单选题A web application uses the HttpSession mechanism to determine if a user is “logged in”. When a user supplies a valid user name and password， an HttpSession is created for that user.  The user has access to the application for only 15 minutes after logg

第1题：

A web application uses the HttpSession mechanism to determine if a user is “logged in”. When a user supplies a valid user name and password， an HttpSession is created for that user.  The user has access to the application for only 15 minutes after logging in. The code must determine how long the user has been logged in， and if this time is greater than 15 minutes， must destroy the HttpSession.  Which method in HttpSession is used to accomplish this？（）

• A、 getCreationTime
• B、 invalidateAfter
• C、 getLastAccessedTime
• D、 getMaxInactiveInterval

第2题：

Upon a user’s first visit to the website， which two operations are always performed when the getSession method is called with no arguments in a servlet？（）

• A、 All URLs returned by the server are rewritten.
• B、 An HttpSession object is created if necessary.
• C、 The user name and password of the user are checked.
• D、 The session ID is stored in the HTTP response as a cookie.

第3题：

An organization has decided to deploy an IBM Tivoli Access Manager for Enterprise Single-on solution to help address security and productivity issues. Per their corporate security policy， the organization has detailed requirements related to password management for their enterprise applications.  Which password requirements need to be captured？（）

• A、details related to application user ID requirements
• B、policy requirements related to the number of applications that a user can access
• C、policy requirements for application and user initiated password resets and password complexity
• D、do nothing as password policy requirements are best addressed within the application space rather than in an Enterprise Single Sign-On project

第4题：

Which statement is true regarding this setting?（）

• A、It drops the connection after the specified number of login attempts fail for any user.
• B、It is enforced only if the password profile is enabled for the user. 
• C、It locks the user account after the specified number of attempts. 
• D、It drops the connection after the specified number of login attempts fail only for users who have the SYSDBA privilege.

第5题：

In form-based authentication， what must be included in the HTML returned from the URL specified by the  element？（）

• A、 a base-64 encoded user name and password
• B、 a form that POSTs to the j_security_check URL
• C、 an applet that requests the user name and password from the user
• D、 a hidden field that supplies the login-constraint used by the application

第6题：

Given a web application in which the cookie userName is expected to contain the name of the user. Which EL expression evaluates to that user name？（）

• A、${userName}
• B、${cookie.userName}
• C、${cookie.user.name}
• D、${cookies.userName[0]}

第7题：

A technician needs to use Remote Assistance with a user. The user is asked to use an email application to send the technician an invitation to remotely access the user’s computer. The email application has not been configured in the user’s computer.  Which of the following would be another way for the user to send the Remote Assistance invitation？ （）

• A、Configuring the Windows Firewall exceptions.
• B、Using Windows Messenger.
• C、Configuring My Network Places.
• D、Using Internet Explorer.

第8题：

Which step do you need to perform to enable a user with the SYSDBA privilege to log in as SYSDBA in iSQL*Plus？（）

• A、The user must be granted the database administrator （DBA） privilege.
• B、The user must be listed in the password file for the authentication.
• C、No special setup is needed for the user to connect as SYSDBA in iSQL*Plus.
• D、Set up a user in the Oracle Application Server Containers for J2EE （OC4J） user manager，and grant the webDba role to the user.

第9题：

A web application uses the HttpSession mechanism to determine if a user is "logged in." When a usersupplies a valid user name and password， an HttpSession is created for that user. The user has access tothe application for only 15 minutes after logging in. The code must determine how long the user has beenlogged in， and if this time is greater than 15 minutes， must destroy the HttpSession. Which method in HttpSession is used to accomplish this？（）

• A、Getcreationtime
• B、Invalidateafter
• C、Getlastaccessedtime
• D、Getmaxinactiveinterval

第10题：

In your database instance， the user sessions are connected to the database server from the remotemachines. You want to achieve the following for these users：  1：The user account must be locked after four unsuccessful login attempts.PASSWORD_LOCK_TIME  2：The user must be prompted to change the password at regular intervals.PASSWORD_LIFE_TIME  3：The user may not have more than three simultaneous sessions.SESSIONS_PER_USER  4：The user session must automatically be logged off if more than 10 minutes elapsed time used.CONNECT_TIME  How would you accomplish the above（）

• A、by assigning profiles for the users
• B、by implementing Fine-Grained Auditing （FGA）
• C、by granting a secure application role to the users
• D、by implementing the Database Resource Manager plan