、Create an ASP.NET page that contains a default CreateUserWizard control to create a new user account.D、Create an ASP.NET page that contains a custom form that collects the user information and then uses the Membership.CreateUser method to create a new user account.
考题
You work as an ASP.NET Web Application Developer for SomeCompany. The company uses Visual Studio .NET 2010 as its application development platform.You create an ASP.NET Web site using .NET Framework 4.0. Only registered users of the company will be able to use the application. The application holds a page named UserAccount.aspx that enables new users to register them to the registered users„ list of the company. The UserAccount page hold numerous TextBox controls that accept users personal details, such as user name, password, home address, zipcode, phone number, etc. One of the TextBox controls on the page is named ZipCode in which a user enters a zip code. You must ensure that when a user submits the UserAccount page, ZipCode must contain five numeric digits. What will you do to accomplish this?()A、Use RangeValidator.B、Use RegularExpressionValidatorC、Use RequiredValidatorD、Use CompareValidatorE、Use RequiredFieldValidator
考题
单选题Which step do you need to perform to enable a user with the SYSDBA privilege to log in as SYSDBA in iSQL*Plus?()A
The user must be granted the database administrator (DBA) privilege.B
The user must be listed in the password file for the authentication.C
No special setup is needed for the user to connect as SYSDBA in iSQL*Plus.D
Set up a user in the Oracle Application Server Containers for J2EE (OC4J) user manager,and grant the webDba role to the user.
考题
单选题In your database instance, the user sessions are connected to the database server from the remote machines.You want to achieve the following for these users: 1. The user account must be locked after four unsuccessful login attempts. 2. The user must be prompted to change the password at regular intervals. 3. The user may not have more than three simultaneous sessions. 4. The user session must automatically be logged off if more than 10 minutes elapsed time used. How would you accomplish the above()A
By assigning profiles for the usersB
By implementing Fine-Grained Auditing (FGA)C
By granting a secure application role to the usersD
By implementing the Database Resource Manager plan
考题
单选题Given a web application in which the cookie userName is expected to contain the name of the user. Which EL expression evaluates to that user name?()A
${userName}B
${cookie.userName}C
${cookie.user.name}D
${cookies.userName[0]}
考题
单选题In your database instance, the user sessions are connected to the database server from the remotemachines. You want to achieve the following for these users: 1:The user account must be locked after four unsuccessful login attempts.PASSWORD_LOCK_TIME 2:The user must be prompted to change the password at regular intervals.PASSWORD_LIFE_TIME 3:The user may not have more than three simultaneous sessions.SESSIONS_PER_USER 4:The user session must automatically be logged off if more than 10 minutes elapsed time used.CONNECT_TIME How would you accomplish the above()A
by assigning profiles for the usersB
by implementing Fine-Grained Auditing (FGA)C
by granting a secure application role to the usersD
by implementing the Database Resource Manager plan
考题
多选题You are developing a Web application. The Web application restricts access to an administrative page. The Web application uses the following code segment to protect the page.if (Page.User.Identity.Name != @"CONTOSO/Administrator") { the page, you are redirected to Login.aspx. You discover that the User.Identity.Name property is not being correctly populated. You need to ensure that you can access the page when you are logged on as Administrator. Which two actions should you perform? ()AIn the Web.config file, enable impersonation.BIn IIS, enable anonymous access.CIn IIS, disable anonymous access.DIn the Web.config file, set the authentication mode to Windows.
考题
单选题Which statement is true regarding this setting?()A
It drops the connection after the specified number of login attempts fail for any user.B
It is enforced only if the password profile is enabled for the user. C
It locks the user account after the specified number of attempts. D
It drops the connection after the specified number of login attempts fail only for users who have the SYSDBA privilege.
考题
单选题In form-based authentication, what must be included in the HTML returned from the URL specified by the element?()A
a base-64 encoded user name and passwordB
a form that POSTs to the j_security_check URLC
an applet that requests the user name and password from the userD
a hidden field that supplies the login-constraint used by the application
考题
单选题A web application uses the HttpSession mechanism to determine if a user is "logged in." When a usersupplies a valid user name and password, an HttpSession is created for that user. The user has access tothe application for only 15 minutes after logging in. The code must determine how long the user has beenlogged in, and if this time is greater than 15 minutes, must destroy the HttpSession. Which method in HttpSession is used to accomplish this?()A
GetcreationtimeB
InvalidateafterC
GetlastaccessedtimeD
Getmaxinactiveinterval
考题
单选题You create a Web site that is for members only. The behavior of the Web site changes according to the role of the user. The Web site uses the ASP.NET Membership control for creation of user accounts. You need to find out whether a user is a member of a particular role. What should you do? ()A
Pass the user names and passwords to Membership.ValidateUser.B
Pass the role names to User.IsInRole.C
Pass the role names to Roles.RoleExists.D
Pass the user names to Membership.GetUser.
考题
单选题Which remote access VPN addressing technique supports a static IP address to support a specific application?()A
Use a staticip addresses based on incoming user policies.B
Use DHCP to assign addresses based on incoming user policies.C
Deploy a clientless model to assign a unique address to the user.D
Deploy RADIUS or LDAP to assign the address to the user.
考题
多选题Upon a user’s first visit to the website, which two operations are always performed when the getSession method is called with no arguments in a servlet?()AAll URLs returned by the server are rewritten.BAn HttpSession object is created if necessary.CThe user name and password of the user are checked.DThe session ID is stored in the HTTP response as a cookie.
考题
单选题A technician needs to use Remote Assistance with a user. The user is asked to use an email application to send the technician an invitation to remotely access the user’s computer. The email application has not been configured in the user’s computer. Which of the following would be another way for the user to send the Remote Assistance invitation? ()A
Configuring the Windows Firewall exceptions.B
Using Windows Messenger.C
Configuring My Network Places.D
Using Internet Explorer.
考题
单选题A web application uses the HttpSession mechanism to determine if a user is “logged in”. When a user supplies a valid user name and password, an HttpSession is created for that user. The user has access to the application for only 15 minutes after logging in. The code must determine how long the user has been logged in, and if this time is greater than 15 minutes, must destroy the HttpSession. Which method in HttpSession is used to accomplish this?()A
getCreationTimeB
invalidateAfterC
getLastAccessedTimeD
getMaxInactiveInterval
考题
单选题An organization has decided to deploy an IBM Tivoli Access Manager for Enterprise Single-on solution to help address security and productivity issues. Per their corporate security policy, the organization has detailed requirements related to password management for their enterprise applications. Which password requirements need to be captured?()A
details related to application user ID requirementsB
policy requirements related to the number of applications that a user can accessC
policy requirements for application and user initiated password resets and password complexityD
do nothing as password policy requirements are best addressed within the application space rather than in an Enterprise Single Sign-On project