You are creating a website to sell fine art to the rich and famous. You are only expecting to make one or two sales per week. Considering you require the system to be both secure and provide support for the transactions, which of the following describes the most appropriate architecture?

Please select from the following options:

Here is an explanation of the answers:

Choice C is the correct answer.

Although the scenario states that the application must be both secure and provide support for transactions, due to the low number of sales expected there is no justification for using an application server. Instead, it is more appropriate to use JTS (for the transactions) and servlets (for the business logic).

If a three-tier architecture was adopted, a Stateful Session Bean can be used to represent the shopping basket, and a Stateless Session Bean can be used to coordinate between the application and the credit card authorization system.

The correct answer is: use JSP/servlets for both presentation and business logic and JTS for the transactions.

Probability indicator:

What are the advantageous of a JSF component over traditional JSP and ServLets?

Select three choices among the following:

Here is an explanation of the answers:

Correct answers are options B, C, and E.

Servlets and JSP are best suited for applications where there is a need for processing dynamic requests from HTTP clients. In Model2 architectures &# 44; servlets are used as controllers and are responsible for processing incoming requests &# 44; and dispatching them to appropriate handlers. There is no component based tags available using regular JSP and ServLets. The developer has to write a lot of code to generate any Ul component code. As compared to a ServLet, JSF provides a managed bean which is a regular POJO to provide the actions for the form submissions and handling validations in an easy way.

JSP is used as a view to combine static templates with dynamic data to form HTML or XML output. Thus, options B, C and E are correct. In JSP, all the code has to be written using scripts and it's difficult to maintain and is tightly coupled with the view and data models. Java Server Faces (JSF) technology is a server-side user interface component framework for Java technology-based web applications.

The main components of JSF technology are as follows.

An API for representing Ul components and managing their state; handling events, server-side validation, and data conversion; defining page navigation; supporting internationalization and accessibility; and providing extensibility for all these features Custom tag libraries for expressing Ul components within a JSP page and for wiring components to server-side objects. In addition, JSF provides the following features.

The correct answer is B, C, and E: Wire component-generated events to server-side application code, Bind Ul components on a page to server-side data, Save and restore the Ul state beyond the life of server requests

Probability indicator: 

An external system invokes a web service from your application and produces XML. You need to extract the data elements from the produced XML and create object mapping to save data into your database tables. The extract must be portable across all the Java EE servers. What would you choose from the given options based on Java EE5 technology stack?

Please select the following:

Here is an explanation of the answers:

Option A is the correct answer.

JAXP AP/ for XML processing.

JAXR API for accessing XML registries.

JAX-WS is Java API for XML web services. JAX-WS is a technology for building web services and clients that communicate using XML.JAX-WS and allows you to write message-oriented as well as RPC-oriented web services.

In JAX-WS, a web service operation invocation is represented by an XML-based protocol such as SOAP. The SOAP specification defines the envelope structure, encoding rules, and conventions for representing web service invocations and responses. These calls and responses are transmitted as SOAP messages (XML files) over HTTP.

The Java architecture for XML binding (JAXB) provides a fast and convenient way to bind between XML schemas and Java representations, making it easy for Java developers to incorporate XML data and processing functions in Java applications. As part of this process, JAXB provides methods for unmarshalling XML instance documents into Java content trees, and then marshalling Java content trees back into XML instance documents. JAXB also provides a way to generate XML schema from Java objects.

JAXB provides the following features:

The correct answer is: JAXB

Probability indicator:

Which of the following statements are true about RESTfuI web services?

Select two options among the following:

Here is an explanation of the answers:

Correct answers are option B and D.

Java API for RESTfuI web services (JAX-RS) is the Java EE standard for creating RESTfuI web services. The API offers declarative annotations that allow you to:

Provide metadata used in responses

In addition to the declarative method of extracting request data just described , JAX-RS provides a set of interfaces that may be queried dynamically:

Providers support lookup of provider instances. This capability is useful in cases where one provider wants to re-use the functionality of another; for example, an entity provider that supports some kind of composite entity might use other entity providers to read/write individual parts of the whole

The correct answer is: REST-based web services provide regular POJO support and can be implemented as a resource; REST- based web services provide GET, POST, PUT, and DELETE operations on a given resource.

Probability indicator:

You have recently joined ABC Company as a J2EE architect. The business has mentioned to you that they would like to enhance the current sales application to provide different views (for customers, sales personnel managers, and so on.) of sales data, but the application maintenance team always mentioned it was difficult to provide such a wide range of views.

What is the most likely reason and what could solve the problem?

Please select from the following options:

Here is an explanation of the answers:

Option C is the correct answer.

Option A is incorrect because it does not solve the problem. Option B is incorrect because it is unrelated to the extensibility problem. Option D is incorrect because it is unrelated to the extensibility problem.

The correct answer is: Business logic is embedded in the JSPs. Refactor the code to use the business object design pattern.

Probability indicator:

You have deployed a J2EE application on a single server. With the originally planned users, it was working well. But with increased roll-out users, you see that CPU and memory of the server is reaching optimum levels.

What relatively quick and cost-effective changes can you recommend to improve the system performance?

Please select from the following options:

Here is an explanation of the answers:

Option C is correct.

Option A is incorrect because purchasing new servers is costly. Option B is incorrect because there is no mention of problems with code. Option D is incorrect because purchasing new infrastructure (servers and so on) may be costly and time-consuming.

The correct answer is: Vertical scaling of the system.

Probability indicator:

Every unit in the system needs to have a clearly defined responsibility and functionality. Units that combine multiple concerns must be split into smaller pieces. What is this concept?

Please select from the following options:

Here is an explanation of the answers:

Option C is correct. The statement describes the separation of concerns principle.

Encapsulation (also information hiding) consists of separating the external aspects of an object, which are accessible to other objects, from the internal implementation details of the object, which are hidden from other objects. Polymorphism is a characteristic of being able to assign a different behavior or value in a subclass to something that was declared in a parent class. For example, a method can be declared in a parent class, but each subclass can have a different implementation of that method.

Delegation is the implementation of objects that forwards certain method calls to another object, a delegate. The separation of concerns principle states that every unit in the system needs to have a clearly defined responsibility and functionality. This applies to all levels of the system, from EARS to methods.

The correct answer is: Separation of concerns.

Probability indicator:

Your application throws application specific exceptions and you would like to make them immutable. Which of the following facilitates your decision?

Please select from the following options:

Here is an explanation of the answers:

Option C is correct. You can encapsulate the error information in private variables of the class and provide only getter methods to print the error information. Encapsulation (also information hiding) consists of separating the external aspects of an object which are accessible to other objects, from the internal implementation details of the object, which are hidden from other objects. Polymorphism is a characteristic of being able to assign a different behavior or value in a subclass, to something that was declared in a parent class.

For example, a method can be declared in a parent class, but each subclass can have a different implementation of that method. Delegation is the implementation of objects that forward certain method calls to another object, a delegate.

The separation of concerns principle states that every unit in the system needs to have a clearly defined responsibility and functionality. This applies to all levels of the system, from EARS to methods.

The correct answer is C, Use the encapsulation concept.

Probability indicator:

Which of the following statements is true about Model View Controller design?

Please select the following:

Here is an explanation of the answers:

Option A is correct.

Option B is incorrect as EL is a language but not a component. Swing cannot be used along with servlets/JSP, so option C is incorrect. Flash files are static content, so option D is incorrect.

The correct answer is: Examples of model are EJB, controller is servlet, and view is JSP

Probability indicator:

ABC Company has a web-based labor claiming system. With the acquisition of a new company, the employee number has doubled. You have advised to host the application at a new office with one web server and two application servers.

What is the negative impact of your decision?

Please select the following:

Here is an explanation of the answers:

Option B is correct.

Additional security measures need to be taken due to the addition of new servers. Adding new servers increases performance, availability, and reliability. The correct answer is: This will decrease security.

Probability indicator: 

ABC Company has recently deployed a web application. Once the application is started, after a few requests they observe that the server has stopped sending responses and requests are timing out. As a consultant, you have observed that the developers have used vendor-specific driver API to connect to the database.

Which of the following would you recommend?

Please select from the following options:

Here is an explanation of the answers:

Option A is correct.

Java EE provides the data source which is attached to connection pools. These connection pools ensure optimum usage of physical connections. Option D is an invalid option as the application is interacting with the database. Options B and C are applicable only when a connection pool is already configured.

The correct answer is Use the data source

Probability indicator:

You are designing an application which must have high scalability and availability. You have decided to build your reusable services as BBs and deploy the application on three application servers. It means that BB services are available on three application servers. You want the web code to intelligently route requests to one of these services based on local/remote interfaces, availability of service, and so on.

Which of the following would you consider?

Please select from the following options:

Here is an explanation of the answers:

Option C is correct.

Options B and D are incorrect statements. Option A could be an option but is not needed if the application server itself provides such features.

The correct answer is: Explore clustering facilities with the application servers.

Probability indicator:

What statement(s) are true among the following?

Please select from the following options:

Here is an explanation of the answers:

Choices A and B are correct. Choice A is correct because MOB beans are accessed indirectly via topics/queues. Choice B is correct because MOBS can have instance variables in which the state is retained across all method calls during request processing.

Choice C is incorrect. MOBS are accessed via topics/queues. Choice D is incorrect. MOBS can be transaction aware.

The correct answer is: Unlike session beans, message driven beans are not accessed through interfaces, Instance variables of message driven beans can keep the state across the handling of client messages

Probability indicator:

In a software project of a banking domain, a large numbers of domain objects are in play. The challenges are to easily navigate complex object relationships and achieve optimal performance. What, in your opinion, will be the best way to implement this?

Please select from the following options:

Here is an explanation of the answers:

Choice C is correct.

JPA will allow easy navigation through objects and can retrieve them on call for optimal performance (lazy loading).

Choice A is incorrect. With JDBC, code to create new objects, filling them and putting them into relationships, will have to be written. Custom code to implement lazy loading will have to be written. Choice B is incorrect. It will require a lot of code to map stored procedure outputs to domain objects and vice versa. Choice D is incorrect. Navigating complex object relationships while maintaining good performance are standard problems across multiple projects. JPA is a standard API that aims at solving these problems.

The correct answer is: JPA is the best solution

Probability indicator:

Which of the following is true about CMP and the Java Persistence API?

Please select from the following options:

Here is an explanation of the answers:

It is possible to use both CMP and JPA in one application. So, option A is correct and option B is incorrect. Option C is incorrect because Java Persistence API is simpler and provides more features. Option D is incorrect because there is no such requirement.

The correct answer is: It is possible to use both CMP and JPA in one application.

Probability indicator:

ABC Credit Card Company has been using IMS transactions for new credit card applications for past 10 years. Current/MS transactions fetch data from multiple databases, filesystems, and other systems and also have business logic. Due to constant demand for its credit cards and new employees, it decided to web-enable the application. Existing ! MS transactions will also co-exist with web applications and there should not be any duplication of logic and data. You, as a consulting architect, are asked to provide a design for the same. Which of the following would you choose for the persistence strategy?

Please select:

Here is an explanation of the answers:

It states current! MS transactions fetch data from multiple databases, filesystems, and other systems and also has business logic. To avoid duplication, a singular persistence layer has to be developed which can be accessed both by /MS transactions and also Java systems. Such a framework should be accessible through Cobol and Java. So option D is correct.

The correct answer is: None of the above.

Probability indicator:

In a credit card processing application developed by Java enterprise technology, the customer needs assurance about the secure access of processes such as "update account balance". How will you make sure only authorized access is allowed to invoke these parts of the application?

Please select from the following options:

Here is an explanation of the answers:

Choice D is correct. Use a role based security feature of EJB's permits to define roles, add users under that role, and tie those roles to BB methods.

Choice A is incorrect. With a custom solution it is hard and unnecessary to write and maintain that much code. Choice B is incorrect; protecting the application server behind the firewall will not reduce the risk of unauthorized invocation of processes by logged in Choice C is incorrect; every user allowed to login to the system may not have permission to invoke any method.

The correct answer is: Use a role based security feature available for EJBs, so that users falling within a role can access methods allowed for that role entry.

Probability indicator:

The system under development has a module to update the status of each transaction across multiple servers and send e-mails to parties related to a given transaction. Every transaction processing can take few seconds to a few minutes depending on the network speed and how long the transaction queue is. What will be the best way to implement such a module?

Please select from the following options:

Here is an explanation of the answers:

Choice C is correct. Message driven beans are best to implement asynchronous processes that cannot be done in real time.

Choice A is incorrect because session beans cannot act asynchronously. Choice B is incorrect because session beans cannot act asynchronously. Choice D is incorrect. Message driven bean can utilize JavaMail packages to send e-mails, but for asynchronous processing, JavaMail is not sufficient by itself.

The correct answer is: Message driven beans.

Probability indicator:

Which of the following is FALSE about EJB 3.0?

Please select from the following options:

Here is an explanation of the answers:

Option E is correct. All of the above are true statements.

The correct answer is: None of the above.

Probability indicator:

Which of the following are benefits of EJB 3.0?

Please select from the following options:

The following is the explanation.

Option A is correct.

Using dependency injection, JNDI lookup code need not be written in the application. Options B and C are incorrect statements. JPA entities are different than entity beans. 083.0 introduced a new query language which is similar to SQL but does not provide full support for SQL.

Java EE does not mention support for any ORM frameworks such as Hibernate. So, options C and D are incorrect. The correct answer is: Reduction of code

Probability indicator:

You are gathering non-functional requirements for a fat client application that needs to be migrated onto a Java EE environment. What is true about Fat client non-functional requirements?

Select three choices from the following:

Here is an explanation of the answers:

Choices A, B, and D are the correct answers.

The problem statement clearly states that the current application is the fat client, which means it's a two-tier application. The following statements are true about two-tier application non-functional requirements.

Each client requires a connection, with no connection pooling technique available, and results in poor performance. Raw data transferred to the client for processing that causes heavy network traffic also results in poor performance. Extensibility is difficult due to presentation and business logic is tightly coupled. Manageability is difficult due to complex client maintenance and deployment. As each client is connected to the DB, it's very difficult to scale the two-tier applications.

C and E are incorrect, as already explained .

The correct answer is: Raw data transferred to client for processing that causes heavy network traffic, Each Client requires a connection, no connection pooling technique available, Poor maintenance because of complex client maintenance and deployment

Probability indicator:

You are given a problem statement saying that all the TV monitors are connected to a single server without separate CPUs to display online movies to the users. The most notable weaknesses of this system are that they are said to have poor ______ and ______ .

Please select from the following options:

Here is an explanation of the answers:

Choices B, C, and F are the correct answers.

All the monitors are connected to a single server, which means the system is designed as a single tier system.

The biggest weaknesses of one-tier systems are their maintainability and scalability. They may only be scaled vertically by adding extra CPUs or increasing the amount of RAM. Additional machines may not be added and the reason that they are so hard to maintain is due to tight coupling between the presentation, business logic, and data.

Changes to any of these layers will have a direct effect on the adjacent layers. The other main weakness of one-tier systems is that they are not extensible (due to tight coupling between tiers; they are not designed to be extended). The performance of a one-tier system should (under small loads) be better than a three-tier system because there will be no network delay. It's arguable that under heavy loads the performance will deteriorate but that is really referring to scalability.

There is no reason why a one-tier system would be more unreliable than a two- or three-tier system, so choice E is incorrect.

Security and manageability are generally easier with smarter systems such as one-tier solutions, so choices D and G are incorrect.

The system is in one place, so manageability should be simple as opposed to having to administer multiple web servers, application servers, and databases. One could argue that the availability of a one-tier system is not as good as a two/three/N-tier solution (which it is not) but it is not one of the three most notable weaknesses of a one-tier system.

The correct answer is: Extensibility, Maintainability, and Scalability.

Probability indicator:

Your company has released the next generation of its sales system. You have several very powerful servers and a few basic servers at your disposal. A network expert has suggested that you use reverse proxy load balancing to get the best possible performance out of these machines.

What is reverse proxy load balancing?

Please select from the following options:

Explanation:

Choice D is correct.

Reverse proxy load balancing is generality used when you have servers with varied CPU power and memory. You may use more powerful servers for SSL sessions and others to handle static HTML Such deployment will maximize your application's performance.

Choice A is a description of a round-robin load distribution and hence is incorrect. Choice B does not describe any particular method of load balancing and hence is incorrect. Choice C is an inaccurate description of reverse-proxy load balancing and you would need access to the mainframes source code to do this. Choice E is a cross between a firewall and a standard proxy server; this does not perform any load balancing.

The correct answer is: A technique used to target certain requests to certain backend servers, for example all servlet requests from one server. All static HTML from another.

Probability indicator:

Which of the following are benefits of server clustering? Select three choices.

Please select from the following options:

Here is an explanation of the answers:

Choices A, D, and E are correct.

Using replicas, server clusters increase the reliability and availability of a system. They provide a fault tolerance mechanism with load distribution and load balancing capabilities. Hence, choices A, D, and E are correct. J2EE applications offer security features through identification, authentication, and authorization mechanisms. In addition, they also provide APl's that allow secure communication, encryption of messages, and so on. This is not a feature of server clusters though. Thus, choice B is incorrect

Managing multiple servers is always harder than managing just one server. Hence, easy manageability may not always be true with distributed platforms. With J2EE, due to clear roles and responsibilities of tiers and layers, applications may be relatively easier to manage than other distributed systems. However, manageability is not the best asset of distributed systems. Thus, choice C is incorrect.

The correct answer is: Replication, Load Balancing, and Fault Tolerance

Probability indicator:

The current application is designed to serve 500 users based on the available system resources using one application server. Due to the new product line release, an additional 1,000 users need to be added to the existing three-tier system. You have been asked to improve the availability of this system due to the increase in the user base. How do you achieve this goal?

Please select from the following options:

Here is an explanation of the answers:

Choice A is correct.

The current application is running on a single application server, which means the requests from users are directly hitting the application servers. Due to the increase in load, the system will not respond to handle more requests at a certain point of time. In order to make this application available, to meet the increased user base, introduce two additional web servers in front of the application server to route the requests using a proxy plugin. The proxy plugin is configured in such a way that at any point of time two web servers will not go down. The proxy plugin will route the requests to the application server.

Choice B is incorrect. The current system will fail due to a direct hit of the application server (no load distribution) for each user request due to the increase in the load to handle the additional users. Choice C is incorrect. Creating all object in the request scope rather than the session scope will reduce the memory footprint. It will not help in achieving high availability of the system. Choice D is incorrect. Monitoring network traffic will be used to trace out the slowness and performance problems associated with an application.

The correct answer is: Add two web servers in front of the application server to route all the user requests to increase the availability of the system

Probability indicator:

Which of the following are NOT true about N-tier systems? Select three choices.

Please select from the following options:

Here is an explanation of the answers:

Choices A, C, and E are correct as their statements are NOT true for N-tier applications.

Though N-tier systems are distributed over many systems, they do not present any maintenance problems when architectured and designed well. This is because they are highly modular (component-container based) and it is relatively easy to correct problems in one tier without impacting other tiers. Therefore, statement A is not true and choice A is a correct choice.

N-tier systems can also yield high performance. They can be highly optimized at each tier. Server clusters can be used where bottlenecks are encountered, connection pools can be used by applications to acquire and release connections (a process more effective than the creation and destruction of connections), and so on. Hence, statement C is not true and choice C is a correct choice.

Though not relevant to the discussion, it should be noted that putting all business rules in the database tier reduces database portability and also violates tier encapsulation. Hence, it is not considered a J2EE best practice to use stored procedures and triggers extensively for business logic processing. As opposed to client/server systems, N-tier systems generally make extensive use of resource sharing capabilities. Bean pools and connection pools are good examples. Hence, statement E is not true and choice E is a correct choice.

The statement of choices B, D, and F are good examples of other capabilities of N-tier systems. Hence, choices B, D, and F are incorrect. The correct answer is: N-tier systems are distributed over many systems and hence, always present a maintenance problem, Since N-tier systems do not use database-stored procedures or triggers for business logic processing, they are generally very slow, N-Tier systems suffer from only one drawback over client/server systems, they do not take advantage of resource sharing techniques such as connection pooling.

Probability indicator:

You are working as part of a team of developers creating an online shopping system that sells cheap flights. Initially, customers browse lists of flights that are hosted on three identical Apache Tomcat web servers (the lists are updated at midnight). Once they have selected the flights they wish to purchase, they are routed through to a BB tier where the booking takes place.

Which name and description describe the type of load balancing/distribution that should be used to initially direct users to the web servers?

Please select from the following options:

Here is an explanation of the answers:

Choice B is the correct answer.

Round-robin load distribution is the simplest technique to route requests to servers. Requests are routed without any regard for the load an individual server is experiencing.

Consider the following example.

A solution consists of three web servers. Requests: Rl, R2, R3, R4, and R5 are received in this order at the load balancer. Rl will be forwarded to web server 1, R2 to web server 2, R3 to web server 3, R4 to web server 1, and R5 to web server 2. Requests are routed irrespective of whether a web server is up and running.

The description in choice A is inappropriate because there would be no guarantee that a request would be serviced if a pool was created. Also there aren't any web servers that support this type of scenario (extra code would have to be written). Targeting servers based upon their current status could be implemented via reverse proxy load balancing (there are other methods for achieving the same result - targeting particular servers).

The correct answer is: Round-robin load distribution. As requests are received at the load balancer, they are forwarded on to the next web server in the list of available web servers.

Probability indicator:

You have been assigned a task to study a Visual Basic application for future migration onto the Java EE platform. You need to create a document about various advantages of this application when compared to browser-based applications.

Select three choices.

Please select from the following options:

Here is an explanation of the answers:

Options C, D, and E are correct.

The Visual Basic application means that it falls under the thick-client category. VB provides rich GUI features and creating the same rich Ul look and feel using browser based applications are more difficult. Thick-client based solutions have rich GUI features and also provide better security than browser based applications.

Options A and B are disadvantages of thick clients.

The correct answer is: Rich GUI features, Provides very good client security. Potentially easier deployment and configuration management issues

Probability indicator:

Which of the following statements are true about new feature resource injection usage in the Java EE platform?

Please select from the following options:

Here is an explanation of the answers:

Option D is correct.

JAX-WS supports resource injection of Java EE 5 to shift the burden of creating and initializing common resources in a Java runtime environment at field, method, and class levels.

Option A is incorrect. Resource injection is a feature provided in the Java EE environment. Option B is incorrect. The container will initialize the resource using resource injection technique. Option C is incorrect. Resource injection is allowed at field level also.

The correct answer is: Resource injection is allowed at all class, method, and field levels

Probability indicator:

You are catting a third-party web service to retrieve the credit details of a person based on key input parameters. The issue is that the third-party server takes time to respond to the requests received from the clients. Your lead advised that you should configure a parameter which will wait for those many minutes to receive the response, otherwise the system should raise an error message saying that it did not process the request.

What features are available to handle this scenario using JAX-WS in Java EE environment?

Select two choices from the following list:

Here is an explanation of the answers:

Options A and C are correct.

With JAX-WS, web services can be catted both synchronously and asynchronously. JAX-WS adds support for both a polling and callback mechanism when calling web services asynchronously. Using a polling model, a client can issue a request and get a response object back, which is polled to determine if the server has responded. When the server responds, the actual response is retrieved. Using the callback model, the client provides a callback handler to accept and process the inbound response object.

Option B is incorrect. There is no dispatch handler available to handle the potting mechanism in the JAX-WS implementation.

Option D is incorrect. From the problem statement, the features from JAX-WS need to be used to provide a solution. Of course, you can handle them using the regular Java thread by configuring certain steep time using the configuration parameter specified in the problem context.

The correct answer is: Potting, Callback Handler

Probability indicator:

You need to communicate with a legacy banking system that has a CORBA server written in Cobol. The system is used to process transactions that are sent via the CORBA server. What is the best way to communicate with this system?

Please select from the following options:

Here is an explanation of the answers:

Choice C is the correct answer.

Java Interface Definition Language (Java IDL) allows Java programmers to write both Common Object Request Broker Architecture (CORBA) servers and clients. (CORBA uses IlOP). Therefore, choices A and B are incorrect.

Choice D is incorrect because there is no need to add messaging capabilities if there is already the opportunity to communicate via CORBA.

Java Native Interface (JNI) allows Java to talk to code written using other programming languages (popular in legacy connectivity).

The correct answer is: Use Java IDL to create a CORBA client and then talk directly with the CORBA server.

Probability indicator:

You need to upgrade a legacy system. The system is used to process transactions that are sent via the CORBA server. Currently, a custom socket is created and the transaction details are sent over. Due to the unreliability of the socket connection you wish to replace it. What is the best approach you can take?

Please select from the following options:

Here is an explanation of the answers:

Choice A is the correct answer.

JMS is particularly suited for sending XML documents. You would typically use JNI and RMI over JMS when you try to add/manipulate the business logic. Synchronous messaging is the most appropriate type of messaging to be used in this scenario. This is due to the instant response requirement when a purchase is made. When interfacing with external payment systems, a Stateless Session Bean is typically used. This bean would handle the payment authorization request/response. Stateless Session Beans are "service" beans.

The characteristics of synchronous messaging are: Blocks until message is processed, Suitable for transaction processing, can be implemented using BBS.

The characteristics of asynchronous messaging are: Loose coupling between the sender and receiver. The network is not required to be available. Cannot be implemented using EJBs. Suitable for publish-subscribe messaging. JMS supports both point-to-point and publish-subscribe messaging.

The correct answer is: Add JMS capabilities to the legacy application and send XML documents containing the transaction details.

Probability indicator:

Which of the following is NOT an improvement of JAX-WS over JAX-RPC?

Please select from the following options:

Here is an explanation of the answers:

Options A, B, and C are incorrect.

Option A is incorrect because JAX-WS introduces support for annotating Java classes with metadata to indicate that the Java class is a web service. Using annotations within the Java source and within the Java class simplifies the development of web services. Options B and C are incorrect as JAX-WS supports WS-I basic profile 1.1 and SOAP 1.2 (as well as SOAP 1.1). Option D is correct because it simplifies the development of handlers.

The correct answer is: Increases the complexity of developing handlers.

Probability indicator:

When do you choose to design a dynamic web service client using JAX-WS Dispatch API from the given options?

Please select from the following options:

Here is an explanation of the answers:

Option A is incorrect; the right approach here is to use the Dynamic Proxy Client. Option B is incorrect because it is a use case for SAAJ. Option C is correct. JAX-WS uses JAXB as data binding technology and if you wish to use any other technology, you must use Dispatch API. Option D is incorrect. You must use Dispatch API when you want to use XML/HTTP binding. SOAP binding is available by default.

The correct answer is: To invoke a web service by using a data binding other than JAXB.

Probability indicator:

Which of the following statements are true?

Please select the following:

Here is an explanation of the answers:

Choice C is correct. JMS provides the following features in the Java EE platform.

The Java Message Service (JMS) is a specification for messaging middleware. JMS provides an API for services such as persistence; transactions; and verification. Application clients, Enterprise JavaBeans (BB) components, and web components can send or synchronously receive a JMS message.

Application clients can in addition receive JMS messages asynchronously. (Applets, however, are not required to support the JMS API.)

Message-driven beans, which are a kind of enterprise bean, enable the asynchronous consumption of messages. A JMS provider can optionally implement concurrent processing of messages by message-driven beans.

Message send and receive operations can participate in distributed transactions, which allow JMS operations and database accesses to take place within a single transaction

The correct answer is: Statement 1 is false, Statement 2 is true, Statement 3 is true

Probability indicator:

Which of the following statements are true about a JMS implementation in the Java EE platform?

Select three choices from the following list:

Here is an explanation of the answers:

Choices A, B, and C are correct.

The following scenarios will demand the need for messaging implementation using JMS techniques.

The provider wants the components not to depend on information about other components interfaces, so that components can be easily replaced.

The provider wants the application to run whether or not all components are up and running simultaneously. The application business model allows a component to send information to another and to continue to operate without receiving an immediate response.

Choices E and D are incorrect.

The correct answer is: The provider wants the components not to depend on information about other components' interfaces, so that components can be easily replaced.

The provider wants the application to run whether or not all components are up and running simultaneously., The application business model allows a component to send information to another and to continue to operate without receiving an immediate response.

Probability indicator:

You want to create template-based and separate programming logic from the view to facilitate the division of labor between software developers and web page designers. What design pattern would you use based on the given scenario?

Please select one of the following options:

The following is the explanation.

Option B is correct.

Use views to encapsulate formatting code and helpers to encapsulate view-processing logic. A view delegates its processing responsibilities to its helper classes, implemented as POJOs, custom tags, or tag files. Helpers serve as adapters between the view and the model, and perform processing related to formatting logic, such as generating an HTML table. You want to use template-based views, such as JSP. You want to avoid embedding program logic in the view. You want to separate programming logic from the view to facilitate division of labor between software developers and web page designers.

Option A is incorrect because that deals with the model. Option C is incorrect because it does not address the requirements. Option D is incorrect because it does not address the requirements. Option E is incorrect because it does not deal with processing in the views, which is the question.

The correct answer is: View helper

Probability indicator:

What pattern is an example of using an Object-Relational Framework such as JDO?

Please select one the following options:

Here is an explanation of the answers:

Option B is correct.

The composite entity implements a business object using local entity beans and POJOs. When implemented with bean-managed persistence, a composite entity uses data access objects to facilitate persistence.

The domain store provides a powerful mechanism to implement transparent persistence for your object model. It combines and links several other patterns including data access objects.

Data access object enable loose coupling between the business and resource tiers. Data access object encapsulate all the data access logic to create, retrieve, delete, and update data from a persistent store. Data access objects use transfer objects to send and receive data.

Business object implement your conceptual domain model using an object model. Business objects separate business data and logic into a separate layer in your application. Business objects typically represent persistent objects and can be transparently persisted using the domain store.

The correct answer is: Domain store

Probability indicator:

You need to interface with an existing application. You have full access to the source code and UML diagrams from the existing application. Part of the requirements imply that you will need to connect unrelated objects together. You want to know whether the bridge pattern or the adapter pattern will be suitable.

Which of the following are true about the bridge and adapter patterns? Select two choices.

Please select from the following options:

Here is an explanation of the answers:

Choices A and D are correct.

As the answers state, the adapter pattern implements an interface known to its clients and provides an instance of a class not known to its clients. And the bridge pattern creates a separation between abstractions and classes that implement those abstractions.

Choices B and C are incorrect because the descriptions are the other way around.

The correct answer is: The Adapter pattern implements an interface known to its clients and provides an instance of a class not known to its clients, The Bridge pattern creates a separation between abstractions and classes that implement those abstractions.

Probability indicator:

Since Stateful Session Beans are not pooled as their Stateless counterparts, the container uses passivation and activation techniques for better resource management.

What design pattern is close to the concept of passivation, as described here?

Please select from the following options:

Here is an explanation of the answers:

Choice E is correct.

Memento (GOF 283): Without violating encapsulation, capture and externalize an object's internal state so that the object can be restored to this state later. With Stateful Session Beans, the container externalizes the state of the bean via passivation for better memory management. When required, a bean in the passive state can be brought back to the method ready state via activation. Hence, choice E is correct.

Composite (GOF 163): Compose objects into tree structures to represent part-whole hierarchies. Composite lets clients treat individual objects and composites of objects uniformly. Choice A is irrelevant here and therefore incorrect.

Flyweight (GOF 195): Use sharing to support large numbers of fine-grained objects efficiently. Choice B is therefore incorrect.

Template method (GOF 325): Define a skeleton of an algorithm in an operation, deferring some steps to subclasses. The template method lets subclasses redefine certain steps of an algorithm without changing the algorithm's structure. Choice C is therefore incorrect.

Command (GOF 233): Encapsulate a request as an object, thereby letting you parameterize clients with different requests, queue, or log requests, and support undoable operations. Choice D is therefore incorrect.

Chain of Responsibility (GOF 223): Avoid coupling the sender of a request to its receiver by giving more than one object a chance to handle the request. Chain the receiving objects and pass the request along the chain until an object handles it. Choice F is therefore incorrect.

The correct answer is: Memento

Probability indicator:

What are the benefits of using the mediator design pattern? Select two choices.

Please select from the following options:

Here is an explanation of the answers:

Choices A and C are the correct answers.

The mediator pattern controls how a set of objects interact (the objects refer to each other through one object).

Choice D describes a benefit of using the flyweight pattern. Choice E describes a benefit of the proxy pattern. Choice F describes a benefit of the observer pattern.

The mediator defines an object that encapsulates how a set of objects interact. The mediator promotes loose coupling by keeping objects from referring to each other explicitly, and it lets you vary their interaction independently.

The correct answer is: Increases decoupling between objects, Promotes centralized control

Probability indicator:

Which of the following statements describe the facade pattern and the benefits of using it? Select two choices from the following list:

Here is an explanation of the answers:

Choices B and E are the correct answers.

The facade pattern hides complexity by providing a simple interface for the client to use. The facade also promotes loose coupling between subsystems and clients.

Choice A describes features of the adapter pattern. Choice C describes features of the decorator pattern. Choice D describes features of the bridge pattern.

Facade provides a unified interface to a set of interfaces in a subsystem. Facade defines a higher-level interface that makes the subsystem easier to use.

The correct answer is: Shields the client from complexity, Promotes loose coupling between subsystems and clients

Probability indicator:

Which of the following is a benefit of using the composite view pattern?

Please select the following:

Here is an explanation of the answers:

Choice E is correct because it describes an advantage of the composite view design pattern.

This pattern uses composite views that are composed of multiple subviews. Each component of the template may be included dynamically into the whole and the layout of the page may be managed independently of the content. This allows easy and error free modification of the layout and reuse of subviews. Since duplication of subviews are avoided, choice E is a benefit of this pattern.

Options A, C, and D describe the benefit of the business delegate pattern.

Option B is incorrect because it describes the benefit of the view helper design pattern.

The correct answer is: You want to avoid duplicating subviews.

Probability indicator:

Which of the following is a benefit of the FrontController pattern? Select two choices.

Please select from the following options:

Here is an explanation of the answers:

Option A describes the benefit of the intercepting filter pattern.

Options B and C describe the benefits of the front controller pattern.

Option D describes the benefit of the application controller pattern.

The correct answer is: You want to apply common logic to multiple requests, You want to centralize controlled access points into your system

Probability indicator:

Which of the following design patterns can be used to create family of dependent objects?

Please select one the following options:

Here is an explanation of the answers:

Choice D is correct.

The abstract factory (GOF 87) provides an interface for creating families of related or dependent objects without specifying their concrete classes. Hence, choice D is correct.

The factory method (GOF 107) defines an interface for creating an object, but lets subclasses decide which class to instantiate. The factory method lets a class defer instantiation to subclasses. Hence, choice A is incorrect.

Prototype (GOF 117) specifies the kinds of objects to create using a prototypical instance, and create new objects by copying this prototype. Hence, choice B is incorrect.

Builder (GOF 97) separates the construction of a complex object from its representation so that the same construction process can create different representations. Hence, choice C is incorrect.

Singleton (GOF 127) ensures that a class only has one instance, and provides a global point of access to it. Hence, choice E is incorrect.

The correct answer is: Abstract factory

Probability indicator:

Pensacola, a Florida based soda company has just started operations in Dallas, TX, to counter competition from Dr. Pepper. Pensacola believes that using a J2EE based application will put them ahead of the competition. Their new architect is suggesting that session beans should be used to provide a unified interface to the entity beans in the system. The use of session beans here illustrates the use of what design pattern?

Please select from the following options:

Here is an explanation of the answers:

Choice C is correct.

Facade (GOF 185) provides a unified interface to a set of interfaces in a subsystem.

Use a session bean as a facade to encapsulate the complexity of interactions between the business objects participating in a workflow. The session facade manages the business objects, and provides a uniform coarse-grained service access layer to clients. Hence, choice C is Flyweight (GOF 195). Use sharing to support large numbers of fine-grained objects efficiently. Hence, choice A is incorrect.

Proxy (GOF 207) provides a surrogate or placeholder for another object to control access to it. Hence, choice B is incorrect.

Decorator (GOF 175) attaches additional responsibilities to an object dynamically. Decorators provide a flexible alternative to subclassing for extending functionality. Hence, choice D is incorrect.

Adapter (GOF 139) converts the interface of a class into another interface that clients expect. The adapter lets classes work together that couldn't otherwise because of incompatible interfaces. Hence, choice E is incorrect.

Bridge (GOF 151) decouples an abstraction from its implementation so that the two can vary independently. Hence, choice F is incorrect.

The correct answer is: Facade

Probability indicator:

You can traverse through the elements of many Java collection objects because they provide a way to access their elements sequentially. What design pattern is used here?

Please select from the following options:

Here is an explanation of the answers:

Choice D is correct.

The iterator (GOF 257) provides a way to access the elements of an aggregate object sequentially without exposing its underlying representation. Hence, choice D is correct.

The visitor (GOF 331) represents an operation to be performed on the elements of an object structure. The visitor lets you define a new operation without changing the classes of the elements on which it operates. Hence, choice A is incorrect.

The observer (GOF 293) defines a one-to-many dependency between objects so that when one object changes state, all its dependents are notified and updated automatically. Hence, choice B is incorrect.

The builder (GOF 97) separates the construction of a complex object from its representation so that the same construction process can create different representations. Hence, choice C is incorrect.

The proxy (GOF 207) provides a surrogate or placeholder for another object to control access to it. Hence, choice E is incorrect.

The decorator (GOF 175) attaches additional responsibilities to an object dynamically. Decorators provide a flexible alternative to subclassing for extending functionality. Hence, choice F is incorrect.

The correct answer is: Iterator

Probability indicator:

Compact Computers is a small computer assembly company. Its customers currently have the following choices for a PC: 800 MHz processor, 40 GB HOD, 128 MB RAM GHz processor, 60 GB HOD, 256 MB RAM, 1.2 GHz processor, 80 GB HOD, 512 MB RAM. The use of what design pattern would ensure that only the legal combinations could be sold?

Please select from the following options:

Here is an explanation of the answers:

Choice D is correct.

This question requires that you apply your knowledge of design patterns. We are dealing with families of related objects.

The abstract factory (GOF 87) provides an interface for creating families of related or dependent objects without specifying their concrete classes.

The applicability section of the abstract factory (GOF 88) indicates that this pattern is to be used when:

Hence, the abstract factory is the right pattern for this problem. Choice D is therefore correct. The factory method (GOF 107) defines an interface for creating an object, but lets subclasses decide which class to instantiate. The factory method lets a class defer instantiation to subclasses. Hence, choice A is incorrect.

The builder (GOF 97) separates the construction of a complex object from its representation so that the same construction process can create different representations. Hence, choice B is incorrect.

The prototype (GOF 117) specifes the kinds of objects to create using a prototypical instance, and creates new objects by copying this prototype.

Hence, choice C is incorrect.

Probability indicator:

If you run an unsigned applet from the command line, will that applet be able to access and update a system property?

Please select one of the following options:

Here is an explanation of the answers:

Choice B is the correct answer.

When running applets from the command line, a different security manager will be used (assuming a typically configured JRE) than when an applet is invoked in a web browser. However, system properties can never be modified. An applet may or may not be able to read system properties. Some system properties will require an applet to be signed but others can be read without this requirement.

Applets are permitted to make network connections back to the host that they were downloaded from. They aren't however allowed to connect to arbitrary hosts because this would provide a mechanism for denial of service attacks. Also if a firewall or server filters packets by IP address, then it would be possible for a downloaded applet to be trusted automatically by the firewall/server (a downloaded applet sending requests from your machine would be sending them with your trusted IP address).

It is not possible to change the priority of the thread that was created by the browser for the applet to run in (to do this would require an O/S call). It is possible for an applet to create new threads and manipulate the threads in the thread group that the browser created for the applet. The security manager does not monitor the memory CPU or network bandwidth usage of an applet. (It is assumed that the operating system will guard against an applet using an excessive amount of resources.) When an applet runs out of memory, a java.Lang.OutOfMemoryError will be thrown. Generally, operating systems will allocate a certain amount of memory for processes to use but this is not fixed (an applet can ask for more and, if available, the O/S may assign it).

The correct answer is: No

Probability indicator:

An advertising company, FancyApplets Ltd, wishes to use applets on it's website to demonstrate sample products. In order to keep track of the number of people downloading the applets, FancyApplets created a callback mechanism in the applet. (Once downloaded, the applet makes a network connection back to the FancyApplets website.)

Which of the following statements regarding this scenario are correct?

Please select from the following options:

Here is an explanation of the answers:

Choice A is the correct answer.

Applets are permitted to make network connections back to the host that they were downloaded from. They aren't however allowed to connect to arbitrary hosts because this would provide a mechanism for denial of service attacks. Also, if a firewall or server filters packets by IP address, then it would be possible for a downloaded applet to be trusted automatically by the firewall/server (a downloaded applet sending requests from your machine would be sending them with your trusted IP address).

Choice B is incorrect because, as just stated , it is possible for an applet to make connections back to the host. Choices C and D are incorrect because an applet is not required to be signed for this to work.

The correct answer is: This will work as expected.

Probability indicator:

You are working on a new application that will help your company co-ordinate sales data across different departments. The aim is that everyone has the same sales data at the same time. This project needs to be finished as soon as possible. You have therefore bought some third-party code to speed up the development process. The code has been signed and is packaged in a .jar file. To test the signature, the vendor of the software has e-mailed you the public key.

What do you know about it?

Please select from the following options:

Here is an explanation of the answers:

Choice F is correct.

There are two key aspects to this question. Firstly, this is a question about digital signatures, not digital certificates. Secondly, you were e-mailed the public key to validate the signature. You have not been passed the public key in a secure fashion. Hence, you would not know whether someone has not altered the code, signed it, and then intercepted the key that you were going to use to validate the signature.

Digital certificates solve this problem and validate that a public key belongs to its real owner. Just because the code is signed, it does not mean that it is fully tested and does what it is supposed to do.

Thus, choice A is incorrect. Choices B, C, D, and E are incorrect because you do not know if you have the real public key to validate the signature.

The correct answer is: None of the above.

Probability indicator:

You are working on a new application that will help your company co-ordinate sales data across different departments. The aim is to have everyone access the same sales data at all times. This project needs to be finished as soon as possible and you have bought some third-party code to speed up the development process. The code has been signed using a digital certificate and packaged in a JAR file.

Which of the following describes what you definitely know about the third-party code? Note: digital certificates have been signed by a trusted certificate authority.

Select two choices from the following list:

Here is an explanation of the answers:

Choices B and C are correct.

All you definitely know is that the code has been signed using the third-party vendor's private key. You do not know whether it was actually signed by the third-party vendor or an impersonator who stole the private key. So choice E is incorrect, while B is correct.

Just because the code is signed, it does not mean that the JAR file does not contain malicious code. Therefore, choice A is incorrect and choice C is correct.

Just because the code is signed, it does not mean it is fully tested and does what it is supposed to do. Choice D is therefore incorrect.

The correct answer is: The JAR file may be signed by the third-party vendor or someone who stole his private key, The JAR file contents may contain malicious code.

Probability indicator:

You have designed a new web service which returns credit card account statements as XML over HTTP for a particular customer. This service is available for only authenticated and authorized clients. In spite of implementing the above security features, you came to know that the data has been compromised and details are being read by unauthorized people. Which of the following best describes the above situation?

Please select from the following options :

Here is an explanation of the answers:

Option B is correct.

Since XML is not sent over HTTPS, hackers can read the details of the message. This is an example of a Man-in-the-Middle attack

The correct answer is: Man-in-the-Middle attack

Probability indicator:

What are the appropriate places for mitigating Cross-Site Scripting threat?

Please select from the following options:

Here is an explanation of the answers:

Option C is correct.

Filtering special characters will prevent the threat. Cross-Site Scripting (XSS) is a type of computer security exploit where information from one context, where it is not trusted, can be inserted into another context, where it actually is trusted. From the trusted context, attacks can be launched.

Cross-Site Scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just by reading a web board or e-mail message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner which makes it appear as valid content from the website. Some of the measures to prevent it are: encode the data on the generated pages, escape user input (special characters, tags), validate user input (maximum length) using frameworks such as Struts Validator. Users can disable JavaScript and avoid using Frames/IFrames.

The correct answer is: Add an intercepting validation filter to your system.

Probability indicator:

Which of the following is true about JAAS?

Select two choices from the following:

Here is an explanation of the answers:

Options A and B are correct.

Options C and D are incorrect statements.

The Java Authentication and Authorization Service (JAAS) can be used for two purposes:

JAAS implements a Java version of the standard Pluggable Authentication Module (PAM) framework. The correct answer is: It provides a framework for authentication, It provides a framework for authorization.

Probability indicator:

You have decided that you will use the Java Authentication and Authorization Service for security. What is the security benefit of using JAAS?

Please select from the following options:

Here is an explanation of the answers:

Option A is correct.

Option B is incorrect because JSAPI is the Java Speech API. Option C is incorrect because that is the Java Secure Socket Extension. Option D is incorrect because it is not related to JAAS.

The correct answer is: It provides pluggable authentication modules.

Probability indicator:

You are designing a multilingual web application to support five different languages. Which of the following would you consider?

Please select from the following options:

Here is an explanation of the answers:

Option C is correct. JSF has inherent support for iSN through support for resource bundles.

Options A, B, and D are incorrect, as these options do not have any relation to the multilingual support features.

The correct answer is: JSF

Probability indicator:

ABC Company is building a new web application. They would like to have basic validations on user input in HTML forms and also want to have data conversion of data from view to model data. Which of the following can be used?

Please select from the following options:

Here is an explanation of the answers:

Option B is correct.

JSF provides features of validations and data conversion. Option A is incorrect as EL does not have any such feature. Option D is incorrect as JSTL does not have any validation features. Option C is incorrect as JSF already provides these features.

The correct answer is: JSF

Probability indicator:

You have a requirement that you want common subviews, such as headers, footers, and tables reused in multiple views, which may appear in different locations within each page layout. Which of the following patterns will you use to provide a solution?

Please select from the following options:

Here is an explanation of the answers:

Option B is correct. The composite view pattern handles the common subviews, such as headers, footers, and tables reused in multiple views, which may appear in different locations within each page layout. In addition, it will avoid directly embedding and duplicating subviews in multiple views which make layout changes difficult to manage and maintain.

Option A is incorrect. The MVC design pattern isolates the application logic from the user interface and permits the individual development, testing, and maintenance for each component. Option C is incorrect. The front controller is the initial point of contact for handling all related requests. The front controller centralizes control logic that might otherwise be duplicated, and manages the key request handling activities. Option D is incorrect. The use dispatcher view with views as the initial access point for a request. Business processing, if necessary in limited form, is managed by the views

The correct answer is: Composite view pattern

Probability indicator:

An existing application has lot of redundant formatting logic (Java code) in JSP. The development team has a few weeks before the production release and requested you if they could do any minor improvements.

Which of the following can be suggested to developers? Select two choices.

Please select from the following options:

Here is an explanation of the answers:

Options A and B are correct.

Option D is not a clean approach. It would be better to develop custom tag libraries. Option C may not be feasible due to time constraints. Within the time constraints, modifying JSP to use EL and refactoring code in JSP to tag files is feasible.

The correct answer is: Refactor code into simple tag files, Use expression language

Probability indicator:

Which of the following is FALSE about managed beans?

Please select from the following options:

Here is an explanation of the answers:

Option C is correct.

Since they are container-managed, they can use annotations. Options A, B, and D are features of managed beans.

The correct answer is: They cannot use annotations.

Probability indicator:

Which of these three are the steps of the JSF request life cycle?

Please select from the following options:

Here is an explanation of the answers:

Options A, C, and F are correct.

They are the stages of a JSF request life cycle. Options B, D, and E are incorrect because these are the stages of a JSF response life cycle.

The correct answer is: Process Validations, Restore view, Apply Request Values

Probability indicator:

You are designing a web application which will be used by employees to submit and track their claims. This system will be having high usage. Which of the following technologies would you choose?

Select two choices from the following:

Here is an explanation of the answers:

Options B and C are correct.

There is no requirement for web services/exposing services, so option A is incorrect. Since usage is high, option B is correct and option D is incorrect.

The correct answer is: Stateless session beans with DAO for data access, JSF

Probability indicator:

You are designing a real-time stock broking application. Users can log in, search for stocks, and buy and sell stocks. Money will be transacted automatically through payment gateways.

Which of the following technologies would you choose? Select two choices.

Please select from the following options:

Here is an explanation of the answers:

Options A and B are incorrect as there are no requirements for web services. Since there is high usage and transactions will be used, options C and D are correct.

The correct answer is: EJB, Java EE entities

Probability indicator: