250+ TOP MCQs on Handling Security in Views and Domain object security and Answers

Java Spring Multiple Choice Questions & Answers (MCQs) on “Handling Security in Views and Domain object security”.

1. Element used to secure methods.
a) security:intercept-methods
b) global-method-security
c) all of the mentioned
d) none of the mentioned
Answer: c
Clarification: First, you can embed a security:intercept-methods element in a bean definition to secure its methods. Alternatively, you can configure a global global-method-security element to secure multiple methods.

2. @Secured annotation is used to secure methods implemented by beans.
a) True
b) False
Answer: a
Clarification: You can also annotate methods declared in a bean interface or an implementation class with the @Secured annotation and then enable security for them in global-method-security.

3 Element used to specify access attributes for bean’s methods.
a) security:protect
b) security:intercept
c) security:intercept-security
d) none of the mentioned
Answer: a
Clarification: In a bean’s security:intercept-methods, you can specify multiple security:protect elements to specify access attributes for this bean’s methods.

4. Attribute used to specify custom access decision manager.
a) access-decision-manager-ref
b) access-decision-ref
c) access-decision
d) none of the mentioned
Answer: a
Clarification: If you would like to use a custom access decision manager, you can specify it in the access-decision-manager-ref.

5. JSP technology is also used to handle security of JSP views.
a) True
b) False
Answer: a
Clarification: Spring Security provides a JSPtag library for you to handle security in JSP views.

6. Tag which displays user’s Authentication object.
a) security:tag
b) security_Tag
c) security:authentication
d) none of the mentioned
Answer: c
Clarification: The security:authentication tag exposes the current user’s Authentication object for you to render its properties.

7. Tag which renders the granted authorities one by one.
a) c:for
b) c:forEach
c) c:doWhile
d) c:while
Answer: b
Clarification: You can store the authorities property, which contains the authorities granted to the user, in the JSP variable authorities, and render them one by one with a c:forEach tag.

8. Tag used to render view contents conditionally.
a) security:authorize
b) security:authority
c) security:authenticate
d) none of the mentioned
Answer: a
Clarification: If you would like to render view contents conditionally according to a user’s authorities, you can use the security:authorize tag.

9. Attribute used to render enclosed content.
a) ifGranted
b) if_Granted
c) ifAllGranted
d) none of the mentioned
Answer: c
Clarification: If you want the enclosing content to be rendered only when the user has been granted certain authorities at the same time, you have to specify them in the ifAllGranted attribute.

10. Module that allows each domain to have it’s own access.
a) access share list
b) access common list
c) access control list
d) access list
Answer: c
Clarification: Spring Security provides a module named ACL that allows each domain object to have its own access control list (ACL).

11. ACL(Access control list) consists of:-
a) object identity
b) access control entities
c) none of the mentioned
d) all of the mentioned
Answer: a
Clarification: An ACL contains a domain object’s object identity to associate with the object, and also holds multiple access control entries (ACEs).

12. ACEs(Access control entries) core consists of:-
a) Permissions
b) Security Identity
c) All of the mentioned
d) None of the mentioned
Answer: c
Clarification: Multiple access control entries (ACEs), each of which contains the above mentioned two core parts.

13. Which of the following is/are part of BasePermission class:-
a) CREATE
b) READ/WRITE
c) DELETE
d) All of the mentioned
Answer: d
Clarification: The BasePermission class predefines five basic permissions as constant values for you to use: READ (bit 0 or integer 1), WRITE (bit 1 or integer 2), CREATE (bit 2 or integer 4), DELETE (bit 3 or integer 8), and ADMINISTRATION (bit 4 or integer 16).

14. SID(Security Identity) associates with permission using.
a) principal(PrincipalSid)
b) authority (GrantedAuthoritySid)
c) all of the mentioned
d) none of the mentioned
Answer: c
Clarification: Each ACE contains permissions for a particular SID. An SID can be a principal (PrincipalSid) or an authority (GrantedAuthoritySid) to associate with permissions.

15. Interfaces that defines operation of an ACL service.
a) AclService
b) MutableAclService
c) All of the mentioned
d) None of the mentioned
Answer: c
Clarification: In Spring Security, there are two interfaces that define operations of an ACL service: AclService and MutableAclService. AclService defines operations for you to read ACLs.

Leave a Reply

Your email address will not be published. Required fields are marked *