1Z0-897 | The Secret of Oracle 1Z0-897 practice test

Q21. In designing the security for your enterprise application with multiple Web services, you don't want that each of the services handle user authentication by itself. Then which of the following you can use in your design? 

A. enable secure conversation for each service 

B. a centralized Policy Decision Point (PDP) via XACML 

C. a Security Token Service (STS) 

D. use transport level security with SSL 

Answer: C 

Q22. According to the WS-I Basic Profile 1.0a, what is true about the SOAP 1.1 encodingStyle attribute? 

A. It can occur anywhere in a message. 

B. It can only be declared on children Header elements. 

C. It can be declared on any children of the Body elements of rpc-literal messages. 

D. It cannot be used with elements qualified by the http://schemas.xmlsoap.org/soap/envelope namespace. 

E. WS-I Basic Profile 1.1 does NOT give any guidance because encodingStyle is a SOAP 1.1 attribute. 

Answer: D 

Q23. Which of the following security technology is not covered in Metro project? (Choose one.) 

A. WS-Trust 

B. WS-SecurityPolicy 

C. WS-SecureConversation 

D. XACML 

Answer: D 

Q24. Given the class: 

Choose the URL path that would result in a call to getToken()? (Choose one) 

A. /id/value 

B. /resource/id 

C. /resource/id/name 

D. /resource/id/value/token 

Answer: C 

Q25. Where can a developer specify confidentiality or integrity constraints on communications with a Enterprise Bean exposed as a JAX-RS root resource?(Choose one) 

A. As annotations on the EJB exposed as a root resource. 

B. In the deployment descriptor for the EJB exposed as a root resource. 

C. In the deployment descriptor for the web application that is hosting the JAX-RS resource. 

D. In the vendor-specific configuration file for the container that is hosting the JAX-RS resource. 

Answer: C 

Q26. Choose the JAX-RS type that is used to produce URLs to resources, given the resource class, to incorporate into resource responses (Choose one): 

A. UriBuilder 

B. UriInfo 

C. UriMapper 

D. Producer 

Answer: A 

Q27. A student developer has created a new library of math functions to share with friends in a linear algebra class. The developer is having difficulty getting people to come over to the dorm to see the new code library, so he decides to deploy it as a Web service so that everyone can enjoy the features via the Internet. One of the functions has this WSDL definition: 

<portType name="MyMathLib"><operation name="incCtr"><input message="tns:incCtr"/></operation></portType> 

Which two statements are true about this Web service? (Choose two.) 

A. This is an asynchronous receive. 

B. This indicates a one-way message exchange pattern 

C. The client must use SOAPFaultException to display any errors. 

D. It must send a SOAP fault back to the sender. 

E. It must NOT send a SOAP fault back to the sender. 

Answer: BE 

Q28. Choose the option that best describe the deployer's choices, when deploying an EJB that is also exposed as a RESTful web service using JAX-RS (Choose one): 

A. The EJB can only be deployed to a web container, since RESTful access to the EJB requires a web container to support the HTTP interaction needed. 

B. The EJB can be deployed to any EJB or web container that would support local references to the EJB from the JAX-RS runtime in the ejb container. 

C. The EJB can be deployed to any EJB or web container that would support local references to the EJB from the JAX-RS runtime in the web container. 

D. The EJB can be deployed to an EJB or web container that is visible to the JAX-RS runtime, even on an application server separate from the JAX-RS runtime, since EJBs support local or remote interactions via RMI. 

Answer: C 

Q29. An MTOM optimized infoset+attachment on the wire for a large binary data saves around X% in size when compared to original infoset, where X is: (Choose one) 

A. 10% 

B. 20% 

C. 30% 

D. 60% 

Answer: C 

Q30. An automobile manufacturer publishes a Web service for use by their suppliers. The manufacturer has stringent security requirements that require suppliers to verify their identity. Data integrity and confidentiality must be maintained between the client and the server. Which two meet all of these requirements? (Choose two.) 

A. X.509 and XKMS 

B. XACML and XKMS 

C. SSL and mutual authentication 

D. XML Encryption and XML Digital Signature 

E. Private network and XML Signature 

Answer: CD