1.

Your organization's chief architect has instructed you to implement a solution that focuses on run-time flexibility and a design approach that will favor obje cts forwarding certain method calls to another object. What is this design concept commonly know as? A.Polymorphism B.Encapsulation C.Inheritance D.Delegation Reference Close Gang of Four - Delegation. Option D is correct. Option A is incorrect. Polymorphism is a characteristic of being able to assign a different behavior or value in a subclass, to something that was declared in a parent class. For example, a method can be declared in a parent class, but each subclass can have a different implementation of that method. Option B is incorrect. Encapsulation refers to the bundling of data with the met hods that operate on that data. Option C is incorrect. Inheritance is the ability of objects in Java to inherit properties and methods of other objects. 2.You are architecting a new MVC web framework for your organization. A requirem ent from your application architecture oversight group is that your Java bean ob jects set in the session must be immutable. What design approach is your architecture oversight group enforcing on your sess ion objects? A.Inheritance B.Delegation C.Encapsulation D.Polymorphism Reference Close Gang of Four Encapsulation. Option C is correct. Option A is incorrect because Inheritance is the ability of objects in Java to i nherit properties and methods. Option B is incorrect because Delegation is the implementation of objects that f orward certain method calls to another object, a delegate. Option D is incorrect. Polymorphism is a characteristic of being able to assign a different behavior or value in a subclass, to something that was declared in a parent class. For example, a method can be declared in a parent class, but each subclass can have a different implementation of that method. 3.Your application is in need of a significant upgrade. Currently, the applicati on reads a robust database and displays information about catalog merchandise. T he Phase Two release will allow people to do online transactions and you anticip ate high volumes of traffic. Because of this, production deployments should be a ble to take place without bringing the application down. Your current web site u tilizes servlets and JSP's with a single application server and single database. Which architecture will you recommend for Phase Two?

A.Maintain servlets and JSP's, implement DAO's and JDBC for transaction layer. B.Maintain servlets and JSP's, introduce two new web servers to separate present ation layer, and implement DAO's and JDBC for transaction layer. C.Implement a solution with a single web server, three application servers, DAO' s with JDBC, and round robin load balancing. D.Implement a solution with servlets and JSP's for presentation layer, an applic ation server with significant memory/speed, and EJB's with Java Persistence API. E.Implement a solution with load balancing, web servers for presentation, a clus ter of application servers, and EJB's with Java Persistence API Reference Close The Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition. Option E is correct. Options A, B, C are incorrect because you are upgrading to new functionality tha t will incorporate high volumes of transactional requests. This is best suited f or an architecture that utilizes EJB's. Option D is a viable solution but does not account for the ability to deploy dur ing production hours and provide a viable architectural approach to address this requirement. A cluster of application servers will allow you to deploy new code to a single node and keep the other nodes up during production hours. 4.You will be implementing Web Services in the next release of your software. Yo u need to address the following design issues: Web Services plumbing, business l ogic, and security. You will need to design an implementation such that the code specification that handles each of these issues is clearly isolated from one an other. What are you addressing if you are interested in isolating code responsibilities ? A.Common reuse of objects B.Inheritance C.Polymorphism D.Separation of concerns Reference Close The Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition. Option D is correct. Option A is incorrect because the issue you are addressing is not reuse of commo n objects but how to implement a solution where code responsibilities are divide d amongst layers of your Web Service solution. Option B is incorrect because Inheritance is the ability of objects in Java to i nherit properties and methods of other objects. Option C is incorrect because Polymorphism is a characteristic of being able to assign a different behavior or value in a subclass, to something that was declar ed in a parent class. For example, a method can be declared in a parent class, b ut each subclass can have a different implementation of that method. 5.The Model-View-Controller (MVC) architecture pattern applies separation of con cerns. Which statement identifies how separations of concerns are applied to an MVC? A.The MVC architecture is defined by a user interface (Model), data layer (View)

, and Controller component. B.Changes to the user interface will not affect data handling, and that the data handling routines can be re-organized without changing the user interface. C.A standard implementation is usually seen in Two-Tier thick client application s. D.The Model and the View are tightly coupled to each other. Reference Close Core J2EE Patterns Second Edition: (Alur, Crupi, Malks). Option B is correct. Option A is incorrect because the user interface is the view and the controller separates that from the data model. Option C is incorrect because the application is implemented in Three-Tier archi tectures using thin clients. Thick clients usually do not de-couple the views fr om the data model. Option D is incorrect because the Controller is the only part that knows about b oth the Model and the View.

6.Testing is an important concern for your new invoicing system. Ease of testing should begin with the developers. You do not want to have to start the database , fill it with predefined data, and then launch the application to test that an invoice is processed correctly. Which solution addresses your concern? A.Create HTML files that push static content to validate invoices and hot deploy to the server. B.Write test scripts outside of the container in a separate WAR file and duplica te business logic. C.Implement a solution with abstract interfaces and utilize mock objects to simu late data. D.Tackle difficult invoices first to minimize up and down time of servers and th en batch release additional invoices. Reference Close Practical Software Estimation: (M. A. Parthasarathy). Option C is correct. Option A is incorrect because creating static HTML files to validate invoices wi ll require additional time and effort that will not facilitate ease of testing. Option B is incorrect because you are duplicating the source code and running in a separate container. This will cause issues when you need to merge code lines. Option D is incorrect because by implementing abstract design methodologies you should be able to run scripts locally and often to increase productivity. 7.You are responsible for a thick client application that is used by call center staff. You are the new architect and have been asked to argue maintainability a nd manageability of this two-tier system with regard to defect resolution and sy stem health. Which statement is correct? A.Manageability is the ability to correct defects in the system, whereas maintai nability is the ability to ensure the continued health of the system. B.Manageability addresses that the system is always reliable and free of defects

, whereas maintainability deals with the ability to add functionality to the sys tem to ensure a healthy system. C.Defect resolution and health of the system are the same with regard to maintai nability and manageability. D.Maintainability is the ability to correct defects in the system, where managea bility is the ability to ensure the continued health of the system. Reference Close Practical Software Estimation: (M. A. Parthasarathy). Option D is correct. Options A, B, are the inverse of the correct answers. Option C is incorrect because these non functional requirements are not the same .

8.The legacy system you will be replacing utilizes a thick client and database s erver. The application stores local data on the client and requires frequent cli ent library updates using compact disks distributed weekly. What are two weaknesses of this legacy system? (Choose two.) A.Security B.Maintainability C.Scalability D.Performance Reference Close Practical Software Estimation: (M. A. Parthasarathy). Options B, C are correct. Option A is incorrect because security with one-tier systems are generally easie r than multi-tier applications that expose several application servers, web serv ers, database servers, and so on. Option D is incorrect because performance of a one-tier system should be better than a Three-Tier, n-tier.

9.Which two statements define the relationship between performance and security? (Choose two.) A.Implementing a security measure to encrypt all data in your request/response S OAP messages will decrease performance. B.Designing a system using an MVC framework will increase security and not perfo rmance. C.There is no relationship between security and performance. D.Implementing a solution to encrypt all data for outbound SOAP messages will no t decrease performance. E.An increase in security, message encryption and/or data encryption, will affec t performance to some degree. Reference Close Core Security Patterns: Best Practices and Strategies (Christopher Steel; Ramesh Nagappan; Ray Lai) Options A, E are correct. Option B is incorrect because utilizing an MVC framework does not guarantee secu

rity and based on the amount of layers implemented can affect performance. Option C is incorrect because there is an inverse relationship with security and performance when you address certain scenarios. Option D is incorrect because encrypting the data in the SOAP envelope with infl ate the size of the message and, depending on the encryption, will decrease the performance.

10.Which statement is true when comparing a Three-Tier architecture to a Two-Tie r architecture? A.Three-Tier architectures can only scale horizontally. Two-Tier architectures c an only scale vertically. B.Three-Tier architectures have significantly better performance measurements as compared to Two-Tier architectures. C.Two-Tier architectures can only utilize thick clients and Three-Tier architect ures can only utilize thin clients. D.Two-Tier architecture is less extensible than a Three-Tier architecture. E.Three-Tier architecture is easier to secure than a Two-Tier architecture. Reference Close The Java EE 5 Tutorial, Third Edition: For Sun Java System Application Server Pl atform Edition 9 Option D is correct. Option A is incorrect because a Two-Tier architecture can scale vertically and h orizontally. Option B is incorrect because Two-Tier architectures generally have better perfo rmance characteristics as compared to Three-Tier architectures. Option C is incorrect because a Two-Tier architecture can have a thin client if all of the business logic is placed in stored procedures. Option E is incorrect because a Three-Tier architecture introduces a higher degr ee of risk with more server vulnerabilities.

11.You are part of a large IT shop that has been purchased by your competitors t o reduce competition for similar services. Servers that had been utilized by you r web application will be re-allocated to the new system. Your current architect ure consisting of multiple web and application servers will be reduced to a sing le web server and application server. Which two will see negative impacts? (Choose two.) A.Maintainability B.Manageability C.Security D.Reliability E.Availability Reference Close Practical Software Estimation: (M. A. Parthasarathy). Options D, E are correct. Option A is incorrect because there is a positive impact with regards to maintai nability. You will only have to maintain defects on a single system and not worr

y about distributing fixes to multiple systems, coordinating libraries, scripts, and so on. Option B is incorrect because there is a positive impact with regards to managea bility. You will only have to address the health of a single web and application server. Option D is incorrect because there is a positive impact with regards to securit y. You will have fewer resources vulnerable to attacks and be able to focus your efforts on a single web and application server.

12.This is an application design principle where the code implementation takes i nto consideration future growth. Your application running in a multi-tier archit ecture must be able to accommodate frequent modifications of existing functional ity. Which addresses modifications while minimizing impact? A.Security B.Manageability C.Maintainability D.Extensibility E.Performance Reference Close Practical Software Estimation: (M. A. Parthasarathy). Option D is correct. Option A is incorrect because security would be introducing encryption, secure s ocket layers, or adding single sign on. Option B is incorrect because manageability solutions refer to solutions that he lp maintain that a system stays in good working condition or healthy. Option C is incorrect because maintainability the ease with which a software sys tem or component can be modified to correct faults, improve performance, or othe r attributes, or adapt to a changed environment [IEEE 90]. Option E is incorrect because this scenario does not address expected performanc e measurements, but instead addresses the need for the system to be extensible i n that future modifications do not require large re-factoring efforts of the sou rce code.

13.For your new system, most processing should be done locally on the user's sys tem because the database server will be accessed solely for storage purposes and you want to make use of native API's. What is the best solution for a local computing environment? A.Thin browser-based clients deployed into a cluster. B.Three-Tier system that utilizes a web browser and application server. C.Two-Tier system including single web server to minimize security. D.Thick client-based solution deployed locally to the users PC Reference Close Practical Software Estimation: (M. A. Parthasarathy). Option D is correct. Option A, B, C are incorrect because they are browser-based solutions. You can d evelop a browser-based solution to do local processing but a thick client will p

erform better and have greater access to native API's.

14.Which statement identifies a benefit of using a browser based solutions? A.Minimal installation conflicts and environment issues. B.No issues with cross-browser compatibility and support. C.Maximizes client security, persons without a client cannot access system. D.Maximizes the ability to access the client's PC utilities or Native API's. Reference Close Practical Software Estimation: (M. A. Parthasarathy). Option A is correct. Option B is incorrect because there are issues with cross-browser support and co mpatibility between browsers. Option C is incorrect because there are inherent security issues with internet a pplications as compared to locally deployed application clients. Option D is incorrect because you will have greater access to the client native API's using thick client applications as compared to browser based applications. Browsers limit the amount of native API's you have access to for security reaso ns.

15.JAX-WS provides a set of API's for a Web Service client to invoke an operatio n on remotely deployed service endpoints and provides support for communication. Which two define how you can invoke the operation and what communication is supp orted? (Choose two.) A.Dynamically or statically B.Dynamically only C.Asynchronous only D.Asynchronous and Synchronous E.Statically only F.Synchronous only Reference Close The Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition. Options A, D are correct. Options B, C, E, and F are incorrect because JAX-WS provides a set of API's that allow for dynamic and static invocation with support for asynchronous and synch ronous communication.

16.Which two statements identify scenarios for implementing Web Services? (Choos e two.) A.You are implementing an asynchronous solution with an external application tha t is not written in Java. B.Implementing a solution with guaranteed message delivery. C.When there is a need to exchange data between different applications and diffe rent platforms. D.This single machine solution will be deployed as a desktop application using n

ative API's. Reference Close The Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition. Options C, A are correct. Option B is incorrect because you would want to have a durable subscriber, JMS. Option D is incorrect because you would want to build a thick client for this si tuation.

17.You organization has numerous Java applications on their internal network tha t must send daily updates to their inventory tracking system. It is important to keep the inventory system current. If the inventory system is unavailable when it restarts, it must be able to process and maintain all updates. How should the inventory system receive these updates? A.As a JMS durable subscriber. B.Using XML over HTTP. C.Using SOAP over HTTP. D.Using EJB3 and Java Persistence API. Reference Close The Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition. Option A is correct. Options B, C, D are incorrect because JMS is the only implementation that can gu arantee message delivery.

18.The organization you work for has a legacy system that uses RMI-JRMP over COR BA. What would be a valid reason for your organization to have selected RMI-JRMP ove r CORBA? A.They decided to implement B.They decided to implement C.They decided to implement en in another language. D.They decided to implement a solution that was going to be pure Java. a solution that was NOT going to be pure Java. a solution that integrated with an application writt this based purely on performance.

Reference Close The Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition. Option A is correct. Options B, C are incorrect because RMI-JRMP is for pure Java solutions only. Option D is incorrect because performance would not have been an issue with addr essing RMI versus CORBA. 19.JAX-WS is the new Java API for Web Services development. It builds on the old er JAX-RPC programming model, and adds numerous improvements. Which two statements identify improvements? (Choose two.)

A.Requires far fewer descriptors for the deployment of Web Services by excluding support for annotations. B.Supports WS-I Basic Profile 1.1 for improved Web Services interoperability. C.Supports SOAP 1.2, as well as SOAP 1.1. D.Couples the data binding technology to the Web Services programming model. E.Increases the complexity of developing handlers Reference Close The Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition. Options B, C are correct. Option A is incorrect because it adds a descriptor-less deployment of Web Servic es by including support for annotations defined in JSR 181 (Web Services Metadat a for the Java Platform) and annotations defined with JAX-WS as well. Since all metadata is in standardized annotations, the Web Service implementations are ven dor-neutral. Option D is incorrect because it separates the data binding technology from the Web Services programming model with support for Java Architecture for XML Bindin g (JAXB) 2.0. Option E is incorrect because it simplifies the development of handlers and prov ides a mechanism to allow handlers to collaborate with service clients and servi ce endpoint implementations.

20.You want to use the JAX-WS Dispatch API to invoke a Web Service. What are three reasons why you would use the Dispatch API? (Choose three.) A.When interoperability with legacy JAX-RPC or non WS-I compliant Web Services i s required. B.To invoke a Web Service with xml/http binding and not traditional SOAP binding . C.To invoke a Web Service by using a data binding other than JAXB. D.To invoke a Web Service with SOAP binding and not traditional xml/http binding . E.When interoperability with legacy JAX-RPC or non WS-I complaint Web Services i s not a requirement. Reference Close Java API for XML-Based Web Services (JAX-WS) JSR 224. Options A, B, C are correct. Options D, E are incorrect because you want to use the Dispatch API for legacy W eb Services, xml/http binding, and when you use a binding other than JAXB like C astor.

21.A company is in the business of online sales. They focus on high-end cameras and lenses. The online line web application is written using a Java EE technolog y stack. A consumer starts a transaction to purchase a camera and the result is that a transaction attempts to insert into the inventory database using JDBC and then sends a message to a message-driven bean over a transactional JMS queue. W hen the message is received by the message-driven bean, it attempts an insert in to the sales database using JDBC. Which statement cannot be a valid outcome of this transaction?

A.The message-driven erform an insert. B.The message-driven . C.The message-driven n insert. D.The message-driven

bean does not perform an insert, the application does not p bean performs an insert, the application performs an insert bean does not perform an insert, the application performs a bean performs an insert, the application does not

Reference Close JMS specification 1.1. Option D is correct. Options A, D, C are all possible outcomes of this transaction. 22.You have an Enterprise Information System that needs to inform your Java EE a pplication when an event occurs. A question has been asked by your enterprise ar chitect group regarding the Java Connector Architecture (JCA). The group is inte rested in knowing how your Java EE application can utilize JCA with this EIS sys tem. How will your application receive EIS notifications? A.Receive B.Receive C.Receive D.Receive notifications notifications notifications notifications using using using using Web Services. CORBA. MDB. RMI.

Reference Close JCA specification 1.5. Option C is correct because to receive a specific EIS message, the recipient (MD B) should show interest in consuming that message by implementing a message list ener. Option A is incorrect because JCA can not leverage Web Services in this scenario . Option B is incorrect because this is not a scenario where you need to generate a CORBA client using Java. Option C is incorrect because this is not a scenario of remote call of a client module.

23.Your online inventory tracking system has a message-driven bean that uses an exchange server. How will your online inventory tracking system client access the MDB? A.Your B.Your C.Your D.Your client client client client accesses accesses accesses accesses the MDB through a home interface. the MDB using a client interface. the MDB directly. an MDB through JMS.

Reference Close The Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition. Option D is correct. Option A, B are incorrect because unlike other types of beans, MDB does not have

a client view (Remote/Home interfaces) and clients cannot look-up an MDB instan ce. It just listens for any incoming message on a JMS queue (or topic) and proce sses them automatically. Option C is incorrect because client components do not locate MDBs and invoke me thods directly on them.

24.In your web application, your Servlet will need to cache the bean stub as an attribute in the HttpSession object. The HTTP session's state will therefore be tracked and stored in the bean instance. If the client invokes method calls agai nst the same bean stub, the calls are always tunneled to the same bean instance in the container. Which bean will you utilize for this application? A.Message-driven-bean B.Stateless session bean C.Stateful session bean D.Entity bean Reference Close The Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition. Option C is correct. Option A is incorrect because a message-driven bean is an enterprise bean that a llows Java EE applications to process messages asynchronously. It normally acts as a JMS message listener, which is similar to an event listener except that it receives JMS messages instead of events. A message-driven bean's instances retai n no data or conversational state for a specific client. Option B is incorrect because a stateless session bean does not maintain a conve rsational state with the client. When a client invokes the methods of a stateles s bean, the bean's instance variables may contain a state specific to that clien t, but only for the duration of the invocation. Option D is incorrect because entity beans differ from session beans in several ways. Entity beans are persistent, allow shared access, have primary keys, and m ay participate in relationships with other entity beans.

25.EJB 3.0 is much easier to learn and use than was EJB 2.1 and should result in faster development of applications. With the inclusion of the Java Persistence API, EJB 3.0 technology also offers developers an entity programming model that has been simplified. Which three statements describe these new simplified features with regard to EJB 3.0 and Java Persistence API? (Choose three.) A.EJB 3.0 technology, entity bean fields are identified as persistent fields in the bean's deployment descriptor. B.The persistent state of an entity is represented either by its persistent fiel ds or persistent properties. C.For an EJB 3.0 entity, you no longer need to code interfaces such as LocalAddr essHome and LocalAddress. D.In the Java Persistence API, you do not not need to provide an XML descriptor to specify an entity's primary key. E.The Java Persistence API does NOT require the backpointer reference in a bidir ectional relationship to be set. F.Unlike EJB 2.1, the Java Persistence API removes support for inheritance and p olymorphism to simplify the model.

Reference Close JSR 220 Enterprise 3.0 JavaBeans specification 1.2. Option B, C, D are correct. Option A is incorrect because this was for EJB 2.1. In the Java Persistence API, you no longer need to provide a deployment descriptor, called an XML descriptor in the Java Persistence API, to specify an entity's persistent fields. Option E is incorrect because unlike EJB 2.1, with Java Persistence API you will require the backpointer reference in a bidirectional relationship to be set. Option F is incorrect because the Java Persistence API adds support for inherita nce and polymorphism. 26.There are a number of reasons to use an ORM(object-relational-mapping) approa ch to data persistence. What are two reasons why you would use an ORM approach? (Choose two.) A.Your application can be isolated from the database and the only connection to it is using the ORM framework and a JDBC driver. B.Manageability of a Java application by Java developers will increase because t he code is generated and Java is used as the interface to access and manipulate data. C.ORM approaches perform much better than carefully tuned JDBC and are faster th an going directly to the database. D.An ORM approach to data access provides the same level of complex data access and complex code syntax as SQL does with direct access. E.ORM approaches are currently not supported by tool vendors and ORM does little to improve developer productivity. Reference Close The Java EE 5 Tutorial - The Java Series Enterprise Edition - Third Edition. Options A, B are correct. Option C is wrong because one of the trade-offs for using an ORM approach is add ing the additional layer for data integration and manipulation. This will imply some performance loss but when compared to direct access but an ORM approach wil l gain with regards to maintenance costs. Option D is wrong because ORM approaches are providing more robust frameworks bu t you can not fully achieve the same level of complex data access and manipulati on of syntax. Option E is wrong because many vendors support ORM tools and an ORM approach bec ause of these tools, like Spring framework, improve developer productivity. 27.This Java API is an event-driven, pull-parsing API for reading and writing XM L documents. This Java API will enable you to create bidirectional XML parsers t hat are fast, relatively easy to program, and have a light memory footprint. What Java API will you implement? A.StAX B.JAXB C.JAXP D.SAAJ Reference Close Streaming API for XML JSR 173 1.2.

Option A is correct. Option B is incorrect because JAXB provides a convenient way to process XML cont ent using Java objects by binding its XML schema to Java representation. Option C is incorrect because JAXP enables applications to parse and transform X ML documents independent of a particular XML processing implementation. Option D is incorrect because SAAJ enables developers to produce and consume mes sages conforming to the SOAP 1.1 specification and SOAP with Attachments note

28.You are interested in architecting a Java SOA solution for your firm. You are interested in publishing, discovering, and using Web Services to integrate with external systems. This Java EE API provides rich metadata capabilities for clas sification and association, as well as rich query capabilities. As an abstractio n-based API, this API gives developers the ability to write registry client prog rams that are portable across different target registries. What Java API below is needed for this scenario? A.JAXR B.JAXB C.JAXP D.SAAJ Reference Close Java API for XML-Based Web Services (JAX-WS) 1.3. Option A is correct. Option B is incorrect because JAXB provides a convenient way to process XML cont ent using Java objects by binding its XML schema to Java representation. Option C is incorrect because JAXP enables applications to parse and transform X ML documents independent of a particular XML processing implementation. Option D is incorrect because SAAJ enables developers to produce and consume mes sages conforming to the SOAP 1.1 specification and SOAP with Attachments note.

29.Which two statements are true about the client view of session beans written to the simplified EJB 3.0 API? (Choose two.) A.The interface of and EJB 3.0 session bean is an ordinary Java interface. B.The new interface is one of the interface types EJBObject or EJBLocalObjectInt erface. C.A client can obtain a session bean's interface through dependency injection. D.A client cannot obtain a session bean's interface through a lookup in the JNDI namespace. E.A client cannot obtain a session bean's interface through dependency injection . Reference Close JSR 220 Enterprise 3.0 JavaBeans specification 3.4. Options A, C are correct. Option B is incorrect because these are defined in the EJB 2.1 API and is a plai n Java interface. Option D is incorrect because you can obtain a session bean using JNDI lookup. Option E is incorrect because you can obtain a session bean through dependency i njection.

30.Your server group has recently upgraded the servers to be Java EE compatible and your developers are interested in the benefits of the new EJB 3.0 model. What are two benefits of the new EJB 3.0 model? (Choose two.) A.EJB 3.0 session bean is a POJO managed by the EJB container. B.EJB 3.0 stateless session beans require a home interface only. C.EJB 3.0 callback methods can be defined either in the bean class itself or in a bean listener class. D.EJB 3.0 requires all session beans and entity beans to have a business interfa ce Reference Close JSR 220 Enterprise 3.0 JavaBeans specification 1.2. Options A, C are correct. Option B is incorrect because stateless session beans do not require a home inte rface. Option D is incorrect because entity beans are not required to have a business i nterface.

31.You are building a new website that presents certain GUI controls and data on multiple pages. Which two will you implement to prevent redundant GUI code? (Choose two.) A.Use a business delegate to decouple the GUI from the business service. B.Use a service locator to locate business services. C.Access the data using JDBC. D.Use templates to create composite view components. E.Custom Tag Libraries. F.Use Model-View-Controller. Reference Close Core J2EE Patterns Second Edition: (Alur, Crupi, Malks). Options D, E are correct. Options A, B, C, F are incorrect because they do not deal with the GUI. 32.You have the assignment to create a new architecture that will be used by you r organization for all future web development. Which three characteristics are important when choosing a web application framew ork? (Choose three.) A.Billing rates of framework consultants. B.Code re-use. C.Ease of Use. D.It was featured in a computer magazine. E.Industry acceptance. F.We write our own web frameworks. Reference Close Options B, C, E are correct. Options A,D are incorrect because they are not valid architectural concerns.

Option F is incorrect because this is generally not the best solution as existin g frameworks are well refined.

33.A company wants to rewrite their legacy thick client application, and they ar e investigating new technologies for their GUI. What are two appropriate uses for JSP's in a J2EE application? (Choose two.) A.Encapsulates database connectivity B.Invokes Custom tags C.Contains business logic D.Contains Expression Language E.Invokes Web Services F.Controls container default parameters Reference Close Servlet 2.4 + JSP 2.0 specs. Core J2EE Patterns Second Edition: (Alur, Crupi, Malks). Options B, D are correct. Option A is incorrect because e View. Option C is incorrect because Option E is incorrect because . Option F is incorrect because ault parameters. database connectivity should not be included in th business logic should not be in the View. Web Services invocation should happen in the Model the JSP should have no access to the container def

34.You are re-factoring your monolithic legacy Java application to use design pa tterns. You want to realize the benefits of the Model View Controller design app roach. Which two are viable options for implementing a Front Controller? (Choose two.) A.DAO class B.EJB3 Entities C.Servlets D.Custom tag libraries E.JavaServer Faces F.Deployment descriptor Reference Close Core J2EE Patterns Second Edition: (Alur, Crupi, Malks). JSF 1.2 specs. Options C, E are correct. Option A is incorrect because Option B is incorrect because Option D is incorrect because Option F is incorrect because DAO's encapsulate database access. Entities represent database tables. tag libraries are embedded in the GUI. the deployment descriptor is an XML file.

35.You are part of a large IT department that is considering using Java Server F aces as their primary GUI development tool. You need to justify this choice to t he Chief Technology Officer. What is an advantage of using JSF for development of web applications?

A.JSF is easy to create in HTML editors. B.Backing beans can be tested outside the web container. C.JSF renders exactly the same in all browsers. D.JSF requires no programming knowledge Reference Close JSF 1.2 specs. Option B is correct. Option A is incorrect because JSF works best with a custom editor. Option B is incorrect because it could render differently in different browsers. Option D is incorrect because programming knowledge is required to full use JSF.

36.The developers are complaining about your decision to use Java Server Faces i n the new application you are architecting. What is a disadvantage of using JSF for development of web applications? A.JSF B.JSF C.JSF D.JSF cannot be used with localization. cannot be used in conjunction with Ajax. cannot be previewed outside the container. does NOT save view state.

Reference Close JSF 1.2 specs. Option Option Option Option 37.You formed re may ou are C A B D is is is is correct. incorrect. See reference jsf-1_2-fr-spec.pdf, pg. 70. incorrect because you can use it in conjunction with Ajax. incorrect. See reference jsf-1_2-fr-spec.pdf, pg. 75.

have a legacy system where most of the calculations in the system are per dynamically in stored procedures at request time. The same stored procedu return totally different result sets depending on its input parameters. Y implementing a new rich client GUI front-end for the system.

Which two technologies are appropriate? (Choose two.) A.EJB3 Entities B.Pojo's implementing DAO pattern C.JAXR D.JSF E.Swing applets Reference Close JSF 1.2 specs. Core J2EE Patterns Second Edition: (Alur, Crupi, Malks). Options B, D are correct. Option A is incorrect because as the output is generated dynamically, it will be tough to create an Entity mapping. Option C is incorrect because nothing indicates searching registries. Option E is incorrect because JSF is preferable for new GUI development over swi ng

38.The online music sales company that you work for is adding messaging to their user forums, so that customers can Instant Message, Text Message, and E-mail me ssage each other. Communication will be asynchronous as the other users may not be logged on currently. What technology combination can help them achieve these goals? A.Session Beans saving messages to a database. B.Send the messages using Web Services. C.Use a JMS queue using MDBs. D.Implement the Visitor pattern. E.Send an HTTP request to the receiver. Reference Close EJB3 specs. Option C is correct. Options A, B, D, E are incorrect because they do not satisfy the requirements 39.You are designing a new Change Request management system using asynchronous c ommunications with a workflow package. The GUI needs to implement Single Sign On as a web service that will require some security inside the header. Which two technologies would you use for this application? (Choose two.) A.SSB B.MDB C.EJB3 Entities D.JCE E.SAX F.SAML. Reference Close EJB 3.0 specs. http://java.sun.com/javase/technologies/security/ Options B, F are correct. Option A is incorrect because n. Option C is incorrect because Option D is incorrect because Option E is incorrect because SSB are not designed for asynchronous communicatio Entities are not indicated by the requirements. encryption is not specified in the requirements. XML parsing is not indicated by the requirements.

40.You are developing a new online application for a public entity that allows L aw Enforcement officials to search for and maintain information about violent cr iminals. You have some business rules to enforce in the model, but you do not wa nt to use stored procedures in your database. Confidential information must be e ncrypted before it is stored in the database. Which two technologies would you use for this application? (Choose two.) A.JAXR B.MDB C.EJB3 Entities D.JSSE E.JCE F.SAML

Reference Close http://java.sun.com/javase/technologies/security/ Options C, E are correct. Option A is incorrect because nts. Option B is incorrect because Option D is incorrect because Option F is incorrect because UDDI registries are not mentioned in the requireme asynchronous communication is not indicated. secure sockets are not indicated. SSO is not called for in the requirements

41.You want to process XML data using an XML schema, but you do not want to impl ement the details of XML parsing. What technology could you use to implement this? A.JAXR B.JAXB C.JAXP D.JAX-RPC E.JAX-WS F.UDDI Reference Close J2EE Web Services: XML SOAP WSDL UDDI WS-I JAX-RPC JAXR SAAJ JAXP (Paperback) by Richard Monson-Haefel. Option B is correct. Option A is incorrect because JAXR gives you a uniform way to use business regis tries that are based on open standards (such as ebXML) or industry consortium-le d specifications (such as UDDI). Option C is incorrect because JAXP enables applications to parse and transform X ML documents independent of a particular XML processing implementation. Option D is incorrect because JAX-RPC allows invoking from a Java application a Java based Web Service with a known description while still being consistent wit h its WSDL description. Option E is incorrect because JAX-WS is a fundamental technology for developing SOAP based and RESTful Java Web services. JAX-WS is designed to take the place o f JAX-RPC in Web services and Web applications. Option F is incorrect because UDDI is a platform-independent, XML-based registry for businesses worldwide to be listed on the Internet.

42.Your company needs to access web services that are viewed as resources and ca n be identified by their URLs. You will not be using HTTP. What technology would you recommend to do this? A.JAXB B.JAXP C.JAXR D.REST E.SOAP Reference Close http://java.sun.com/developer/technicalArticles/WebServices/restful/

Option D is correct. Option A is correct because JAXB provides a convenient way to process XML conten t using Java objects by binding its XML schema to Java representation. Option B is incorrect because JAXP enables applications to parse and transform X ML documents independent of a particular XML processing implementation. Option C is incorrect because JAXR gives you a uniform way to use business regis tries that are based on open standards (such as ebXML) or industry consortium-le d specifications (such as UDDI). Option E is incorrect because SOAP requires a separate resource discovery mechan ism. 43.The new online sales application is a critical part of your business plan. Un fortunately, the system is not meetings its Service Level Agreements because of system downtime. You thought that perhaps the system capacities were being maxed out, but when the system is up, the performance is acceptable and the CPU and m emory utilization are acceptable. What action should you take? A.Switch to High-Availability servers. B.Refactor to use design patterns. C.Vertical Scaling of the system. D.Increase the heap size. Reference Close Practical Software Estimation: (M. A. Parthasarathy). A B C D is is is is correct. incorrect because design patterns will not help availability. incorrect because performance is ok. incorrect unless you are getting out of memory errors.

44.Your online sales system is repeatedly going down due to Denial of Service at tacks. What action should you take? A.Take your system off the Internet. Only take customer orders by phone. B.Install a firewall. C.Perform a rigorous security audit. D.Refactor the code to use design patterns. Reference Close Core Security Patterns: Best Practices and Strategies (Christopher Steel; Ramesh Nagappan; Ray Lai). C is correct because this will help tell you what the actual vulnerabilities are . A is incorrect because these days Internet sales are critical for business succe ss. B is incorrect because a firewall may not stop all attacks when you allow users to access your website. D is incorrect because this will not necessarily aid with security. 45.You are architecting a new Change Request management system using asynchronou s messaging. You have chosen to use a message-driven bean (MDB) to receive the m essage, interpret the client request, and locate the appropriate business servic

e to handle the request. What design pattern is this an example of? A.Transfer Object Assembler B.Service Locator C.Service to Worker D.Service Activator E.Web Service Broker Reference Close Core J2EE Patterns Second Edition: (Alur, Crupi, Malks). Option Option Option Option Option D A B C E is is is is is correct. incorrect incorrect incorrect incorrect because because because because that creates an aggregate transfer object. it is not asynchronous. it does not address the requirements. we are not using Web Services.

46.You are implementing a custom search engine for your company. Users of the sy stem may run searches that return thousands of rows, but they usually only look at the first couple of pages. You want to allow them to run large searches, but you want them to run efficiently. What design pattern would you recommend in this situation? A.DAO B.Transfer Object C.Value List Handler D.Composite Entity E.MVC Reference Close Core J2EE Patterns Second Edition: (Alur, Crupi, Malks). Option C Option A rectly. Option B Option D Option E is correct. is incorrect because we are not talking about database encapsulation di is incorrect because this does not address the requirements. is incorrect because we are not talking about aggregated entities. is incorrect because this does not deal with searches.

47.You work in the IT department of a large grocery chain, and you are implement ing a system that allows customers to purchase groceries online and have them de livered to their homes. You need to allow users to select items and their quanti ties.Processing for products varies as some items are purchased by the pound and others are purchased by quantity or case. For some items, all the stores' stock is on the shelves and for others it is in the building's storage room. Some ite ms have special tasks that must be performed on the purchase, such as crediting college savings accounts. To further complicate the issue, your requirements all ow customers to set up lists of items, such as a "Monthly Shopping List", which they will purchase on a regular basis, and then add specific items to the curren t order. During the checkout process, you must handle distinct operations on cla sses with differing interfaces, for each item in the shopping list. What design pattern will you choose to implement this functionality? A.Iterator

B.Decorator C.Bridge D.Mediator E.Visitor F.Flyweight Reference Close Design Patterns: Elements of Reusable Object-Oriented Software. Option E is correct. Option A is incorrect because the objects have differing interfaces. Option B is incorrect because Decorator adds additional functionality to a class at runtime where subclassing would result in an exponential rise of new classes . Option C is incorrect because Bridge decouples an abstraction from its implement ation so that the two can vary independently. Option D is incorrect because Mediator handles the interaction between different objects. Option F is incorrect because Flyweight ensures that a high quantity of objects share a common properties object to save space. 48.You are maintaining an existing Payroll system that has an Employee object wi th public getters and setters for all items. This has worked fine in the past, b ut now the company has hired an independent auditing firm to create an applicati on to analyze employee data. You need to provide them with access to your Employ ee object, but you cannot give them access to confidential information such as n ame and social security number. Additionally, other calculations may need to be added. You do not want to modify your base classes as significant amounts of cod e would need to be regression tested. What design pattern is required to implement this solution? A.Adapter B.Bridge C.Facade D.Mediator E.Decorator Reference Close Design Patterns: Elements of Reusable Object-Oriented Software. Option E is correct. Option A is incorrect because Adapter "adapts" e that a client expects. Option B is incorrect because Bridge decouples ation so that the two can vary independently. Option C is incorrect because Facade creates a ng interface Option D is incorrect because Mediator handles objects one interface for a class into on an abstraction from its implement simplified interface of an existi the interaction between different

49.What are two benefits of the Mediator design pattern? (Choose two.) A.Promotes loose coupling. B.Promotes tight coupling. C.Represent an operation to be performed on the elements of an object structure.

D.Control and coordinate the interactions of a group of objects. E.Decouple sender and receiver by giving more than one object a chance to handle the request. Reference Close Design Patterns: Elements of Reusable Object-Oriented Software. Options A, D are correct. Option B is incorrect because Option C is incorrect because ments of an object structure" Option E is incorrect because one object a chance to handle Mediator promotes loose coupling. "Represent an operation to be performed on the ele is Visitor. "Decouple sender and receiver by giving more than the request" is Chain of Responsibility.

50.Which three are NOT benefits of the Chain of Responsibility pattern? (Choose three.) A.Reduced coupling. B.Increased coupling. C.You want to issue a request to one of several objects without specifying the r eceiver explicitly. D.Define an object that defines how a set of objects interact. E.Decouple sender and receiver by giving more than one object a chance to handle the request. F.Define a one-to-many dependency between objects. Reference Close Design Patterns: Elements of Reusable Object-Oriented Software. Gang of Four - pg 223-226. Options B, D, F are correct because A,C,E ARE benefits of the Chain of Responsib ility pattern.

51.Which two are NOT benefits of the Transfer Object pattern? (Choose two.) A.Reduced remote requests across the network. B.You want to create a complex model to hand over to the client for presentation purposes. C.Clients must access components in other tiers to retrieve and update data. D.You want to avoid network performance problems due to high network traffic. E.You want to centralize business logic and state in an application Reference Close Core J2EE Patterns Second Edition: (Alur, Crupi, Malks). Option B, E are correct. Options A, C, D are incorrect because they ARE benefits of the Transfer Object. 52.Which three are benefits of the Session Facade? (Choose three.) A.Prevents tight coupling with the clients. B.You want to encapsulate the physical database design. C.You want pre and postprocessing components independent of each other. D.Reduces number of business objects exposed to clients.

E.You want common subviews reused in multiple views. F.Expose a coarse-grained service to remote clients. Reference Close Core J2EE Patterns Second Edition: (Alur, Crupi, Malks). Options A, D, F are correct. Option B is incorrect because "You want to encapsulate the physical database des ign" is Composite Entity. Option C is incorrect because "You want pre and post processing components indep endent of each other" is Intercepting Filter. Option E is incorrect because "You want common subviews reused in multiple views " is Composite View 53.You are going to deploy a new Java application from the IT development server to all the machines in your company's network using Java Web Start. Which two statements identify what an unsigned jar in the Java Web Start sandbox can do? (Choose two.) A.Use native libraries. B.Access network printers on the system. C.Access system properties. D.Use the JNLP APIs to interact with the system clipboard. E.Access JAR files in an application downloaded from another server Reference Close http://java.sun.com/developer/technicalArticles/WebServices/JWS_2/JWS_White_Pape r.pdf Options C, D are correct. Option A is incorrect because Option B is incorrect because Option C is incorrect because applet. Option D is incorrect because . Option E is incorrect because ver. you cannot use native libraries. you can only access local printers. it has the same access to system properties as an you can access the clipboard through the JNLP APIs all jar files must be downloaded from the same ser

54.Which three statements identify what you can do with the JNLP APIs in the Jav a Web Start? (Choose three.) A.Determine whether or not the application is online. B.Configure the server. C.Interact with the computer's clipboard. D.Deploy the application in Java Web Start. E.Access resources in a Jar file. F.Work with files on the computer Reference Close http://java.sun.com/developer/technicalArticles/WebServices/JWS_2/JWS_White_Pape r.pdf Options A, C, F are correct. Options B, D are incorrect because they are not functions of the JNLP API's. Option E is incorrect because you use the getResource command, not the JNLP API' s.

55.Which three are considered best practices for the prevention of Session Theft ? (Choose three.) A.Audit Logs. B.Public key encryption of session information. C.Specifying user roles in the deployment descriptor. D.Requiring SSL in the deployment descriptor transport guarantee. E.Adding an Intercepting Validation filter to your system. F.Invalidate session after logout. Reference Close Core Security Patterns: Best Practices and Strategies (Christopher Steel; Ramesh Nagappan; Ray Lai) pg14. Options B, D, F are correct. Optiond A, C, E are incorrect because they do not not address the problem. 56.Which three benefits of implementing a Single Sign-on Delegator pattern? (Cho ose three.) A.Better availability of remote security services. B.Prevents Cross Site Scripting. C.Eliminates multiple sign-on issues. D.Reduces Buffer Overflow. E.Eliminates weak session identifiers. F.Preventing session theft. Reference Close Core Security Patterns: Best Practices and Strategies (Christopher Steel; Ramesh Nagappan; Ray Lai) pg 786. Options A, C, F are correct. Option B is incorrect because this does not address Cross Site Scripting. Option D is incorrect because this does not address buffer overflow. Option E is incorrect because the session identifiers could still be weak 57.You have been notified that someone is trying to read business transactions b etween your website and your clients by stealing unencrypted packets. What type of threat is this an example of? A.SQL Injection B.Man in the Middle C.Cross Site Scripting D.Session Hijacking E.Buffer Overflow F.Weak Password Exploits Reference Close Core Security Patterns: Best Practices and Strategies (Christopher Steel; Ramesh Nagappan; Ray Lai). Option B is correct. Options A, C are incorrect because they do not deal with packet theft.

Option D is incorrect because session hijacking is an attempt to gain direct acc ess to the system. Option E is incorrect because Buffer Overflow is a Denial of Service attack. Option F is incorrect because weak password exploits are an attempt to gain dire ct access to the system 58.You are architecting an online movie ticket sales application. After the user s purchase their tickets online, they can later input reviews of the movies in a free-form text box that other users will see. The president of your company is concerned about XSS schemes. Which two precautions should you take for this specific concern? (Choose two.) A.Require SSL in the deployment descriptor transport guarantee. B.Ensure that the database field is big enough to handle any amount of user inpu t. C.Filtering special characters. D.Filtering HTML tags such as "applet", "iframe" and "script". E.Encrypt user input with Blowfish. Reference Close Core Security Patterns: Best Practices and Strategies (Christopher Steel; Ramesh Nagappan; Ray Lai). Options C, D are appropriate concerns in Cross Site scripting Option A is incorrect because they are authenticated users. Option B is incorrect because that is buffer overflow. Option E is incorrect because encrypting the user input will not remove the spec ial characters 59.Which two APIs support Single Sign On implementations? (Choose two.) A.JCE B.JAAS C.JSSE D.SAML E.JMS F.JAXP Reference Close http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.ht ml Options B, D are correct. Option A is incorrect because Option C is incorrect because Option E is incorrect because Option F is incorrect because JCE is Java Cryptography Engine. JSSE is Java Secure Socket Extension. JMS is Java Messaging Service. JAXP is the Xml Parser.

60.Someone has been trying to expose application level information by intentiona lly causing exceptions. It is too late to change the JAVA source code before the big release. How can you prevent someone from seeing any unhandled error messages declarative ly?

A.Use role level constraints in B.Specify that the transmission ptor. C.Specifying error pages in the D.Modify the firewall to filter Reference Close Servlet 2.4 specs.

the deployment descriptor. should be run under SSL in the deployment descri deployment descriptor. out any exceptions

Option C is correct. Options A, B, and D are incorrect because they do not address the issue and D is nonsense.