Question Bank

Whizlabs SCEA 5
Which of the following are true about Active Replication?

Choices A, C, and F are correct. Active Replication is a fault tolerance mechanism where each replica
is identical to the main service and attempts to service each request. An interceptor is used to block
extra responses. Active replication is similar in concept to Hot Backups. Hence, choices A, C and F are
correct. Active Replication is not achieved through cold backups. In cold backups, the replicas are not
constantly updated. Their state is synchronized with the primary service in regular intervals. In the
event that the primary service fails, one of the replicas has to be synchronized (perhaps with data from
a storage device) before it can service requests. Hence, choice B is incorrect. Choice D refers to the
concept of Warm Backus. In warm backups, only the primary service responds to requests. However
all activity is constantly logged. Periodically these logs may also get flushed to the replicas. When the
primary service fails, a replica takes over after its state is synchronized with the logs. Hence, choice D
is incorrect. With active replication, as mentioned before, the state of all replicas is constantly
synchronized. Hence, choice E is incorrect.
It is a fault-tolerance mechanism.
It is achieved by taking cold back ups.
Each replica attempts to process each request but extra calls may be intercepted via an interceptor.
State changes are logged and periodically flushed to the replicas.
State is synchronized only when the primary service fails.
Each replica is identical to the main service.
CORBA is a standard for

Choice D is correct. Common Object Request Broker Architecture (CORBA) is a standard for
distributed communication involving applications written using different languages. Hence, choice D
is accurate. Queues are the mechanism by which two parties communicate in a Point-to-Point
asynchronous messaging paradigm. Hence, choice A is incorrect. Choice B indicates that CORBA is a
methodology when it is actually a standard. Hence, choice B is incorrect. Topics are the mechanism for
accomplishing Publish Subscribe messaging. Hence, choice C is incorrect. Although choice E talks
about distributed object systems, it refers to pure Java objects. CORBA is used for object distribution
involving different languages. Hence, choice E is incorrect.
Messaging using virtual channels called Queues

Standardized development practices
Messaging using virtual channels called topics
Accessing distributed object systems in many platforms and languages
Accessing Distributed object systems based only on Java Technologies
Which of the following methods may be present in the Home Interface of an Entity Bean?
Choices A, B and C are correct. The Home Interface provides methods for creation, location and
removal of beans. Hence, you could find create(), findByPrimaryKey() and remove() methods in the
bean's Home Interface. Therefore, choices A, B and C are correct. There are no methods like
locateByPrimaryKey() and retrieveBean() in the Home Interface. Hence, choices D and E are
incorrect.
create()
findByPrimaryKey()
remove()
locateByPrimaryKey()
retrieveBean()
RMI-IIOP does NOT provide which of the following capabilities?

Choices B and D are correct. RMI-IIOP does not support Stub downloads and distributed garbage
collection. Hence, choices B and D are correct. Both Remote Method Invocation and Objects pass by
value are supported by RMI-IIOP. Hence, choices A and C are incorrect.
Remote Method Invocation

Stub Downloads
Objects pass by value (state only)
Distributed Garbage Collection
Refer to the diagram:(Please Click on "Exhibit Button" to view the Diagram) In the above diagram:
Choice E is correct. In the diagram, A and B are classes, C is an interface and D is a class that
implements C. Hence, Choice E is correct. Choice A is incorrect because <<Interface>> C is not a
class and you can only extend classes; you cannot implement them. Choice B is the reverse of choice
A but again incorrect because C is an interface, not a class. Choice C is incorrect because it claims that
the interface C implements class D, whereas in reality class D implements interface C. Choice D is
incorrect because it claims that D is an interface and C is a class, while it is actually the other way
round.
sanjay_Mock2_qn3.jpg
Class D implements Class C

Class C implements Class D
Interface C implements Class D
Interface D implements Class C
Class D implements interface C
A session bean called Some Bean has a method called someMethod(), which calls someOtherMethod
(same bean) followed by someOtherBeanMethod() of SomeOtherBean. SomeOtherBean is an Entity
Bean with CMT. Which of the following is true?
Choice C is correct. Only BMT beans have access to the User-Transaction from the EJBContext. The
EJBContext provides the setRollbackOnly() and getRollbackOnly() methods, to provide CMT beans
access to the transaction. The setRollbackOnly() method gives a bean the power to veto a transaction.
Hence, choice C is correct. Choice A is incorrect because the entity bean has the capability to veto the
transaction. Choice B is incorrect because only CMT beans have the power to veto user transactions.
Choice D makes an incorrect argument and is thus wrong.
SomeOtherBean has no control on the transaction since it is a CMT bean.

SomeOtherBean has full access to the UserTransaction object through which it can control the
transaction.
SomeOtherBean has access only to the transaction methods in EJBContext, which gives it the
power to veto transactions.
SomeOtherBean has access on the transaction only if the method had RequiresNew set as its
transaction attribute.
Which of the following are true about Passive Replication?

Choices C, D and F are correct. In Passive Replication, the primary service handles all requests. The
state of the replicas is periodically synchronized. In the event that the primary service fails, one of the
replicas takes over after its state is synchronized (with log files, for example.) In concept, passive
replication is similar to that of Warm Backups. Hence, choices C, D and F are correct. Only in Active
Replication, the primary service and all replicas respond to all requests. Hence, choice A is incorrect.
Choice B seems to indicate that Passive replication uses some kind of load distribution mechanism.
Hence, choice B is incorrect. Passive replication is similar to warm backups as opposed to active
replication, which is similar to hot backups. Hence, choice E is incorrect.
Primary Service and all replicas respond to all requests

Primary Service randomly delegates requests to one of the secondary replicas
Primary service handles all requests
State is periodically synchronized between the Primary service and all replicas
It is similar to hot backup
It is similar to Warm Backup
Which of the following are not true about Screen Scrapers?

Choices C and D are correct. When using screen scrapers, any changes to the legacy user interface
will also affect the new GUI. In addition, screen scraping is the best alternative only if the existing UI
is tightly coupled with the business tier of the legacy application. Hence, choices C and D are false and
therefore the correct choices. Choices A and B are true about screen scrapers and Hence, the incorrect
choices.
Screen scrapers function as Terminal Emulators on one end and as Object Interfaces on the other.
Screen Scraping may be a useful tool when used in conjunction with the off-board servers.
Changes to legacy UI has little or no impact on the new GUI.
Screen Scraping is best used when the legacy clients have loose coupling with other tiers.
Undefined Primary Keys refers to?

Choice C is correct. One problem with container-managed persistence in EJB 1.0 was that the bean
developer had to define the primary key during development. This forced the developer to make
assumptions thus limiting the bean's portability across databases. EJB 1.1 allows the primary key to
remain undefined until deployment. Hence, choice C is correct. Choice A is incorrect because all entity
beans must have a serializable primary key that can be used to uniquely identify an entity bean in the
database. Undefined Primary Keys are not defined during development. Hence, choice B is incorrect.
Choice D is incorrect because it indicates that Entity Beans are not allowed to have undefined Primary
Keys. This was true in EJB1.0 but not in EJB1.1.
Refers to Entity Beans that do not use Primary Keys

Primary Keys that are defined during development
Primary Keys that remain undefined until the bean is deployed
Entity Beans cannot have undefined Primary Keys
Which of the following are benefits of Server Clustering?
Choices A, D and E are correct. Using replicas, server clusters increase the reliability and availability
of a system. They provide a fault tolerance mechanism with load distribution and load balancing
capabilities. Hence, choices A, D and E are correct. J2EE applications offer security features through
Identification, Authentication and Authorization mechanisms. In addition, they also provide APIs that
allow secure communication, encryption of messages and so on. This is not a feature of server clusters
though. Hence, choice B is incorrect. Managing multiple servers is always a harder than managing just
one server. Hence, easy manageability may not always be true with distributed platforms. With J2EE,
due to clear roles and responsibilities of tiers and layers, applications may be relatively easier to
manage than other distributed systems. However, manageability is not the best asset of distributed
systems. Hence, choice C is incorrect.
Replication
High Security
Easy Manageability
Load Balancing
Fault Tolerance
Which of the following are valid life cycle states for a Stateless Session Bean?
Choices A and C are correct. The two valid states in a Stateless Session Bean's life cycle are 'Does Not
Exist' and 'Method Ready Pool'. When Beans are not instantiated, they are said to be in the 'Does Not
Exist' state. Beans transition from 'Does Not Exist' to 'Method Ready Pool' when instantiated. The
container does this automatically, as needed. Hence, choices A and C are correct. Pooled State and
Passive are not valid states in the lifecycle of a Stateless Session Bean. Hence, choices B and D are
incorrect.
Does not Exist

Pooled State
Method Ready Pool
Passive
Which of the following is NOT a resource management technique?

Choice C is correct. Persistence of Entity beans is the ability to save data represented by the bean into
a database. It is not a resource management technique. Choice C is FALSE and therefore the correct
choice. Maintaining a smaller number of beans to serve a larger number of clients is a clever resource
management technique. It is also an example of the Flyweight Design Pattern. Choice A is thus a
resource management technique and therefore incorrect choice. Database connection pooling, a
concept similar to bean pools, is also a good resource management technique. Choice B is therefore
incorrect. With Stateful Session Beans, the container uses passivation to manage memory. In
passivation, the state of the bean is serialized and its memory freed up for reuse by other services.
Hence, bean passivation is a memory management technique making choice D also an incorrect
choice.
Maintaining a smaller pool of Stateless Beans to serve a large number of clients

Providing Database Connection Pooling
Persistence of Entity Beans
Passivation of Stateful Beans
Both CMT and BMT may be used with Entity and Session Beans. True or False?
Choice B is correct as the statement is FALSE. With EJB1.1, only Session Beans with <transaction-
type> equal to 'Bean' can have bean-managed transactions. Entity Beans are not allowed to be BMT
beans. Hence, the statement is FALSE and choice B is correct.
True
False
HTTPS is defined as...

Choice C is correct HTTPS stands for HTTP over SSL. With HTTPS, SSL sits above the TCP-IP
layer and below the application protocol layer. Hence, choice C is correct.
HTTP with Security

HTTP on secure line
HTTP over SSL
HTTP with SSL
What is the sequence of steps in the life cycle of a Stateless Session Bean?
Choice A is correct. When Stateless Session Beans transition from 'Does Not Exist' to 'Method Ready
Pool', the container invokes newInstance(), setSessionContext() and ejbCreate() methods. Hence,
choice A is correct. Although choices B, C and D have the same methods, the order in which they
appear is incorrect. Therefore, choices B, C and D are incorrect.
class.newInstance(), setSessionContext (ctx), ejbCreate()

ejbCreate(), setSessionContext (ctx), class.newInstance()
class.newInstance(), ejbCreate(), setSessionContext (ctx)
setSessionContext (ctx), ejbCreate(), class.newInstance()
Asynchronous communication is achieved by using:

Choice C is correct. Message Oriented Middleware or MOM is used for asynchronous messaging
between applications. Most popular implementations support Point-to-Point (one-to-one) and Publish
Subscribe (one-to-many) messaging. Hence, choice C is correct. Remote Procedure Calls are used for
synchronous communication between applications. CORBA and RMI/IIOP are two protocols that
support RPC based communication. Hence, choices A, B and D are incorrect.
Remote Procedure Calls

RMI/IIOP
Message Oriented Middleware
CORBA
N-tier applications show better performance than 2-tier applications because they are modular in nature
and can be scaled easily by tuning components and containers individually. True or False?
Choice A is correct as the statement is TRUE. N-Tier applications (especially those based on J2EE)
are designed to be modular in nature. The tiers and layers separate roles and responsibilities of each
component and container. Hence, components and containers can be individually targeted and scaled
as needed. This results in better performance. Hence, choice A is correct.
True
False
Which of the following is NOT part of the messaging architecture?

Choice B is correct. Only choice B is not a standard paradigm in messaging architecture. Hence,
choice B is correct. IP Multicasting can be used as a technique for decentralized messaging. Queues
and Topics are used with Point-to-Point and Publish Subscribe messaging. Hence, choices A, C and D
are incorrect.
Decentralized messaging using IP Multicasting

Decentralized messaging using Secure Sockets Layer (SSL)
Use of virtual channels called Queues
Use of virtual channels called Topics
HTTP is...
Choices B and D are correct. HTTP (HyperText Transfer Protocol) is a transport mechanism for
MIME (Multipurpose Internet Mail Extensions) documents. MIME documents often contain HTML
(HyperText Markup Language) code for display in browser windows. HTTP consists of a request sent
by the client to the server, followed by a response sent from the server back to the client. HTTP uses
TCP/IP as the underlying transport and network protocols. The following excerpt is from:
http://www.w3.org/Protocols/Activity.html "Whenever a client accesses a document, an image, a
sound bite etc. HTTP/1.0 creates a new TCP connection and as soon as it is done, it is immediately
dismissed and never reused." "HTTP/1.1 fixes this in two ways. First, it allows the client to reuse the
same TCP connection (persistent connections) again and again when talking to the same server.
Second, it makes sure that the courier carries as much information as possible (pipelining) so that it
doesn't have to run back and forth as much. That is, not only does HTTP/1.1 use less TCP connections,
it also makes sure that they are better used. The result is less traffic jam and faster delivery." The
following except is from: http://www.w3.org/Protocols/HTTP/HTTP2.html "HTTP is a protocol with
the lightness and speed necessary for a distributed collaborative hypermedia information system. It is a
generic stateless object-oriented protocol, which may be used for many similar tasks such as name
servers, and distributed object-oriented systems, by extending the commands, or 'methods', used."
Hence, choices B and D are correct. Since choices A and C are the opposite, they are incorrect. HTTP
can be made secure by using 'HTTP over SSL' or HTTPS. However, HTTP is not secure by itself.
Hence, choice E is incorrect.
Connection Less
Connection Base
Stateful
Stateless
Secure
In P2P, clients send messages to:
Choice A is correct. P2P or Point-to-Point messaging is used for one-to-one communication between
two components or applications. In the P2P model, message producers send messages to a designated
queue. Hence, choice A is correct. Although it is possible to mimic Publish Subscribe architecture by
sending P2P messages to multiple queues, it is not a standard practice. Hence, choice B is incorrect. In
Publish Subscribe architecture, messages are sent to a specific node for redistribution to subscribers.
Hence, choice C is incorrect. CORBA is an RPC protocol and is not used for asynchronous messaging.
Hence, choice D is incorrect.
A designated queue
Multiple Queues
A specific node for redistribution to subscribers
CORBA compliant ORB
Happy Joe Banking Corporation is building a Banking application to provide online access to their
account holders. They have chosen two SUN 450s for their web server cluster and one SUN E10000
for their application server. The business requirements indicate that to become a customer, a person
must have at least a primary checking account with the bank. Further, since the customer will be using
the Internet to view confidential information, security is considered paramount. What do you
understand about the requirements of the system?
Choice D is correct. Successful software architecture deals with addressing the non-functional service
level requirements of a system. The Design process takes all functional business requirements into
account. Security is considered a non-functional requirement and specific business rules, such as the
one described with the checking account are considered functional requirements. Choice D is the only
choice that accurately describes this. Choice A is incorrect because the functional and non-functional
requirements are flipped over. Choice B is incorrect because only one of them is a functional
requirement. Choice C is incorrect because as described above, one of them is a functional
requirement and the other, a non-functional requirement. Finally, Choice E is incorrect because
business analysis may start with use cases (where the checking account rules may be captured), but this
discussion is specifically questioning functional vs. non-functional requirements.
The need for Security is a classic example of a functional service level requirement and the
checking account rule, an example of non-functional QoS requirement.
The discussion about Security and the mandatory checking account both illustrate functional
service level requirements.
Neither Security nor the mandatory Checking Account is an example of any kind of requirements,
theoretically speaking.
Security is an Architectural non-functional requirement and the Mandatory Checking Account a
functional design requirement.
They are both examples of Business Use Cases.
Which of the following are invalid states in the life of a Stateful Session Bean?
Choices B, E and F are correct. The valid life cycle states of a Stateful Session Bean are 'Does Not
Exist', 'Method Ready', 'Method Ready in Transaction' and 'Passive'. 'Method Ready Pool' is a life
cycle state of Stateless Session Beans. 'Pooled' and 'Ready' are life cycle states of Entity Beans. Hence,
choices B, E and F are not valid states and hence correct choices.
Does Not Exist

Method Ready Pool
Method Ready in Transaction
Method Ready
Ready
Pooled
Passive
In an interview between the senior management of Happy Joe Banking Corporation and the J2EE
application architect Scott Khosla, the following points were discussed: I. The system needs to
respond within 5 seconds II. The system needs to have a 99.9% uptime III. HJBC was in the
process of acquiring another bank which would add two hundred thousand customers to their already
existing half million. IV. Each phase of the SDLC is to have a clear signoff process. V. The
development team is expected to provide a detailed unit test plan and user documentation. VI. To
ensure privacy, HTTPS is to be used. What non-functional requirements were discussed?
Choice D is correct. The non-functional service level requirements discussed are Performance (I: The
system needs to respond within 5 seconds), Availability (II: The system needs to have a 99.9%
uptime), Scalability (III: Additional two hundred thousand subscribers will be added...), and Security
(VI: HTTPS is to be used.) Hence, choice D is correct. There is no mention of extensibility (ability to
easily add or extend functionality) and Manageability (ability to monitor the health of the system.)
Hence, choice A is incorrect. Specification, Elaboration, Construction, Transition, Documentation and
use cases are not non-functional service level requirements. Hence, choices B and C are incorrect.
While scalability and reliability may be related (Will the system perform as reliably when more users
operate on it?), there is no mention of reliability in the question. Hence, choice E is incorrect.
Scalability, Availability, Extensibility, Manageability and Security

Performance, Reliability, Elaboration, Transition, Documentation and Security
Specification, Elaboration, Construction, Transition, Use Cases and Security
Performance, Availability, Scalability and Security
Reliability, Availability, Scalability, Manageability and Security
Refer to the Diagram (Please Click on "Exhibit Button" to view the Diagram) In UML,
Choice C is correct. In the diagram, Aclass represents a class and :Aclass represents an object. Hence,
choice C is correct.
(i) represents an object and (ii) a class

(ii) represents a package and (i) a class
(i) represents a class and (ii) an object
(i) and (ii) both represent components
Fragile Oars, a manufacturer of boating supplies has a mainframe based legacy application for
customer and order management. Recently, Fragile Oars embarked on a project to add Internet
presence to its products and services and hence created a company website. Since then, its
management has realized the importance of having an eFront and wants to start conducting business
over the Internet. Fragile Oars wants to use Applets as the front-end. What is the best method to
connect to this legacy system?
Choice D is correct. The best approach in this case is to have the applets talk to Servlets that can act as
mediators between the applets and the Legacy system. Hence, choice D is correct. Applets and JSP are
used to construct the view of an MVC application. They should not be used as controllers for
dispatching requests. Hence, choices B and C are incorrect.
Using the same applets

Using different applets
Using Java Server Pages
Using Java Servlets
'A' has a dependency with 'B' is best expressed by:(Please Click on "Exhibit Button" to view the
image)
Choice D is correct. Option D shows a diagram with two packages A and B. Package A has a
dependency with Package B. Hence, choice D is correct. In option A, class A extends class B. Hence,
choice A is incorrect. In option B, class A implements interface B. Hence, choice B is incorrect. In
option C, class A has an association relationship with interface B. Hence, choice C is incorrect. In
option E, Package B has a dependency with Package A. Hence, choice E is incorrect. Since options B
and E are incorrect, choices F and G are incorrect.
Option a
Option b
Option c
Option d
Option e
Options b and d
Options d and e
An application has three Stateless Session Beans - SB1, SB2 and SB3. The stubs that implement the
respective Home Interfaces are SH1, SH2 and SH3. A client application performs a JNDI lookup to
obtain a reference to one of these Home Objects. This is then narrowed and used to create the remote
reference to the corresponding remote object. What design pattern best explains the creation of the
Remote Object, in this case?
Choice C is correct. Factory Method (GOF 107) "Define an interface for creating an object, but let
subclasses decide which class to instantiate. Factory method lets a class defer instantiation to
subclasses." Hence, the closest pattern this concept is similar to the Factory Method pattern. Therefore,
choice C is correct. Prototype (GOF 117)" Specify the kinds of objects to create using a prototypical
instance, and create new objects by copying this prototype." Hence, choice A is incorrect. Builder
(GOF 97)"Separate the construction of a complex object from its representation so that the same
construction process can create different representations." Hence, choice B is incorrect. The following
excerpt is from: http://java.sun.com/blueprints/patterns/BusinessDelegate.html "In distributed
applications, lookup and exception handling for remote business components can be complex. When
applications use business components directly, application code must change to reflect changes in
business component APIs. These problems can be solved by introducing an intermediate class called
a business delegate, which decouples business components from the code that uses them. The Business
Delegate pattern manages the complexity of distributed component lookup and exception handling,
and may adapt the business component interface to a simpler interface for use by views." Hence,
choice D is incorrect. The following excerpt is from:
http://java.sun.com/blueprints/patterns/ServiceLocator.html "Enterprise applications require a way to
look up the service objects that provide access to distributed components. Java(tm) 2 Platform,
Enterprise Edition (J2EE) applications use Java Naming and Directory Interface (JNDI) to look up
enterprise bean home interfaces, Java Message Service (JMS) components, data sources, connections,
and connection factories. Repetitious lookup code makes code difficult to read and maintain.
Furthermore, unnecessary JNDI initial context creation and service object lookups can cause
performance problems. The Service Locator pattern centralizes distributed service object lookups,
provides a centralized point of control, and may act as a cache that eliminates redundant lookups. It
also encapsulates any vendor-specific features of the lookup process." Hence, choice E is incorrect.
Prototype
Builder
Factory Method
Business delegate
Service Locator
From the following diagram it can be deduced that:(Please Click On "Exhibit Button" to view the
image.)
Choice A is correct. The package Order has a dependency with the package Customer. Hence, any
changes in the Customer Package could impact the Order Package. Hence, choice A is correct. (Fowler
109)"A dependency between two packages exists if any dependency exists between any two classes in
the packages." Since Customer and OrderLine have no dependencies, choices B and C are incorrect.
Changes to the Customer package may impact the Order package. Hence, choice D is incorrect.
Changes to classes in the Customer package may only impact the Order package.
Changes to classes in the Customer package will impact Order and OrderLine packages.
Changes to the OrderLine package will impact the Customer package.
Changes to the Customer package will have no impact on the other two packages.
When remote calls are made on the container provided implementations of the EJBHome and
EJBObject, various transactional and security checks are applied before the call is actually passed on to
the bean instance. The Container provided implementations of EJBHome and EJBObject are
performing what Design Pattern's task?
Choice D is correct. The intent of the Decorator pattern as described by GOF (175) -"Attach additional
responsibilities to an object dynamically. Decorators provide a flexible alternative to subclassing for
extending functionality." A request intended for a component is routed to the decorator instead. The
decorator forwards the request to the component. It may perform pre or post processing tasks before or
after forwarding the request. J2EE is filled with examples of the use of design patterns. The container
provided implementations of EJBHome and EJBObject decorate bean classes by providing
transactional and security functionalities. Choice A is incorrect because Command is used to
encapsulate a request as an object (GOF 233.) Choice B is incorrect because Adapter (GOF 139)
converts the interface of a class into another interface clients expect. Choice C is incorrect because
Bridge (GOF 151) decouples an abstraction from its implementation so that the two can vary
independently and choice E is incorrect because Fa?e (GOF 185) provides a unified interface to a set
of interfaces in a subsystem.
Command
Adapter
Bridge
Decorator
Facde
From the exhibit, it can be inferred that (Please Click on "Exhibit Button" to view the Image)
Choices A, B and D are correct. The multiplicity between A and B shown by (2,4) indicates that an A
may have exactly 2 or 4 Bs associated with it. Hence, choices A, B and D are correct. Choice C is
incorrect because a 2 to 4 multiplicity would be indicated as (2..4) The multiplicity shown is legal in
UML. Choice E is therefore incorrect.
1 A can have 2 Bs associated with it.

1 A can have 4 Bs associated with it.
1 A can have 2 to 4 Bs associated with it.
1 A can have exactly 2 or 4 Bs associated with it.
The multiplicity indicated is only legal in the Booch method, not in UML.
Baby Bell is a new local Telephony provider in Chicago, IL. It has a legacy application for the B2B
transactions with Verizon, the Incumbent Local Exchange Carrier (ILEC.) Baby Bell frequently
purchases blocks of Telephone numbers from the ILEC using a CORBA RPC call. These numbers are
then assigned to the customers in sequence. Sometimes, customers request vanity numbers in which
case, a custom synchronous query is made on the ILEC's operational support system, to check for
number's availability. If Baby Bell were to rewrite its existing legacy code using newer J2EE
technology, what technology would you choose to accommodate both the block purchase and the
individual query?
Choice D is correct. Session beans can be used for making both the CORBA call for block purchase of
telephone numbers and the custom synchronous call to request a special vanity number. Hence, choice
D is correct. Both operations represent business processes involving partner OSS integration. Applets
are not used for modeling the business workflow of a system. Hence, choice A is incorrect. JSP
represent the view construction process in an MVC application. They should not be used for
processing business logic. Hence, choice B is incorrect. Entity beans represent the business model of
an application and provide a representation of enterprise data. They are not to be used for workflow
processing which is better accomplished by using Session Beans. Hence, choice C is incorrect. JNDI
provides Naming and Directory interfaces not workflow processing. Hence, choice E is incorrect. The
question specifically says that a synchronous mechanism is to be used for the vanity number request.
The CORBA RPC call for TN reservation is also synchronous. MQ Series is a MOM used for
messaging. Messaging is an inherently asynchronous communication mechanism. Hence, choice F is
incorrect.
Java Applet technology for the CORBA call and custom socket programming for vanity number
requests
Java Servlet API for the CORBA call and JSP for the custom socket programming
Entity EJBs for both
Session EJBs for both
JNDI for both
MQ Series with a JMS based solution for both
Julia Fractals Inc. is building a J2EE based application for Order Entry and management of their fractal
software. Once the order is taken, it is submitted to a relational database. A provisioning system then
queries data and makes appropriate calls to various subsystems using JMS on MQ Series. What design
pattern is JMS an example of here?
Choice D is correct. Bridge (GOF 151) "Decouple an abstraction from its implementation so that the
two can vary independently." In this case, JMS is the abstraction. The implementation could be MQ
Series, TIBCO Rendezvous and Vitria Businessware. Hence, choice D is correct. Observer (GOF 293)
"Define a one-to-many dependency between objects so that when one object changes state, all its
dependents are notified and updated automatically." Hence, choice A is incorrect. Mediator (GOF 273)
"Define an object that encapsulates how a set of objects interact. Mediator promotes loose coupling by
keeping objects from referring to each other explicitly, and lets you vary their interaction
independently." Hence, choice B is incorrect. Adapter (GOF 139) "Convert the interface of a class into
another interface clients expect. Adapter lets classes work together that couldn't otherwise because of
incompatible interfaces." Hence, choice C is incorrect. Visitor (GOF 331) "Represent an operation to
be performed on the elements of an object structure. Visitor lets you define a new operation without
changing the classes of the elements on which it operates." Hence, choice E is incorrect.
Observer
Mediator
Adapter
Bridge
Visitor
Moon Microsystems has a web-based solution that was originally built using Servlets. However, in
recent months, the IS manager has asked developers to use JSP technology with Java Scriptlets
embedded in HTML code. Scott Khosla, the architect, however is insisting that the code be
modularized and that EJBs be used instead of Servlets and JSP for business logic processing. Asking
developers to modularize existing code, what software development technique is Scott asking the
developers to follow?
Choice D is correct. Software applications have a tendency to grow in complexity over time. When
that happens, they become difficult to extend, maintain and modify. They also become hard to
understand. Code factoring is a modularization technique that deals with the separation of
responsibilities in code. Factored code has looser coupling and minimal dependencies, making
components and code more reusable. Hence, choice D is correct. There are no standard concepts like
code break up, code engineering or code tiering. Hence, choices A, B and C are incorrect.
Code Break up
Code engineering
Code Tiering
Code Factoring
In which of the following cases would an application not necessarily benefit from the use of Enterprise
Java Beans?
Choices A and D are correct. Enterprise Java Beans are best used with large and complex enterprise
applications with high deployment and transactional requirements. Hence, choices A and D are correct.
Small Scale deployment

Large scale deployment
Transactional in nature
No Transactional requirements
What design pattern best explains the use of the stub and the skeleton in CORBA based RPC
applications?
Choice D is correct. Proxy (GOF 207) "Provide a surrogate or placeholder for another object to control
access to it." Hence, choice E is incorrect. The applicability section (GOF 208) defines 'remote proxy'
as "A remote proxy provides a local representative for an object in a different address space." Using
the stub and the skeleton, CORBA based applications provide local representatives for distributed
objects. Hence, choice D is correct. Factory Method (GOF 107)"Define an interface for creating an
object, but let subclasses decide which class to instantiate. Factory method lets a class defer
instantiation to subclasses." Hence, choice A is incorrect. Singleton (GOF 127) "Ensure a class only
has one instance, and provide a global point of access to it." Hence, choice B is incorrect. Strategy
(GOF 315) "Define a family of algorithms, encapsulate each one and make them interchangeable.
Strategy lets the algorithm vary independently from clients that use it." Hence, choice C is incorrect.
Decorator (GOF 175) "Attach additional responsibilities to an object dynamically. Decorators provide
a flexible alternative to subclassing for extending functionality." Hence, choice E is incorrect.
Factory Method
Singleton
Strategy
Proxy
Decorator
With Entity Beans, the container automatically generates implementations of all find methods at
deployment time. True or False?
Choice B is correct as the statement is FALSE. The container only generates implementations of the
find methods at deployment time, in the case of Container Managed Persistence.
True
False
Heartbreak Hospital has two applications - Patient Registration System and Patient Billing System.
Patient Billing, an older application has CORBA interfaces for updating Billing Information. The
newer Patient Registration system was built as a Java based Application. Heartbreak now wants to
automatically update Billing Information from the Patient Registration Application. What Java
technology may be most suited for this?
Choice E is correct. The following excerpt is from: http://java.sun.com/j2se/1.3/docs/guide/idl/ "Java
IDL adds CORBA (Common Object Request Broker Architecture) capability to the Java platform,
providing standards-based interoperability and connectivity. Java IDL enables distributed Web-enabled
Java applications to transparently invoke operations on remote network services using the industry
standard IDL (Object Management Group Interface Definition Language) and IIOP (Internet Inter-
ORB Protocol) defined by the Object Management Group." Hence, choice E is correct. RMI-JRMP is
used for distributed processing in a pure Java environment. Hence, choice A is incorrect. There is no
indication whether the Patient Billing system supports JNI. Hence, choice B is incorrect. RMI-IIOP is
useful when dealing with EJB applications. Hence, choices C and D are incorrect. There is no such
thing as a Java-CORBA bridge. The Java IDL API performs that function. Hence, choice F is
incorrect.
RMI-JRMP
RMI-JNI
RMI-IIOP
EJB
Java IDL
Java-CORBA Bridge
The container applies what memory management techniques in the case of Session Beans?
Choices A and B are correct. While EJBs offer business services, EJB Containers offer many
peripheral services such as memory management, persistence, transactions and so on. Bean Pooling (in
the case of Stateless Session Beans) and Bean Passivation (in the case of Stateful Session Beans and
Entity Beans) are two techniques the container uses for managing memory. Hence, choices A and B
are correct. Bean persistence refers to persisting the data represented by Entity Beans to physical
storages such as Relational, Object or other databases. It has nothing to do with memory management.
Therefore, choice C is incorrect. There is nothing called Bean Purge. Beans are removed when the
client calls the remove() method on the Home Interface (Stateful Session Beans) and when the
container decides (in the case of Stateless Session Beans and Entity Beans which reside in Bean Pools
when not in use.) In the case of Entity Beans, the remove() method also deletes the data the bean
instance represents. Hence, choice D is incorrect.
Bean Pooling
Bean Passivation
Bean Persistence
Bean Purge
Outstanding Perf is a perfume manufacturing company. The management is currently in the process of
architecting a new J2EE based solution for their online catalog. If performance is paramount and
session state needs to be managed as well, it would be preferable to use HTTP and HTTPSession
object as opposed to using HTTPS. True or False?
Choice A is correct as the statement is TRUE. The question specifies that performance is important.
There is no mention of the security requirements. Apart from providing Session State, HTTPS includes
additional functionality for allowing secure communication between the client and the server. Because
of all the extra processing with encryption and decryption, HTTPS is slower than HTTP. Hence, in this
case, it may be preferable to use HTTP (which is stateless) with HTTPSession Object (to store state on
the server.) Hence, choice A is correct.
True
False
Staledexho, a renowned catering company has just contracted your services to track their orders. An
online menu is available, for each country serviced. Customers choose what they want, the quantity
and provide relevant billing information. FedEx ships the food in a special container. What classes and
APIs are you most likely to use to support Internationalization?
Choices A, D and F are correct. The following excerpt is from:
http://developer.java.sun.com/developer/technicalArticles/Intl/IntlIntro/ "Locales are used throughout
the Java class libraries to customize how data is presented and formatted. They affect language choice,
collation, calendar usage, date and time formats, number and currency formats, and many other
culturally sensitive data representations. If you intend to create international Java applications, you'll
definitely use the java.util.Locale class. There's no getting around it; you'll use Locales to create well-
behaved, internationalized, multilingual Java applications. So, if you haven't had time to explore all the
JDK 1.1 international features yet, you'll get a clearer understanding of the core of the
internationalization model, the Locale, as you read and understand the descriptions and examples in
this article. A Locale is a relatively simple object. It identifies a specific language and a geographic
region. In fact, the only significant contents of a Locale object are language and country. Although
superficially these attributes are not particularly impressive, they represent a very rich and interesting
set of information. A Locale object represents the language and cultural preferences of a geographic
area. Language is a fairly easy idea to grasp; cultural preferences may not be immediately clear. Dates,
time, numbers, and currency are all examples of data that is formatted according to cultural
expectations. Cultural preferences are tightly coupled to a geographic area; that's why country is an
important element of locale. Together these two elements (language and country) provide a precise
context in which information can be presented. Using Locale, you can present information in the
language and form that is best understood and appreciated by the user. Resource Bundles - This
internationalization feature of the JDK provides a mechanism for separating user interface (UI)
elements and other locale-sensitive data from the application logic in a program. Separating locale-
sensitive elements from other code allows easy translation. It allows you to create a single code base
for an application even though you may provide 30 different language versions. Although you might
be predisposed to think of text only, remember that any localizable element is a resource, including
buttons, icons, and menus. The JDK uses resource bundles to isolate localizable elements from the rest
of the application. The resource bundle contains either the resource itself or a reference to it. With all
resources separated into a bundle, the Java application simply loads the appropriate bundle for the
active locale. If the user switches locales, the application just loads a different bundle. Resource
bundle names have two parts: a base name and a locale suffix. For example, suppose you create a
resource bundle named MyBundle. Imagine that you have translated MyBundle for two different
locales, ja_JP and fr_FR. The original MyBundle will be your default bundle; the one used when
others cannot be found, or when no other locale-specific bundles exist. However, in addition to the
default bundle, you'll create two more bundles. In the example these bundles would be named
MyBundle_ja_JP and MyBundle_fr_FR. The ResourceBundle.getBundle method relies on this naming
convention to search for the bundle used for the active locale. The java.util.ResourceBundle class is
abstract, which means you must use a subclass of ResourceBundle. The JDK provides two subclasses:
PropertyResourceBundle and ListResourceBundle. If these don't meet your needs, you can create your
own subclass of ResourceBundle." The following excerpt is from:
http://java.sun.com/docs/books/tutorial/i18n/text/stream.html "The java.io package provides classes
that allow you to convert between Unicode character streams and byte streams of non-Unicode text.
With the InputStreamReader class, you can convert byte streams to character streams. You use the
OutputStreamWriterclass to translate character streams into byte streams." Thus, we can see that
Locale, ResourceBundle and OutputStreamWriter play a vital role in Java Internationalization. Hence,
choices A, D and F are correct. The Collection interface, ListIterator and KeyStore are not relevant to
I18N. Hence, choices B, C and E are incorrect.
Locale
Collection Interface
ListIterator
ResourceBundle
KeyStore
OutputStreamWriter
What does the ejbCreate() method return in the case of Entity Beans in EJB 1.1?
Choice D is correct. In EJB1.0, the ejbCreate() method returned void. In EJB1.1, a null value of the
bean's primary key type is returned by the ejbCreate() method (in CMP.) In BMP, the ejbCreate()
method returns the primary key of the newly created entity. Hence, choice D is correct. The Container
intercepts the return value from the Bean and returns a remote reference to the remote object, to the
calling client. Hence, choice A is incorrect. Choice B suggests that the Primary Key of the newly
created instance is returned in both CMP and BMP. Hence, it is incorrect. The Bean instance never
returns a reference to itself upon creation. Hence, choice C is incorrect.
A remote reference to the EJBObject for both BMP and CMP beans
The Bean's Primary Key for both BMP and CMP beans
A reference to itself in BMP and NULL in CMP
NULL value of type BeanPK in CMP and Primary Key in BMP
The conversion between 16-bit Unicode and 8-bit local encoding formats is done by:
Choice D is correct. The following excerpt is from:
http://java.sun.com/docs/books/tutorial/i18n/text/stream.html "The java.io package provides classes
that allow you to convert between Unicode character streams and byte streams of non-Unicode text.
With the InputStreamReader class, you can convert byte streams to character streams. You use the
OutputStreamWriterclass to translate character streams into byte streams." Hence, choice D is correct.
MessageFormat, NumberFormat, Locale, ResourceBundle and properties files are all used in I18N.
These are not however used for conversion between Unicode character format and local 8-bit byte
streams. Hence, choices A, B and C are incorrect.
MessageFormat and NumberFormat

Locale and ResourceBundle
Properties files
InputStreamReader and OutputStreamWriter
Fire Hall, manufacturers of fire extinguishers, is building a corporate Intranet and wants its employees
to access payroll information via the Internet. They are planning to use Applets, because of its richer
GUI capabilities. The View401K applet requires a Java 1.4 plug in on the host where it is being
executed. This applet will read data cached on a temporary directory in the host to calculate 401K
distributions. What are your observations on the use of Applets for this purpose?
Choice B is correct. The following excerpt is from:
http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html "JDK 1.1 introduced the
concept of a "signed applet," as illustrated in the next figure. A digitally signed applet is treated like
local code, with full access to resources, if the public key used to verify the signature is trusted.
Unsigned applets are still run in the sandbox. Signed applets are delivered, with their respective
signatures, in signed JAR (Java Archive) files. JDK 1.2 introduces a number of improvements over
JDK 1.1. First, all code, regardless of whether it is local or remote, can now be subject to a security
policy. The security policy defines the set of permissions available for code from various signers or
locations and can be configured by a user or a system administrator. Each permission specifies a
permitted access to a particular resource, such as read and write access to a specified file or directory
or connect access to a given host and port. The runtime system organizes code into individual
domains, each of which encloses a set of classes whose instances are granted the same set of
permissions. A domain can be configured to be equivalent to the sandbox, so applets can still be run in
a restricted environment if the user or the administrator so chooses. Applications run unrestricted, as
before, by default but can optionally be subject to a security policy." As we can see, the Java 2 Security
model is totally flexible. Hence, choice B is correct.
The Applet technology is not a viable solution for this application because applets are subjected to
the sandbox model, which prevents them from reading from or writing to the host where they are
being executed.
The Applet technology is a viable solution for this application because the Security policy of the
Java 2 Platform is totally flexible.
What types of transactions are supported by Enterprise Java Beans?

Choice D is correct. Enterprise Java Beans specification supports both Implicit Declarative
transactions and explicit Java Transaction API (JTA) based transactions. Hence, choice D is correct.
Implicit Declarative Transactions

Explicit JTA based transactions
Either A or B (based on vendor implementation)
Both A and B
Which of the following statements is true about SSL?

Choice C is correct. The following excerpt is from:
http://developer.netscape.com/docs/manuals/security/sslin/contents.htm "The Transmission Control
Protocol/Internet Protocol (TCP/IP) governs the transport and routing of data over the Internet. Other
protocols, such as the HyperText Transport Protocol (HTTP), Lightweight Directory Access Protocol
(LDAP), or Internet Messaging Access Protocol (IMAP), run "on top of" TCP/IP in the sense that they
all use TCP/IP to support typical application tasks such as displaying web pages or running email
servers. The SSL protocol runs above TCP/IP and below higher-level protocols such as HTTP or
IMAP. It uses TCP/IP on behalf of the higher-level protocols, and in the process allows an SSL-
enabled server to authenticate itself to an SSL-enabled client, allows the client to authenticate itself to
the server, and allows both machines to establish an encrypted connection." Therefore choice C is
correct. Choice A is incorrect because it suggests that SSL runs above application protocols. Choice
B is incorrect because it suggests that SSL runs below TCP/IP. SSL runs between TCP/IP and HTTP.
SSL runs above high-level application protocols such as HTTP and LDAP
SSL runs below TCP-IP
SSL runs above TCP-IP and below application protocols
SSL does not have anything to do with either the application or the network layer in the OSI
model
What happens when the remove() method is called on the Home Interface of an Entity Bean?
Choices A and D are correct. The remove() method, in the case of Entity Beans, invalidates the client
stub, and deletes the data represented by the bean, from the database. Hence, choices A and D are
correct. The bean instance is returned to the pool. It is not destroyed when the remove() method is
called on an Entity Bean. Therefore choice B is incorrect. The container passivates the bean instance
whenever required (for memory management.) It is not a consequence of the remove() method though.
Hence, choice C is incorrect. The Bean instance moves from the Ready State to the Pooled State upon
removal, not the other way round as the point suggests. Hence, choice E is incorrect.
The remote reference is invalidated

The bean instance is destroyed
The bean instance is Passivated
The data represented by the bean instance is deleted from the database
The Bean Instance moves from pooled state to ready state
You have just started a new job working for a top finance company and you have been asked to
provide a user-friendly interface to an existing mainframe application. You do not have any access to
the mainframes source code. What is the best technique for this?
Choice B is correct choice. The key to this question is that you do not have access to the mainframes
source code. A screen scraper emulates a mainframe terminal. The screen scraper logs on to the
mainframe like a normal user and sends requests to the mainframe and then reads the response. The
problem with a screen scraper is that if you change any of the mainframes code there is always the
possibility that the screen scraper will stop working. Choice A is incorrect because it can be done.
Choice C would take far too long, would cost too much and is not what the customer wants. Choice D,
E and F are not appropriate, as they would require access to the mainframes source code. Choice G is
incorrect because there is no mention that the mainframe supports a messaging system. Some of them
do and even provide interfaces for JMS. However, as it is not stated in the question, this is not the
correct choice.
It cannot be done
Use a screen scraper
Re-write the main frame using Java and high-end Unix servers. Although it may take some time to
do this in the long run this will benefit the company
Write a Java front end then use CORBA to communicate with the mainframe
Use the Java Native Interface (JNI) to communicate with the mainframe
Use object Mapping
Use JMS
The IT company you are working currently doesn't offer the facility for customers to buy PCs bundled
with printers. Luckily they have just struck a deal with another printer company. The list of printers
they offer is maintained in a database that runs on one of the printer companies servers. You need to
connect to this database however you don't have a JDBC driver that you can install on the server. The
database server does have an ODBC driver installed on it. How do you connect to the database?
Choice F is correct. The key to this question is that with the JDBC-ODBC you are not connecting to
the database directly you are connecting to the ODBC driver instead. Therefore, it does not matter
what the database is as along as there is an ODBC driver available. Choice A is incorrect because it
can be done. Although choice B may work it is not the best solution, the JDBC-ODBC Bridge is the
best solution. You do not need to wrap JNI code around the ODBC driver to connect to it. Hence,
choice C is incorrect. Choice D is incorrect because it is possible to connect to the data source using
Java. Choice E is incorrect because there is no mention of any Message server in the question and this
is not suitable technology for the job.
You can't, change the data store.

Get the printer company to write a web page that you can pass SQL requests to. (You would
simply send SQL queries as POST requests and the output would be the ResultSet) This should be
implemented securely using SSL with client and server authentication.
Wrap some JNI access code around the OBDC driver then connect using JDBC.
Don't implement the solution using Java.
Send the database requests as JMS method calls.
Use the JDBC-OBDC bridge driver.
This test is to check the evaluate the ability of a Java Programer
Do not Cheat
Your company has released the next generation of its sales system. You have several very powerful
servers and a few basic servers at your disposal. A network expert has suggested that you use reverse
proxy load balancing to get the best possible performance out of these machines. What is reverse proxy
load balancing?
Choice D is correct. Reverse proxy load balancing is generally used when you have servers with
varied CPU power and Memory. You may use more powerful servers for SSL sessions and others to
handle static HTML. Such deployment will maximize your application's performance. Choice A is a
description of round-robin load distribution and hence is incorrect. Choice B does not describe any
particular method of load balancing and hence is incorrect. Choice C is an inaccurate description of
reverse-proxy load balancing and you would need access to the mainframes source code to do this.
Choice E is a cross between a firewall and a standard proxy server; this does not perform any load
balancing.
Splitting requests evenly amongst all back end servers.

The proxy sits behind the backend servers monitoring the performance of each one. When it
notices one is being used too much it will automatically forward requests to a different server.
Splitting requests amongst all back end servers depending on the amount of spare CPU time each
server has available.
A technique used to target certain requests to certain backend servers, e.g. All Servlet requests
from one server. All static HTML from another.
A way of filtering out certain requests. It is used to protect against denial of service attacks.
What is the difference between Stateful session beans and stateless session beans?
Choice C is correct. An example use for a stateful session bean would be a shopping basket because it
maintains its state. However a stateless session bean cannot and instead should be used as a service, for
example, credit card validation. A stateful session bean cannot survive a server crash, as none of its
data is permanently stored like Entity beans. Choice A is incorrect because Stateless session beans are
pooled. Choice B is incorrect because a stateful session bean cannot survive a server crash. Choice D is
incorrect because the data in a stateful session bean is not stored on a database and therefore there is no
Primary Key interface for stateful session beans.
Stateful session beans are pooled and Stateless session beans aren't.
A Stateful session bean can persist its state through a server crash but a Stateless session bean
can't.
A Stateful session bean can remember its state with a client, like a conversation but a Stateless
session bean can't.
A Stateful session bean uses a Primary Key interface to maintain persistence.
A work colleague has been describing a mainframe application that your company uses to maintain
their sales data. He says that the next application you will need to design will involve screen scraping,
as he cannot see how else the connection to the mainframe will be possible. What is screen scraping?
Choice C is correct. A screen scraper emulates a mainframe terminal. The screen scraper logs on to
the mainframe like a normal user and sends requests to the mainframe and then reads the response. The
problem with a screen scraper is that if you change any of the mainframes code there is always the
possibility that the screen scraper will stop working. Choice A may be true but it's not the right kind of
screen scraper! Choices B and F require that you have access to the mainframes source code. Screen
scrapers are written as and when they are needed, the mainframe vendor does not supply them so
choice D is incorrect. Your colleague is right. Therefore, choice E is incorrect. Choice G is incorrect
because although you can communicate with mainframes via JMS the process is different from screen
scraping.
A plastic tool to get ice off a car windscreen.

A program that interacts with a mainframe passing requests from the users directly to custom
written code that you have added in the mainframe.
A program that emulates a mainframe terminal and passes user input to the mainframe.
A program that's supplied by the mainframe for Java programs to interact with.
Your colleague is wrong. It will be quite easy to connect directly to the mainframe using Java.
A program that uses JNI to access the mainframe.
A program that use JMS to send messages to the mainframe. Note this only works if the
mainframe has a message server built into it.
Your company has won a contract with a major supermarket company to allow customers to do their
grocery shopping online. As this will involve a huge number of shoppers you have decided to opt for a
J2EE solution. When creating the Enterprise Beans to be used in this application what components do
you need?
Choice A is correct. You need a Home interface that has create() and find() methods, a Remote
interface to define your business methods, and a class that implements either the SessionBean or
EntityBean interfaces. Choice B is incorrect because you also need a Remote interface. Choice C is
incorrect because you also need a Home interface. Choice D is incorrect because you need the Home
interface and a class that implements either the SessionBean or EntityBean interfaces. Choices E and F
are incorrect because you do not need an EJBObject interface.
A Home interface, A Remote Interface and a class that implements either the SessionBean or
EntityBean interfaces.
A Home interface and a class that implements either the SessionBean or EntityBean interfaces.
A Remote interface and a class that implements either the SessionBean or EntityBean interfaces.
A Remote interface and a class that implements the EnterpriseBean interface.
An EJBObject interface, a Remote interface and a class that implements either the SessionBean or
An EJBObject interface, a Home interface and a class that implements either the SessionBean or
Your company runs a sports-betting website where a customer can log on and place bets on a variety of
sporting events. You want to convert the website that currently uses Perl and CGI scripts, over to a
language that is easier to maintain and reuse. Which of the following would be your choice of
replacement language?
Choice B is correct. The important element of this question is that the website offers the facility to
place bets online. Therefore, transactions are involved. This means that Enterprise Java Beans need to
be used. Hence, choice B is correct. It is very hard to implement transactions with just Servlets and
JSPs. Hence, choice A is incorrect. JMS is the messaging package of the J2EE and therefore choice C
is incorrect. Choice D...well, enough said!
JSP/Servlets
JSP/Servlets/EJBs
JMS
ASP
You are designing an Enterprise Application to provide a way for customers to buy products from
many companies through one standard site. The application servers you have use the EJB specification
1.1. You have a customer bean and are not sure whether to use CMP or BMP. When should you use
CMP?
Choice B is correct. Please note that this is referencing EJB1.1This is a time dependent question as
technologies have changed. When Sun wrote the EJB specification 1.1 Application Servers weren't
very efficient at generating SQL used for persistence and it used to be recommended that you use BMP
instead. However App Servers have improved and some would argue that CMP is now more efficient
than BMP. In the SCEA guidebook by Cade it says BMP will out perform CMP. When the exam is
updated to EJB 2.0, the answer to this question would probably change. Choice A is incorrect because
BMP can be more efficient than CMP. CMP cannot cope with mapping complex data types to a
database very efficiently. Hence, choice C is incorrect. Even if performance is not an issue, it is still
recommended that you use BMP when storing complex data types. Therefore, choice D is incorrect.
When performance is essential and you are storing standard data types.
When performance is not essential and you are storing standard data types.
When performance is essential and you are storing complex data types.
When performance is not essential and you are storing complex data types.
Your company's website offers the customers price comparisons on a variety of different products.
Revenue is generated by click through sales when the customer has found the best price. You are in
charge on converting the web-based solution over to the appropriate J2EE technology. Which of the
following should you use?
Choice A is correct as using JSP and Servlets are the best option. The important element to this
question is that the revenue is generated by click through sales. This implies that there are no
transactions involved and you do not need to use EJBs. Hence, choices B and C are not the best
options. PERL/CGI scripts are harder to maintain than Java code. Hence, choice D is not the best
option.
JSP, Servlets
JSP, Servlets, EJBs
Applets, EJBs
No need to change it PERL/CGI scripts is the best solution
A Fortune 500 company wishes to add new functionality to its existing sales system and has contracted
you as the lead architect for the project. The legacy system has been written in C++ and they wish to
keep this system running although they may switch over to full Java solution later, depending on the
performance of the new extra functionality. How will one connect to this legacy system?
Choice A is correct. JNI stands for Java Native Interface and is used to allow Java to communicate
with programs written in languages like C. In effect you are wrapping the C code to make it available
to Java. For example you will wrap a C method called debitAccount(int amount) with a similar Java
method, the Java method will just call the C method. This means you can now make the method
accessible via RMI. Choice B is incorrect because this is not what customer wants, you must stick to
the requirements. It would be inappropriate to use a screen scraper here so choice C is incorrect.
Although choice D might be possible, to get this to work would take far more work than is actually
required. You would need to get the C and CORBA programs working first then try and interface
CORBA and RMI, which is not necessary, in this case.
Wrap the application using JNI and make it accessible using RMI.
Rewrite the C++ code in Java. This shouldn't be too hard because it's converting from one object-
orientated language to another.
Use a screen scraper.
Use CORBA to talk to the C program then get the CORBA to talk to the RMI server.
You are working for a company with a worldwide presence; their offices are spread across many
countries and over many computer networks. Virtual private networks have been set up to increase
security. What are Virtual Private Networks (VPNs) are where are they created?
Choice A is correct. The answer given in choice A explains what a Virtual Private Network is (VPN).
Choice B describes a DMZ; choice C the local area network in the DMZ and choice D is incorrect
because encryption and authentication are used in the VPN.
A network created between two other networks (these are not located in the same place,
geographically). Encryption and Authentication are used in the VPN. Normally the VPN is a
network on top of an untrusted network (like the Internet).
The area between two firewalls. You let traffic from the Internet into this area (through the first
firewall) but not through the second firewall (to your secure network).
The secure (inner) network as described in answer B.
A network created between two other networks (these are not located in the same place,
geographically). Encryption and Authentication are NOT used in the VPN. Normally the VPN is a
network on top of a trusted network (like the Internet).
Your 3-tier application has been deployed in a production environment and has been running smoothly
for over three months. However, recently you are getting three times the normal traffic due to a
Television promotion campaign. To cope with increased traffic, you decided to introduce Round-Robin
load balancing. Which of the following is the closest description about how the Round-Robin load
balancing technique copes with the increased traffic?
Choice A is correct. Round-Robin load balancing is the process of splitting requests evenly
irrespective of the request type (i.e. SSL, JSP, HTML). If you have three servers, the first request goes
to the first server, the second request to the second server and the third request to the third server.
When the fourth request comes in, the process starts again and the request goes to the first server again.
Choices B and C are not descriptions of any known load-balancing technique and hence are incorrect.
Choice D is a description of reverse proxy load balancing that is normally used with servers having
varied power (CPU and Memory). Then, you may use more powerful servers just for SSL sessions and
others servers to handle static HTML. Such arrangement will maximize your application's
performance. Thus, choice D is incorrect.
Splitting requests evenly amongst all back end servers

The proxy sits behind the backend servers monitoring the performance of each one. When it
notices one is being used too much it will automatically forward requests to a different server.
Splitting requests amongst all back end servers depending on the amount of spare CPU time each
server has available.
A technique used to target certain requests to certain backend servers, for example, all Servlet
requests from one server and all static HTML from another server.
What is object mapping?

Choice D is correct. Object mapping is used when accessing legacy systems. You need access to the
legacy system's source code in order to do this. Choice A sounds plausible but is incorrect. Choice B is
a description of a screen scraper. There is no need to build object wrappers around Java interfaces.
Choice C describes the opposite. Hence, choice C is incorrect.
The process of converting a class diagram to Java code.

A program that emulates a mainframe terminal and passes user input to the mainframe.
The process of building object wrappers around Java interfaces. This allows the legacy system to
interact with your Java application.
The process of building object wrappers around legacy interfaces. This makes the legacy system
available in an OO fashion.
You are the lead architect for a project that will require you interfacing with existing CORBA systems.
You are planning to use Java IDL to integrate with these other systems. Which of the following
statements about Java IDL are true?
Choices A and C are correct. The following is taken from:
http://java.sun.com/j2se/1.3/docs/guide/idl/index.html "Java IDL adds CORBA (Common Object
Request Broker Architecture) capability to the Java platform, providing standards-based
interoperability and connectivity. Java IDL enables distributed Web-enabled Java applications to
transparently invoke operations on remote network services using the industry standard IDL (Object
Management Group Interface Definition Language) and IIOP (Internet Inter-ORB Protocol) defined by
the Object Management Group. Runtime components include Java ORB for distributed computing
using IIOP communication. Choice B is incorrect because you should use RMI-IIOP instead of Java
IDL. Choices D and E are not true as Java IDL adds CORBA capability to the Java platform. Choice F
is incorrect because Java IDL should not be used when servicing requests from CORBA clients and the
reference to messaging is a red herring.
Allows Java to use CORBA.

Should be used when most of your new Java applications will be entirely Java based.
Should be used if you have already been using CORBA for a while and wish to carry on with
some CORBA systems.
Java IDL has nothing to do with CORBA. To communicate with CORBA you will need to use JNI
(Java native interface) and J2C (Java 2 CORBA).
Same as D expect you won't need to use JNI.
Java IDL should be used when servicing messaging requests from CORBA clients.
You've written all the UML diagrams you need for your companies online store. Other developers and
architects have approved them. Now you are deciding which Enterprise Beans will use Container
Managed Persistence (CMP) and which will use Bean Managed Persistence (BMP). When should you
use BMP?
Choices A, C and D are correct. Please note that this is referencing EJB1.1This is a time dependent
question as technologies have changed. When Sun wrote the EJB specification 1.1 Application Servers
weren't very efficient at generating SQL used for persistence and it used to be recommended that you
use BMP instead. However App Servers have improved and some would argue that CMP is now more
efficient than BMP. In the SCEA guidebook by Cade it says BMP will out perform CMP. When the
exam is updated to EJB 2.0, the answer to this question would probably change. Choice C is incorrect
because using Container Managed Persistence will increase the portability of the Enterprise Bean and
should be used wherever possible.
When performance is essential and you are storing standard data types.
When performance is not essential and you are storing standard data types.
When performance is essential and you are storing complex data types.
When performance is not essential and you are storing complex data types.
You have never worked with J2EE application servers before and are about to release your first 3-Tier
application. Your company already has a strong customer base so you expect a huge volume of traffic
over the first few days of the launch. You're not to sure how your application server will cope with all
the customers but a colleague reassures you that the Enterprise beans are pooled and the performance
of the system will be fine. What are the benefits of bean pooling?
Choice B is correct. Bean pooling is just like database connection pooling. There is no point having a
few thousand instances in memory when you could get by with 50. When a bean is in a pooled state it
is not associated with any particular client. The following are wrong because: You could argue that by
bean pooling it reduces the load on the application server and this indirectly improves the response
time. However this choice (A) is not the most appropriate. Choice C is incorrect because bean pooling
does increase scalability. Choice D is incorrect because you keep fewer instances of the beans in
memory.
Improves response time between client and bean.

Means you need fewer instances of the beans and therefore increases scalability.
Means you need fewer instances of the beans but this does nothing for increasing scalability.
Means you keep more instances of the beans in memory but this improves performance of the
Application server ten fold.
You have an application that will be used for customers to buy service engineer's time and extend
warranties online. You have several different Enterprise Beans in this application for example,
Customer, Warranties, CreditCardValidation etc. It is a long time since you have coded EJBs
(normally your time is spent designing applications at a higher level) and you have forgotten which
methods should go in which interface. What methods do you put in the Remote interface?
Choices B and D are correct. The Remote interface is used to define all of the methods that can be
called by the client on the Enterprise Bean. If you try to call a method that exists in the Enterprise bean
class but has not been defined here, you will get a RemoteException. The methods in choice A are
defined the Home interface. Choice C describes information that would be found in the deployment
descriptor and application server. Choice E is incorrect because a remote interface (that implements
javax.ejb.EJBObject) is required.
Defines create(), find(), remove(Object) methods.

Defines signatures of EJB's business methods.
Defines the persistence of the bean, e.g. how to persist etc.
Defines all methods that the client can call on the EJB.
You don't need a Remote interface for an EJB. An EJB consists of a Home interface and an
EJBObject interface.
You are designing an Enterprise Bean to represent a customer in your new application. You have many
methods for this EJB for example: createAccount(), deductAmount(), create(), find(). Which of these
methods needs to go in the Home Interface and what is it used for?
Choice A is correct. The Home interface defines the create(), find(), and remove() methods. The
Remote interface is used to define all of the methods that can be called by the client on the Enterprise
Bean. If you try and call a method that exists in the Enterprise bean class but hasn't been defined in the
remote interface, you will get a RemoteException. Choice B is incorrect because these are methods
defined in the Remote interface. Choice C describes information that would be found in the
deployment descriptor and the application server. Choices D and E describe the Remote interface.
Defines create(), find(), remove (Object) methods.

Defines signatures of EJB's business methods.
Defines the persistence of the bean, e.g. how to persist etc.
Defines all methods that the client can call on the EJB.
The createAccount(), deductAmount() methods need to go in the Home interface as it defines the
business methods.
You are designing an application that will use JRMP over RMI. The Network engineers at your
company would like to know what port you intend to use to access the internet and other networks so
that they can make it available on the companies firewall. What port do you ask for?
Choice C is correct. JRMP runs on port 1099 as standard although it is possible to run it on a different
port. Choice A is the standard SSL port number. IIOP uses port 535. Web servers such as Tomcat use
the port 8443 for SSL. In addition, choice E is the standard HTTP port. Although you wish to access
the Internet, you are not making http requests. For more information, please refer to the following
URL: http://www.iana.org/assignments/port-numbers
443
535
1099
8443
80
You have managed to work out what the next big online shop will be way ahead of everyone else, and
are currently designing it. Although the design is still in a rough stage and you have yet to secure
sponsors to take it into production, you have already decided on some of the Enterprise Beans that you
will need. You know you will need a customer EJB, Shopping basket EJB, another EJB to be used
when accessing data on a legacy system. You know you will need many more but what would be an
appropriate use for a Stateless Session Bean?
Choice B is correct. Stateless session beans can't remember which client they were last talking to and
any data they might hold is not saved in a database. Stateless session beans are used to provide a
service. E.g. credit card validation. Choice A is incorrect because a shopping basket would require
state (a Stateful Session Bean). Choice C would require a Stateful Session Bean or Entity Bean
depending on whether the data needed to be permanently stored for that client. Although choice D is
possible, this is not the most appropriate use for a stateless session bean.
To represent a shopping basket.

Provide a service to the client.
Store state for a particular client.
To access data on a legacy system.
In a Catalog Enterprise Bean, (used in an online sports shopping site) you have code that will be
executed when ejbPassivate() and ejbActivate() are called. The code is used to perform basic house
keeping tasks. You need to know when the code will execute so which of the following statements are
true?
Choices A and D are correct. The descriptions in choices B and C are the wrong way round.
ejbPassivate() is called prior to passivation.

ejbPassivate() is called immediately after passivation.
ejbActivate() is called prior to activation.
ejbActivate() is called immediately after activation.
What is the difference between stateful Session beans and Entity beans?
Choices B and C are correct. Entity beans represent data on a database whereas session beans
represent workflow. It is very expensive to create Entity beans and the code can become quite
complicated. Hence, you should use the Session-Fa?e pattern, where the customer talks to a Session
bean which in turn talks to the Entity bean. Choice B is incorrect because session beans cannot survive
a server crash and in choice D the description is the other way around.
Stateful session beans can survive a server crash but Entity beans can't.
Entity beans can survive a server crash but Stateful session beans can't.
Session beans are typically used to make calls on Entity beans.
Entity beans are typically used to make calls on Session beans.
Which of the following statements are true about bean pooling?

Choice A is correct. You can say how many instances should be pooled at deployment time. Choice B
is incorrect because bean pooling does increase scalability. There is no need to avoid bean pooling and
if you did not do it the amount of memory you would need would be far too expensive. Hence, choice
C is incorrect. The number of beans to pool is set at deployment time. Hence, choice D is also
incorrect.
The EJB specifies how many instances to pool at deployment time.

Although bean pooling improves performance it doesn't offer any advantages in Scalability terms.
If your server has enough memory you should avoid bean pooling.
The application server depending on the beans usage decides the number of instances to pool.
Select the most appropriate use for an Entity Bean?

Choice B is correct. The key to this question is "select the most appropriate" there are two possible
right answers. (B) Is the most correct because it has the word permanently in the answer. Entity beans
represent data on a database. It might be possible to argue that (A) is also right because maybe that is a
customer Entity Bean storing their address and personal details. However, there is no reference to
permanent data storage. Hence, (B) is the better answer. Choice C would require either a stateless or
stateful session bean. The reason it could be either is because it says "not any particular client". Choice
D would typically require a stateless session bean.
Store state for a particular client.

To store data permanently such as financial data.
Store state for any client, not any in particular.
Provide a service to the client.
Its not just Stateless Session beans that are pooled, Entity beans are as well. True/False?
The above statement is true. Yes they are both pooled to reduce the load on the Application server.
True
False
When should RMI over IIOP be used?

Choice D is correct. The following is taken from:
http://java.sun.com/j2se/1.3/docs/guide/idl/jidlFAQ.html RMI-IIOP - If you are writing most of your
new applications using the Java programming language, but need to maintain legacy applications
written in other programming languages as well, you will probably want to use Java RMI with its IIOP
compiler option. Choice A is incorrect because JRMP is the standard for RMI. Whether you use IIOP
or JRMP is irrelevant in terms of performance. Hence, choice B is incorrect. You should use standard
JRMP in the case choice C describes.
RMI over IIOP is used all the time with standard RMI.
When performance doesn't matter.
When you are dealing with a pure Java system, no legacy systems etc.
When RMI is used with Enterprise Javabeans.
As part of your new application, you need to connect to a database. You do not have any access to the
database server so you cannot change the ODBC driver that's currently installed. How do you connect?
Choice D is correct. The key to this question is that you do not need to install a new ODBC driver or
similar. You can connect to the database directly via JDBC. CORBA is used for distributed systems
not database connectivity so choice A is incorrect. Choice B would not work and choice C is not
necessary, as the question does not say that you cannot use a normal JDBC driver.
CORBA
JMS-JNI
JDBC-ODBC bridge
JDBC
As part of your online shopping site, you need customers to be able to pay for their goods securely.
You have decided that you will use SSL with 128bit encryption to transmit the credit card details.
What port number does HTTPS run on and can it be configured to run elsewhere?
Choice C is correct. As a standard, HTTPS runs on port 443 but can be configured to run elsewhere.
With web servers such as Tomcat the SSL port is 8443.
8443 and yes it can run elsewhere

8443 and no it can not run elsewhere it must run on this port
443 and no it can not run elsewhere it must run on this port
You need to replace ASP scripts. What J2EE technology do you use?
Choice B is correct. ASP and JSP have a very similar syntax so it makes sense to replace ASP with
JSP. You should also try to extract parts from the ASP script that perform controller operations or
other processing and implement them as Servlets. Choice A is incorrect because the Java Message
Service and has nothing to do with web pages. There is no mention of transactions in the questions and
if there was it would probably be better to use EJBs as well, so choice C is incorrect. Although choice
D is possible this is not the best answer as there would be too much work involved in creating the
Applets.
JMS, JSP and Servlets

JSP and Servlets
JTA, JSP and Servlets
Applets
You have a distributed system that is not made up entirely of Java objects (some of them are CORBA)
what technology should you use?
Choice B is correct. The following is taken
from:http://java.sun.com/j2se/1.3/docs/guide/idl/jidlFAQ.htmThere are several scenarios that will
define how you will want to create distributed CORBA applications. Here are some of them: Java IDL
- If you have been developing CORBA applications using IDL for some time, you will probably want
to stay in this environment. Create the interfaces using IDL, and define the client and server
applications using the Java programming language to take advantage of its "Write Once, Run
AnywhereTM" portability, its highly productive implementation environment, and its very robust
platform. RMI-JRMP - If all of your applications are written in the Java programming language, you
will probably want to use Java RMI to enable communication between Java objects on different virtual
machines and different physical machines. Using Java RMI without its IIOP option leverages its
strengths of code portability, security, and garbage collection. RMI-IIOP - If you are writing most of
your new applications using the Java programming language, but need to maintain legacy applications
written in other programming languages as well, you will probably want to use Java RMI with its IIOP
compiler option. RMI-JRMP would be used in an all Java solution so choice A is incorrect. There is no
need to rewrite the objects so the system in entirely Java based so choice C is incorrect. There already
are CORBA objects so although choice D is possible it is not the most appropriate answer.
RMI-JRMP
CORBA
Rewrite the objects so the system in entirely Java based
RMI-IIOP
You are creating a web application for an online product ordering system. You will be using data from
several different databases and to reduce the load on the databases you have decided to use connection
pooling. You have a ConnectionPool class and you want one pool for each database. However, you
will have to connect to a variable number of databases. What pattern should you use?
Choice E is correct. The Singleton does not just create a single instance it can also be used to create a
variable number of instances of a class. The Abstract factory pattern is used for creating many objects
that are dependent on each other so choice A is incorrect. The Factory Method pattern provides an
interface for creating an object defers creation to either sub classes or helper classes. Hence, choice B
is incorrect. The Builder pattern separates the construction and representation of an object. The client
is shielded from the objects construction, only needing to specify its content and type. Choice C is
hence incorrect. The Prototype pattern is used to create new objects by copying its prototype. Choice D
is therefore incorrect.
Abstract factory
Factory Method
Builder
Prototype
Singleton
When would you use a JDBC-ODBC Bridge?

Choice B is correct. You are basically connecting to the ODBC driver as opposed to directly to the
database. Choice A is incorrect; normally you would just connect directly via JDBC. Whether you are
connecting to a database running on a Windows server (NT, 2000 etc) makes no difference at all.
Hence, choice C is incorrect. The JDBC-ODBC bridge will not increase performance as described in
choice D.
This is the standard, and is used all the time.

When you have to use a database that has an ODBC driver but the JDBC driver doesn't exist.
When you are connecting to a database running on a Windows server (NT, 2000 etc).
When you need faster response times.
You have had enough with all the UML tools on the market as none do exactly what you want them to.
Therefore, you have decided to design your own. However when designing it you realize that certain
parts will be really complicated for example you have a Diagram object that is made up of lots of other
objects. This diagram object can be used for a variety of different diagrams including class and
sequence diagrams. When you create it you only want to specify its type and content. What pattern
should you use?
Choice C is correct. The builder pattern separates the construction and representation of an object. The
client is shielded from the objects construction only needing to specify it's content and type. The
Abstract Factory pattern is used for creating many objects that are dependent on each other. Hence,
choice A is incorrect. The Factory Method pattern provides an interface for creating an object that
allows either sub classes or helper classes to create that object. Hence, choice B is also incorrect. The
Decorator pattern is not used to build objects. It adds extra functionality to existing objects. Hence,
choice D is incorrect.
Abstract Factory
Factory Method
Builder
Decorator
When would you choose RMI-JRMP over CORBA?
Choice A is correct. The following is taken from:
http://java.sun.com/j2se/1.3/docs/guide/idl/index.html This is a fundamental question and it's important
to understand the distinction between these two ways of integrating the Java programming language
with CORBA. Java IDL is for CORBA programmers who want to program in the Java programming
language based on interfaces defined in CORBA Interface Definition Language (IDL). This is
"business as usual" CORBA programming, supporting Java in exactly the same way as other languages
like C++ or COBOL. RMI-IIOP (Remote Method Invocation over Internet Inter-ORB Protocol) is for
Java programmers who want to program to the RMI interfaces, but use IIOP as the underlying
transport. RMI-IIOP provides interoperability with other CORBA objects implemented in various
languages - but only if all the remote interfaces are originally defined as Java RMI interfaces. It is of
particular interest to programmers using Enterprise JavaBeans (EJB), since the remote object model for
EJBs is RMI-based. You would use RMI-IIOP in choice B. In choice C you would use CORBA.
CORBA actually slightly outperforms RMI. Hence, choice D is also incorrect.
When you are designing a pure Java solution.

When you are designing a solution that will not be pure Java but will mainly be in Java.
When you will interact with applications written in other languages such as C/C++
When performance is essential.
You need to interface with an existing application. You have full access to the source code and UML
diagrams from the existing application. Part of the requirements implies that you will need to connect
unrelated objects together. You want to know whether the Bridge pattern or the Adapter pattern will be
suitable. Which of the following are true about the Bridge and Adapter patterns?
Choices A and D are correct. As the answers state the Adapter pattern implements an interface known
to its clients and provides an instance of a class not known to its clients. And the Bridge pattern creates
a separation between abstractions and classes that implement those abstractions. Choices B and C are
incorrect because the descriptions are the other way around.
The Adapter pattern implements an interface known to its clients and provides an instance of a
class not known to its clients.
The Bridge pattern implements an interface known to its clients and provides an instance of a class
not known to its clients.
The Adapter pattern creates a separation between abstractions and classes that implement those
abstractions.
The Bridge pattern creates a separation between abstractions and classes that implement those
abstractions.
You are interfacing with a server that is running as a JMS server and email server. Your company has
an online shopping store and when a customer buys something, you need to send an email
confirmation. Email requests will be sent as JMS messages to reduce the load on the email server.
Does JMS provide the implementations to allow you to send these messages to the email server? True
or False?
The above statement is False. The JMS only defines interfaces there are no implementation classes in
the package. Therefore, you will need to write all of the implementations yourself.
True
False
As part of your new application, you need to create a custom class loader so that you can implement
with custom security. Therefore, you need to create objects without knowing the class of the objects or
how to create them. What pattern should you use for this?
Choice D is correct. This pattern is used to create new objects by copying its prototype. The Abstract
factory pattern is used for creating many objects that are dependent on each other. Therefore, choice A
is incorrect. The Factory Method pattern provides an interface for creating an object defers creation to
either sub classes or helper classes. Hence, choice B is incorrect. The Builder pattern separates the
construction and representation of an object. The client is shielded from the objects construction, only
needing to specify it's content and type. Choice C is therefore incorrect. The Singleton pattern creates
either one or a variable number of instances of a class making choice E incorrect.
Abstract factory
Factory Method
Builder
Prototype
Singleton
Is Point-to-Point (PTP) is based on message queues?

Choice A is correct. Point-to-Point messaging is typically used where a client application sends a
message to another application. This is the one-to-one messaging paradigm. In contrast, Publish
Subscribe, allows broadcast communication (one-to-many.)
True
False
You have designed an application that allows customers to buy chapters of e-books. Due to the success
of the project, this will be launched as a worldwide application. In the process of converting this
application to be suitable for worldwide use, which of the following will you use?
Choice B is correct. The java.text package contains classes such as MessageFormat and
NumberFormat, these classes are used to layout text in the appropriate way. Choice A is incorrect;
primitive objects cannot be used. Choices C and D are incorrect because the way numbers are
displayed is different in most countries. The packages named in choices E and F do not exist.
Java runs with already as standard 16bit characters as standard so you do not need to use any
particular classes to change the text. All primitive objects can be used.
java.text package
java.lang.Integer Class
java.lang.Number Class
java.international package
java.Unicode package
What is true about the following diagram? (Please Click on "Exhibit Button" to view the Diagram )
Choice C is correct. You can tell this is an object because its name is underlined. The following is
taken from (Cade 42):"If the element name is underlined, then it is an instance of an element. You can
precede an element name with a : and have an anonymous instance. You can place a name in front of
the : and have a named instance of an element." Choices A and B are incorrect because the name is
underlined. Choice D is incorrect because the symbol would have the word interface above it like this:
<<interface>> if it were an interface. For more information about UML: http://www.uml.org/
Ian_Mock1_qn46.jpg
It is a class called AName

It is a static class called AName
It is an object called AName
It is an interface
Your have decided to let people shopping at your site receive confirmation emails when they buy
online. The emails will not contain their credit card numbers but will contain the amount they have
been charged. A JMS request to an email server will be used to do this. However you are worried
about how secure this will be but a college re-assures you that JMS has security built into it. Is this
true? True or False?
The above statement is false. The JMS only defines interfaces so you will need to design your own
security around this.
True
False
Which of the following are used in Internationalization?

Choices D and E are correct. The String and char primitive classes are used in the process of
Internationalization. Choices A, B and C are all incorrect because its the way numbers are displayed
that is different in most countries.
java.lang.Long Class
java.lang.Float Class
java.lang.Number Class
java.lang.String class
char primitive class
You have an online shopping application that has been deployed for some time. Previously all sales
had been diverted to another company. Because of the popularity of your site now, you have decided
that your application will handle credit card sales, going forward. You will use JMS to send requests to
charge credit cards to a separate server. You need an instant response as to whether the credit card
transaction was approved. What type of messaging do you use?
Choice E is correct. If you need an instant response, you probably would not use messaging. The idea
of messaging is that you can send messages to other applications and let them process the messages in
their own time. For this solution, it will be better to use an EJB and directly query the credit card
validation server. Choice A suggests that messages will be broadcast (one-to-many). For credit card
validations, there is no need to broadcast the request. Besides the question says that an "instant
response is required." Messaging is inherently asynchronous. Hence, choice A is incorrect. Point-to-
Point or P2P is a one-to-one messaging architecture. JMS does provide APIs that allow send-and-
forget and send-and-respond messages. Though a synchronous request is mimicked here, messaging
architecture, unlike RPC models, is not truly synchronous. Note: In some P2P implementations
(where a synchronous response is required using messaging), the sender puts the message in a queue.
The receiver polls its queue and reads the message. The receiver then sends a response to another
queue, which the sender is polling for responses and so on. So though the credit card validation can be
achieved through P2P messaging, if a synchronous RPC call is available, that would be the preferred
option. Topic Messaging is the same as Publish Subscribe. Hence, choice C is incorrect. Instant
Messaging refers to a method of chatting on the Internet. Hence, choice D is incorrect.
Publish/Subscribe
Point-to-Point
Topic Messaging
Instant Messaging
You wouldn't use messaging
You have been brought in from another project to help some colleagues with the documentation of an
application they have been working on. You need to show groups of classes as subsystems. What type
of UML diagram will you use?
Choice C is correct. A package diagram is used to show groups of classes that belong together. Choice
A is incorrect because a Collaboration Diagram is a type of interaction diagram. A Class Diagram
shows individual classes. Hence, choice B is incorrect. A Use case Diagram depicts a scenario that the
system would be involved in. Thus, choice D is also incorrect. For more information about UML:
http://www.uml.org/
Collaboration Diagram
Class Diagram
Package Diagram
Use case Diagram
Choice B is correct. This diagram shows generalization (or inheritance). Note: Normally the sub class
is be shown below the ancestor, though that is not a UML constraint. Choice A is incorrect because it
is the other way around. Choices C and D are both incorrect because the empty triangle would not be
there in the diagram if messages were being sent. For more information about UML:
http://www.uml.org/
Ian_Mock1_qn44.jpg
Class A inherits from Class B

Class B inherits from Class A
Class B will send messages to Class A
Class A will send message to Class B
What is the ResourceBundle class used for?

Choice B is correct. A ResourceBundle is used to store all parts of a program that you will need to
change as part of Internationalization. For example, you could put the text for dialog messages there
and when it came to displaying the dialog, the program will look up and retrieve the appropriate text
based on the country of the user. Choice A is incorrect because the ResourceBundle does not store any
information about the program like an external configuration file. The ResourceBundle does not give
you any access to local resources. Hence, choice C is incorrect. The properties of the user's
environment, language and a region are found in the users system properties, not the ResourceBundle.
Hence, choice D is also incorrect.
To store information about the program, like an external configuration file.

To store parts of the program that is Locale sensitive, e.g. the text on a message window.
To get access to local system resources such as files etc.
To access properties of the users environment, language and a region.
What is the "Something" shown in the following diagram? (Please Click on "Exhibit Button" to view
the Diagram )
Choice B is correct. This is a package and it represents a group of classes. The symbol is incorrect for
it to be a component. Hence, choice A is incorrect. For this to be part of a collaboration diagram, it
would need to interact with another object. Hence, choice C is incorrect. If it were a super class,
another class would need to extend from it. So choice D is also incorrect. For more information about
UML: http://www.uml.org/
Ian_Mock1_qn45.jpg
A component
A package
A component collaboration
A super class
When should you use Java IDL and when should you use RMI-IIOP?
Choices B and E are correct. The following is taken from:
http://java.sun.com/j2se/1.3/docs/guide/idl/index.html This is a fundamental question and it is
important to understand the distinction between these two ways of integrating the Java programming
language with CORBA. Java IDL is for CORBA programmers who want to program in the Java
programming language based on interfaces defined in CORBA Interface Definition Language (IDL).
This is "business as usual" CORBA programming, supporting Java in exactly the same way as other
languages like C++ or COBOL. RMI-IIOP (Remote Method Invocation over Internet Inter-ORB
Protocol) is for Java programmers who want to program to the RMI interfaces, but use IIOP as the
underlying transport. RMI-IIOP provides interoperability with other CORBA objects implemented in
various languages - but only if all the remote interfaces are originally defined as Java RMI interfaces.
It is of particular interest to programmers using Enterprise JavaBeans (EJB), since the remote object
model for EJBs is RMI-based. Choice A is incorrect as Java IDL has nothing to do with Enterprise
Javabeans. In choice C, you can use JRMP instead of IIOP if you want. Therefore, this choice is
incorrect. Choice D is incorrect because Java IDL requires CORBA interfaces not RMI interfaces.
Choice F is incorrect as all the interfaces must be defined as RMI interfaces. Choice G is incorrect
because although sometimes Java-IDL and RMI-IIOP could be used for the same thing, generally a
situation will suit one more than the other.
You should use Java IDL when using Enterprise Javabeans.

You should use RMI-IIOP when using Enterprise Javabeans.
You HAVE to use RMI-IIOP when using Enterprise Javabeans.
Java IDL can be used even if the remote interfaces were originally defined as RMI interfaces.
RMI-IIOP can be used with CORBA only if the remote interfaces were originally defined as RMI
interfaces.
RMI-IIOP can be used with CORBA even if not all of the remote interfaces were originally
defined as RMI interfaces.
It comes down to programmer preference as both can be used in all situations.
You have designed an application that allows customers to buy chapters of e-books. Due to the success
of the project, this will be launched as a worldwide application. You need to be able to get access to
the user's environment to determine the language for text display in your. What of the following
classes will help you do this?
Choice C is correct. There are no classes called Localization, National, International and Environment
as part of the Java Development Kit. Therefore, choices A, D, E, and F are incorrect. The following is
taken from: http://java.sun.com/j2se/1.3/docs/api/java/util/Locale.html A Locale object represents a
specific geographical, political, or cultural region. An operation that requires a Locale to perform its
task is called locale-sensitive and uses the Locale to tailor information for the user. For example,
displaying a number is a locale-sensitive operation--the number should be formatted according to the
customs/conventions of the user's native country, region, or culture. The Properties class represents a
persistent set of properties. The Properties can be saved to a stream or loaded from a stream. Each key
and its corresponding value in the property list is a string. Every Java application has a single instance
of class Runtime that allows the application to interface with the environment in which the application
is running. The current runtime can be obtained from the getRuntime method.
Localization class
Properties class
Locale class
National class
International class
Environment class
Runtime class
You are working for a company that aims to provide its customers with the facility to buy and sell
shares online. You have been looking through the requirements document and notice that the process
of selling/transferring shares is very complicated due to the constant price change. Hence, you are
required to control transactions at a very fine level of granularity. Should you use CMT or BMT?
CMT = Container Managed Transaction BMT = Bean Managed Transaction
Choice B is correct. BMT gives you the developer much greater control over the transaction. As the
developer, you can start the transaction where you want and end it where you want. CMT does
however give you the advantage of not having to worry about code related to the transaction you can
just focus on the business logic instead. The following is taken from:
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Transaction4.html In a bean-managed transaction, the
code in the session or message-driven bean explicitly marks the boundaries of the transaction. An
entity bean cannot have bean-managed transactions; it must use container-managed transactions
instead. Although beans with container-managed transactions require less coding, they have one
limitation: When a method is executing, it can be associated with either a single transaction or no
transaction at all. If this limitation will make coding your bean difficult, you should consider using
bean-managed transactions.
CMT
BMT
Do not Cheat
What do Isolatable and Durable mean with reference to ACID?

Choices C and G are correct. ACID stands for Atomic, Consistent, Isolatable and Durable. All
transactions must adhere to this. Isolatable means a transaction must execute without the interference
from other processes or transactions. In addition, Durable means data must be written to the data
source before the transaction is complete.
Isolatable means only 1 transaction can execute at a time.

Isolatable means the transaction is the same as other transactions in structure.
Isolatable means a transaction must execute without the interference from other processes or
transactions.
Isolatable means the transaction was started and finished in the same VM.
Durable means the transaction is the same as other transactions in structure.
Durable means the integrity of the underlying data source is maintained.
Durable means data must be written to the data source before the transaction is complete.
Durable means the transaction was started and finished in the same VM.
You are developing an online shopping store for an art gallery. The company aims to bring fine art to
the masses and expects a huge volume of traffic through the site. The site allows customers to pay for
goods and arrange delivery methods using credit cards. You have read the requirements and have a
rough design in your head. Which of the following is the most appropriate rough design for this site?
Choice C is correct. The key to this question is the choice of Transactions Bean Managed Transactions
or Container Managed Transactions. There is no need to control transactions at a fine level of
granularity and Entity Beans cannot take part in BMT. Hence, CMT may be a better choice. The
Servlet is a more appropriate choice for handling the users session however you would still need
another Stateful Session Bean for the business logic of the application. The following is taken from:
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Transaction3.html In an enterprise bean with container-
managed transactions, the EJB container sets the boundaries of the transactions. You can use
container-managed transactions with any type of enterprise bean: session, entity, or message-driven.
Container-managed transactions simplify development because the enterprise bean code does not
explicitly mark the transaction's boundaries. The code does not include statements that begin and end
the transaction. http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Transaction4.html In a bean-managed
transaction, the code in the session or message-driven bean explicitly marks the boundaries of the
transaction. An entity bean cannot have bean-managed transactions; it must use container-managed
transactions instead. Although beans with container-managed transactions require less coding, they
have one limitation: When a method is executing, it can be associated with either a single transaction
or no transaction at all. If this limitation will make coding your bean difficult, you should consider
using bean-managed transactions.
Have an Entity Bean to represent the customer. Use a Servlet to manage the users session and use
BMT to manage the transactions.
Have an Entity Bean to represent the customer. Use a Stateful Session Bean to manage the users
session and use BMT to manage the transactions.
Have an Entity Bean to represent the customer. Use a Servlet to manage the users session and use
CMT to manage the transactions.
Have an Entity Bean to represent the customer. Use a Stateful Session Bean to manage the users
session and use CMT to manage the transactions.
Which of the following is the most important item that should be considered when designing an
application?
Choice D is correct. The most important consideration when designing an application is that it meets
the needs of the customer. Ensuring the application is produced on time and within budget is
something that should be done but it is not the number one concern. The application does not have to
be the best possible solution under the circumstances. As long as it meets the customer's needs, it is
considered adequate. Performance - A measure of the system in terms of response time or number of
transactions per unit time. Load Distribution (e.g. DNS Round Robin) and Load Balancing are two
techniques that aid in higher performance. Other development and deployment related tasks such as
Application Tuning, Server Tuning, and Database Tuning also help the system perform better.
Scalability - The ability of a system to perform and behave in a satisfactory manner with increases in
load. Reliability - The ability of a system to assure the integrity and consistency of the application and
all its data as the load increases. Availability - The ability of a system to assure that all services and
resources are always accessible. This can be achieved through fault tolerance (the ability to prevent
system failures in case of service(s) / component(s) failures, commonly implemented via redundancy)
techniques such as Active and Passive Replication. Extensibility - The ability to easily add new
functionality to the existing system. This can be achieved by using best practices and well-defined
architecture and design techniques. Maintainability - Ability to easily correct flaws in the existing
system. Security - The ability to protect a system and all its components and services against potential
attacks. Security attacks generally try to compromise confidentiality and integrity of the system.
Sometimes they also take the form of 'Denial of Service' (DoS) attacks that bring down a system by
flooding it with messages. Security can be addressed by the use of technologies (firewalls, DMZ, data
encryption, Digital Certificates and so on) and methodologies (good security policies and procedures.)
Manageability - The ability to monitor and perform preventive maintenance on a system.
Scalability
Maintainability
Reliability
Meeting the needs of the customer
Performance
Ensuring the application is produced on time and within budget
Secure
That the application is technically the best possible solution
Availability
Extensibility
You have been contracted by a company to examine an existing system that consists of PL/SQL stored
procedures a JSP/Tomcat cluster of web servers and an Oracle database. The main issue with existing
system is maintenance; every time they try to change code, they run into problems. What do you
recommend in this situation?
Choice C is correct. The key to this question is that the business logic has been implemented as
PL/SQL stored procedures. This means there is a tight coupling between the data store and the
business logic. This will have a direct affect on the maintenance of the application. To improve this,
the best solution is to move the business logic from the PL/SQL scripts to an Application Server and
use Enterprise Beans. Another reason in favor of using an Application Server is that they are already
using JSP and Tomcat web servers. Therefore, the Application Server will integrate well into this
solution. You could move the business logic into Servlets as suggested in choice A but this would
create tight coupling between the business logic and presentation code. The application would still be
hard to maintain, with problem areas at a different place. Choice B is incorrect, as there is tight
coupling between the data store and business logic. Even if the code is properly structured and
commented, there will still be tight coupling between the data store and business logic. However,
Move the PL/SQL business logic into Servlets.

There shouldn't be any problems with maintenance as the business logic has already been
separated from the presentation and data store (PL/SQL stored procedures).
Separate the business logic by using an Application Server.
Look through the code making sure it is structured well and commented, separating any duplicated
code into a common class.
You are designing an application for editing photographs that will provide effects such as converting a
color picture to black and white, enlarging certain areas of the print, creating a watercolor effect etc.
The application is structured such that the photographic image is represented by one object and each
effect is represented by an object. A control object is used to co-ordinate with these objects. When the
user selects the color-to-black and white effect, it changes the state of the Color object to Black and
White. This then needs to co-ordinate with the control object and apply the effect. As the state of an
effect object changes, it needs to co-ordinate with the photographic image object. Which design pattern
do you use for this process?
Choice D is correct. The key to this question is that this application uses a Control object to co-
ordinate state changes between objects. The Mediator pattern allows you to co-ordinate state changes
between other objects by using one object. There is no design pattern called the Notifier in the Gang
of Four book or in the J2EE blueprint patterns catalog. Therefore, choice B is incorrect. Mediator -
(GOF 273):"Define an object that encapsulates how a set of objects interact. Mediator promotes loose
coupling by keeping objects from referring to each other explicitly, and it lets you vary their
interaction independently. "The other patterns were: Chain of Responsibility - (GOF 223):"Avoid
coupling the sender of a request to its receiver by giving more than one object a chance to handle the
request. Chain the receiving objects and pass the request along the chain until an object handles it.
"Command - (GOF 233):"Encapsulate a request as an object, thereby letting you parameterize clients
with different requests, queue or log requests, and support undoable operations". State - (GOF
305):"Allow an object to alter its behavior when it's internal state changes. The object will appear to
change its class." Strategy - (GOF 315):"Define a family of algorithms, encapsulate each one, and
make them interchangeable. Strategy lets the algorithm vary independently from clients that use it."
Chain of Responsibility
Notifier
Observer
Mediator
Command
State
You have a method that may or may not execute in a transaction as part of that transaction. What is the
correct attribute in the deployment descriptor?
Choice A is correct. A method must support execution within a transactional scope if it is to be
executed as part of a transaction. The word 'supports' also implies that although it can be part of a
transaction, it does not have to. 'Not Supported' implies the method cannot be executed as part of a
transaction. 'Mandatory' and 'Required' imply that the method must be executed as part of a
transaction. Leaving the deployment descriptor empty is not the default setting for 'supports.'
Supports
Not Supported
Mandatory
Required
Leave it as empty as this is the default setting
When would you use the Visitor pattern?

Choice D is correct. To solve the problem described in choice A, you would use the Adapter pattern.
Hence, choice A is incorrect. There is no problem described in choice B as the objects are already
connected and would be able to send messages to each other. In the Visitor pattern, you do not change
the classes of elements on which it operates. Hence, choice C is incorrect. Visitor - (GOF
331):"Represent an operation to be performed on the elements of an object structure. Visitor lets you
define a new operation without changing the classes of the elements on which it operates."
You need two unconnected objects to be able to send messages to each other.
You need two connected objects to be able to send messages to each other.
You need to create a new operation on an object and you will change the classes of elements on
which it operates.
You need to create a new operation on an object without changing the classes of elements on
which it operates.
You are writing an application that will allow people to communicate directly with each other. The
application will consist of a frame with two panels. The users will type their messages in the top panel
and read messages in the bottom panel. What is the best way to implement this application - as an
Applet or a standard Java application?
Choice B is correct. The reason for choosing the standard Java application over an Applet is due to
security restrictions. As the question says that the users will need to communicate directly with each
other, and not back to the server from which the applet was downloaded. This would not be allowed
under standard Applet security permissions and although the security settings can be fully customized
to allow applets to connect to different machine that is not what applets were designed for. Another
important point to the question is that there is no requirement that this communication tool be made
available over the web. So creating this as a standard Java application is the most appropriate choice.
As an Applet.
As a standard Java application.
Which of the following lists shows the correct order of Enterprise Bean types in terms of resources?
Note: Heaviest to lightest.
Choice B is correct. An Entity Bean is the heaviest bean in terms of resources usage. The state of an
Entity Bean is permanently persisted in a database. Making a connection to the database is expensive
in terms of CPU time so this bean has to be the most expensive. Stateful Session Beans maintain their
state by the Container writing the bean's state to a temporary store such as a file. Stateless Session
Beans are least expensive because they have no state to persist, even temporarily.
Stateful Session Bean, Stateless Session Bean, Entity Bean
Entity Bean, Stateful Session Bean, Stateless Session Bean
Stateful Session Bean, Entity Bean, Stateless Session Bean
Entity Bean, Stateless Session Bean, Stateful Session Bean
Stateless Session Bean, Stateful Session Bean, Entity Bean
Stateless Session Bean, Entity Bean, Stateful Session Bean
You need to maintain a user's session for a web application. Which protocol would you use? Note:
There is no secure data in this application.
Choice D is correct. Normally, you would think that the best possible choice would be to use HTTPS.
However, all you need to do is to maintain a user's session. This can be done through URL re-writing,
cookies, or letting the web server handle the session. Most modern web servers can track clients and
maintain sessions for them. There is also no need for the security that HTTPS would give you and as
encrypting each user's session would be expensive in terms of CPU time. Therefore, choice B is
incorrect. JRMP and IIOP are Stateful protocols but are not suitable for web applications. Therefore,
choices A and E are incorrect.
IIOP
HTTPS
SHTTP
HTTP
JRMP
You have contracted by a company to assess an application currently deployed in production. The
application meets all of the company's original requirements and is coping well with the current
number of users. The company is quite happy with it. It has been written using PERL and CGI scripts
and there are no transactions in this system. What do you recommend they do?
Choice C is correct. The key to this question is: The application meets all of the company's original
requirements and is coping with current number of users. The company is quite happy with it. There is
no need to change an application that does everything it is supposed to do. Choice B is technically
correct, JSP and Servlets will be more maintainable than PERL/CGI scripts but it is not the most
appropriate answer. Choice D is incorrect for the same reasons as choice B, in addition to the fact that
there appears to be no clear need for using an Application Server (there are no transactions and there is
no mention of persistence requirements.) Choice A is also incorrect for the same reasons as choice B.
Migrate the solution to ASP based solution.

Migrate the solution to JSP and Servlets. In the future this will be more maintainable solution.
Keep it the way it is.
Migrate to JSP/Servlets and an Application server. In the future this will be more maintainable
solution.
You are designing an application that will use SSL to transmit data securely from one application to
another. You know that you can easily use existing SSL implementations but you would like to learn
more about SSL and have decided to implement your own version. You know that the client and server
must agree a method of encryption as part of the SSL handshake. However, you do not know which
method of encryption to use. Which design pattern will help with this? Note: This is not a web-based
application.
Choice C is correct. There are really only two possible answers for this question - the Strategy pattern
and the Template Method pattern. The Strategy pattern is the better choice because the algorithms are
encapsulated so that they can be used interchangeably. So you can add RSA, DES, etc. and then during
the handshake the server can select the appropriate encryption object. Strategy - (GOF 315):"Define a
family of algorithms, encapsulate each one, and make them interchangeable. Strategy lets the
algorithm vary independently from clients that use it." The other patterns were: Interpreter - (GOF
243):"Given a language, define a representation for its grammar along with an interpreter that uses the
representation to interpret sentences in the language." Decorator - (GOF 175):"Attach additional
extending functionality." Composite - (GOF 163):"Compose objects into tree structures to represent
part-whole hierarchies. Composite lets clients treat individual objects and compositions of objects
uniformly." Template Method - (GOF 325):"Define the skeleton of an algorithm in an operation,
deferring some steps to subclasses. Template Method lets subclasses redefine certain steps of an
algorithm without changing the algorithm's structure."
Decorator
Interpreter
Strategy
Composite
Template Method
What is true about CMT (Container Managed Transactions)?

Choices A and C are correct. Entity Beans can only use Container Managed Transactions (CMT) but
Session Beans can use either CMT or Bean Managed Transactions (BMT). So choice D is the other
way around. CMT is less flexible than BMT and cannot handle transactions at the same level of
granularity as BMT, so choice B is incorrect as well. The following is taken from:
the transaction. http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Transaction4.html In a bean-managed
transaction, the code in the session or message-driven bean explicitly marks the boundaries of the
transaction. An entity bean cannot have bean-managed transactions; it must use container-managed
transactions instead. Although beans with container-managed transactions require less coding, they
have one limitation: When a method is executing, it can be associated with either a single transaction
or no transaction at all. If this limitation will make coding your bean difficult, you should consider
using bean-managed transactions.
Works for both Entity and Session beans.

It is more flexible than BMT. Can handle transactions at a much finer granularities than BMT.
It is less flexible than BMT. Cannot handle transactions at a finer granularity than BMT.
Does not work for both Entity and Session beans.
You have invented the next generation spell checker that can learn from and automatically correct the
common typing mistakes of an individual user. You have already sold licenses to many major software
vendors and plan to retire in the sun. However, you are required to make slight changes in the logic to
suit each software vendor's individual application needs. What design pattern will help you marginally
change the logic in a class for use in different applications?
Choice E is correct. Template Method - (GOF 325):"Define the skeleton of an algorithm in an
operation, deferring some steps to subclasses. Template Method lets subclasses redefine certain steps
of an algorithm without changing the algorithm's structure." The other design patterns are: Strategy -
(GOF 315):"Define a family of algorithms, encapsulate each one, and make them interchangeable.
Strategy lets the algorithm vary independently from clients that use it." Mediator - (GOF 273):"Define
an object that encapsulates how a set of objects interact. Mediator promotes loose coupling by keeping
objects from referring to each other explicitly, and it lets you vary their interaction independently."
Interpreter - (GOF 243):"Given a language, define a representation for its grammar along with an
interpreter that uses the representation to interpret sentences in the language."
Strategy
Adapter
Mediator
Interpreter
Template Method
You have been reading the Gang of Four pattern book again and you suddenly notice a similarity
between a design pattern and Publish/Subscribe messaging model. What design pattern is similar to the
Publish/Subscribe messaging model?
Choice C is correct. The observer pattern is similar to Publish/Subscribe messaging model. There are
no patterns called Publisher or Subscribe in the Gang of Four pattern book. Hence, choices A and F are
incorrect. Observer - (GOF 293):"Define a one-to-many dependency between objects so that when one
object changes state, all its dependents are notifies and updated automatically." The other patterns
were: Visitor - (GOF 331):"Represent an operation to be performed on the elements of an object
structure. Visitor lets you define a new operation without changing the classes of the elements on
which it operates." Chain of Responsibility - (GOF 223):"Avoid coupling the sender of a request to its
receiver by giving more than one object a chance to handle the request. Chain the receiving objects and
pass the request along the chain until an object handles it." Flyweight - (GOF 195):"Use sharing to
support large numbers of fine-grained objects efficiently." Proxy - (GOF 207): "Provide a surrogate or
placeholder for another object to control access to it." Publish Subscribe Messaging: Generally
Pub/Sub is used when a one to many broadcast of messages is required. 'Producers' sends messages to
many clients via virtual channels called 'Topics.' 'Consumers' receive messages by subscribing to
topics. Consumers receive a copy of all messages in the topic they have subscribed to. The
Publish/Subscribe messaging Architecture is generally a push-based model. Consumers may optionally
establish 'durable' subscriptions that allow them to collect messages after periods of inactivity.
Publisher pattern.
Flyweight pattern.
Observer pattern.
Chain of Responsibility pattern.
Subscribe pattern.
Visitor pattern.
Proxy pattern.
When would you use the DAO pattern in regards to a Stateful Session Bean? DAO = Date Access
Object CMP = Container Managed Persistence BMP = Bean Managed Persistence
Choice E is correct. You would normally use a DAO with BMP Entity Beans or Stateless Session
Beans. Entity Beans permanently persist data and can survive server crashes. Choices C and D are
incorrect because you would never use a DAO with CMP irrespective of the type of bean you were
dealing with. The Data Access Object does not improve the performance of your application. When
you use Bean Managed Persistence, you are writing all the SQL needed to persist the bean yourself.
This means that you are using database specific SQL and the same SQL might not work with a
different database vendor. For simple operations like Catalog Retrieval, a Stateless Session Bean is
often employed with DAO as well. The flow for such operations often looks like: JSP?ntroller
(Request Processor / Request Dispatcher)?rvice Locator?ssion Bean?O?tabaseWith both BMP Entity
Beans and Stateless Session Beans, the Data Access Object pattern (DAO) is used to reduce the
dependency between Enterprise Beans and the underlying database. This means that the data object
manages the connection to the data source and if the data source changes you only need update this one
object, the change does not affect the rest of your application. With Stateful Session Beans, the data is
never permanently stored in a database. Therefore, they cannot survive a server crash. Stateful Session
Beans, as the name suggests, are used for maintaining conversational state with clients. They are
generally more expensive in terms of resources (they are not pooled) and are therefore not normally
used for simple database operations such as catalog retrieval.
When using CMP to reduce dependence on underlying data store.

When using BMP to reduce dependence on underlying data store.
When using BMP to increase performance.
When using CMP to increase performance.
You wouldn't use a DAO with Stateful Session Beans.
When writing to a temporary store when ejbPassivate() is called.
Which two of the following statements correctly describe the Publish/Subscribe Messaging model and
the Point-To-Point Messaging model respectively?
Choices D and F are correct. Publish/Subscribe messaging model is like someone publishing one
message on a bulletin board and that message being read by/emailed to many subscribers. (One-to-
many). Point-To-Point messaging model is a one-to-one relationship e.g. a message from one
application to another. (From one point to one other point). For more detailed explanations: Publish
Subscribe Messaging: Generally Pub/Sub is used when a one to many broadcast of messages is
required. 'Producers' sends messages to many clients via virtual channels called 'Topics.' 'Consumers'
receive messages by subscribing to topics. Consumers receive a copy of all messages in the topic they
have subscribed to. The Publish Subscribe Architecture is generally a push-based model. Consumers
may optionally establish 'durable' subscriptions that allow them to collect messages after periods of
inactivity. Point-to-Point Messaging: Point-to-point: The point to point messaging model allows both
'send and receive' and 'send and forget' messages, via virtual channels called 'queues.' The p2p model
typically uses a 'pull' or 'polling' model. In this model, clients generally request messages from queues.
Publish/Subscribe Messaging is a message queue system.

Publish/Subscribe Messaging = One sender and one receiver.
Point-To-Point Messaging = N senders and one receiver.
Publish/Subscribe Messaging = 1 sender and n receivers.
Point-To-Point Messaging is a message queue system.
Point-To-Point Messaging = One sender and one receiver.
As part of an application you are developing, you need to move the state of an object but not its
behavior. Which of the following should you use?
Choice B is correct. CORBA only moves the state of an object but RMI moves the object's behavior as
well. Choice A is not appropriate as it is a stateful protocol and is not a framework for moving objects.
Choices D and E are incorrect, as they are both names of protocols used by RMI and CORBA
respectively. These are both protocols, not frameworks for moving objects.
HTTPS
CORBA
RMI
JRMP
IIOP
Which of the following is an accurate description of what the java.text package is used for about
Internationalization?
Choice C is correct. The following is taken from:
http://java.sun.com/j2se/1.3/docs/api/java/text/package-summary.html Provides classes and interfaces
for handling text, dates, numbers, and messages in a manner independent of natural languages. This
means your main application or applet can be written to be language-independent, and it can rely upon
separate, dynamically linked localized resources. This allows the flexibility of adding localizations for
new localizations at any time.
Contains dictionaries of foreign languages.

Contains classes used to read text in foreign languages.
Contains classes that support locale-specific manipulation of text.
Contains classes used to convert text into languages that use special symbols.
Which of the following statements about the Properties class are true?
Choice C is correct. Although choice D is technically correct, this kind of use is strongly discouraged
(see below for an explanation). The Properties class stores no information about the Program and gives
you no access to local system resources. Therefore, choices A and B are incorrect. The following is
taken from: http://java.sun.com/j2se/1.3/docs/api/java/util/Properties.html The Properties class
represents a persistent set of properties. The Properties can be saved to a stream or loaded from a
stream. Each key and its corresponding value in the property list is a string. A property list can contain
another property list as its "defaults"; this second property list is searched if the property key is not
found in the original property list. Because Properties inherits from Hashtable, the put and putAll
methods can be applied to a Properties object. Their use is strongly discouraged as they allow the caller
to insert entries whose keys or values are not Strings. The setProperty method should be used instead.
If the store or save method is called on a "compromised" Properties object that contains a non-String
key or value, the call will fail.
Is used to get access to local system resources such as files etc.

To store information about the program, like an external configuration file.
It should only be used to store Strings.
It should be used to store all types of objects.
Choice D is correct. The diagram shown here is a class diagram. Attributes are shown above methods.
The symbols used to describe visibility in UML are: + public, # protected, - private For more
information about UML, please visit http://www.uml.org/
Ian_Mock2_qn23.jpg
Class1 has a public attribute called AnAttribute
Class1 has a private attribute called AnAttribute
Class2 has a public attribute called AnAttribute
Class2 has a private attribute called AnAttribute
You have been developing a 3-Tier web application to sell imported cars at huge discounts to
customers. You have many types of customers, ranging from individuals to corporate customers. You
have Entity Beans to represent the Cars and Stateful Session Beans for the business logic involved in
pricing and selling a car. In the Session Bean, there are methods that apply discounts depending on the
customer type. You only want the client to be able to execute these methods for corporate customers.
Is it possible to specify which methods can and cannot be executed on a Session Bean or will this kind
of security need to be coded by the developer?
Choice A is correct. It is possible to specify which session bean is allowed to access to business
methods. Firstly, you define security roles as in the following example: <security-role>
<description>A corporate customer</description> <role-name>Corporate</role-name>
</security-role> Then you can grant method permissions as in the following example: <method-
permission> <role-name> Corporate</role-name> <method> <ejb-
name>CarSale</ejb-name> <method-name>ApplyDiscount</method-name>
</method> </method-permission>
Yes, this is possible.

No, this will need to be coded by the Developer.
It is not possible to do this even by writing you own code.
What type of diagram is this diagram? (Please Click on "Exhibit Button" to view the Diagram )
Choice C is correct. The diagram shown here is a Component diagram. To see examples of other
diagrams please visit: http://www.uml.org/
colloboration.jpg
Deployment
Collaboration
Component
Activity
Your colleague is always boasting about how fast his PC is. Therefore, as a lighthearted joke, you
decide to write an applet to slow his PC down. This applet tries to work out the square roots of huge
numbers. To use up his resources, your applet will spawn a new thread every twenty to thirty seconds.
Will this applet work or would the Java security manager stop it?
Choice A is correct. Although Applets have very tight restrictions and execute within a sandbox, they
can actually use as many system resources as the operating system allows them. There is no reference
to the amount of memory an Applet can use in the security.policy file. Hence, choice B is incorrect.
Choice C is almost right but not the most appropriate choice. The operating system will allocate
memory initially for the JVM to run in but it is possible for this to be extended once the JVM is
running but this is entirely dependent on the operating system.
It will work.
The security manager kill the Applet as soon as it tries to use more resources than are specified in
the security.policy file.
The Applet will only use up the memory it's initially allocated and therefore won't use up any
more resources than that.
You have a JAR file that has been signed by a third-party vendor. A Trusted Certificate Authority
(CA) has signed the third-party vendor's certificate. Is it possible to add any more classes to this JAR
file?
Choice A is correct, as it is possible to add more classes to the JAR file. When you sign a JAR file,
you are not signing the JAR file itself but individual files it contains. This means you can use a tool
like WinZip to add new files (classes, images etc) to the existing JAR file without necessarily
invalidating the signature. Note: The files that are added later, are not be signed.
Yes
No
You should use EJBs even if there is NO data to persist in your application but there are transactions.
True or False?
Choice A is correct as the statement is TRUE. It is recommended that you use Enterprise Javabeans if
transactions are involved in the application. The following is taken from:
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/EJBConcepts2.html The application must be scalable. To
accommodate a growing number of users, you may need to distribute an application's components
across multiple machines. Not only can the enterprise beans of an application run on different
machines, but also their location will remain transparent to the clients. Transactions are required to
ensure data integrity. Enterprise beans support transactions, the mechanisms that manage the
concurrent access of shared objects. The application will have a variety of clients. With just a few lines
of code, remote clients can easily locate enterprise beans. These clients can be thin, various, and
numerous.
True
False
You are working on a new application that will help your company co-ordinate sales data across
different departments. The aim is that everyone has the same sales data at the same time. This project
needs to be finished as soon as possible. You have therefore bought some third party code to speed up
the development process. The code has been signed and is packaged in a jar file. To test the signature
the vendor of the software has emailed you the public key. What do you know about it?
Choice F is correct. There are two key aspects to this question. Firstly, this is a question about digital
signatures, not digital certificates. Secondly, you were emailed the public key to validate the signature.
You have not been passed the public key in a secure fashion. Hence, you would not know whether
someone has not altered the code, signed it and then intercepted the key that you were going to use to
validate the signature. Digital certificates solve this problem and validate that a public key belongs to
its real owner. Just because the code is signed, it does not mean that it is fully tested and does what it
is supposed to do. Thus, choice A is incorrect. Choices B, C, D and E are incorrect because you do not
know if you have the real public key to validate the signature.
The code is fully tested and performs the task it was designed for.
The jar file contains no malicious code.
The code could not have been modified after it was signed.
If the public key doesn't validate the signature then you know all the code is malicious.
If the public key validates the signature then you know all the code is safe.
None of the above.
In EJB 2.0, what is the Component interface?

Choice D is correct. Note: This type of question will not be in the EJB 1.1 version of the SCEA but is
likely to be in the EJB 2.0 version of the SCEA. Message-Driven beans do not implement any
interfaces in EJB 2.0. The Component interface is the new name for the Remote interface as introduced
in the EJB 2.0 specification. Remote Interface (Component Interface in EJB 2.0): Defines the Bean's
business methods. The Remote Interface extends javax.ejb.EJBObject. Home Interface: Defines the
Bean's life cycle methods - creation, location and removal. The Home Interface extends
javax.ejb.EJBHome. Note that the create method is optional for Entity Beans. This is useful when you
do not want to clients to be able to insert data into the database.
The interface that Message-Driven Beans must implement.

There is no component interface in EJB 2.0.
The new name for the Home interface.
The new name for the Remote interface.
You are working on a new application that will help your company co-ordinate sales data across
different departments. The aim is to have everyone access the same sales data at all times. This project
needs to be finished as soon as possible and you have bought some third-party code to speed up the
development process. The code has been signed using a digital certificate and packaged in a jar file.
Which of the following describes what you definitely know about the third-party code? Note: Digital
certificates have been signed by a trusted Certificate Authority.
Choice C is correct. All you definitely know is that the code has been signed using the third-party
vendor's private certificate. You do not know whether it was actually signed by the third-party vendor
or an impersonator. Thus, choices B and D are incorrect. Just because the code is signed, does not
mean that the jar file does not contain malicious code. Therefore, choice A is correct. Just because
code is signed, does not mean it is fully tested and does what it was supposed to do. Choice E is
therefore incorrect.
The jar file contains no malicious code.

The jar file was signed by the third-party vendor
The jar file contents may contain malicious code.
Someone impersonating the third-party vendor may have signed the jar file.
The code is fully tested and performs the task it was designed for.
You have been contracted by a movie memorabilia company to set up an online shop. The company
buys bulk goods from movie sets (stage props, costumes, gadgets etc), splits them into single items and
then auctions them. The company used to hire sports halls or community centers to auction items in a
traditional manner. They predict that by moving to an online solution they will reach a wider audience
and make a greater profit despite the initial investment that the new system will involve. Which of the
following is the most suitable initial design for this application?
Choices B, D, E, G and I are correct. This question is really five mini questions. If the business logic
is put into the Servlet, you are creating Fat clients with presentation and business logic tightly coupled.
Therefore, it is more appropriate to use a Stateful Session Bean especially since the Bean can be used
in the Session Facade pattern (See below). The site is an online auction site with bids being placed at
different times. This implies that transactions will need to be handled at a very fine level of granularity
therefore Bean Managed Transactions is the most appropriate choice. The customer and sales items
both need to be persisted so they should be implemented as Entity Beans. The Entity Beans (customer
and sales items) would not be complicated objects so Container Managed Persistence would be the
better choice. Session Facade : A client should never "talk" directly to an Entity EJB. Instead, a
Session to Entity pattern called a Session-Facade should be used. As the name suggests, this pattern is
based on the GoF Facade pattern. The Session Facade provides a simple interface to a complex
subsystem. The simple interface is the Session Bean and the Complex subsystem is the Entity Bean.
The client talks to the Session Bean, which in turn communicates with the Entity Bean.
The business logic will be handled in a Servlet

The business logic will be handled in a Stateful Session Bean
Use Container Managed Transactions
Use Bean Managed Transactions
The customer will be represented with an Entity Bean
There is no need for a customer bean as a customers interaction with the site is just business logic
and will be handled in the Servlet/Stateful Session Bean
Use Container Managed Persistence
Use Bean Managed Persistence
The sale items will be represented with an Entity Bean
The sale items will be stored directly on a database
You have an application that is running in a DMZ that your company has set up. There are two
firewalls - the first filters out packets based on destination ports other than port 80 (allows standard
HTTP requests). The second filters out packets based on the origin IP address (only allows company IP
addresses through). Can you connect to the application running in the DMZ from your Home
computer? Note: The application running in the DMZ is on port 80.
Choice A is correct as you can connect to the application running in the DMZ from your Home
computer. DMZ stands for Demilitarized zone. To set up a DMZ, you need two firewalls and you
create three separate regions. The different regions are the Internet, DMZ (in the middle) and the third
is your network. You would have a server in the DMZ that is accessible to both the public and your
network. The Internet may not access your network but they can access the server in the DMZ. Your
network must access the Internet through the server in the DMZ. The key to this question is that you
are not trying to connect to an application within the second firewall that filters out requests based on
IP address. Therefore, you could definitely connect to the application from home. A Useful link:
http://www.saintrochtree.com/network-advices/000004.htm
Yes
No
The Enterprise JavaBean 2.0 specification has introduced the notion of local Clients. What are Local
Clients and why were they introduced?
Choices C and F are correct. Note: This type of question will not be in the EJB 1.1 version of the
SCEA but is likely to be in the EJB 2.0 version of the SCEA. Prior to the Enterprise JavaBean 2.0
specification, all Bean clients were seen as remote clients. This meant that if a Session Bean needed to
talk to an Entity Bean inside the same Virtual Machine it would still need to make a remote call. This
obviously had a direct impact on performance. In EJB 2.0, Enterprise Beans can now treat other beans
in the same VM as local clients. Local Clients can access the beans through its local and local home
interfaces. Remote clients use pass-by-value but Local clients use pass-by-reference. For more
information, please visit http://java.sun.com/products/ejb/2.0.html
Local Clients should be used when the web server is running on the same machine as the
application server.
Local Clients should be used when Session Beans need to communicate with Entity Beans.
Beans in the same Virtual Machine should use local Clients.
Local Clients have been introduced to make testing code easier.
Local Clients have been introduced to improve maintainability.
Local Clients have been introduced to improve performance.
Local Clients should be used when the database is running on the same machine as the application
server.
When would you use the Flyweight pattern?

Choice B is correct. Choice A is a description of the Observer pattern. Choice C is incorrect because
the instances of your class can be used interchangeably in the Flyweight pattern. Flyweight - (GOF
195):"Use sharing to support large numbers of fine-grained objects efficiently."
When you need classes to be notified of events but you don't know which classes or if you will
need to add more at a later date.
When the instances of your class can be used interchangeably and you want to reduce the number
of instances created in order to improve performance.
When the instances of your class cannot be used interchangeable and you need to convert them so
that they are interchangeable.
Which of the following offers an accurate description of Message-Driven Enterprise Beans?

Choice B is correct. Note: This type of question will not be in the EJB 1.1 version of the SCEA but is
likely to be in the EJB 2.0 version of the SCEA. As stated in choice B, a Message-Driven bean is an
enterprise bean that allows J2EE applications to process messages asynchronously. Choice C is
incorrect because messages are sent asynchronously. Choices A, D and E are all factually incorrect.
For more information about Message-Driven beans see below. The following is taken from:
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/EJBConcepts5.html A message-driven bean is an
enterprise bean that allows J2EE applications to process messages asynchronously. It acts as a JMS
message listener, which is similar to an event listener except that it receives messages instead of
events. The messages may be sent by any J2EE component--an application client, another enterprise
bean, or a Web component--or by a JMS application or system that does not use J2EE technology.
Message-driven beans currently process only JMS messages, but in the future, they may be used to
process other kinds of messages.
Message-Driven beans are just a new way of describing a JMS message. This has been formalized
with the EJB 2.0 specification.
A Message-Driven bean is an enterprise bean that allows J2EE applications to process messages
asynchronously.
A Message-Driven bean is an enterprise bean that allows J2EE applications to process messages
synchronously.
A Message-Driven bean is used when you need to interact with messaging systems other than
JMS.
A Message-Driven bean is like a Session Bean except that if the server is busy it will put the
Message-Driven beans' method requests in a queue and execute them one at a time to reduce the
load on the Application Server.
What is the biggest difference between Message-Driven Beans and Entity and Session Beans?
Choices B and D are correct. Note: This type of question will not be in the EJB 1.1 version of the
SCEA but is likely to be in the EJB 2.0 version of the SCEA. Choice A is incorrect, Message-Driven
beans do not have Home or Remote interfaces, they just have a bean class. The state of Message-
Driven beans is not persisted like Entity beans. So choice C is incorrect. The following is taken from:
http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/EJBConcepts5.html The most visible difference between
message-driven beans and session and entity beans is that clients do not access message-driven beans
through interfaces. Unlike a session or entity bean, a message-driven bean has only a bean class.
There is no difference in structure between Message-Driven Beans and Entity and Session Beans.
They all have Home, Remote interfaces and a bean class.
Message-Driven beans don't have a Home interface.
A Message Driven bean is different from Session Bean because its state is persisted.
Clients do not access Message-Driven beans through interfaces.
When should you use Message-Driven Beans?

Choice C is correct. Note: This type of question will not be in the EJB 1.1 version of the SCEA but is
likely to be in the EJB 2.0 version of the SCEA. Choice B is incorrect, Message-Driven beans will not
increase the performance of a service. Choice D is the other way around and choice A is factually
incorrect. The following is taken from:http://java.sun.com/j2ee/tutorial/1_3-
fcs/doc/EJBConcepts5.htmlSession beans and entity beans allow you to send JMS messages and to
receive them synchronously, but not asynchronously. To avoid tying up server resources, you may
prefer not to use blocking synchronous receives in a server-side component. To receive messages
asynchronously, use a message-driven bean.
If you need to send any JMS message.

When you need to use an external service such as a credit card validation service and performance
is essential.
When you need to send JMS messages asynchronously.
When you need to send JMS messages synchronously.
When would you use the Mediator pattern?

Choice A is correct. The Mediator pattern allows you to co-ordinate state changes between many
objects by using one mediator object. Choice B is a description of the Decorator pattern. The Strategy
pattern is described in choice D. Choice C describes the Bridge pattern. Mediator - (GOF 273):"Define
objects from referring to each other explicitly, and it lets you vary their interaction independently."
When you need to co-ordinate the state changes between other objects by using one object.
When you need to add functionality to a class without changing its interface.
When you need create a separation between abstractions and classes that implement those
abstractions.
You need a class that will be used in lots of different applications where the logic will only change
slightly.
You are developing an application to support a huge number of users. You are worried about the
performance of the application because you need to use many Entity Beans. A work colleague has
suggested using the Value Object design pattern. What is the pattern and how will it benefit you?
Choice A is correct. Note: This type of question will not be in the EJB 1.1 version of the SCEA but is
likely to be in the EJB 2.0 version of the SCEA. Every time you access an Entity Bean, there is a
significant overhead, as the call must go across the network and through the container to access the
bean. One way to reduce the number of calls you need to make to Entity beans is by using the Value
Object pattern. A Value Object (VO) is a snapshot of the state of an Entity Bean at a particular time.
The idea is that a client will require more than one value from an Entity bean so instead of making
several calls to an Entity Bean a Value Object is created containing all of these values. This Value
Object is downloaded by the client so they can make the same calls only this time locally and directly
on the bean. A Value Object is normally implemented as a JavaBean and is made immutable because
there is no data synchronization (the JavaBean only provides getter methods).
A snapshot of the state of an Entity Bean at a particular time.

An object that is used instead of an Entity Bean. For example if you were going to use a Customer
bean you would create a Customer Value Object and the Application Server would use this
instead. A Stateful Session Bean would control it.
An object that is used instead of an Entity Bean. For example if you were going to use a Customer
bean you would create a Customer Value Object and the Application Server would use this
instead. A Stateless Session Bean would control it.
There is no such thing as a Value Object design pattern.
There is a Value Object design pattern but it would not be appropriate to use it here.
A Value Object is the state of an Entity Bean that is kept in memory by the Application Server.
(Its state is periodically persisted.)
A Value Object is the state of an Entity Bean that is kept in memory by the Application Server.
(Its state is not persisted and the data becomes stale after a while.)
What are the benefits of synchronous messaging?

Choice D is correct. Choices A, B and C are all describing asynchronous messaging. Synchronous,
tightly coupled communication between distributed components: This is the model of CORBA, RMI,
EJB and so on. The programming model is called Remote Procedure Call (RPC). Asynchronous,
loosely coupled communication between components: This is the Message Oriented Middleware or
MOM model. The programming model is called Messaging.
Less coupling between the sender and receiver.

Network doesn't have to be available.
Does not block the sender.
Good for transaction processing.
Can you use BMT (Bean Managed Transactions) with Entity Beans? True/False?
Choice B is correct. Entity Beans can only use Container Managed Transactions (CMT) but Session
Beans can use either CMT or Bean Managed Transactions (BMT). CMT is less flexible than BMT and
cannot handle transactions at the same level of granularity as BMT. The following is taken from:
the transaction. The following is taken from: http://java.sun.com/j2ee/tutorial/1_3-
fcs/doc/Transaction4.html In a bean-managed transaction, the code in the session or message-driven
bean explicitly marks the boundaries of the transaction. An entity bean cannot have bean-managed
transactions; it must use container-managed transactions instead. Although beans with container-
managed transactions require less coding, they have one limitation: When a method is executing, it can
be associated with either a single transaction or no transaction at all. If this limitation will make coding
your bean difficult, you should consider using bean-managed transactions.
True
False
In which of the following situations, would you use the Observer pattern?
Choices A and D are correct. The observer pattern is used to notify dependents of an object when that
object changes state. Choice E is a description of the Mediator pattern. Choice C is incorrect because
the Observer pattern does not reduce the number of instances you need to create. Choice B is almost
correct except the messages are sent when the object being monitored changes state. Observer - (GOF
293): "Define a one-to-many dependency between objects so that when one object changes state, all its
dependents are notifies and updated automatically." Mediator - (GOF 273):"Define an object that
encapsulates how a set of objects interact. Mediator promotes loose coupling by keeping objects from
referring to each other explicitly, and it lets you vary their interaction independently."
When you need to have objects notified of events but you don't know which objects would have
such needs, or if you will need to add more objects to receive such notification, at a later date.
You want one object to monitor when the state of another object but you don't want the object
being monitored to need to send any messages regarding its state.
When the instances of your class can be use interchangeable and you want to reduce the number of
instances created in order to improve performance.
You are building an online auction site to sell rare and collectable toys. You want customers to be
notified of bids on items they are bidding for in as close to real time as possible. You would use
the Observer pattern to notify the customer objects of changes in the auction object.
When you need to co-ordinate state changes between other objects by using one object.
How has Container-Managed Persistence Changed from EJB 1.1 to 2.0?

Choice C is correct. Note: This type of question will not be in the EJB 1.1 version of the SCEA but is
likely to be in the EJB 2.0 version of the SCEA. The following is taken from:
http://developer.java.sun.com/developer/technicalArticles/ebeans/EJB20CMP/ Prior to the EJB 2.0
specification, a client stored and accessed persistent data via an entity bean's instance variables. With
the introduction of the 2.0 specification, you can designate instance variables to be container-managed
persistence fields (cmp fields) or container-managed relationship fields (cmr fields). You define these
cmp and cmr fields in the deployment descriptor. You retrieve and set the values of these cmp and cmr
fields using public get and set methods defined in an entity bean. Similar to the JavaBeans model, you
do not access the instance variables directly, but instead use the entity bean's get and set methods to
retrieve and set these instance variables. (An enterprise bean does not declare these instance variables.)
Furthermore, you use the deployment descriptor to specify the relationships between entity beans.
These relationship specifications serve as the schema definition, so that when the bean is deployed, the
bean relationships may be captured in a relational database. For example, a relationship between two
beans specified in the deployment descriptor may appear as a foreign key relationship in a relational
database. Choice A is incorrect because CMP has been reviewed in EJB 2.0. Choices F, G and D are
incorrect as specified in the above paragraphs. The performance of CMP has improved but not to the
point where it is more efficient than BMP. Therefore, choices B and E are incorrect.
There has been no change with CMP but BMP has changed.
The performance of CMP has been improved so it no more efficient than BMP.
The Bean class is now an abstract class.
You no longer need a deployment descriptor.
CMP doesn't exist in EJB 2.0 because BMP out performs CMP.
You define the fields to be persisted in the Remote interface.
You define the fields to be persisted in the Home interface.
What are the benefits of the J2EE Blueprints Fast Lane Reader design pattern and when should it be
used?
Choices B and E are correct. The following is taken from:
http://java.sun.com/blueprints/patterns/FastLaneReader.html Sometimes applications access data in a
tabular fashion, such as when browsing a catalog or a list of names or when exporting data in batches
for use elsewhere. This kind of data access is usually read-only. In such situations, using entity beans
to represent persistent data incurs overhead and provides little benefit. Entity beans are best for coarse-
grained access to individual business entities, and are not effective for read-only access to large
quantities of tabular data. The Fast Lane Reader design pattern provides a more efficient way to access
tabular, read-only data. A fast lane reader component directly accesses persistent data using JDBCTM
components, instead of using entity beans. The result is improved performance and less coding,
because the component represents data in a form that is closer to how the data are used. Choice F is
incorrect because the Fast Lane Reader can reduce the amount of code needed. Choice C is not the
most appropriate answer because although there is less coding involved it does not have a direct affect
on the maintainability of the application. (It may even reduce maintainability by increasing the
coupling between the data store and business logic). Choice A is incorrect because the Fast Lane
Reader pattern should only be used with Read Only data. Although choice D is feasible, it is not the
most appropriate choice.
When you the performance of an application is essential and you need to perform lots of
read/write actions.
Should be used when reading large amounts of read only data.
Increases maintainability.
Should be used when you need to access data that becomes stale very quickly.
Can reduce the amount of code needed.
Increases the amount of code needed.
You need to access a complex object in a recursive way, building the object from other objects. This is
an example of which pattern?
Choice D is correct. Normally, you would assume that you would need to use a creational pattern such
as the Builder or Abstract Factory to do this. (Prototype could be applicable as well, if we are not
building a family or an aggregate object, but simply prototyping existing objects). However, the
important aspect is that you need to recursively build a composite object from other objects. This is an
example of the Composite pattern. There is no such pattern as the Recursive Builder. Therefore,
choice E is incorrect. Composite - (GOF 163): "Compose objects into tree structures to represent part-
whole hierarchies. Composite lets clients treat individual objects and compositions of objects
uniformly." The other patterns were: Abstract Factory - (GOF 87): "Provide an interface for creating
families of related or dependent objects without specifying their concrete classes." Factory Method -
(GOF 107): "Define an interface for creating an object, but let subclasses decide, which class to
instantiate. Factory Method lets a class defer instantiation to subclasses." Builder - (GOF 97):
"Separate the construction of a complex object from its representation so that the same construction
process can create different representations." &&Sanjay "need to build a complex object" almost
certainly suggests that we are talking about a creational pattern. I understand the tricky nature of the
question, however I was wondering if the question needed to be reworded as "accessing a complex
object" or something. Has been updated
Abstract Factory
Factory Method
Builder
Composite
Recursive Builder
Your have been contracted by a company to upgrade their online shopping application. Their site sells
health care insurance to customers at huge discounts. The process of buying insurance is complicated.
They have however tried to simplify it as much as possible for the customer. When the customer
arrives at their site to register, they fill out a 40-question questionnaire covering basic health and
lifestyle information. The answers are then used for selecting the most appropriate level of insurance.
(Each customer does NOT get a custom health care insurance agreement; they get the most suitable
one out of a choice of 30). The customer then has the opportunity to purchase the insurance within
seven days before the quote becomes void. Based on the rough description of the system, which of the
following is the most suitable design? Note: This question should be based upon the EJB 2.0
specification.
Choices B, D, F and J are correct. Note: This type of question will not be in the EJB 1.1 version of the
SCEA but is likely to be in the EJB 2.0 version of the SCEA. The data that needs to be persisted are
the customer data and the Customer's Health Plans data (which one out of the 30 different plans.)
Although the process of buying health care insurance sounds complicated (40-question questionnaire)
the data that actually needs to be stored is very simple (customer id, health plan id etc). This means
that CMT is more appropriate than BMT (choice E is therefore incorrect.) There is no benefit in
putting the business logic in a Servlet, there still needs to be a Session Bean to talk to the Customer
and Health Plan Entity Beans. It is also possible to use the Entity Beans local client interfaces
(introduced in EJB 2.0) which will improve the performance of the application.
The Customer should be an Entity Bean

The business logic should be represented with a Stateful Session Bean
The business logic should be represented with a Servlet
The system should use CMT
Should use BMT
The Health Plan should be an Entity Bean that supports local clients
The Health Plan should be a Stateful Session Bean
The Health Plan should be a Stateful Session Bean that supports local clients
There is no need for Customer Bean as there is no need to store the customers details just the
Health Plan they bought
The Customer should be an Entity Bean that supports local clients
You are currently designing your own Desktop Publishing application, as you have not found any
existing application that does exactly what you want. As part of the design, you are using a Controller
to which you send all GUI requests. Not all objects can process the same commands. For example, you
cannot select the spell check tool when an image has the focus. To stop any possible errors, you would
like to filter out some of the messages as they are passed from these objects to the Controller object.
What pattern could you use?
Choice B is correct. Firewall and Filter are not design patterns. In this scenario, you are essentially
trying to do is filter all packets that do not meet a certain set of requirements. This behavior is just like
a Proxy server dropping packets from certain IP address etc. Proxy - (GOF 207): "Provide a surrogate
or placeholder for another object to control access to it." The other patterns: Adapter - (GOF
139):"Convert the interface of a class into another interface clients expect. Adapter lets classes work
together that couldn't otherwise because of incompatible interfaces." Observer - (GOF 293):"Define a
one-to-many dependency between objects so that when one object changes state, all its dependents are
notifies and updated automatically." Chain of Responsibility - (GOF 223):"Avoid coupling the sender
of a request to its receiver by giving more than one object a chance to handle the request. Chain the
receiving objects and pass the request along the chain until an object handles it."
Firewall
Proxy
Adapter
Observer
Filter
Your have been contracted by a company to help them improve the performance of their sales
application. You have suggested that the hardware on which the application is currently deployed (two
web servers and a database server) be migrated to 3 web servers, an application server and a database
server (all on different machines.) You assure them that all the software re-writes needed will be well
worth it in the end. What are the characteristics of your suggested architecture?
Choices B, C and D are correct. The system you have suggested they migrate to is a 3-tier system. The
characteristics of a 3-tier system are thin clients, good separation of business logic and good
scalability. This is due to the fact that each tier is separate from the other (for example, it would be
possible to change the data store without affecting the business logic). Choice A is incorrect; the
suggested system has thin clients, the business logic residing on the application server, in the middle
tier. Since there is a good separation of business logic, choices E and G are incorrect. Choice F is
incorrect as the 3-tier nature of the system makes it very scalable.
Fat Clients
Thin Clients
Good separation of business logic
Good Scalability
Poor separation of business logic
Poor scalability
There is no difference in the separation of business logic
You have just learned that one of the servers in your company is an off-board server. What is an off-
board server?
Choice D is correct. An off-board server is simply a proxy server for a legacy system.
Another way to describe a standard proxy server.

Another type of a screen-scraping program, (Like an object mapping one).
A server that runs within the DMZ.
A proxy for a legacy system.

Do not Cheat
Your boss is raving about the new 3-Tier architecture on which your company's sales application will
be deployed. He says that this architecture will solve all the existing problems. Does a 3-Tier
architecture have the potential to introduce any new problems?
Choice D is correct. The only problem a 3-Tier architecture could have is the possibility for poor
manageability. The separation of tiers creates thin clients and distributes business logic processing.
However, because of the distributed nature of the servers, there could be manageability problems. With
J2EE solutions however, the possibility for such problems is limited because J2EE tiers and layers
have very well defined roles and responsibilities. Choice A is incorrect because Fat clients are a
characteristic of 2-Tier architecture where the business logic is implemented on the client side. Thin
clients are good. Therefore, choice B is incorrect. A 3-Tier architecture has excellent scalability,
including horizontal scalability, making choice C incorrect. It is possible to argue that a 3-Tier
architecture may not perform as well as a single machine containing your web server, business logic
and database. However, as soon as you introduce a significant amount of users, a 3-Tier architecture
would out perform a single machine. Therefore, choice E is correct. Choice F is incorrect because a 3-
Tier architecture actually increases the separation of business logic. Choice G is incorrect because a
"single Point of failure" is not a problem that a 3-Tier architecture introduces. Although it may have a
single point of failure, you can avoid such pitfalls easily with careful design. This is much harder to do
with 2-Tier architecture and impossible with 1-Tier architecture.
Fat Clients
Thin Clients
Poor scalability
Poor manageability
Reduced performance
Reduced separation of business logic
Single point of failure
When should Java IDL be used?

http://java.sun.com/j2se/1.3/docs/guide/idl/index.html This is a fundamental question and it is
important to understand the distinction between these two ways of integrating the Java programming
language with CORBA. Java IDL is for CORBA programmers who want to program in the Java
programming language based on interfaces defined in CORBA Interface Definition Language (IDL).
This is "business as usual" CORBA programming, supporting Java in exactly the same way as other
languages like C++ or COBOL. Although CORBA can slightly out perform RMI that is not a reason to
use Java IDL. Therefore, choice A is incorrect. In choices B and C, you would use RMI-JRMP and
inc. In choice E, you would use RMI-IIOP.
When performance is essential (Performance is more important than scalability).

When accessing RMI servers.
When servicing requests from RMI clients.
When accessing existing CORBA servers.
When servicing requests from CORBA clients.
You have just started a new job working for a top finance company and you have been asked to
provide a user-friendly graphical interface to an existing mainframe application. You do not have any
access to the mainframes source code. What is the best technique for implementing the graphical user
interface?
Choice B is correct. The key to this question is that you do not have access to the mainframes source
code. A screen scraper emulates a mainframe terminal. The screen scraper logs on to the mainframe
like a normal user and sends requests to the mainframe and then reads the response. The problem with
a screen scraper is that if you change any of the mainframes code, there is always the possibility that
the screen scraper will stop working. Choice A is incorrect because it is possible to add a GUI to the
system. Choice C would take far too long to develop, cost too much and thus, is not what the company
wants. Choices D, E and F would all require access to the mainframes source code. Choice G is
incorrect because there is no mention that the mainframe supports a messaging system. Some of them
do and even provide interfaces for JMS. However, as it is not stated in the question it is not the right
answer.
It cannot be done
Re-write the main frame using Java and high-end Unix servers. Although it may take some time to
do this in the end, this will benefit the company
Write a Java front end then use CORBA to communicate with the mainframe
Use the Java Native Interface (JNI) to communicate with the mainframe
Use object Mapping
Use JMS
You are working for a company that has yet to realize the full potential of Java. You offer to show
them some of the great things Java can do by integrating a new application with an existing CORBA
system. Your bosses will then assess the performance and reliability of this new system. How will you
connect your RMI application to the CORBA system?
Choice A is correct. The following is taken from:
http://java.sun.com/j2se/1.3/docs/guide/idl/jidlFAQ.htm There are several scenarios that will define
how you will want to create distributed CORBA applications. Here are some of them: - Java IDL - If
you have been developing CORBA applications using IDL for some time, you will probably want to
stay in this environment. Create the interfaces using IDL, and define the client and server applications
using the Java programming language to take advantage of its "Write Once, Run Anywhere TM"
portability, its highly productive implementation environment, and its very robust platform. - RMI-
JRMP - If all of your applications are written in the Java programming language, you will probably
want to use Java RMI to enable communication between Java objects on different virtual machines and
different physical machines. Using Java RMI without its IIOP option leverages its strengths of code
portability, security, and garbage collection. - RMI-IIOP - If you are writing most of your new
applications using the Java programming language, but need to maintain legacy applications written in
other programming languages as well, you will probably want to use Java RMI with its IIOP compiler
option. Choice B is incorrect because this is not a standard feature of RMI. Choice C is incorrect
because it can be done. You do not need to use JNI to do this. Therefore, choice D is incorrect. At
present, all existing systems use CORBA. Therefore, it is better to use Java IDL. Hence, choice E is
also incorrect.
Use Java-IDL
This is a standard feature of RMI
Can't be done
Can only be done by using JNI
Use RMI-IIOP
A prospective employer is describing the existing architecture of a solution that is currently in

production. He says that it is a 3-tier system with 3 clustered web servers and a server for the Oracle
database with the business logic implemented using PL/SQL scripts. What is true about this system?
Choices B, E and F are correct. The important aspect of this question is that the business logic has
been implemented using PL/SQL stored procedures. This means the business logic is on the same
server as the database and therefore this is a 2-tier system, not a 3-tier system as your prospective
employer suggests. There is a very tight coupling between the data store and the business logic, which
has a direct affect on the potential scalability of this system. When you think of 2-Tier systems, you
would normally associate them with Fat clients. However as the business logic has been implemented
using PL/SQL scripts, this system will have thin clients, making choice A incorrect. Choice C is
incorrect because the business logic and data store are tightly coupled. This tight coupling will have a
direct affect on scalability. You may not be able to horizontally scale this system (adding more
machines); vertical scaling might be easier (add more memory and CPUs). However, even with
vertical scaling, you would always run the risk of a network bottleneck making choice D is incorrect as
well.
This solution has fat clients

This solution has thin clients
There is a good separation of business logic
The solution has good Scalability
There is a poor separation of business logic
The solution has poor scalability
You are working for a car leasing company and you need to integrate with one of their mainframe
applications. You should do this using either object mapping or screen scraping. When should you use
object mapping?
Choice B is correct. Object mapping is the process of building object wrappers around legacy
interfaces. This makes the legacy system available in an OO fashion. You need access to the legacy
systems source code in order to do this. A screen scraper emulates a mainframe terminal. The screen
scraper logs on to the mainframe like a normal user and sends requests to the mainframe and then reads
the response. The problem with a screen scraper is that if you change any of the mainframes code,
there is always the possibility that the screen scraper will stop working. Any change to the mainframe
might break the screen scraper and screen scrapers are only really used when you do not have access to
the mainframes source code. Therefore, choice A is incorrect. Choice C is incorrect because you
would use a screen scraper if you did not have access to the mainframes source code. In choice D, you
would probably use a screen scraper.
You should always use screen scrapers when you have the option.
When you have access to the mainframes code.
When you don't have access to the mainframes code.
When you are short of time and need a quick solution.
You have written an application to allow customers to reserve tables at their favorite restaurants. In
return, your company receives 10% of the amount the customer spends at the restaurant. Now, the
application is being run on a single Apache web server using PERL and CGI scripts for presentation
and business logic with a separate server for the Sybase database containing the restaurant details.
What are the most notable weaknesses of this architecture?
Choices B, C and D are correct. The architecture being described here is a 2-Tier architecture.
Generally, if the business logic resides on the server, it is in the form of stored procedures. We
therefore assume that all the business logic is in the PERL and CGI scripts. The reason for poor
scalability is due to the tight coupling of business logic and client presentation. There is always
possibility of a network bottleneck in 2-Tier architectures because all requests have to go to one data
store. Choice A is incorrect, as the client is simply a web page, a thin client. Performance is not the
best answer here. Therefore, choice F is incorrect.
Fat Clients
Thin Clients
Scalability
Potential Network bottlenecks
Performance
You are designing an online movie ticket booking application. Currently, you plan to have a controller
to maintain user sessions, a customer component to hold personal details, a credit card validation
component, a set of GUI screens and a cinema component with details of all movies and seating
capacities. Which of the following should be used for each component?
Choices H and I are correct. The controller could be implemented as either a Servlet or a Stateful
Session Bean but it makes more sense from a resources point of view to implement this as a Servlet.
The customer and cinema component need data to be stored permanently so these should be Entity
beans. The process of validating the credit card is a service so this should be a Stateless Session Bean.
JSP pages are a better choice than the applet because it means that the system can be used by a greater
number of people because there is no dependency on the Java plug in.
The controller should be a Stateful Session bean. The customer should be a Stateful Session bean.
The cinema component should be a Stateful Session bean. The credit card validation component
should be an Entity bean.
The controller should be a Servlet. The customer should be a Stateful Session bean. The cinema
component should be a Stateful Session bean. The credit card validation component should be an
Entity bean.
The controller should be a Stateful Session bean. The customer should be a Servlet. The cinema
component should be a Stateful Session bean. The credit card validation component should be a
Stateful Session bean.
The controller should be a Servlet. The customer should be a Servlet. The cinema component
should be a Stateful Session bean. The credit card validation component should be a Stateful
Session bean.
The controller should be a Stateful Session bean. The customer should be an Entity bean. The
cinema component should be an Entity bean. The credit card validation component should be a
Stateless Session bean.
The controller should be a Servlet. The cinema component should be a Stateful Session bean. The
The controller should be a Stateful Session bean. The customer should be an Entity bean. The
The controller should be a Servlet. The customer should be an Entity bean. The cinema component
should be an Entity bean. The credit card validation component should be a Stateless Session
bean.
Make the GUI using JSP pages.
Make the GUI an applet.
You have just bought a brand new dual processor server with over 3 Gigabytes of memory, the fastest
server in its class. This server will host Apache Web server (shipped with the Oracle Database) and an
Oracle 8i database. What are the most notable weaknesses of this architecture?
Choice A is correct. You can only vertically scale this system (add memory, add CPUs etc). As soon
as this system comes under a heavy load, you would have to separate the Apache web server from the
Oracle database and build up a cluster of web servers. This would be hard to accomplish as the Oracle
database and the Apache web server are tightly coupled. Note: A system can still be scalable even if it
is only one machine provided it has a good separation of the business logic, data store and client
presentation. Choice B is incorrect because this system would be easy to manage as everything is in
one place. Choice C is incorrect, as you do not need to authenticate yourself to other machines or send
traffic across the network to other machines. Choice D is incorrect because although the system would
perform well under light traffic as soon as it had heavy loads of traffic the performance would drop
dramatically.
Scalability
Manageability
Security
Performance
You have a method that cannot be executed in a transaction. What is the correct attribute in the
deployment descriptor?
Choice B is correct. As the name suggests, "NEVER" is the right answer. Choice A is incorrect
because leaving the deployment descriptor empty is not the default for NEVER. NOT SUPPORTED
just suspends the transaction making choice C incorrect. NO_TRANSACTIONS is not a valid
attribute. Hence, choice D is also incorrect.
Leave it empty this is the default.

NEVER
NOT SUPPORTED
NO_TRANSACTIONS
How do you find a particular Entity Bean?

Choice A is correct. The Home interface defines the create(), find(), and remove() methods and the
finder methods are used for locating beans. The Remote Interface is used to define all of the methods
that can be called by the client on the Enterprise Bean. If you try to call a method that exists in the
Enterprise bean class but not in the Remote Interface, you will get a RemoteException.
Call various find methods defined in the Home interface.

Call various find methods defined in the Remote interface.
You have been developing a chat application so that the members of your team can keep in touch with
each other irrespective of their location. You decided to implement the application as a Java Applet. To
ensure that the user has the latest version, you require the applet to connect back to the server it was
downloaded from and check with a file there. Can this be done with JDK 1.3 or 1.4 without modifying
the browser's policy files?
Choice A is correct as the above situation is possible. The key to this question is that the applet is only
connecting back to the server it was downloaded from and reading a file. This has always been
permitted and is also permitted with both JDK 1.3 and 1.4. The applet would not be allowed to read a
file on the client's machine or connect to machines other than the one it was downloaded from. Note:
You may think that if the applet has been downloaded then it must automatically be the latest one. This
is not true as most browser cache applets.
Yes
No
What do Atomic and Consistent mean in reference to ACID?

Choices A and G are correct. ACID stands for Atomic, Consistent, Isolatable, and Durable. All
transactions must adhere to this. Atomic means 'a transaction must execute completely or not at all.'
Consistent means 'the integrity of the underlying data source is always maintained.'
Atomic means a transaction must execute completely or not at all.

Atomic means a transaction must execute completely or log where it was stopped.
Consistent means a transaction must execute completely or log where it was stopped.
Atomic means the transaction is the same as other transactions in structure.
Consistent means the transaction is the same as other transactions in structure.
Consistent means the transaction was started and finished within the specified time.
Consistent means that the integrity of the underlying data source is always maintained.
You are working for a small to medium sized business that has just started to use servers to host J2EE
Applications (its own and clients'.) However, since its launch into this new area there have been three
separate instances of hacks involving access of sensitive sales information. A security consultant is
hired to assess the situation and he recommends that your company use a DMZ. What is a DMZ?
Choice D is correct. DMZ stands for Demilitarized zone. To set up a DMZ you need two firewalls
with which you create three separate regions. The different regions are the Internet, DMZ (in the
middle) and your network. You would have a server in the DMZ that would be accessible to both the
public and employees in your local network. The Internet connections will not have access to your
network though they will be able to access the server in the DMZ. Your network will access the
Internet through the server in the DMZ. Choice A is just describing the process of using a firewall.
The region described in choice B is your network the DMZ is the area between the two firewalls.
Choice C describes the Internet and not a DMZ. A Useful link: http://www.saintrochtree.com/network-
advices/000004.htm
The network behind a firewall that's protected from the Internet.

The region inside the inner firewall (we are assuming that there are two firewalls). This network is
called the DMZ.
The network outside of the outer firewall. This could be the Internet or other client networks. (We
are assuming that there are two firewalls).
A region between two firewalls. The Internet would come in through the first firewall but only
systems within the first firewall in the DMZ can go through the second firewall.
While working at home, you try to connect to your company's network from home but there is no
response. You are trying to connect to your RMI-JRMP application; the port is available on the
firewall, what is the most likely reason why you cannot connect?
Choice B is correct. The most likely explanation here is that your company's firewall is filtering your
requests out based upon your IP address. You would need to get your home IP address added to the list
that the firewall trusts (and this will not be easy if you are using DHCP!). Choices A and C are both
possible but not the very likely here. Hence, these choices are incorrect. Choices D and E are not
factually correct.
The port on the firewall isn't really available.

The company's proxy servers are filtering out your request based upon your IP address.
You have typed the connection address incorrectly.
Your application is only listening for internal requests and you will need to change setting in the
security.policy file if you wish to connect from home.
Your company knows that most hacking takes place at night and takes all of its systems off-line
during the night.
How are Entity Beans persisted?

Choice D is correct. A bean normally represents a row in the database. Each field that is persisted is
typically mapped to a database. The bean itself is not stored in the database, as the class is the same for
all bean instances of the same type. It is just the values that change. If beans were serialized when they
where stored on the database you would have to de-serialize each one when you were doing a find
operation (by criteria). When Entity Beans are passivated (the state to the bean is written to file),
serialization may be used depending on the Application server, although most servers probably also
synchronize the state with the database as well. Storing them in memory is not persistence. If the
server crashes, all the data would be lost. Therefore, choice A is incorrect. As Entity beans are
persisted, choice B is incorrect. Choices C and E are incorrect because Entity Beans are not serialized.
Entity beans are stored in memory by the Application server.

Entity beans are not persisted.
They are serialized and stored on a database.
They are NOT serialized but rather stored in a persistent storage medium such as a database.
It is up to the developer, than can either be serialized or mapped directly.
You have been reading up of the Gang of Four patterns and you notice that the Home interface of an
Enterprise Javabean is actually based on one of the patterns. Which pattern is the Home Interface of an
Enterprise Javabean based on?
Choice D is correct. This Factory Method pattern provides an interface for creating an object that
allows either sub classes or helper classes to create that object. The Singleton pattern creates either '1'
or a variable number of instances of a class. Therefore, choice A is incorrect. The Fa?e pattern
provides a simple interface to a complex subsystem. Thus, choice B is incorrect. The Builder pattern
separates the construction and representation of an object. The client is shielded from the object's
construction and it only needs to specify content and type. Hence, choice C is also incorrect.
Singleton
Facade
Builder
Factory Method
Which of the following statements are true? Note: This question assumes that the no-args constructor
and setEntityContext() method have already been called.
Choice B is correct. Entity Beans start in the pooled state (this is if the no-args constructor and
setEntityContext method has been called). Then when ejbActivate() is called, they move into the ready
state and return to the pooled state when ejbPassivate() is called.
Entity Beans start in the "ready" state and move into the "pooled" state only after ejbActivate() has
been called on them.
Entity Beans start in the "pooled" state and move into the "ready" state only after ejbActivate() has
been called on them.
Entity Beans aren't pooled.
Entity Beans are never in either state.
You have an Enterprise Bean that represents a customer's account. One of the methods that this bean
provides is deductCost (float amount) that is used when a customer buys something from your
company's website. This method must be executed as part of an existing transaction. What is the
correct attribute setting in the deployment descriptor?
Choice D is correct. If the calling client does not have a transaction (i.e. the transaction hasn't already
started) a javax.transaction.TransactionRequiredException will be thrown. Choice A is incorrect as
REQUIRED will create a new Transaction if a transaction does not already exist whereas the question
says it must be part of an existing transaction. Choice B is incorrect because REQUIRES NEW will
create a new Transaction anyway. SUPPORTS will not force the method to execute in a transaction.
Hence, choice C is also incorrect.
REQUIRED
REQUIRES NEW
SUPPORTS
MANDATORY
Which of the following statements are true?

Choices A and B are correct. The Home interface defines the create(), find(), and remove() methods.
The Remote Interface is used to define all of the methods that can be called by the client on the
Enterprise Bean. If you try to call a method that exists in the Enterprise bean class but not in the
Remote Interface, you will get a RemoteException. Choice C is incorrect because the find method in
the Home interface returns an EJBObject or an Enumeration. Choice D is incorrect because ejbFind()
returns the Primary Key. The find methods are not defined in the Remote interface. Therefore, choices
E and F are incorrect.
ejbFind() returns the Primary Key.

The find method/s in the Home interface return an EJBObject or an Enumeration.
The find method/s in the Home interface return a Primary Key.
ejbFind() returns an EJBObject.
The find method/s in the Remote interface return an EJBObject.
The find method/s in the Remote interface return a Primary Key.
You are at home trying to work on an application you are developing for your company. You want to
log on to your machine at work and develop code for your application. However, you are having some
trouble connecting directly to the application (running on port 1099). What is the most likely reason
that you cannot connect?
Choice C is correct. As you are able to connect to your desktop PC, you know that your company does
not filter traffic based upon IP address. Therefore, the most likely reason you cannot connect is
because you are requesting a different port and the firewall is filtering that traffic. While you may
have possibly specified incorrect connection details, it is not the most likely reason. Therefore, choice
A is incorrect. You would not be able to connect to your desktop PC if your company was filtering
traffic based upon IP address. Therefore, choice B is incorrect. When you connect to your application
from within the office, you are still connecting via a socket. Therefore, you would not be able to
connect at work either if there was a problem with the security manager. Hence, choice D is incorrect.
Although choice E is possible, it is not the most likely reason.
A typing error in the connection details.

Your company is filtering traffic based upon IP address.
Traffic is being filtered based upon the port number requested.
You need to update the security manager that is being used with the application to allow external
connections.
There is a bug in your program stopping anyone from connecting whether internal or external.
You know that Java allows you to run JRMP over HTTP, to tunnel through firewalls but does Java
allow you to run CORBA over HTTP? (CORBA uses IIOP). Yes or No?
Choice B is correct as Java does not allow you to run CORBA over HTTP. Java has no direct
relationship with CORBA. However, if the question was rephrased slightly, for example, is it possible
to tunnel IIOP over HTTP using Java, then the answer would be Yes (most firewalls are configured to
only let HTTP / HTTPS requests through).
Yes
No
You are developing an application to be used at a major bank. Security is a crucial element and you
have decided to use JAAS. The GUI will be based on the MVC framework and it uses swing. The
application will connect people in the same office so that they can all securely review the same
financial data. What protocol should you use to do this?
Choice B is correct. As there is no reference to this being a web based solution and all of the staff is in
the same office, there is no need to use HTTPS. JRMP is the most appropriate answer. There is no
mention of the need for Entity Beans or interfacing with a CORBA system so choice A is incorrect.
Choices C and D are incorrect because this is not being used over the web.
IIOP
JRMP
HTTP
HTTPS
You are writing an Enterprise Javabean to represent a Flight in a Travel agency application. One of the
developers recommended that you use Bean Managed Persistence (BMP) for the EJB. What is true
about BMP?
Choice D is correct. When you use Bean Managed Persistence, you are writing all the SQL needed to
persist the bean yourself. This means that the SQL would have been tailored to the data store you are
using and the same SQL might not work with a different database vendor. You can cancel this out by
using a Data Access Object. The Data Access Object pattern (DAO) is used to reduce the dependency
between Enterprise Beans and the underlying database. This means that the data object manages the
connection to the data source and if the data source changes you only need update this one object, the
change does not affect the rest of your application.
Improves your ability to move your EJB from one Application server to another.
Reduces your ability to move your EJB from one Application server to another.
Improves your ability to move your EJB from one data store to another.
Reduces your ability to move your EJB from one data store to another.
What are the benefits of using the Service Locator pattern?

Choices C, F and G are correct. The following is taken from Core J2EE Patterns: Best Practices and
Design Strategies page 369: "Use a Service Locator object to abstract all JNDI usage and to hide the
complexities of initial context creation, EJB home object lookup, and EJB object re-creation. Multiple
clients can reuse the Service Locator object to reduce code complexity, provide a single point of
control, and improve performance by providing a caching facility." Choice A is describing a standard
web based login but this has nothing to do with the Service Locator pattern. Choice B sounds
plausible but this is not how the Service Locator pattern is used. Choice D is incorrect, as there is an
increase not a loss of performance when using this pattern. Choice E is incorrect, as there are accurate
descriptions of the Service Locator pattern amongst the answers. Some useful links:
http://developer.java.sun.com/developer/technicalArticles/J2EE/patterns/
http://java.sun.com/blueprints/ Useful book: Core J2EE Patterns: Best Practices and Design Strategies
- ISBN: 0130648841A sample chapter is available here:
http://www.sun.com/books/catalog/crupi/index_Table+of+Contents.html Note: This type of question
will probably feature in the new EJB 2.0 specification version of the SCEA certification.
It is used primary by Servlets to locate other services such as JMS. A good example of this pattern
would be a web based login facility. If a client enters an incorrect password their need to be
redirected to a different but their session needs to be maintained across the application.
It is used to catalog Enterprise Beans so that other beans can find them quickly and efficiently. For
example if you need to forward request from a Session Bean to an Entity Bean then the Session
Bean requests the location of the Entity Bean from the Service Locator object. The Service
Locator looks in a table (like a HashMap) and returns the Entity Beans location.
The Service Locator pattern can improve performance by introducing a caching facility.
There is a slight loss of performance when using the Service Locator pattern but this is out
weighed by the improved maintainability of the code.
None of the definitions of the Service Locator pattern are accurate.
The Service Locator pattern is used to hide the complexities of initial object creation, EJB lookups
and object re-creation.
Multiple clients can reuse the same Service Locator pattern.
When would you use Tunnelling?

Choice A is correct. Tunnelling is used to pass one protocol through a port that it does not, by default
run on. For example, if the only free port on the firewall was port 80 and you needed to pass JRMP
through the firewall you would "tunnel" JRMP through the firewall. (JRMP by standard runs on port
1099). JRMP would run on top of HTTP. However, Tunnelling should generally be avoided and
should only be used as a last resort. You use tunnelling when you do not have access to a particular
port. So choice C is incorrect. RMI-IIOP is unrelated to tunnelling. Choice B is incorrect because
stealing the key from the guard would be easier!
When you don't have access to any spare ports of the Firewall and need to tunnel your application
through an existing port.
To break out of prison.
When you do have access to spare ports of the Firewall and are able to use them. So you tunnel
your application out of one of these new ports that was created just for your application.
When you are using IIOP with RMI.
You are working for an investment bank. You have written an applet to display the current price of the
shares that the traders have selected for monitoring. For the applet to work, it needs to authenticate
who the client is. It does this by reading a file held locally on the client's machine. You know that
applets cannot read files stored on a local machine by default. Therefore, you have placed the applet in
a jar file and that is code signed by a trusted certificate authority. Is signing the code enough for the
applet to be able to read the local file? Note: This example is based on JDK 1.3 and 1.4.
Choice E is correct. Even if the code is signed, the browser's policy file may refuse it permission to
perform certain tasks. The policy file will need to grant necessary permissions such as the following, to
allow the applet to read local files: grant signedBy"signingKey" { Permission
java.io.FilePermission"local_file","read";} Choice A is incorrect because it depends on the browsers
security policy file. Choice B is incorrect because the security manager might not prohibit this. The
applet would not automatically be able to read the file. Therefore, choice C is incorrect. It would
matter which certificate authority signed it if you have not chosen to trust a particular certificate
authority. The code might as well not be signed at all! Therefore, choice D is also incorrect.
Yes it would work fine without limitation as the code is signed.

No the security manager of the browser would prohibit this.
The applet would have been able to read the file already under JDK 1.3 and 1.4.
As long as the code is signed is doesn't matter which certificate authority signed it.
It may or may not work depending on the browser's security policy.
You are designing a web-based application for an online recipe site. Although this may not seem that
popular, the estimated number of unique visitors to the site is 100000 per day. The site is purely
informational, you can't buy recipes or upload your own (if you wish to add your own recipes they
have to be emailed to the webmaster). Despite the fact that there is no transaction and persistence
requirement, it is still recommended that you use an Application server and Enterprise beans. The main
reason for using the Application server and Enterprise Beans is that it allows you to remove some of
the processing from the web servers and this increases the performance of the site. True or False?
Choice B is correct as the statement is FALSE. The key to this question is that there are no
transactions and there is no data to persist. All you are sending to the client are HTML web pages;
even if you were to use JSPs/Servlets, you still would not use an Application server. In a situation like
this, you have to think of what the Application server should actually do? In this case, there is nothing
for it to do.
True
False
You are designing a 3-tier architecture for a new application your company intends to deploy as part of
its marketing strategy. This application will allow users to book rental cars over the web and is
estimated to save the company millions over the next few years. Due to the sheer number of users, you
have decided to use the Front Controller pattern. Which of the following statements describe the Front
Controller pattern?
Choices B and D are correct. The following is taken from Core J2EE Patterns: Best Practices and
Design Strategies page 369: "Use a controller as the initial point of contact for handling a request. The
controller manages the handling of the request, including invoking security services such as
authentication and authorization, delegating business processing, managing the choice of an
appropriate view, handling errors, and managing the selection of content creation strategies." The main
aim of the Front Controller pattern is to centralize view management. For example if a web page is
moved all the links to it would need to be updated by using this pattern you can pass all requests
through the Front Controller only needing to make changes in one place. The Front Controller is
classified by Sun as a Presentation Tier pattern. Choices A and B are incorrect because the Front
Controller has nothing to do with load balancing. Choice E is incorrect as the Front Controller can
invoke security services. Choices F and G are incorrect because the Front Controller does not represent
the Controller out of the MVC architecture. Some useful links:
http://developer.java.sun.com/developer/technicalArticles/J2EE/patterns/
http://java.sun.com/blueprints/patterns/j2ee_patterns/front_controller/index.html
http://java.sun.com/blueprints/ Useful book: Core J2EE Patterns: Best Practices and Design Strategies
- ISBN: 0130648841A sample chapter is available here:
http://www.sun.com/books/catalog/crupi/index_Table+of+Contents.html Note: This type of question
will probably feature in the new EJB 2.0 specification version of the SCEA certification.
The Front Controller pattern is primarily used as a cheap alternative to a CISCO router. It is used
as a software alternative to a hardware load balancer.
Provides a central point of entry.
Provides a central point of entry for load balancing.
The controller manages client requests, security, delegation of business processing, error handling,
view selection and content creation strategies.
The controller manages the client's request including delegating business processing, error
handling, view selection and content creation strategies. But is does not have anything to do with
security.
The Front Controller is just another way of describing the Controller out of the Model View
Controller architecture.
The Front Controller is just using the Controller out of the Model View Controller architecture for
load balancing.
You are designing a complex set of classes that provides a secure framework for other programmers to
use. The idea behind this framework is that it will allow other programmers to write secure programs
without the usual complexities of writing secure applications. What sort of design pattern is being used
here?
Choice B is correct. Facade - (GOF 185): "Provide a unified interface to a set of interfaces in a
subsystem. Facade defines a higher-level interface that makes the subsystem easier to use." The other
patterns are described below: Adapter - (GOF 139):"Convert the interface of a class into another
interface clients expect. Adapter lets classes work together that couldn't otherwise because of
incompatible interfaces." Composite - (GOF 163):"Compose objects into tree structures to represent
part-whole hierarchies. Composite lets clients treat individual objects and compositions of objects
uniformly." Decorator - (GOF 175):"Attach additional responsibilities to an object dynamically.
Decorators provide a flexible alternative to sub classing for extending functionality." Mediator - (GOF
273):"Define an object that encapsulates how a set of objects interact. Mediator promotes loose
coupling by keeping objects from referring to each other explicitly, and it lets you vary their
interaction independently."
Composite
Facade
Decorator
Adapter
Mediator
You are an enterprise consultant for one of the Fortune 500 companies. You have been discussing a
possible design for a 3-tier application with a prospective client. They know very little about Java and
are asking you if Java is always the best solution. Your response is that although normally for each
project many factors have to be considered before selecting the programming language and framework,
because this is a 3-tier architecture Java is definitely the best solution. Is this true? True or False?
Choice B is correct as the statement is FALSE. It is impossible to make sweeping statements such as
Java is always the best solution for 3-tier architectures. A project needs to be looked at individually
and then assessed. You may think that one project naturally suits a full Java implementation only to
find out that a company has already heavily invested in a different technology or that you don't have
the resources (employees with skills in Java based technologies) to implement a solution.
True
False
What is the difference between the abstract factory pattern and the factory method pattern?
Choice B is correct. Both the Abstract Factory and Factory Method are Creational patterns. Abstract
Factory - (GOF 87): "Provide an interface for creating families of related or dependent objects
without specifying their concrete classes." Factory Method - (GOF 107): "Define an interface for
creating an object, but let subclasses decide, which class to instantiate. Factory Method lets a class
defer instantiation to subclasses." Choice A offers a description of the abstract factory pattern not the
factory method. The descriptions in choices C and D are the wrong way round. Choice E is incorrect,
as the two patterns are different.
The factory method makes objects that should be used together. This is not the case for the
abstract factory.
The abstract factory pattern provides an interface for creating a family of objects whereas factory
method provides an interface for creating one object.
In the abstract factory pattern, the objects that the factory makes are to be used together. This is
not necessarily true in the factory method pattern.
The factory method pattern is used when the class does not know the class of the object it must
create. But in the abstract factory this is known in advance.
The factory method and abstract factory are essentially the same pattern but two different names
are used to describe them depending on the circumstances when they are implemented.
What is true about this diagram? (Please Click on "Exhibit Button" to view the Diagram.)
Choices A and D are correct. The diagram shows a UML sequence diagram. This type of diagram
shows the interaction of different objects. Time is shown from the top of the page descending. The
white rectangles on the dotted lines show the objects life. Method calls are made from one object to
another. In this diagram Object 1 calls Object 2's method call1(). Where the arrow begins, the object
represents the caller, and where it ends, the object called. The text above the arrow is the name of the
method. For more information about UML, visit http://www.uml.org.
Ian_Mock3_qn37.jpg
Object 1 calls the method call1() on Object 2.

Object 2 executes its own method call3(). This method in turn creates Object 3.
Object 1 executes its own method call1(). This method in turn creates Object 2.
Object 2 calls the method call3() on Object 3.
What are the benefits of asynchronous messaging?

Choices A, C and F are correct. The main difference between asynchronous messaging and
synchronous messaging is that synchronous provides an instant response. This means that when using
asynchronous messaging, clients do not have to wait for responses; they send messages and then carry
on with what they were doing. This reduces the coupling between the sender and receiver and means
that the network does not have to be available. Choices B and D are incorrect because they describe
synchronous messaging. Although choice E is correct, it is not a benefit of synchronous messaging.
Less coupling between the sender and receiver.

Provides an instant response.
Does not block the sender.
Good for transaction processing.
You can't get an instant response.
Network does not have to be available.
You are designing a paint application and as part of the user interface, you have a toolbar along the
left-hand side of the screen. Each of the icons on the toolbar has different actions when you are using
different tools. The way you have structured it, the application is required to pass commands from one
object to another. When the appropriate object receives the command, it handles the request. This is an
example of which pattern?
Choice B is correct. Chain of Responsibility - (GOF 223):"Avoid coupling the sender of a request to
its receiver by giving more than one object a chance to handle the request. Chain the receiving objects
and pass the request along the chain until an object handles it." Below are descriptions of the other
patterns: Command - (GOF 233):"Encapsulate a request as an object, thereby letting you parameterize
clients with different requests, queue or log requests, and support undoable operations" Interpreter -
(GOF 243):"Given a language, define a representation for its grammar along with an interpreter that
uses the representation to interpret sentences in the language." Adapter - (GOF 139):"Convert the
interface of a class into another interface clients expect. Adapter lets classes work together that couldn't
otherwise because of incompatible interfaces." Strategy - (GOF 315):"Define a family of algorithms,
encapsulate each one, and make them interchangeable. Strategy lets the algorithm vary independently
from clients that use it."
Command
Adapter
Interpreter
Strategy
You are designing an online shopping application to make it easier for customers to order products
from your company. The aim is that the majority of customers buying over the telephone will start
using the web instead. When customers purchases goods online they will use credit cards and will
require an instant response as to whether the sale has been approved or not. (Note that the credit card
validation is carried out by another very powerful system.) What type of messaging should be used?
Choice A is correct. Synchronous messaging provides an instant response and is therefore the right
answer. It is always arguable as to whether messaging should be used if you require an instant response
but if you do decide to use messaging then you should always use synchronous messaging when
needing an instant response. Choice B is incorrect because asynchronous messaging does not provide
an instant response. You can make messaging transactional by creating your own transactions in your
code. Hence, choice C is incorrect. Choice D is arguable too, but it is not the most appropriate answer
because the question suggests that the system the messages will be sent to is very powerful and will be
able to cope with the volume of traffic. Therefore, choice D would be incorrect as it suggests that the
system will not perform well enough for an instant response.
Synchronous messaging
Asynchronous messaging
You shouldn't be using messaging at all as it's not transactional.
You could use messaging because it is transactional however it is not advised, as the system would
never perform well enough for an instant response.
You overhear two colleagues arguing about the difference between Localization and
Internationalization. They turn to you to ask you to settle the argument. What is the difference between
Localization and Internationalization?
Choice B is correct. Internationalization: Adapting a program for use in any country is called
Internationalization. Localization: The process of adapting a program for use in a particular country is
referred to as Localization. During Localization the language of the text, message icons, colors used,
dialogs, number formats, time representation and even sorting algorithms are subject to change.
Choice A is incorrect because it is the other way around. Choices C and D are not accurate
descriptions of Localization.
Internationalization is a process of preparing a program to be used in a country other than

England.
Internationalization is a process of preparing a program to be used in any country.
Localization is a process of preparing a program to be used in a country other than England.
Localization is a process of preparing a program to be used in any country.
Which of the following should be used if you do not need an instant response from a message?
Choice B is correct. Synchronous messaging provides an instant response therefore asynchronous
messaging is correct. - Synchronous, tightly coupled communication between distributed components:
This is the model of CORBA, RMI, EJB and so on. The programming model is called Remote
Procedure Call (RPC). - Asynchronous, loosely coupled communication between components: This is
the Message Oriented Middleware or MOM model. The programming model is called Messaging.
Your company has a custom operating system that it developed for some robotics hardware to be used
in their research departments. One of the researchers has written a cut down Virtual Machine to run on
this OS. You have started to develop some software to run on this VM. However, you need to convert
the Unicode to 8-bit characters. To do this, you will need to use which of the following?
Choice B is correct. The OutputStreamWriter can be used to convert Unicode into 8-bit characters.
Normally this is used in Internationalization to convert Unicode into local character encoding but it
would work well in this situation.Choices A, C and D serve different purposes in the java.io package.
Java support for Internationalization- Properties- Locale. Resource Bundle- Unicode-
Java.text Package- InputStreamReade- OutputStreamWriter
FileWriter
OutputStreamWriter
BufferedWriter
StreamWriter
You are studying a class diagram of an exiting system so that the new functionality you are adding
uses the existing class attributes wherever possible. What do the following symbols mean in UML
concerning visibility? # + -
Choice C is correct. The + # and - symbols represent the following levels of visibility: + Public #
Protected -Private For more information about UML, please visit http://www.uml.org.
# public, + protected, - private

+ public, - protected, # private
+ public, # protected, - private
# public, - protected, + private
Which of the following would you use to convert 8-bit text to Unicode?
Choice B is correct. The InputStreamReader can be used to convert 8-bit characters to Unicode.
Choices A, C and D serve different purposes in the java.io package. Java support for
Internationalization: Properties- Locale- Resource Bundle- Unicode- Java.text Package-
InputStreamReader- OutputStreamWriter
FileReader
InputStreamReader
BufferedReader
StreamReader
What is the difference between composite aggregation and normal aggregation?

Choice A is correct. As the answer states, aggregation defines a part of relationship but both objects
can exist independently. However, with composite aggregation if one part is removed, then the other
part will also be removed. The following is taken from:
http://www.moskalyuk.com/edu/uml/interview_questions.htm Composition is a stronger form of
aggregation. The object which is "contained" in another object is expected to live and die with the
object which "contains" it. Composition is represented in the UML by a darkened diamond. An
example of a composite relation is a Book and Chapter. A Book "has a" Chapter, and the Chapter
cannot exist without the Book. For more information about UML, please visit http://www.uml.org.
Aggregation defines a part of relationship but both objects can exist independently. However, with
composite aggregation if one part is removed, then the other part will also be removed. Think of a
plane the wings have a composite aggregation relationship with the body of the plane.
Composite Aggregation defines a part of relationship but both objects can exist independently.
However, with aggregation if one part is removed then the other part will be removed. Think of a
plane, the wings have an aggregation relationship with the body of the plane.
You have an existing mail order application that runs as an applet on the customer's browser. The
applet connects to your server to retrieve product information. (Note that all data is sent securely over
SSL) What would you expect to change to meet the needs of users in different countries?
Choices A, C, D, F and G are correct. List of items that may be subject to Internationalization:-
Language for Messages- Formats - Numeric, Date and so on Dictionary sort order Currency
symbol and position Tax and other legal rules Cultural preferences You would not need to
change the way you wrote to binary files but you may need to change the way you write to text files
because of the Unicode to 8-bit differences.
GUI text, e.g. Message box text etc

Security login procedures
Dates
Numbers, e.g. Currency
The way the program writes to binary files
Icons, Images
The way the program writes to text files
A class diagram has a solid black diamond and a line linking two classes together. What does the black
diamond imply in UML?
Choice C is correct. Composite Aggregation / Composition is shown by a solid black diamond.
Aggregation defines a part of relationship but both objects can exist independently. But with composite
aggregation if one part is removed then the other part will be removed. Think of a plane the wings have
a composite aggregation relationship with the body of the plane. Note: Inheritance and Generalization
are used to describe the same thing. The same is also true about Composite Aggregation and
Composition. Aggregation is shown as a white diamond (the diamond shape is a black outline with the
center white). Association is just a single line linking classes/objects; this can have multiplicity and
direction. The following is taken from: http://www.moskalyuk.com/edu/uml/interview_questions.htm
Composition is a stronger form of aggregation. The object which is "contained" in another object is
expected to live and die with the object which "contains" it. Composition is represented in the UML by
a darkened diamond. An example of a composite relation is a Book and Chapter. A Book "has a"
Chapter, and the Chapter cannot exist without the Book. For more information about UML, please
visit http://www.uml.org.
Aggregation
Association
Composite Aggregation/Composition
Dependency
Inheritance/Generalization
You have had enough of you existing IDE (Integrated Development Environment) and have started
work on designing your own. Now you are working on the undo part of the application, you need to be
able to roll an object back so it is in previous state. What pattern would you use to do this?
Choice A is correct. Memento - (GOF 283):"Without violating encapsulation, capture and externalize
an object's internal state so that the object can be restored to this state later." Choices D, E and F are
not names of patterns. Rollback is something you would do if a transaction were terminated halfway
through. Transaction is self-explanatory. ACID stands for Atomic, Consistent, Isolatable and Durable.
All transactions must adhere to this. Below are descriptions of the other patterns: State - (GOF
305):"Allow an object to alter its behavior when its internal state changes. The object will appear to
change its class." Mediator - (GOF 273):"Define an object that encapsulates how a set of objects
interact. Mediator promotes loose coupling by keeping objects from referring to each other explicitly,
and it lets you vary their interaction independently."
Memento
State
Mediator
Rollback
Transaction
ACID
What does a triangular arrow shape with a solid line mean in UML? (The triangle is an outline, and not
solid)
Choice E is correct. In UML, Inheritance/Generalization is shown with a triangular arrow shape. Thus,
whenever you extend a class, you are inheriting from the class you are extending. Note: Inheritance
and Generalization are used to describe the same thing. The same is also true about Composite
Aggregation and Composition. Aggregation is shown a white diamond (the diamond shape is a black
outline with the center white). Association is just a single line linking classes/objects; this can have
multiplicity and direction. Composite Aggregation / Composition is shown by a solid black diamond.
For more information about UML, please visit http://www.uml.org.
Aggregation
Association
Composite Aggregation/Composition
Dependency
Inheritance/Generalization
Which of the following are true about Vertical Scalability?

Choices B, E and G are correct. Vertical Scalability, by definition means increasing a system's
capacity by adding memory, processors and so on. Of the two types of Scalability (Vertical and
Horizontal), Vertical Scalability is the easier to achieve because it involves few changes to the existing
system's architecture. Also adding more CPU or memory to an existing system does not have any
impact on reliability or availability because if the system or component fails, in the absence of
redundant systems, availability and reliability would suffer. Hence, choices B, E and G are correct.
Choice A is incorrect because it actually describes Horizontal Scalability, which is achieved by adding
more servers to a system. Horizontal Scalability is tougher to achieve because the architecture should
inherently support a multi-server environment. However once implemented, it has a positive impact on
the system's reliability and availability because it provides fault tolerance capabilities. Choice C is
incorrect because generally it is cheaper to add capacity than to add entire new systems. Choice D is
incorrect because adding capacity should have no impact on the manageability of a system. Choice F is
incorrect because Vertical Scalability is easy to achieve. Most J2EE vendors also provide support for
the more difficult Horizontal Scalability.
Achieved by adding servers to the system

Achieved by adding capacity (memory, CPU and so on)
It is generally more expensive than Horizontal scaling
Decreases manageability
Requires few or no changes to the system architecture
Not supported by J2EE
Has little or no impact on the reliability and availability of the system
Which of the following may be used for synchronously communicating with legacy systems?
Choices A, D and F are correct. IIOP (Internet Inter Operable Protocol) is the protocol used by
CORBA. JRMP (Java Remote Method Protocol) is the protocol used by Java-RMI. RMI / IIOP is
EJB1.1's protocol. All three of these methods are examples of RPC (Remote Procedure calls) based
communication, which is inherently synchronous in nature. Note that there are exceptions (event
handling in CORBA and Message Driven Beans in EJB2.0), but generally speaking RPC is used for
synchronous communication. Hence, choices A, D and F are correct. HTTP, SHTML and SMTP are
unrelated jargons, used for confusing the reader. Message Oriented Middleware (MOM) is used for
asynchronous messaging. Hence, choices B, C, E and G are incorrect.
IIOP
HTTP
SHTML
JRMP with JNI
SMTP
RMI/IIOP
MOM

Do not Cheat
Which of the Classes and Interfaces need to be created by a bean developer?

Choices A, C and D are correct. When developing EJB applications, developers need to create the
Home Interface, the Remote Interface and the Bean Class. Hence, choices A, C and D are correct.
There is no such thing as the Distributed Interface or the Bean Interface. Hence, choices B and E are
incorrect.
Home Interface
Distributed Interface
Remote Interface
Bean Class
Bean Interface
Which of the following are NOT true about 2-tier architecture models?
Choices B, C and F are correct as the corresponding statements are FALSE. Statement B is incorrect
because a change to one tier need not necessarily affect the other tier. For example, consider an Order
Entry system where the users need to see transaction history for individual customers. A new screen
can be developed to take data from the transaction tables and display it on the client. In this example,
no changes are required on the server. Consider an alternate example where a stored procedure
accessing data spread in multiple tables now queries a materialized view. No changes would be
required to clients that call the stored procedure, as long as all input and output remains the same.
Although it may be true in many cases, Client/Server architectures do not always represent single
points of failure. With single database servers, of course if the server fails, clients may not be able to
connect to the database. However in multi-database applications, if parts of the client or server fail,
other parts of the system may still be accessible. Hence, statement C is incorrect and hence incorrect
choice. 2-tier architectures are not very manageable. Although the servers can be managed centrally,
client PCs are always distributed at user locations and it is very difficult to troubleshoot them without
local staff. Hence, statement F is true and hence incorrect choice. Statement A correctly reflects what
happens on a client in 2-tier applications. Statement D explains how clients interact with the database
and statement E clearly lists that 2-tier architectures are not easily maintainable because of constant
software updates required on the clients. Hence, choices A, D and E are incorrect.
Clients may be validation intensive, consequently requiring powerful hardware

Any change to one tier typically affects both tiers
Represents a single point of failure
Each client makes a direct connection with the server
They are not very maintainable
They are quite manageable
What is an off-board server used for?

Choice C is correct. An off-board server is used enable secure remote access to mainframes. This is
typically done by forwarding SSL requests to the mainframes via serial connections, as indicated by
choice C. An off-board server does not provide single sign on capabilities to a J2EE application. It is
also not an application server that can take up complex business logic processing. An Off board server
does not store public keys of trusted Certification Authorities (CA) or perform symmetric key
encryption. Hence, choices A, B, D and E are all incorrect.
Providing Single-Sign on to a Java based application

Delegating complex processing to a separate server
Enable secure remote access to a mainframe by forwarding SSL requests to serial connections
As a database for storing the public keys of valid Certification Authorities (CA)
For performing symmetric key cryptography
When a call is made to a single-entity find method in an entity bean, the ObjectNotFoundException is
thrown indicating that the requested entity was not found. What happens to the transaction?
Choice C is correct. The question deals with the ability to differentiate between system exceptions and
application exceptions, and their impact on transactions. The container throws the
ObjectNotFoundException to indicate that the entity requested by the single entity find method was not
found. When this happens, the transaction is not typically rolled back. Hence, choice C is correct.
Application exceptions are thrown in response to errors encountered in the processing of business
logic. Application exceptions do not cause transactions to roll back. Hence, choice A is incorrect. The
ObjectNotFoundException is not a system exception. Hence, choice B is incorrect. Again, choice D
indicates that the ObjectNotFoundException is a system exception and is therefore incorrect. Choice E
indicates that it is up to the container to either roll back the transaction or not, which is incorrect.
It is automatically rolled back since it is an application exception.

It is not automatically rolled back since it is a system exception.
It is not automatically rolled back since it is an application exception.
It is automatically rolled back since it is a system exception.
It may or may not automatically rollback based on container specific implementation.
In a UML class diagram Private, Protected and Public attributes are shown by which one of the
following sets of symbols?
Choice D is correct. In UML notation, access modifiers are shown by the -, # and + symbols to
represent Private, Protected and Public respectively. Hence, choice D is correct. All other choices show
incorrect combinations.
-, +, #
+, -, hash
#, -, +
-, #, +
+, #, -
#, +, -
Company ABC has a predominantly EJB based J2EE application that has be accessed by CORBA
clients. Which connectivity option would you recommend?
Choice D is correct. RMI-IIOP stands for Remote Method Invocation (using IIOP as the transport.)
This is the protocol supported by EJB1.1 Hence, choice D is correct. RMI-JRMP is used only when
dealing with native Java clients. The question talks about CORBA clients but does not say anything
about pure Java clients. Hence, choice A is incorrect. There is also no mention of JNI support. Hence,
choice B is incorrect. Java IDL is useful when you have a predominantly CORBA based application.
Hence, choice C is incorrect. HTTP tunneling is a way to allow protocols to masquerading as other
protocols and bypass firewall restrictions. Hence, choice E is incorrect.
RMI-JRMP
RMI with JNI
Java IDL
RMI-IIOP
HTTP tunneling
Refer to the following diagram: (Please Click on "Exhibit Button" to view the Diagram )
Choice B is correct. From the diagram it can be inferred that A and B are concrete classes and B
extends A. This is shown by the generalization relationship between B and A. Hence, choice B is
correct. Choice A is incorrect because class A does not inherit from class B. Choice C is incorrect
because the relationship between the classes A and B is generalization, not dependency. Finally, choice
D is incorrect because A has an aggregation relationship with Interface C, not Class B.
Class B has a dependency to Class A
Class A has an aggregation to Class B
The Remote Interface of an Enterprise Bean extends from...

Choice C is correct. Remote Interfaces of EJBs extend from javax.ejb.EJBObject. Hence, choice C is
correct. Choices A, B and D are incorrect because there are no interfaces called EJBRemote,
RemoteInterface or RemoteReference.
java.ejb.EJBRemote
javax.ejb.RemoteInterface
javax.ejb.EJBObject
javax.rmi.RemoteReference
The container synchronizes an Entity Bean's state with the database...

Choice C is correct. In CMP, the container automatically handles synchronization between the bean
and the database. With BMP, the developer is responsible for providing the logic for database
synchronization. In both cases however, the container decides when the synchronization should occur,
based on various activities such as transactions, concurrency and resource management. Hence, choice
C is correct. It is not guaranteed that data will be synchronized after each set method. Again, this is
because the container decides when to synchronize data. Hence, choice A is incorrect. The methods
ejbLoad() and ejbStore() are considered callback methods - the container uses them to communicate
with the entity when it is about to or just has synchronized database state. Hence, clients do not make
calls to these methods. Choice B is therefore incorrect. There is no method called connectionFlush().
After every setXxx() method

When a client calls the ejbLoad() or ejbStore() method
When the container thinks its appropriate based on various factors including the Transactional
Context
When the connection.flush() method is called
Which of the following statements is true about Session Beans?

Choice B is correct. When a bean is about to be passivated, the container calls the ejbPassivate()
method. At this time, the bean instance can close all open resources and set all non-transient non-
serializable fields to null. Hence, choice B is correct. Stateless Session Beans are not passivated.
Hence, choice A is incorrect. While Stateful Session Beans are pooled and swapped, Stateless Session
Beans are not. Hence, choice C is incorrect. In addition to Entity Beans, Stateful Session Beans are
passivated as well. Hence, choice D is incorrect.
All attributes of a Stateless Session bean have to be set to null prior to passivation.
All non-transient and non-serializable fields of a Stateful Session Bean have to be set to null in the
ejbPassivate() method.
The container uses Passivation on Stateful and Stateless Session Beans to allow pooling and
swapping which are good techniques for resource management.
Passivation only applies to Entity Beans and not to Session Beans.
Which of the following services does the EJB Container provide?

Choices A, B and E are correct. The EJB developer is only responsible to developing the core service
that the component provides. All other services are decorations provided by the container. For
example, the container provides object distribution via the Home Interface and Remote Interface
implementations and manages the life cycle of Beans. It also provides transaction management
capabilities. Hence, choices A, B and E are correct. Many popular EJB vendors provide a web server
and a Servlet engine as well. However, that is not a responsibility of the EJB Container. Hence, choice
C is incorrect. Choice D mentions something about just in time management JRE, irrelevant jargon
meant to throw off the reader. Hence, choice D is incorrect.
Object Distribution
Life Cycle Management
Integrated Web Server and Servlet Engine
Just in Time management Java Runtime Engine
Transaction Management
Messaging supports which of the following two models?

Choices A and C are correct. There are two Messaging models available. Point-to-Point Model is
typically used for a one-to-one communication and Publish/Subscribe Model is used when messages
need to be broadcast to a group of subscribers. Hence, choices A and C are correct. The envelope-
content is not a messaging paradigm. It is an example used to illustrate how messages are constructed
when using Simple Object Access Protocol (SOAP). Hence, choice B is incorrect. There is no
paradigm called 'Send to List'. Publish/Subscribe Model is used for one-to-many communication.
Point-to-Point
Envelope/Letter
Publish/Subscribe
Send to List
Which of the following are NOT applicable to the Primary Key Class?
Choices D and E are correct as the corresponding statements are NOT applicable to the Primary Key
Class. Compound Primary Keys can remain undefined until deployment time and primitive wrappers
can be used with dingle field keys. Hence, choices D and E are correct. Choices A, B and C are true
about Primary Keys and therefore incorrect choices.
It must implement the java.io.Serializable interface

It must provide a default constructor
It must override hashCode() and equals()
Cannot be undefined if the PK is a Compound Primary Key
Primitive wrappers cannot be used when dealing with Single field keys
The standard ports for HTTPS and HTTP are

Choice C is correct. Although port numbers are configurable, the default ports for HTTPS and HTTP
are 443 and 80. Hence, choice C is correct. Port 21 is used with FTP, port 110 is used with POP3 and
port 119 is used with NNTP. Hence, choices A and D are incorrect. Choice B has the port numbers in
the reverse order. Hence, choice B is incorrect.
21, 110
80, 443
443, 80
21, 119
When a client calls the create() on a Stateless Session Bean's Remote Interface...
Choice D is correct. With Stateless Session Beans, a new instance is not created each time a client
request comes in. Instead, the container manages a pool of bean instances, and when a client requests
the service (via a create method), an instance from the pool is assigned to service the request. Hence,
choice D is correct. The newInstance() method and the ejbCreate() method are invoked by the
container to set up the instances in the bean pool and are not called with each create() method called by
the client. Hence, choices A and B are incorrect. Choice C is incorrect because Stateless Session Beans
are not passivated or activated.
The newInstance() method is invoked by the container.

The ejbCreate() method is called by the container.
A Passivated instance is activated and attached to the EJB Object.
The Container takes an instance from the Method Ready Pool and attaches it to the EJB Object.
A browser client C1 opens an SSL session with Server S1 on port 443. Client C1 then opens a new
browser window and opens an SSL session with Server S2 (while the SSL session with Server S1 is
active in the other browser window). At the same time, browser client C2 opens an SSL session with
Server S1 on 443 as well. Which of the following statements are NOT TRUE in this situation?
Choices A and B are correct as the corresponding statements are NOT TRUE. Since clients can
simultaneously engage in multiple SSL connections (through different browser instances) and servers
can support multiple concurrent SSL connections, only statements A and B are false and therefore the
correct choices. Statements C and D are true and therefore incorrect choices.
Client C1 cannot be engaged in two SSL connections as the same time.

Server S1 cannot be engaged in two SSL connections on the same port at the same time.
Client C1 can have multiple SSL connections open at the same time.
Server S1 can have multiple SSL connections open at the same time.
Which of the following UML diagrams may be best suited for a Business Analyst?
Choice C is correct. Use Case diagrams (Cade 43) "show a set of use cases and actors and their
relationships. Use Case diagrams show the static view of a system. These diagrams are especially
important in organizing and modeling the behaviors of a system." Use case diagrams are frequently
used by Business Analysts to capture business requirements of a system. Choice C is therefore correct.
Deployment diagrams (Cade 50) "show the configuration of run time processing nodes and the
components that live within these nodes. Deployment diagrams address the static view of the
architecture." Architects frequently use deployment diagrams. Choice A is therefore incorrect. A class
diagram (Cade 44) "shows a set of classes, interfaces and collaborations and their relationships...Class
diagrams address the static design view of a system." Software designers frequently use class
diagrams. Choice B is therefore incorrect. Activity diagrams (Cade 48) "are a special kind of state
chart diagram that show the flow from activity to activity within the system. This type of diagram is
important in modeling the function of a system and emphasizing the flow of control among objects."
Designers and Developers frequently use Activity diagrams. Hence, choice D is incorrect. A
Collaboration diagram (Cade 46) "is an interaction diagram that emphasizes the structural organization
of objects that send and receive messages." Designers and developers frequently use Interaction
diagrams. Choice E is therefore incorrect. Sequence Diagrams (Cade 46) are "interaction diagrams that
emphasize the time ordering of messages." Interaction diagrams address the dynamic view of a system
and are frequency used by designers and developers. Hence, choice F is incorrect.
Deployment
Class
Use Case
Activity
Collaboration
Sequence
Messaging is achieved by which of the following?

Choice B is correct. Messaging is a middleware architecture used for asynchronous communication.
This is generally achieved through a store-and-forward mechanism. All message producers and
message consumers communicate to each other via a Message Oriented Middleware. Message
consumers receive messages via a polling mechanism or a server-push mechanism. Hence, choice B is
correct. Synchronous tightly coupled communication is a feature of RPC middleware applications.
Hence, choice A is incorrect. Stubs and Skeletons are used to marshall and unmarshall data in
distributed RPC environments. Hence, choices C and D are incorrect.
Synchronous tightly coupled communication between distributed components

Asynchronous loosely coupled communication between components
Using Stubs and Skeletons
Marshalling and unmarshalling of data
Which of the following is NOT true about RPC?

Choice C is correct. The statement C that says RPC is asynchronous in nature is false. Therefore,
choice C is correct choice. Statement A, B and D are true statements about RPC based communication
and hence, choices A, B and D are incorrect choice.
RPC attempts to mimic the behavior of a system that runs in one process
When a remote procedure is invoked, the caller is blocked until the procedure completes and
returns control
RPC is asynchronous in nature
RPC is tightly coupled
What is the difference between Maintainability and Manageability in Software Engineering?

Choice B is correct. Maintainability (Cade 8) "is the ability to correct flaws in the existing system
without impacting other components of the system" and Manageability (Cade 9) "is the ability to
manage the system to ensure the continued health of a system with respect to scalability, reliability,
availability, performance and security." Hence, choice B is correct. The definitions in choice A are in
the reverse order and are incorrect in choice C. Choice D says that the two non-functional requirements
refer to the same thing. Hence, choices A, C, and D are all incorrect.
Manageability is the ability to correct flaws in the system whereas maintainability is the ability to
ensure the continued health of the system.
Maintainability is the ability to correct flaws in the system whereas manageability is the ability to
ensure the continued health of the system.
Maintainability deals with ensuring that the system is always reliable and accessible whereas
manageability deals with the ability to add functionality to the system.
They are both the same.
One of the advantages of using Stateless Session Beans is that they are lightweight objects and do not
have conversational state overheads. Further, the container swaps these bean instances in and out of the
bean pool to appropriately manage resources. This allows the container to use fewer instances of the
bean to service a larger number of clients. What design pattern is being illustrated here?
Choice D is correct. Flyweight (GOF 195)"Use sharing to support large numbers of fine-grained
object efficiently." Here the container uses fewer instances of Stateless Session Beans to service a
larger number of clients. Hence, choice D is correct. Decorator (GOF 175)"Attach additional
extending functionality." Hence, choice A is incorrect. Factory Method (GOF 107)" Define an
interface for creating an object, but let subclasses decide which class to instantiate. Factory method lets
a class defer instantiation to subclasses." Hence, choice B is incorrect. Fa?e (GOF 185)"Provide a
unified interface to a set of interfaces in a subsystem." Hence, choice C is incorrect. Visitor (GOF
331)"Represent an operation to be performed on the elements of an object structure. Visitor lets you
define a new operation without changing the classes of the elements on which it operates." Hence,
choice E is incorrect.
Decorator
Factory
Facade
Flyweight
Visitor
In N-tier models, which of the following tier is best suited for implementing the view and controller
components of an MVC application?
Choice B is correct. N-tier models typically follow a Model2 architecture where each tier has specific
responsibilities. The view and most of the controller components are generally placed in the Web Tier
(Please note that in some Model2 architectures, some controller components are also placed in the
business logic tier.). Hence, choice B is correct. Choice A is incorrect because the client tier is not
responsible for the view and controller objects. Choice C is incorrect because there is no such tier as
MVC tier. Choices D, E and F are incorrect because none of them hold the view components (although
some controller components may be present in the Business logic tier.).
Client Tier
Web Tier
MVC Tier
Business Tier
EIS Integration Tier
EIS Tier
Which of the following are NOT considered tiers in a J2EE based N-tier model?
Choices C, F and G are correct as there are no tiers called 'EJB Integration Tier', 'Legacy Connectivity
Tier' or 'JCA Tier' in a J2EE based N-tier model. J2EE applications have the following tiers: - Client
tier (Browsers, Applications, Applets, Mobile clients and so on) - Web tier (presentation tier consisting
of JSP as view and Servlets as controllers) - EJB tier (Business Tier, consisting of EJB and supporting
classes) - EIS Integration tier (Java classes that integrate to the Enterprise Information System tier) and
- EIS tier (Relational databases, XML databases, ERP systems and so on.) Hence, choices A, B, D and
E are all valid J2EE application tiers and therefore incorrect choices.
Client Tier
Web Tier
EJB Integration Tier
EIS Tier
EIS Integration Tier
Legacy Connectivity Tier
JCA Tier
Inaccu Weather has a website where people can check the weather forecast of a city for up to five days
in advance. The data comes to Inaccu Weather through a specialized custom feed that directly updates
a relational database. If the company can expect between fifty to hundred concurrent hits in to their
site, which of the following Java based technologies may be best suited for their needs?
Choice E is correct. The important concepts are low website traffic and no modification of data (all
database access for simple read-only data). Thus, we can summarize that the use of EJBs will be
overkill for such a simple application. However, you still do not want to embed data access logic
directly into Servlets, as that would not be a modular approach. Hence, use Servlets and JSP for
presentation and Java classes to encapsulate interactions with the database. Choice E is therefore
correct. While choice A is a straightforward Model2 technique for this system, the use of EJB is not
required here. Hence, choice A is incorrect. Note that if the traffic becomes much higher and they wish
to migrate to an EJB solution, choice A would become the best candidate. We have discussed that the
use of EJB is not necessary for this application. Further, there is no concurrent use of shared data.
Hence, Entity beans are definitely not the ideal choice. Choices B and C are therefore incorrect. Choice
D indicates the use of Applets and EJB. Applets are best used when better GUI capability is required.
In this example, JSP is a perfectly good solution. In any case, this choice refers to the use of EJB
(already discussed as extra baggage for this problem.) Hence, choice D is incorrect.
Servlets and JSP for presentation and Session Beans with DAO for retrieval.
Servlets and JSP for presentation and CMP Beans for retrieval.
Servlets and JSP for presentation and BMP Beans for retrieval.
Applets for presentation and either Entity or Session Beans for retrieval.
Servlets and JSP for presentation with Java classes encapsulating all database access.
Since a dependency exists between two packages if a dependency exists between any two classes in the
packages, it can be deduced that all package dependencies are transitive in nature. True or False?
Choice B is correct as the statement is FALSE. Package Diagrams (Fowler 108)"show packages of
classes and the dependencies among them...A dependency exists between two elements if changes to
the definition of one element may cause changes to the other...A dependency between two packages
exists if any dependency exists between any two classes in the packages...With packages dependencies
are non-transitive." The question makes an argument that all package dependencies are transitive in
nature, which is false. Hence, choice B is correct.
True
False
Michael Fell runs a computer assembly company. He purchases parts from a wholesale parts
distributor. Fell has a legacy application to track purchases of parts and sale of computers. Although
the current system is very inflexible, the GUI is not very tightly coupled to the business layer. As an
architect, what medium to long-term solution would you offer, given that Fell does not want to do
away with his entire application yet?
Choice D is correct. The key in this question is that the GUI is not very tightly coupled to the business
layer. This means that the GUI can be decoupled form the system fairly easily. Further, the question
asks for a medium to long-term solution. Thus in this case, using a J2EE based front-end may be
preferable. Hence, choice D is correct. The use of screen scrapers may have been the best short-term
solution. However, it is certainly not the best medium to long-term approach. Hence, choice A is
incorrect. Code re-factoring is not an alternative here. The question does not say anything about what
the legacy system is written in and whether is easy to modularize its code. Hence, choice B is
incorrect. The question only mentions about changing the GUI. They are not looking to rewrite all
inflexible parts of the system. Hence, choice C is incorrect. Choice E is incorrect because it refers to
replacing all inflexible parts of the system. Further there is no indication anywhere in the question that
an ERP solution might make it more flexible.
Use Screen Scraping and Off-board server to provide information to a Java based application.
Refactor the legacy code to make it flexible.
Rewrite the inflexible parts of the application alone using Servlets.
Decouple the existing front-end and replace it with a J2EE based solution.
Replace the inflexible parts with a flexible ERP solution.
In the diagram, the initialization call 1.1.1 is made by:(Please Click on "Exhibit Button" to view the
Diagram )
Choice C is correct. The diagram shows a Collaboration Diagram (Collaboration diagrams are
Interaction diagrams and they address the dynamic view of a system. They emphasize on the structural
organization of objects. Read the SCEA for J2EE Study Guide for more information.) 1.1.1 Represents
an initialization method called by the value object AcctWebImpl on itself upon construction.
The Session Facde Object

The Acct Object3
The AcctWebImpl Object
Megasoft Corporation has an old application that uses a legacy database. Recently, Megasoft made a
decision to develop the front-end code for the application using the Java Applet technology. Currently,
Megasoft is not interested migrating its data to a relational database. In the order of importance, which
of the following may be the best approach to connect to the legacy database.
Choice D is correct. Updating the data storage tier (Jaworski 532.) "If the data storage tier of a legacy
system utilizes a relational database system, JDBC may be used to provide connectivity to legacy
databases. In most cases, legacy databases will not support a pure JDBC driver. If the existing system
provides ODBC support, the JDBC-ODBC Bridge can be used. If the database uses custom drivers, it
might be possible to find database middleware that supports the custom driver and either an ODBC or
JDBC interface." It is therefore preferable to try for pure JDBC driver support, failing which one may
opt for a JDBC-ODBC Bridge. If that too is not possible, then a database middleware may be used.
Choice D is therefore correct. Although choices A, B and C give the same three alternatives, they are
in incorrect orders of preference. Hence, choices A, B and C are incorrect.
JDBC-Bridge, Database Middleware, JDBC

Database Middleware, JDBC-ODBC bridge, JDBC
JDBC, Database Middleware, JDBC-ODBC bridge
JDBC, JDBC-ODBC Bridge, Database Middleware
Which of the following design pattern can be used to create a family of dependent objects?
Choice D is correct. Abstract Factory (GOF 87)"Provide an interface for creating families of related or
dependent objects without specifying their concrete classes." Hence, choice D is correct. Factory
Method (GOF 107)" Define an interface for creating an object, but let subclasses decide which class to
instantiate. Factory method lets a class defer instantiation to subclasses." Hence, choice A is incorrect.
Prototype (GOF 117)" Specify the kinds of objects to create using a prototypical instance, and create
new objects by copying this prototype." Hence, choice B is incorrect. Builder (GOF 97)"Separate the
construction of a complex object from its representation so that the same construction process can
create different representations." Hence, choice C is incorrect. Singleton (GOF 127)" Ensure a class
only has one instance, and provide a global point of access to it." Hence, choice E is incorrect.
Factory Method
Prototype
Builder
Abstract Factory
Singleton
Which of the following are NOT service level requirements that affect software architecture?
Choices A, D and G are correct. Service level requirements (Cade 6) or Quality of Service (QoS)
requirements are those needed by an application to satisfy the business requirements of a system.
Performance, Scalability, Reliability, Availability, Extensibility, Maintainability, Manageability and
Security are Non-functional service level requirements. While choices A and D illustrate important
aspects of a software project, they are not considered QoS requirements. Although, choice D describes
a best practice that is frequently used by good designers, it too is not a Service level requirement.
Hence, choices A, D and G are correct. Performance, Reliability, Availability and Security are service
level requirements and therefore choices B, C, E and F are incorrect.
Detailed Design
Performance
Reliability
Training
Availability
Security
Design Patterns
Pensacola, a Florida based soda company has just started operations in Dallas, TX to counter
competition from Dr. Pepper. Pensacola believes that using a J2EE based application will put them
ahead of the competition. Their new architect is suggesting that Session Beans be used to provide a
unified interface to the Entity Beans in the system. The use of session beans here illustrates the use of
what design pattern?
Choice C is correct. Facade (GOF 185)"Provide a unified interface to a set of interfaces in a
subsystem." The following is taken from:
http://java.sun.com/blueprints/corej2eepatterns/Patterns/SessionFacade.html "Use a session bean as a
facade to encapsulate the complexity of interactions between the business objects participating in a
workflow. The Session Facade manages the business objects, and provides a uniform coarse-grained
service access layer to clients." Hence, choice C is correct. Flyweight (GOF 195)"Use sharing to
support large numbers of fine-grained object efficiently." Hence, choice A is incorrect. Proxy (GOF
207)"Provide a surrogate or placeholder for another object to control access to it." Hence, choice B is
incorrect. Decorator (GOF 175)"Attach additional responsibilities to an object dynamically. Decorators
provide a flexible alternative to subclassing for extending functionality." Hence, choice D is incorrect.
Adapter (GOF 139)"Convert the interface of a class into another interface clients expect. Adapter lets
classes work together that couldn't otherwise because of incompatible interfaces." Hence, choice E is
incorrect. Bridge (GOF 151)"Decouple an abstraction from its implementation so that the two can vary
independently." Hence, choice F is incorrect.
Flyweight
Proxy
Facade
Decorator
Adapter
Bridge
Of the following scenarios, which one may be best suited for the use of Entity Enterprise Beans?
Choice D is correct. While Entity beans model business concepts, usually persisted as records in some
kind of database, it is not necessary to use Entity beans every time you interact with the database. In
fact from a performance point of view, simple selects and retrieval can be just as easily done using
Session Beans with Data Access Objects (DAO.) Entity Beans are best used when you are dealing with
concurrent access to shared data, where transactions, concurrency and integrity play a vital role.
Hence, choice D is correct. Choice A refers to using existing data and performing some calculation on
it. This can be best achieved through a Stateless Session Bean. Hence, choice A is incorrect. Choice B
talks about maintaining conversational state. This is best dome with Stateful Session Beans. Hence,
choice B is incorrect. Retrieval of product catalogs is a simple query. Again, this can be done through
Stateless Session Beans and DAO. Hence, choice C is incorrect.
Calculation of tax information, based on data retrieved by two other Entity Beans
To maintain shopping cart state for an online application
To retrieve product catalogs based on a search criteria
To allow concurrent access to shared data, as in the case of on an online auction house's
application
You can traverse through the elements of many Java Collection objects because they provide a way to
access their elements sequentially. What design pattern is used here?
Choice D is correct. Iterator (GOF 257)"Provide a way to access the elements of an aggregate object
sequentially without exposing its underlying representation." Hence, choice D is correct. Visitor (GOF
331)"Represent an operation to be performed on the elements of an object structure. Visitor lets you
define a new operation without changing the classes of the elements on which it operates." Hence,
choice A is incorrect. Observer (GOF 293)"Define a one-to-many dependency between objects so that
when one object changes state, all its dependents are notified and updated automatically." Hence,
choice B is incorrect. Builder (GOF 97)"Separate the construction of a complex object from its
representation so that the same construction process can create different representations." Hence,
choice C is incorrect. Proxy (GOF 207)"Provide a surrogate or placeholder for another object to
control access to it." Hence, choice E is incorrect. Decorator (GOF 175)"Attach additional
extending functionality." Hence, choice F is incorrect.
Visitor
Observer
Builder
Iterator
Proxy
Decorator
Which of the following are true about Client/Server based applications

Choices A, C and E are correct. In 2-tier applications, clients are typically used for data presentation,
validation of user inputs and processing of business logic. Hence, choice A is correct. If you compare
the functions performed by the client with the MVC pattern, the client performs the duties of the view,
the controller and parts of the model. The client interacts with the database and retrieves data. This
data is then assembled into the required view. For example, a window that shows all orders taken in
one day sorted by the customer number. The client thus acts as the view in MVC. When some search
criteria is entered and the user presses a button to retrieve necessary data, the client appropriately
dispatches the request to the database interaction object that retrieves the necessary data. Here the
client acts as the controller. Most database interaction is encapsulated in a set of database access
objects. These objects perform business rules processing. Here the client performs the job of the MVC
model. Some logic is also encapsulated on the server side via triggers and stored procedures. Hence, it
is possible that the database also performs some model tasks in 2-tier applications. Hence, choice C is
correct. Client/server applications frequently suffer from fat clients or fat servers or a combination of
both. This is because either all the logic is coded in the client (4GL scripting language) or all the logic
is coded on the server (through stored procedures and triggers) or a combination of both. This results in
poor portability of such applications. Hence, choice E is correct. Choice B indicates that 2-tier
applications follow Model2 architecture whereas n-tier applications follow Model3 architecture. This
is untrue, because it is N-tier applications that normally follow the Model2 architecture. Hence, choice
B is incorrect. Although object-oriented client/server platforms may offer the tools to decouple
windows and database interaction objects that is not a normal feature in 2-tier applications. Hence,
Clients are typically used for data presentation, validation and for processing business logic.
Most client/server applications follow the Model2 architecture as opposed to n-tier applications
that follow Model.
In client/server applications, the client normally consists of the view, controller and parts of the
model.
In typical client/server applications, the presentation tier (windows) generally talks to controller (a
data dispatcher), which then talks to objects that represent the enterprise data.
Client/server applications generally have fat clients and sometimes, fat servers as well. Hence,
both the client and the server could offer portability problems.
EJB1.1 has support for undefined Primary Keys. This means that the Primary Key can be undefined
until deployment time. When we use defined Primary Keys, the Bean class and the Interfaces use the
BeanPK type to identify the key. What do the Bean class and the Interfaces refer to in the case of
undefined Primary Keys?
Choice D is correct. EJB 1.1 has support for undefined Primary Keys. That means they can be
deferred until deployment time. When undefined Primary Keys are used, the Bean class and its
interfaces can refer to the undefined key using the java.lang.Object. Choice A is only partially true and
hence an incorrect choice. Choices B and C are incorrect because you cannot use
java.lang.Enumeration or java.lang.Class for referring to undefined Primary Keys.
Though the Primary Key itself can be undefined, its name must be predetermined. The Bean class
and the Interfaces use this name.
An instance of java.util.Enumeration
An instance of java.lang.Class
An instance of java.lang.Object
Compact Computers is a small computer assembly company. Its customers currently have the
following choices for a PC: (i) 800 MHz processor, 40 GB HDD, 128 MB RAM (ii) 1 GHz
processor, 60 GB HDD, 256 MB RAM (iii) 1.2 GHz processor, 80 GB HDD, 512 MB RAM The use
of what design pattern would ensure that only the legal combinations could be sold?
Choice D is correct. This question needs you to apply your knowledge of design patterns. We are
dealing with families of related objects. Abstract Factory (GOF 87)"Provide an interface for creating
families of related or dependent objects without specifying their concrete classes." The applicability
section of Abstract Factory (GOF 88) indicates that this pattern is to be used when: - A system should
be configured with one of multiple families of products - A family of related product objects is to be
used together and the constraint needs to be enforced. Hence, Abstract Factory is the right pattern for
this problem. Choice D is therefore correct. Factory Method (GOF 107)" Define an interface for
creating an object, but let subclasses decide which class to instantiate. Factory method lets a class defer
instantiation to subclasses." Hence, choice A is incorrect. Builder (GOF 97)"Separate the construction
of a complex object from its representation so that the same construction process can create different
representations." Hence, choice B is incorrect. Prototype (GOF 117)" Specify the kinds of objects to
create using a prototypical instance, and create new objects by copying this prototype." Hence, choice
C is incorrect. Singleton (GOF 127)" Ensure a class only has one instance, and provide a global point
of access to it." Hence, choice E is incorrect.
Factory Method
Builder
Prototype
Abstract Factory
Singleton
Toysrfuss, a national toy store is creating a new e-front for Order processing. Customers have to create
an account to transact with them, although an account is not required for browsing the catalog.
Customers can browse items and add them to a shopping cart. They can then proceed to checkout. At
this time, they can update quantities and submit the order. What technologies may be best suited for
this application?
Choices A, D, E and H are correct. The use of JSP for presentation and Servlets for controllers is
consistent with the Model 2 approach. Hence, A is a right choice. Choice B is the opposite of choice A
and therefore incorrect. Choice C is incorrect because it is suggesting the use of a Stateless Session
bean for the management of the shopping cart. Since stateless beans do not maintain any
conversational state, they cannot be used for this purpose. The use of a stateless session bean for
catalog retrieval is consistent with the Model 2 architecture and a recommended best practice. Choice
D is therefore correct. Stateful Session Beans hold conversational state. Hence, the management of a
shopping cart is a good example of their use. E is therefore correct. Stateful Session beans are not very
useful for updating order information. F is therefore incorrect. Entity beans for catalog retrieval are
overkill because Entity beans are best used when shared data is being concurrently accessed or heavy
transactional DML statements are required. G is therefore incorrect. Entity beans represent the
enterprise data of a system and perform specialized DML operations like inserts, deletes and updates.
They would be perfect for updating order information. H is therefore a correct choice.
JSP for presentation and Servlets as controllers

Servlets for presentation and JSP as controller
Stateless Session Bean for Shopping cart
Stateless session bean for catalog retrieval
Stateful Session bean for shopping cart
Stateful session bean for Order update
Entity bean for Catalog retrieval
Entity bean for Order update
Which of the following statements about 'Not Supported' and 'Never' transactional attributes are true?
Choices A and C are correct. Choice A describes how the transactional attributes 'Not Supported' and
'Never' work. Choice A is therefore correct. Choice B is the inverse of Choice A and therefore
incorrect. Choice C describes a situation where a method with transactional attribute 'Not Supported' or
'Never' is called without a transactional scope. In this case, they both behave identically. Choice C is
therefore correct. Choice D indicates that under both circumstances the method will execute
identically. This is incorrect because a 'Never' method will throw a 'RemoteException' if called with a
transaction. Choice D is therefore incorrect.
'Not Supported' suspends any transaction until the method is completed whereas 'Never' throws a
RemoteException when called with a transaction.
'Never' suspends any transaction until the method is completed whereas 'Not Supported' throws a
RemoteException.
If the method is called without any transactional scope, both attributes will work identically.
If the method is called with a transactional scope, both attributes will work identically.
Most EJB servers show high degree of availability. Server clusters are an example of how this is
functionality is achieved. What key advantages might server clusters offer in an EJB environment?
Choices A and D are correct. Server clusters increase availability and redundancy in a system. They
also provide fault tolerance. With clusters, requests can be distributed so that multiple servers share the
load. Some servers may also offer the sophistication to determine which servers are under utilized so
that load can be balanced. Hence, choices A and D are correct. Location Transparency is achieved
through Object Distribution. This is a feature of all distributed systems. Hence, choice B is incorrect.
Various vendors may offer a variety of tools for better resource management. Caching may be one
such capability. It has nothing to do with a multi-server environment though. Hence, choice C is
incorrect. Two phase commit (2PC) may be a feature offered by many J2EE vendors for addressing
distributed transactions. Again, this is not a feature of server clustering. Hence, choice E is incorrect.
Load distribution
Location transparency
Caching capability
Load balancing capability
2PC (Two phase commit) capability
Status Quo is an emerging B2C company that has a portal through which customers can purchase clay
jewelry. Since the order process involves a shopping cart, session management and secure access are
required. How would you manage this?
Choice B is correct. HTTPS is a secure and stateful protocol. Choice A is incorrect because HTTP is
inherently stateless. Choice C is incorrect because SOAP is an RPC mechanism, not a state
management mechanism. Choice D is incorrect because CGI programs are server side processes
(comparable to Java Servlets.) They do not manage session state.
Use HTTP since it is a stateful protocol.

Use HTTPS since it is a stateful protocol.
Use SOAP for state and security management.
Use CGI with cookies for state management.
Chocolat, an exotic chocolate maker in France is planning to provide an e-front for chocolate sales.
FedEx would ship the packages to various national and international locations. To customize the
customer's interaction with the system and to make his / her overall shopping experience more
pleasant, Chocolat has decided to support Internationalization. Which of the following aspects they
would need to consider?
Choices A, B and D are correct. This question deals with Internationalization. Language for messages,
formats (numbers, date and so on), taxes and legal rules are all subject to Internationalization. Hence,
choices A, B and D are correct. Choice C refers to a security mechanism where a demilitarized zone is
created between two firewalls and is irrelevant to I18N. RSA and MD5 are security terminology used
with cryptography. Therefore, choices E and F are incorrect.
Language for messages

Formats (numeric, date and so on.)
DMZ requirements
Taxes and legal rules
RSA
MD5
ScreamWorks, a cinema multiplex, has a website from which you may download signed applets with
the latest movie trailers, show timings and so on. The Applet works on Java 1.3 or higher. The applet
needs to write user preferences to a temporary file in the host machine (where it is being executed). Is
this scheme possible? Note that the client has defined a usePolicy and the java.policy has granted no
permissions for the applet.
Choice A is correct. This question expects you to be familiar with the changes in the Java 2 Security
model. In JDK1.2 and higher, all code local and remote can be subjected to a security policy. By
default, remote code will be constrained to the old Sandbox model. However, if a policy file is created
with grant privileges, an applet will be restricted to the grants whether or not it is signed. Hence,
choice A is correct.
No as Applets cannot be used here because even signed applets are untrusted if the necessary
permissions are not granted.
Yes as the sandbox model does not apply to signed applets.
A sample program ships with two properties files - Base.properties, Base_fr.properties. If the current
Locale, Locale.ENGLISH has no matching properties file, what will happen when the
ResourceBundle.getBundle method is called with 'Base' and Locale.English as parameters?
Choice B is correct. When the getBundle() method is called on ResourceBundle, it checks to see if a
class or properties file is available for the base parameter's current locale. If neither is available, it uses
the default (the Base.Properties file in the present case). Hence, choice B is correct.
Since a matching properties file is not found, an exception is thrown

This would not pose a problem because when a matching properties file is not found, the default
properties file is used instead.
What does the term Atomicity mean in the context of ACID transactional properties and Enterprise
Java Beans
Choice C is correct. Atomicity (Monson-Haefel 2nd edition 275)"To be atomic, a transaction must
execute completely or not at all." Hence, choice C is correct. Choice A refers to 'Consistency.' Hence,
it is incorrect. Choice B refers to 'Isolation.' Hence, it is incorrect. Choice D refers to 'Durability.'
Hence, it is incorrect.
Integrity of underlying data

Non Interference from other processes or systems
Complete execution or no execution at all
Maintenance of all data changes in physical storage
What is a Demilitarized Zone (DMZ)?

Choice D is correct. Demilitarized Zone (DMZ) is an area between two firewalls. The outer firewall
lets requests to publicly accessible services in. It will reject all other requests. The inner firewall will
protect the company's internal network and prevent requests coming into the DMZ from passing
through it. Choice D is therefore correct. Choices A, B and C are all incorrect.
The logical separation of tiers in a J2EE application. Example: the separation between the Web
Tier and the EJB Tier
The logical separation of layers in a J2EE application. Example: The separation between the
Operating System and the EJB Container.
A type of protection offered by proxy firewalls, currently only available to the U.S armed forces
under National Security laws.
The region between two firewalls
Which of the following are valid methods in Entity EJBs?
Choices A, D and F are correct. Entity Beans are subject to activation and Passivation. The container
informs the bean that the bean is about to be passivated or activated through the two callback methods
- ejbPassivate() and ejbActivate(). EjbStore() is a callback method used during database
synchronization. EjbRemove() is called when the client wishes to remove the data the bean represents,
from the database. Hence, choices A, D and F are correct. EjbSave(), ejbRetrieve() and ejbDestroy()
are not valid methods for EJBs. Hence, choices B, C and E are incorrect.
ejbActivate()
observe()
ejbRetrieve()
ejbStore()
ejbDestroy()
ejbRemove()
What is the relevance between Performance and Security?

Choice D is correct. One of the key aspects of security is encryption and decryption of data. Data
encryption ensures that sensitive data will be protected against eavesdropping and tampering. A
concept called 'cryptography' is used for accomplishing this. The two popular types of cryptography
are 'Public Key Cryptography' or 'Asymmetric Key Cryptography' and 'Symmetric Key Cryptography.'
In both forms, a combination of Cryptographic algorithms (ciphers) and hashing algorithms protect the
data from intruders. The data is decrypted at the receiver's end and becomes intelligible again. All this
work results in extra overheads. Hence, generally increased security results in a lower performance.
Choice D is therefore correct. Higher security results in lower performance. Hence, choices A and B
are incorrect. A high performance is not a technical pre-requisite for secure systems although it may
be a good idea to increase performance wherever possible to offset the performance loss due to higher
security. Hence, choice C is incorrect. Many poorly engineered secure systems exhibit poor
performance. Hence, choice E is incorrect.
They are not related to each other in any way

High Security generally results in high performance
High performance is a pre-requisite for secure systems
Security and Performance are inversely proportional
Low performance systems cannot be secure
Company ABC has a legacy application that can be accessed via CORBA. The company wants to
integrate new Java-based development with the existing legacy services. Currently, no new services
are planned. If the legacy application were primarily to be used as a CORBA server, which of the
following connectivity option would you recommend?
Choice C is correct. The important concept here is that the existing legacy system supports a CORBA
interface and no new services are being currently planned. If Java code is primarily going to access
CORBA services, the recommended connectivity tool is Java IDL. Java IDL gives Java code CORBA
capability. Hence, choice C is correct. RMI-JRMP should be used when dealing with distributed
applications, all written primarily in Java. Hence, choice A is incorrect. The question does not specify
anything about the legacy code's JNI capability. However, it specifically mentions about CORBA
compatibility. Hence, choice B is incorrect. RMI-IIOP is the protocol used with EJB. The legacy
system is coded with a CORBA interface and the question mentions that no new coding is anticipated.
Therefore, EJBs are not a good choice for this problem. Hence, choice D is incorrect. When you wish
to communicate with a system whose firewall does not permit requests of a certain protocol, the
requests are sometimes masqueraded as HTTP requests. This concept is called HTTP tunneling.
Hence, choice E is incorrect.
RMI-JRMP
RMI with JNI
Java IDL
RMI-IIOP
HTTP tunneling

Do not Cheat
Which of the following aspects of an application may need to be customized in order to support
deployment in different locales?
Choices A, C, and D are the correct answers.Internationalization is the process of preparing an
application to be used in multiple locales. Localization is the process of preparing an application (that
has been through the process of internationalization) for use in a specific country.During
internationalization/localization the following parts of an application may need to be customized:
Date formats Taxation algorithms (plus any other financial representation) The use of color Text
(language) - Messages, and any part of the application where text is used Algorithms - Dictionaries
Number formatsGenerally the security settings should not need to be specific depending upon the
locale that the application was deployed in. Although text file access may require customization for
certain locales, binary file access shouldn't. Therefore choices B and E are incorrect.
Date formats
Security settings
Taxation algorithms
The use of color
Binary file access routines
There are only two other correct choices
What are the key benefits of using design patterns? (Select the two most suitable answers)
Choices B and D are the correct answers.A design pattern is a reusable solution to a problem. This
means that when developing new software there are already many solutions (design patterns) to
problems you may encounter. (The art is knowing which pattern to use and where to use it.) This
means you should experience faster software development when using design patterns, so choice D is
correct. By using well-known and established design patterns your code (and software as a whole)
should become more maintainable because you have used patterns that other programmers/developers
should recognize. Although there are many design patterns that promote loose coupling between
components this is not a key feature of using design patterns. For example, it is equally possible to
have loose coupling between components without using design patterns as it is with using them.Using
design patterns will have no impact upon the speed that the program will execute or on the size of the
program. So choices A and E are incorrect.
The code will execute faster

The code will be more maintainable
Loose coupling between components
Faster software development
Smaller program size
Consider the following scenario: An applet executing in a single thread (no new threads are created)
attempts to use excessive amounts of memory by declaring huge arrays and populating them with
random data.Which of the following statement is correct?
Choice F is the correct answer.The security manager does not monitor the memory, CPU or network
bandwidth usage of an applet (It is assumed that the operating system will guard against an applet
using an excessive amount of resources.). When an applet runs out of memory a
java.lang.OutOfMemoryException will be thrown.Choice A is inappropriate, if not completely
incorrect. Generally, operating systems will allocate a certain amount of memory for processes to use
but this is not fixed (an applet can ask for more and if available the O/S may assign it). The reason
choice A is incorrect is that it is possible for applets to use excessive amounts of memory. Choices B,
C, and D are incorrect because the security manager does not monitor an applet's CPU, memory or
network bandwidth usage. For more information please see: http://java.sun.com/sfaq/
The security manager only allocates a certain amount of memory so it is not possible for an applet
to use excessive amounts of memory.
The security manager will effectively starve the applet when it starts to use excessive amounts of
memory.
The security manager will kill the applet when it starts to use excessive amounts of memory.
The security manager only monitors CPU usage so it is possible for the applet to use an excessive
amount of memory.
A java.lang.OutOfMemoryException may be thrown.
The applet will execute without intervention from the security manager.
Your job is to design the architecture for an online auction house that sells collectable toys. The
process of buying an item involves placing a bid for the desired item that is higher than any other
customers before the time of the auction expires. When a bid is placed it is legally binding, i.e. you
cannot default on a bid, therefore the process of placing a bid must be must be treated as part of a
transaction even if the client is not executing as part of a transaction. What is the appropriate attribute
in the deployment descriptor?
Choice B is the correct answer.Choice B is correct because it ensures that a bean method is always
executed as part of a transaction.Choices A, C, and D although valid transaction attributes, are
incorrect because the mandatory attribute requires the client to be calling from within a transaction
attribute, and if not, a javax.transaction.TransactionRequiredException will be thrown. If a transaction
is marked supports and the client is not calling from a transaction context, then the method will
continue to execute irrespective of whether the method should execute as part of a transaction. If the
transaction attribute is RequiresNew then any existing transaction would automatically be suspended
and a new transaction is started. This is not required. Choices E, F, and G are all invalid transaction
attributes.
RequiresNew
Required
Mandatory
Supports
Depends
Default
Always
MegaSoft Inc. has an existing supply chain application that consists of a web based user interface,
Oracle stored procedures and an Oracle database. Although at the moment there are no plans to extend
this application, the management recognize that this is only a matter of time and therefore they wish to
improve the application's extensibility. What is the best way of doing this?
Choice D is the correct answer.The best way to improve this systems extensibility is to move the
business logic to Session Beans (this would involve adding an application server). A three-tier system
can be classified as a loosely coupled, highly scalable and extensible solution. A simple system (such
as a one-tier system) is much easier to manage than a complex three-tier system (remember altering a
tier comes under extensibility). A two-tier system can have either fat or thin clients depending on
where the business logic is implemented. A three-tier system will be harder to secure than a typical
two-tier system because of the extra network calls etc.
Migrate the business logic to PERL scripts

Migrate the business logic to Java Servlets
Migrate the business logic to Entity Beans
Migrate the business logic to Session Beans
This application already has good extensibility
What is a VPN?
Choice B is the correct answer.Virtual Private Network - VPN - is a solution for securely connecting
two networks that are in geographically different locations. A VPN will use a variety of different
encryption and authentication techniques to ensure that data confidentiality is maintained. A DMZ is
the zone between two firewalls. Consider the following system architecture that you must secure:
Company web server 5 Office machines 2 Development serversThe company web server needs
to serve pages to remote users and office machines need access to the Internet. You would secure this
by creating a DMZ that contains the company web server. You should put machines that provide
services to Internet clients in the DMZ and the office machines and development servers behind an
inner firewall. You would then configure a proxy server in the DMZ to forward the requests from the
office machines to the Internet.
A VPN is a way of connecting two networks over another trusted network.

A VPN is a way of connecting two networks over another un-trusted network.
A VPN is the area between two firewalls. You have an outer firewall and an inner firewall. You
should put machines that provide services to Internet clients in the area between the two firewalls
(the VPN) and other machines behind an inner firewall.
As given in choice C but a VPN is the area outside of two firewalls.
As given in choice C but a VPN is the area behind the inner firewall.
Which interface and method would you use to prepare the Session Bean instance for re-use following
passivation? (Note: Method parameters are not shown)
Choice B is the correct answer.The SessionBean.ejbActivate() method signals that the instance has just
been reactivated. The Session interface does not exist so choices D and E are incorrect. The ejbLoad
method in choices A and C is actually defined in the EntityBean interface and is used to instruct the
instance to synchronize its state from the underlying database, so these choices are incorrect. The
EnterpriseBean interface does not define the ejbActivate() method so choice F is incorrect.
SessionBean.ejbLoad()
SessionBean.ejbActivate()
EnterpriseBean.ejbLoad()
Session.ejbLoad()
Session.ejbActivate()
EnterpriseBean.ejbActivate()
MegaDreamDating Inc. is expanding from one office to five throughout the US. As part of this
expansion they wish to upgrade their 'Dream date match' application, which matches requirements an
ideal partner will have with registered users. Currently the 'Dream date match' is a standalone
application (no network code), written on C++. It is likely that the requirements for this application
may be extended yet again. How should you extend this application so that it can be deployed in all
the five offices?
Choice D is the correct answer.To make the application available at all five regional offices will
involve adding network code. But before this can be done, the C++ application needs to be able to talk
to the network code. The most appropriate way of doing this is through the use of JNI. The new
business logic can be added to the existing application and then made available to the other offices via
RMI.Choice C is incorrect because it isn't appropriate to make the solution available via the use of
CORBA and then connect Java clients by Java IDL. (You should choose one or the other, do not mix
the two unnecessarily.)Choice E is incorrect because the question states that the application
requirements may be extended, so although technically it would be possible to create a custom Java
server that used JNI and allowed the applets to connect to it, the code would not be very extensible or
maintainable.Choice A is incorrect because we can use JNI.Choice B is incorrect because it makes
sense to synchronize the data.
As there is no built in network code, a complete rewrite will be required.

There is no need to extend the application, instead run five separate versions (one in each office).
Extend the application by integrating CORBA (create a CORBA server at head office) then use
Java IDL at the regional offices to connect to the CORBA server.
Use JNI and RMI. Create a RMI server at head office and then create a client for use at the
regional offices.
Use JNI and applets as in choice D but applets will connect to the JNI code at the head office.
You have been recruited by MegaSoft Inc. to solve the problem described below. How do you solve
this problem? You need to connect a Java Servlet (on a different server) to a custom database written
entirely in C++. You have access to the database code and an ODBC connection is available but a
JDBC driver is not available. Note: Other application can connect via the ODBC connection.
Choice B is the correct answer.The problem described in the question is actually much simpler than it
sounds and there is no need to write any new code because a JDBC-ODBC bridge can be used. Choice
A is incorrect because there is no need to write a JDBC driver. Choice E is incorrect because the
problem is not having a suitable JDBC driver as opposed an issue with the database. If the firewall
were blocking the database connection then other applications wouldn't be able to connect via the
ODBC connection, so option C is incorrect.Sun writes the following about the JDBC-ODBC bridge:If
possible, use a Pure Java JDBC driver instead of the Bridge and an ODBC driver. This completely
eliminates the client configuration required by ODBC. It also eliminates the potential that the Java VM
could be corrupted by an error in the native code brought in by the Bridge (that is, the Bridge native
library, the ODBC driver manager library, the ODBC driver library, and the database client library).
The JDBC-ODBC Bridge driver is recommended for use in prototyping efforts and for cases where no
other JDBC technology-based driver exists. If a commercial, all-Java JDBC driver is available; we
recommend that it be used instead of the Bridge. For more information please see:
http://java.sun.com/j2se/1.3/docs/guide/jdbc/getstart/bridge.doc.html
Write a JDBC driver yourself (this shouldn't be that difficult as you have access to the database
code).
Use a JDBC-ODBC bridge.
There is no need to make any changes, as JDBC and ODBC are one and the same, the chances are
that the firewall was blocking the connection.
Write some custom JNI code and pass the SQL requests to the database this way instead.
Modify the database code to accept JDBC connections.
You are working for a new web-based music shop that provides customers with huge discounts over
buying from the high street. As the popularity of the site increases, your customers start to notice a
drop in the site performance. You have been brought in to analyze the existing architecture and see
where improvements could be made. Currently the architecture consists of three web servers (serving
the PHP pages) and a single database server (MySQL). Which are the two most appropriate
improvements, taking the increasing popularity of the site into account?
Choices A and D are the correct answers.Choices F and G will vertically scale the existing solution.
Although this will provide an instant performance increase (assuming there is no network bottleneck),
this will also be the least scalable of the choices due to the increasing popularity of the site. Clustering
the databases and adding extra web servers (choices B and C) will horizontally scale the solution. This
will provide a solution that can be scaled in the future. However, due to the tight coupling of business
logic to either the presentation or data (the question doesn't specify which), the solution will be hard to
maintain. Therefore the most appropriate changes will be to migrate the two-tier solution to a three-tier
one by migrating the PHP pages to JSP (creating a Tomcat cluster) and adding an application server.
Migrate the PHP pages to JSP (moving to an Apache Tomcat cluster)

Add extra web servers and move the MySQL database to Oracle
Create a cluster of databases
Add an application server
Add stored procedures to the database
Upgrade the CPU of the database server
Upgrade the RAM of the web servers
MegaFlights Inc. are now ready to embrace the 21st century and expose their flight ticket sales
solution over their intranet. This will enable regional offices to keep up to date with the latest prices
and seat availability by accessing this information via their web browser. How should you extend this
legacy application to meet these new requirements?
Choice B is the correct answer.In order to make the sales system available over the intranet, a
combination of JNI and JSP/Java Servlets will have to be used. The use of Java Servlets alone is not
enough because the question states that the legacy application must be extended, not replaced. (To
replace an application of this nature would involve moving the business logic to Stateful Session
Beans; the data would be represented with Entity Beans and a combination of Java Servlets and Java
Server Pages for the presentation tier.) Java Applets could not be used without some JNI code so
option C is incorrect. Choices D and E are both incorrect because the extension to the legacy
application is at the presentation tier (and interfacing this with the applications' business logic), and
Session Beans handle business logic.
Use JSP/Java Servlets

Use JSP/Java Servlets and JNI
Use Java Applets
Use Stateful Session Beans with java sockets
Use Stateless Session Beans with java sockets
Which one of the following protocols provides a mechanism to identify parties?

Choice B is the correct answer.HTTPS is HTTP over SSL. HTTPS is a stateful protocol that encrypts
data and validates both parties. The encryption algorithm to be used is negotiated by the two parties
(the best level of encryption that both parties can understand is used, i.e. if one party has a best of
128bit triple DES and another of 40bit triple DES then 40bit triple DES will be used). The Internet
Inter-ORB Protocol - IIOP - is the protocol that CORBA systems use. IIOP is stateful and provides
programming language and platform independence. IIOP will have access to built in CORBA services
such as transaction management but it does not provide a mechanism to identify parties.JRMP is the
standard Java transport protocol (RMI-JRMP). JRMP does not provide a mechanism to identify
parties. JRMP can, however, use SSL and JAAS for security but by default these are not used, so
option D is incorrect.Both JRMP and IIOP will not pass through a typically configured firewall but
both can be tunneled over HTTP.Choices C and F are incorrect because IOIP and JMRP are not valid
protocols. Choice A is incorrect because HTTP does not provide a mechanism to identify parties.
HTTP
HTTPS
JMRP
JRMP
IIOP
IOIP
Which of the following statements describe the Bridge pattern and the benefits of using it?
Choices B and E are the correct answers.The Bridge patterns separates abstraction and implementation,
by doing this your application will benefit from increased extensibility. In more detail, the bridge
pattern separates functional abstraction and internal representation. These are put into two separate
inheritance hierarchies [Cade, 2002]; therefore changes to either one of these can be made
independently.Bridge - "Decouple an abstraction from its implementation so that the two can vary
independently."Choice A describes a feature of the Adapter pattern. Choice C describes the Facade
pattern. Choice D describes the Decorator pattern.Adapter - "Converts the interface of a class into
another interface clients expect. Adapter lets classes work together that couldn't otherwise because of
incompatible interfaces."Facade - "Provides a unified interface to a set of interfaces in a subsystem.
Facade defines a higher-level interface that makes the subsystem easier to use."Decorator - "Attaches
additional responsibilities to an object dynamically. Decorators provide a flexible alternative to sub
classing for extending functionality."
Provides a way for classes with incompatible interfaces to work together

Decouples abstraction and implementation
Provides a simple interface to a complex subsystem
Provides means to dynamically add extra functionality to an object
Increased extensibility
A malicious hacker has created an applet to cause a denial-of-service style attack by sending packets
from the client machine to a 'target' machine (different from the host machine). Which of the following
statements regarding this are true?
Choice B is the correct answer.Applets are permitted to make network connections back to the host
that they were downloaded from. They aren't however allowed to connect to arbitrary hosts because
this would provide a mechanism for denial of service attacks. Also if a firewall or server filters packets
by IP address then it would be possible for a downloaded applet to be trusted automatically by the
firewall/server (a downloaded applet sending requests from your machine would be sending them with
your trusted IP address).It is not possible to change the priority of the thread that was created by the
browser for the applet to run in (to do this would require an O/S call). It is possible for an applet to
create new threads and manipulate the threads in the thread group that the browser created for the
applet.The security manager does not monitor the memory, CPU or network bandwidth usage of an
applet. (It is assumed that the operating system will guard against an applet using an excessive amount
of resources). When an applet runs out of memory a java.lang.OutOfMemoryException will be
thrown.Generally speaking, operating systems will allocate a certain amount of memory for processes
to use but this not fixed (an applet can ask for more and if available the O/S may assign it).For more
information please see: http://java.sun.com/sfaq/
This will work as expected.

This cannot be carried out by an applet.
This will only work if the applet is signed.
This may work, but it depends on the configuration of the users browser.
Which of the following statements describe Container Managed Persistence?

Choices A and B are the correct answers.Container Managed Persistence will increase an Enterprise
Bean's portability and is particularly useful when simple objects need to be persisted. Bean Managed
Persistence should generally be avoided. The two main arguments for using it are: reducing
dependence upon a database (see DAO below) and when you need to persist a complex object. It used
to be the case that EJB Containers couldn't generate efficient SQL, however, now the latest
Application Servers can generate highly optimized SQL.The use of a Data Access Object - DAO with
an Entity Bean using Bean Managed Persistence BMP will help reduce the coupling between the bean
and the database. Basically, when using a DAO you are moving all the SQL from the bean into a
separate object and calling DAO methods instead. The use of Data Access Objects does not, however,
reduce the dependence upon a particular Application Server.
CMP will increase Enterprise Bean portability.

CMP should be used with simple objects.
CMP will decrease the Enterprise Bean portability.
CMP should be used with complex objects.
Using CMP makes an Enterprise Bean harder to maintain.
Which JMS messaging model should be used to implement durable messaging?

Choice D is the correct answer.Durable subscriptions are used to indicate that a client wants to receive
all messages in a topic irrespective as to whether that client is connected or not connected when
messages are published. The JMS messaging model that can be used to create this, is the jms.Topic.In
JMS, the publish/subscribe-messaging model is where clients send messages (or publish messages) to
topics and the point-to-point messaging model is where clients send messages to
Queues.Publish/subscribe messaging is where one client publishes a message that is read by many
subscribers. A newsgroup would be an example of this where email messages are sent to all members
of the group when a new message is posted.Point-to-point messaging is where a client sends one
message (via a queue) to another receiving client.
jms.Asynchronous
jms.Queue
jms.Synchronous
jms.Topic
jms.Durable
Identify the true statements about the EJB architecture.

Choices A and C are the correct answers.EJB servers reduce the complexity involved in developing
middleware applications by automatically providing services such as: security, transaction support, and
database connectivity. These services also include connection pooling and multi-threading tasks;
therefore, option B is incorrect.The specification states: 'the Enterprise JavaBeans architecture will be
compatible with the CORBA protocols. ' For example, the RMI-IIOP protocol. Therefore option D is
incorrect. The EJB specification does define interoperability between EJB components and Java
components and non-java applications. Therefore option E is incorrect.Stateful Session Beans are
typically used as shopping baskets while Stateless Session Beans provide a 'service' to a client.When
fetching frequently used read-only data a Stateless Session Bean should be used, an example would be
fetching a list of products from a catalogue. A Stateful Session Bean should be used to manage the
workflow of several EJBs. It is not possible for a Stateless Session Bean to ever be in a passivated state
since its beans are not passivated.
The EJB architecture allows developers to build distributed applications by combining

components developed using tools from different developers.
Application developers will be shielded from the complexities of low-level transaction and state
management details. However, they will need to handle connection pooling and multi-threading
tasks.
Application developers will be shielded from the complexities of low-level transaction and state
management details, connection pooling and multi-threading tasks.
The EJB architecture is an alternative to CORBA and hence the two are not compatible.
The EJB specification provides interoperability between EJB components and Java components
but not non-java applications.
Which of the statements below describe the Strategy design pattern and its benefits?
Choices B and C are the correct answers.The Strategy design pattern allows you to change behavior
without recompiling any client code. Basically you define a method in an abstract class, the variations
of this behavior are then defined in other classes that inherit from the abstract class. The client can then
use any of these classes without the need to recompile.Choice A is incorrect because the whole
algorithm could be changed without the client being aware; so there would be no conditional statement
within the client code. Choice D describes a benefit of using the Template Method pattern. Choice E
describes a benefit of the Decorator pattern.Strategy - "Define a family of algorithms, encapsulates
each one, and make them interchangeable. Strategy lets the algorithm vary independently from clients
that use it."
The client code will contain if-then-else statements used to select the appropriate algorithm.
It offers an alternative to sub classing.
Easy to add new behavior without the need to edit any code.
Allows subclasses to override parts of an algorithm without the need to rewrite the whole
algorithm.
Allows the developer to dynamically add extra functionality to an object.
Which of the following statements describe Bean Managed Persistence?
Choices C and D are the correct answers.Bean Managed Persistence should generally be avoided. The
two main arguments for using it are: reducing dependence upon a database (see DAO below) and when
you need to persist a complex object. It used to be the case that EJB Containers couldn't generate
efficient SQL. However, the latest Application Servers can generate highly optimized SQL now.The
use of a Data Access Object - DAO with an Entity Bean using Bean Managed Persistence BMP will
help reduce the coupling between the bean and the database. Basically when using a DAO you are
moving all the SQL from the bean into a separate object and calling DAO methods instead. The use of
Data Access Objects does not, however, reduce the dependence upon a particular Application Server.
BMP should be used with simple objects.

BMP will decrease the dependence upon the Application server.
BMP should be used with complex objects.
Using BMP makes an Enterprise Bean harder to maintain.
The company you work for (Company A) needs to communicate with a new potential partner
(Company B). They need to send you some more information regarding their North American sales
figures but they do not have a key to encrypt the data. A competitor (Company X) desperately wants to
see these figures and you are sure that they are sniffing all traffic between Company A and B. Given
this scenario, which of the following statements are true?
Choices A and E are the correct answers.It is not possible to use symmetric cryptography to send this
message because this would first require sending the key that is used to both encrypt and decrypt.
Company X would see this and be able to read the message. With asymmetric cryptography there is a
separate key for encrypting (public) and decrypting (private). This allows company A to send out its
public key, company B can then encrypt the message with the public key (it doesn't matter that
company X may have the public key because you cannot decrypt with this key). Choice E is correct
because the message that has already been encrypted can be sent over HTTP (no extra encryption is
required).For more information please see: http://java.sun.com/sfaq/
You should use asymmetric cryptography to send the message.

You should use symmetric cryptography to send the message.
It is not possible to securely send the message because you must first send the key to be used to
sign the message with.
The message must be sent over HTTPS.
The message can be sent over HTTP.
You have been recruited by MegaSoft Inc. to help with the upgrade of their sales system. They have
split the project into a few stages. Initially they would just like to replace the mainframe GUI (VT100
terminal) with something a bit more usable! Given that the legacy interface is rarely altered, which
technique should you use to upgrade the user interface?
Choice A is the correct answer.Using screen scrapers is the most appropriate method of upgrading the
user interface. Screen scrapers provide quick and easy solutions but are prone to break. But the
question stated that the legacy interface is rarely altered, so a screen scraper will be an excellent quick
fix.Object mapping techniques do not rely on the legacy interface but they do involve more initial
work (although the result should last longer). But MegaSoft Inc. is after a quick and easy solution so
option B is incorrect. Choice D is inappropriate because JNI-RMI deals with exposing the legacy
system over a network to Java clients. Using JNI on its own will not help during the user interface
upgrade. (JNI is typically used to adapt existing business logic)Screen scrapers provide quick and easy
solutions but are prone to break.Object mapping involves more initial work but the result should last
longer than screen scrapers.JNI - Java Native Interface - allows Java to talk to code written using other
programming languages (popular in legacy connectivity).

Use object mapping
Use JNI
Use JNI and RMI
What is the primary goal of a J2EE architect?

Choice C is the correct answer.The primary goal of a J2EE architect is, above all else, to satisfy
customer requirements. An architect should never try and impose a certain technology on a project.
Instead they must first consider the skills they have available to them (developers etc), the project
budget, performance requirements, functional and non-functional requirements.
To ensure the project is a success

To ensure the project only uses J2EE technologies
To satisfy customer requirements
To train and mentor junior employees
To ensure the solution performs as expected
What J2EE technology would you use to replace the Sybase database in the solution described below?
MegaSoft Inc. has a web-based HR system. The current solution consists of JSP pages and Servlets
(presentation and business logic) and a Sybase database. The database holds a vast amount of
employee data.
Choice A is the correct answer.The solution described already has a J2EE front end and business logic.
Therefore the most appropriate way of replacing the Sybase database would be to use Enterprise
JavaBeans. There are two types of Enterprise JavaBeans- Session and Entity Beans. An Entity Bean
essentially represents a row of data in a database. Although the Servlets and JSPs are capable of talking
directly to Entity Beans it actually makes more sense to use the Session-Entity facade J2EE design
pattern (the Servlet talks to a Session Bean and the Session Bean talks to the Entity Bean).In reality
you would probably add the application server but keep the Sybase database, configuring it to act as
the data store for the Entity Beans.JDBC - Java DataBase Connectivity - is a means of connecting to a
database, not a database in itself. So choice B is incorrect.XML could be used to replace the database
but the performance overhead of parsing the data would not make this a viable solution (the solution
states that the database contains a huge amount of data).
Enterprise JavaBeans.
JDBC
There is no J2EE technology capable of acting as a database
XML
You have been recruited by MegaSoft Inc. to review a proposed architectural design for a new sales
system. Given the following information which statements are correct? - Presentation:- JSP
pagesBusiness logic - Session Beans:- ShoppingBasket, SalesAuthorization (Stateless)Data -
Entity Beans:- Customer, Account, SaleDatabase Oracle 9.2 Enterprise EditionTransaction
management - BMT:- The shopping basket will be represented with a Stateful Session Beans.
The following beans participate in transactions: ShoppingBasket, Account
Choice D is the correct answer. The proposed new architecture is fine apart from the use of bean-
managed transactions. Entity Beans cannot use BMT; instead, they must use CMT. A Stateless
Session Bean is typically used as a service and a Stateful Session Bean is used when the state of
'something' needs to be preserved (temporarily - conversational state). Therefore the shopping basket
should be represented with a Stateful Session Bean and the SalesAuthorization Bean should be a
Stateless Session Bean.
Given the above information, this design is fine.

The shopping basket should be represented with an Entity Bean.
The SalesAuthorization Bean should be Stateful.
The container must carry out the transaction management.
Which of the following methods may be performed on a Stateful Session Bean?

Choices B, C, and D are the correct answers.The ejbCreate(), ejbPassivate() and setSessionContext()
may all be performed on a Stateful Session Bean. The ejbPostCreate() method can only be called on
Entity Beans. The methods that you can call on a Stateless Session Bean are: setSessionContext(),
ejbCreate() and ejbRemove().In terms of resources, Enterprise Beans can be placed in the following
order (heaviest first): 1) Entity Bean, 2) Stateful Session Bean, 3) Stateless Session Bean. (An Entity
Bean is heaviest because this bean is essentially data on a database - expensive database calls).
create()
ejbCreate()
ejbPassivate()
setSessionContext()
ejbPostCreate()
You are working on a graphics design application using MFC (Microsoft Foundation Classes - C++
application). You have already spent several months developing the application and time is running
out. You notice that you basically need to re-implement a graphics library that you had already coded
as a Java class on a different project. To save time is there anyway you can use the Java class in this
application?
Choice C is the correct answer.The Java-to-Com bridge is bi-directional, allowing Com objects to be
used in Java applications and Java classes to be used as Com objects. It is not appropriate to involve
CORBA with the application because there are no distributed requirements. Although it is possible to
use JNI (though it would require a far amount of work), it is not the most appropriate answer.Java IDL
- Java Interface Definition Language. Java IDL allows Java programmers to write both CORBA -
Common Object Request Broker Architecture - servers and clients. (CORBA uses IIOP).JNI - Java
Native Interface - allows Java to talk to code written using other programming languages (popular in
legacy connectivity).
No, this is not possible; you will need to rewrite the class in C++.
If this were the other way round (trying to use a COM object with a Java application) it would be
possible by using the Java-to-Com bridge.
You can use a Java-to-Com bridge.
You can use JNI.
You can use Java IDL.
Which of the following statements describe the Observer pattern and the benefits of using it?
Choice A is the correct answer.The Observer pattern provides a way for an object to broadcast
messages (one-to-many).Observer - "Defines a one-to-many dependency between objects so that when
one object changes state, all its dependents are notified and updated automatically."Choice C is
incorrect because the observer pattern has a one-to-many messaging relationship. Choice B is incorrect
because the Observer pattern will have no affect on the performance of an application. Choice D
describes the Command design pattern. Choice E describes the State pattern.Command - "Encapsulates
a request as an object, thereby letting you parameterize clients with different requests, queue or log
requests, and supports undoable operations."
Provides loose coupling between components

Should increase application performance
Based on point-to-point messaging
Allows messages to be queued
An object will appear to change its class when it's internal state changes
Which Entity Bean lifecycle methods move a bean instance from the pooled state to the ready state?
Choices A and C are the correct answers.There are two ways to move a bean instance from the pooled
state into ready state, either by using ejbActivate() or ejbCreate() and ejbPostCreate(). The second
approach is used when the bean instance is assigned to an entity object during entity object creation;
this is when the client used a create() defined in the home interface. The ejbActivate() approach is used
when an instance needs to be activated to service an invocation on an existing entity object. This will
occur when there is no suitable instance in the ready state to service the client's call [EJB
specification].
ejbActivate()
ejbLoad()
ejbCreate()
ejbStore()
ejbReady()
A disgruntled colleague has written an applet and uploaded on your company's website. The applet
periodically spawns new threads to carry out time consuming tasks such as floating point arithmetic.
What effect will this applet have on your company's customers?
Choice C is the correct answer.It is possible for applets to spawn new threads and to manipulate
threads within the thread group created by the browser. The security manager does not monitor the
CPU, memory, or network bandwidth usage of an applet; instead it is assumed that the O/S will handle
this.Choice A is incorrect because applets can create new threads. Choice B is incorrect because there
is no need for the applet to be signed in order to create new threads. Choices D and E are incorrect
because the security manager does not monitor the resource usage of an applet.For more information
please see: http://java.sun.com/sfaq/
No effect, the security manager will not permit the applet to create new threads.
If signed with the company's certificate the applet would execute as expected, using up resources
on the customers machine.
The applet would execute as expected, using up resources on the customers machine.
The applet would execute as expected but when excessive amounts of resources were being used,
the security manager would detect this and effectively starve the applet.
The applet would execute as expected but when excessive amounts of resources were being used
the security manager would detect this and kill the applet.
Given the following scenario, what type of messaging should be used? Giant Soft Inc. sells music CDs
at a huge discount in a bid to combat the music pirates. Their aim is that they will sell millions of CDs
each month. The system architecture is as follows:Shopping basket: Stateful Session BeanCustomer
and purchase details: Entity BeansCredit Card processing: External systemCommunication between
Purchase Entity Bean and the external credit card processing system: Messaging.Note: When a
purchase is made the customer is given an instant response.
Choice A is the correct answer. Synchronous messaging is the most appropriate type of messaging to
be used in this scenario. This is due to the instant response requirement when a purchase is made.
When interfacing with external payment systems a Stateless Session Bean* is typically used. This bean
would handle the payment authorization request/response.* Stateless Session Beans are 'service'
beans.Characteristics of synchronous messaging: Blocks until message is processed Suitable for
transaction processing Can be implemented using EJBsCharacteristics of asynchronous messagin::
Loose coupling between sender and receiver The network is not required to be available Cannot be
implemented using EJBs Suitable for publish - subscribe messagingJMS supports both point-to-
point and publish-subscribe messaging.
Synchronous
Asynchronous
It would be inappropriate to use messaging in the above scenario

Choices A and C are the correct answers.Choice B is incorrect because the EJB architecture only
supports flat transactions not nested transactions. The Java Transaction API (JTA) is a specification
between a transaction manager and other parties involved in a distribution transaction processing
system [EJB specification]. The Java Transaction Service (JTS) is a Java binding of the CORBA
Object Transaction Service (OTS). The EJB Container must support JTA but is not required to support
JTS. It is possible for transactions to span multiple EJB servers (i.e. an EJB calls another EJB on a
different server)
Transactions can span multiple EJB servers.

Transactions can be nested.
The EJB Container must support JTA.
The EJB Container must support JTS.
The EJB Container must support both JTA and JTS.
MegaSoft Inc. has developed a worldwide sports betting application. Customers logon to their website
and send betting tips to their online friends and associates by filling out a form contained within an
applet. (A tip is sent to only one other user.) The messages are sent via JMS, what type of JMS
message should be used?
Choice B is the correct answer.The scenario says that betting tips (messages) are sent from one user to
another user (one-to-one). In JMS, the publish/subscribe-messaging model is where clients send
messages (or publish messages) to topics and the point-to-point messaging model is where clients send
messages to Queues.Publish/subscribe messaging is where one client publishes a message that is read
by many subscribers. A newsgroup would be an example of this where email messages are sent to all
members of the group when a new message is posted.Point-to-point messaging is where a client sends
one message (via a queue) to another receiving client.
jms.Asynchronous
jms.Queue
jms.Synchronous
jms.Topic
The following statement describes which part of the Java API that is typically used during the process
of internationalization? This class is used to contain locale-specific objects.
Choice D is the correct answer.The java.util.ResourceBundle class is used to contain locale-specific
objects. This allows an application to load the appropriate bundle. During internationalization you
would typically use the following Java APIs and technologies:
java.io.InputStreamReader/java.io.OutputStreamWriter java.util.Locale java.util.Properties
java.util.ResourceBundle java.text - the whole package UnicodeThe java.io.InputStreamReader
and java.io.OutputStreamWriter classes are used when reading/writing files and needing to convert
between 16 bit to 8 bit (and vice-versa) character representations.The java.util.Locale class is used to
get information about the local country such as the country name and language.The java.util.Properties
class can be used to contain localization parameters that an application loads at boot time.The java.text
package as stated by the API, provides classes and interfaces for handling text, dates, numbers, and
messages in a manner independent of natural languages.Unicode uses 16 bits as opposed to the 8 bits
used by ASCII; this allows Unicode to represent virtually all-modern languages. Java uses Unicode
and converts the 16 bit value to the appropriate value for the users operating system.
LocaleProperties
Locale
Properties
ResourceBundle
There is no class that contains locale-specific objects
You are trying to explain to a new developer how the components and nodes that make up the new
sales system interact at runtime. What type of diagram would you use to illustrate this?
Choice E is the correct answer.A deployment diagram shows how components and nodes interact at
runtime. A use-case diagram shows how actors interact with a series of use-cases (scenarios) and the
relationships of those use-cases.Class diagrams provide a static view of classes and interfaces, showing
their relationships and dependencies.A package diagram shows how a series of subsystems interact.
(Generally there will be a class diagram for each package).A collaboration diagram shows how a series
of objects interact. The interactions are shown in order but are not set against time.A state transition
diagram shows events and states and is particularly useful when modeling class behavior.A
deployment diagram shows how components and nodes interact at runtime.
Class diagram
Sequence diagram
State transition diagram
Use case diagram
Deployment diagram
Collaboration diagram
Interaction Diagram
What type of JMS message would you use when creating a newsgroup? (Users can post messages that
are relayed to all members of the group)
Choice D is the correct answer.The scenario says that messages are sent from one user to all other
members of a group (one-to-many). In JMS, the publish/subscribe-messaging model is where clients
send messages (or publish messages) to topics and the point-to-point messaging model is where clients
send messages to Queues.Publish/subscribe messaging is where one client publishes a message that is
read by many subscribers.Point-to-point messaging is where a client sends one message (via a queue)
to another receiving client.
jms.Asynchronous
jms.Queue
jms.Synchronous
jms.Topic
Which lifecycle method can the client call to move a Stateful Session Bean from the ready state to does
not exist state?
Choice A is the correct answer.The client can call the remove() method and the container will then call
the ejbRemove() method to move the bean to a state where it does not exist (ready for garbage
collection). The unSetEntityContext() is used in an Entity Beans lifecycle method to move the bean
from the pooled to does not exist state. The ejbPassivate() method is used to release a bean's instance
(i.e. store the persistent fields, release resources and send the instance back to the pooled state).
remove()
ejbRemove()
unSetEntityContext()
ejbPassivate()
You are working on the design for a new paint application. When you select a paint tool (e.g. fill, draw
line etc), the selected tool changes the CONTROL_TOOL objects' state and its behavior is updated for
this new tool. (There is one tool object and its state is manipulated depending upon the tool selection).
Is there a GOF design pattern to handle this situation and if so what is it called?
Choice F is the correct answer.As stated in the GOF definition below, the State pattern allows you to
change object behavior as that objects internal state changes.State - "Allows an object to alter its
behavior when its internal state changes. The object will appear to change its class."Bridge -
"Decouples an abstraction from its implementation so that the two can vary independently."Composite
- "Composes objects into tree structures to represent part-whole hierarchies. Composite lets clients
treat individual objects and compositions of objects uniformly."Decorator - "Attaches additional
responsibilities to an object dynamically. Decorators provide a flexible alternative to sub classing for
extending functionality."Mediator - "Defines an object that encapsulates how a set of objects interact.
Mediator promotes loose coupling by keeping objects from referring to each other explicitly, and it lets
you vary their interaction independently."Observer - "Defines a one-to-many dependency between
objects so that when one object changes state, all its dependents are notified and updated
automatically."
Bridge
Composite
Decorator
Mediator
Observer
State
With regards to Entity Beans, which of the following can the client achieve via the home interface?
Choice B is the correct answer.The business methods are defined in the component interface (you can
define home business methods that are not specific to any client in particular in the home interface). To
obtain the primary key you would use the getPrimaryKey() defined in the EJBObject and
EJBLocalObject interfaces. The ejbPassivate() method is defined in the EntityBean interface, so choice
D is incorrect.A Stateful Session Bean should be used to manage the workflow of several EJBs. In a
J2EE application a Servlet will typically talk to an Entity Bean via a Session Bean.
Execute business methods

Create new Entity objects
Obtain the primary key
Passivate a bean
Which of the following java APIs/technologies may be used during the process of internationalization?
Choices A, B, and C are the correct answers.Internationalization is the process of preparing an
application to be used in multiple locales. Localization is the process of preparing an application (that
has been through the process of internationalization) for use in a specific country. During
internationalization you would typically use the following Java APIs and technologies:
class can be used to contain localization parameters that an application loads at boot timeThe
java.util.ResourceBundle class is used to contain locale-specific objects. This allows an application to
load the appropriate bundle.The java.text package as stated by the API, provides classes and interfaces
for handling text, dates, numbers, and messages in a manner independent of natural languages.Unicode
uses 16 bits as opposed to the 8 bits used by ASCII; this allows Unicode to represent virtually all-
modern languages. Java uses Unicode and converts the 16bit value to the appropriate value for the
users operating system.
ResourceBundle
Unicode
java.text
java.net
BufferedReader/BufferedWriter
FileInputStream/FileOutputStream
DataInputStream/DataOutputStream
You have been recruited by MegaSoft Inc. to help with the upgrade of their sales system. Your job is
to upgrade the user interface. Given that the legacy interface is regularly updated, which technique
should you use to upgrade the user interface?
Choice B is the correct answer.Using object mapping is the most appropriate method of upgrading the
user interface. Object mapping techniques do not rely on the legacy interface. Choice A, using screen
scrapers, is incorrect because every time there is a change in the legacy interface the GUI will break.
Choice D is inappropriate because JNI-RMI deals with exposing the legacy system over a network to
Java clients. Using JNI on its own will not help during the user interface upgrade, (JNI is typically
used to adapt existing business logic).Screen scrapers provide quick and easy solutions but are prone to
break.Object mapping involves more initial work but the result should last longer than screen scrapers.

Use object mapping
Use JNI
Use JNI and RMI
JMS messages are routed via ___?

Choice A is the correct answer.JMS messages are sent to a message broker that routes messages.
Multiple brokers may be clustered to scale a message service.Message-Driven Beans introduced with
the EJB 2.0 specification can receive asynchronous messages but they have nothing to do with how
messages are routed, so choice B is incorrect. Session Beans can handle synchronous messages but
these too have nothing to do with how messages are routed so choice C is also incorrect. Choice D is
incorrect because it is the message broker within the JMS server that routes the messages. In JMS, the
publish/subscribe-messaging model is where clients send messages (or publish messages) to topics and
the point-to-point messaging model is where clients send messages to Queues.Publish/subscribe
messaging is where one client publishes a message that is read by many subscribers. A newsgroup
would be an example of this, where email messages are sent to all members of the group when a new
message is posted.Point-to-point messaging is where a client sends one message (via a queue) to
another receiving client.
A message broker
A Message-Driven Bean
A Session Bean
A JMS server
Which of the following statements regarding abstract classes and interfaces is true?
Choice D is the correct answer.As stated in choice D, you should use abstract classes when you need
subclasses to use functionality from super classes and provide some method implementations. One
other point to remember is that in Java classes may only extend from one class, so use abstract classes
sparingly. Interfaces should be used when you wish to create a 'contract' for a class but without
specifying any implementation details.
You should always choose abstract classes over interfaces (they are a replacement).
You should always choose interfaces over abstract classes (they are a replacement).
You should use abstract classes when you need subclasses to use functionality from super classes.
You should use abstract classes when you need subclasses to use functionality from super classes
and provide some method implementations.
You should use interfaces when you need implementation classes to use functionality from the
super interface.
You should use interfaces when you need implementation classes to use functionality from the
super interface and provide some method implementations.
Which of the following options describe the Visitor pattern and the benefits of using it?
Choices A and D are the correct answers.As stated in the GOF definition below, the Visitor pattern
provides a way to add new operations without changing the class of the element on which it operates.
The Visitor pattern should be used when the class defining the object structure rarely changes, but you
need to add extra operations. A handy pattern when you need to upgrade old applications or when
trying to save a design that didn't satisfy all the requirements, it should have!Choice B describes the
Facade pattern.Choice C describes the Bridge pattern.Choice E describes the Decorator pattern.Visitor
- "Represents an operation to be performed on the elements of an object structure. Visitor lets you
define a new operation without changing the classes the elements on which it operates."
Easy to add new operations

Simple interface for a complex subsystem
Separates abstraction and implementation
You need to group related operations
Easy to add functionality dynamically
Session Beans should not be used to represent shopping baskets because they cannot survive a server
crash and therefore will not offer the customer an acceptable level of service.
Choice B is the correct answer.Session Beans cannot survive a server crash. However, using Entity
Beans to represent shopping baskets is generally regarded as overkill. Server crashes are rare enough to
justify the use of Stateful Session Beans as opposed to Entity Beans.Entity Beans do not extend from
any classes, instead they must implement the javax.ejb.EntityBean interface. They also have a remote
and home interface. The remote interface extends from javax.ejb.EJBObject and the home interface
extends from javax.ejb.EJBHome.Session Beans do not extend from any classes instead they must
implement the javax.ejb.SessionBean interface. They also have a remote and home interface. The
remote interface extends from javax.ejb.EJBObject and the home interface extends from
javax.ejb.EJBHome.Container Managed Persistence will increase an Enterprise Bean's portability and
is particularly useful when simple objects need to be persisted. Bean Managed Persistence should
generally be avoided. The two main arguments for using it are: reducing dependence upon a database
and when you need to persist a complex object.
True
False
You are working for MegaSoft Inc, developing a new business-to-business sales application.
Unfortunately your network administrator has refused to open up the JRMP port. This decision has
effectively split two departments - the network support and the sales development. Neither department
will budge, is there a way you can deploy the application and keep both departments happy? Note: The
application needs to run in the DMZ.
Choice C is the correct answer.Although you should always try and avoid tunneling an application
through a port it was not designed for, it is possible to tunnel JRMP over HTTP.A DMZ is the zone
between two firewalls.Consider the following system architecture that you must secure: Company
web server 5 Office machines 2 Development serversThe company web server needs to serve
pages to remote users and office machines need access to the Internet.You would secure this by
creating a DMZ that contains the company web server. You should put machines that provide services
to Internet clients in the DMZ and the office machines and development servers behind an inner
firewall. You would then configure a proxy server in the DMZ to forward the requests from the office
machines to the Internet.For more information please see: http://java.sun.com/sfaq/
No
Yes, if the application is rewritten to make HTTP calls instead of JRMP
Yes, if JRMP is tunneled over HTTP
You are working on the design for a desktop publishing application. When the user selects a new tool
from a menu, i.e. the paintbrush, you need to inform multiple objects of this new selection. (This is for
them to change how they respond to events). You recognize the problem of sending one message to
multiple objects, but is there a GOF design pattern to handle this situation? If so, what is it called?
Choice D is the correct answer.The Observer pattern provides a way for an object to broadcast
messages (one-to-many).Observer - "Defines a one-to-many dependency between objects so that when
one object changes state, all its dependents are notified and updated automatically."Chain of
Responsibility - "Avoid coupling the sender of a request to its receiver by giving more than one object
a chance to handle the request. Chain the receiving objects and pass the request along the chain until an
object handles it."Command - "Encapsulates a request as an object, thereby letting you parameterize
clients with different requests, queue or log requests, and supports undoable operations."Mediator -
"Defines an object that encapsulates how a set of objects interact. Mediator promotes loose coupling by
keeping objects from referring to each other explicitly, and it lets you vary their interaction
independently."Proxy - "Provides a surrogate or placeholder for another object to control access to
it."Strategy - "Defines a family of algorithms, encapsulates each one, and make them interchangeable.
Strategy lets the algorithm vary independently from clients that use it."
Command
Mediator
Observer
Proxy
Strategy
What J2EE technology would you typically use to replace PHP scripts?
Choice C is the correct answer.When migrating a web-based solution to a J2EE solution, you need to
consider the requirements of the original solution as opposed to taking the route of replacing like with
like, e.g. replacing ASP with JSP. It may be the case that a solution using PHP and PERL technologies
to handle presentation and business logic (and in some cases transaction management), could be better
separated in J2EE with presentation logic being handled by JSP and Servlets and business logic EJBs.
(If transactions are involved in almost all cases, this is enough justification for using a separate
application server and Enterprise JavaBeans.)
Applets
JSP
JSP/Servlets
JSP/Servlets and EJBs
You would never replace PHP scripts with a J2EE technology
What are the benefits of using a Data Access Object DAO with an Entity Bean using Container
Managed Persistence?
Choice F is the correct answer.This is a trick question because it is not possible to use a DAO with an
Entity Bean that uses Container Managed Persistence (the container generates the SQL). The use of a
Data Access Object - DAO with an Entity Bean using Bean Managed Persistence BMP will help
reduce the coupling between the bean and the database. Basically when using a DAO, you are moving
all the SQL from the bean into a separate object and calling DAO methods instead. The use of Data
Access Objects does not, however, reduce the dependence upon a particular Application Server. There
will be no change in bean performance when using a DAO (unless their is a change in the quality of
the SQL that the application server generates or the SQL that the developer writes.)
Increased bean performance

Reduced bean performance
Reduced dependence on the Database
Reduced dependence on the Application Server
Easier path to change the Bean to use BMP
None of the above

Do not Cheat
The following description describes which part of the Java API that is typically used during the process
of internationalization? This class is used to get information about the local country such as the country
name and language.
Choice B is the correct answer.The java.util.Locale class is used to get information about the local
country such as the country name and language. The LocalProperties class doesn't exist, so choice A is
incorrect.During internationalization you would typically use the following Java APIs and
technologies: ava.io.InputStreamReader/java.io.OutputStreamWriter java.util.Locale
java.util.Properties java.util.ResourceBundle java.text - the whole package UnicodeThe
java.io.InputStreamReader and java.io.OutputStreamWriter classes are used when reading/writing files
and needing to convert between 16 bit to 8 bit (and vice-versa) character representations.The
java.util.Properties class can be used to contain localization parameters that an application loads at
boot time.The java.util.ResourceBundle class is used to contain locale-specific objects. This allows an
application to load the appropriate bundle.The java.text package as stated by the API, provides classes
and interfaces for handling text, dates, numbers, and messages in a manner independent of natural
languages.Unicode uses 16 bits as opposed to the 8 bits used by ASCII; this allows Unicode to
represent virtually all-modern languages. Java uses Unicode and converts the 16 bit value to the
appropriate value for the users operating system.
LocaleProperties
Locale
Properties
ResourceBundle
There is no class that can be used to get information about the local country such as country name
and language
Which Entity Bean lifecycle methods are used to synchronize the state of a bean instance with the
underlying data store?
Choices E and F are the correct answers.The ejbLoad() and ejbStore() methods are used to synchronize
the instance state with the state in the underlying data store. The ejbSave() method does not exist. The
ejbCreate() and ejbActivate() methods are used to move the bean instance from the pooled state and
into the ready state. The ejbPassivate() and ejbRemove() methods move an instance from the ready
state to the pooled state.The ejbCreate() and ejbActivate() methods are used to move the bean instance
from the pooled state into the ready state. The ejbPassivate() and ejbRemove() methods move an
instance from the ready state to the pooled state.Stateless Session Beans do not have a conversational
state. Also, Stateless Session Beans are not passivated/activated unlike their stateful counterparts. A
Stateless Session Bean provides a service to only one client at a time but it can serve multiple clients
before the container removes the bean via the ejbRemove() method.
ejbPassivate()
ejbActivate()
ejbCreate()
ejbRemove()
ejbLoad()
ejbStore()
ejbSave()
Given the following architectural system specification, how would you secure it? Company web
server 5 Office machines 2 Development serversThe company web server needs to serve pages to
remote users and office machines need access to the Internet.
Choice B is the correct answer.Given the above architectural system specification you should secure it
services to Internet clients in the DMZ and the office machines and development servers behind an
inner firewall. You would then configure a proxy server in the DMZ to forward the requests from the
office machines to the Internet.
Place a firewall around all machines.

the web server behind an outer firewall and all other office machines and development servers
behind an inner firewall.
Put the web server in front of an outer firewall, the office machines behind the outer firewall and
the development servers behind an inner firewall.
Put the web server and development servers behind an outer firewall and all other office machines
behind an inner firewall.
Put a firewall around the development servers.
You should use a Stateless Session Bean _ _______ .

Choices B and D are the correct answers.Stateful not Stateless Session Bean should be used to manage
the workflow of several EJBs, so choice A is incorrect. When fetching frequently used read-only data,
a Stateless Session Bean should be used; an example would be fetching a list of products from a
catalogue. At any one time only a single client can have access to the bean instance, so choice C is
incorrect. If the bean should represent a business entity, then an Entity Bean should be used. So choice
E is incorrect. A Stateless Session Bean does not have a 'conversional state'. This means data about the
client cannot be stored for a particular client. Only Entity Beans can survive a server crash.In terms of
resources, Enterprise Beans can be placed in the following order (heaviest first): 1) Entity Bean, 2)
Stateful Session Bean, 3) Stateless Session Bean. (An Entity Bean is heaviest because this bean is
essentially data on a database - expensive database calls).Both Session and Entity Beans can be used to
synchronously receive JMS messages. However, this ties up server resources. So in EJB 2.0, Message-
driven beans have been introduced and these beans are capable of receiving asynchronous JMS
messages.
If you need to manage the workflow or several EJBs

When fetching frequently used read-only data
At any time; multiple clients can have access to the bean instance
When the bean's state has no data for a particular client
When the bean should represent a business entity
Given the scenario below, which of the following aspects of an application may need to be customized
in order to support deployment in different locales? A betting application that allows users to place
bets on worldwide sporting events is due to be launched worldwide. The application has a swing GUI
and reads in binary files containing details of sporting events and betting odds.
Choices A and C are the correct answers.Internationalization is the process of preparing an application
to be used in multiple locales. Localization is the process of preparing an application (that has been
through the process of internationalization) for use in a specific country.During
internationalization/localization the following parts of an application may need to be customized:
Date formats Taxation algorithms (plus any other financial representation) The use of color Text
(language) - Messages, and any part of the application where text is used Algorithms - Dictionaries
Number formatsGenerally, the security settings need not be specific depending upon the locale that the
application was deployed in. Although text file access may require customization for certain locales,
binary file access shouldn't. Therefore choices B and E are incorrect.
Date formats
Security settings
The use of color
The file access when loading
As part of an application upgrade you need to interface with an external credit card processing system.
The new credit card system takes requests in the form of XML documents that are sent as JMS
messages; replies containing the status of the transaction are then returned to the client (Session Bean)
as JMS messages. Is JMS appropriate for using when multiple messages form the transaction (multiple
messages equal one unit of work)?
Choice A is the correct answer.Multiple JMS messages can be grouped together as one unit of work
and involved in transactions. The client is responsible for determining if a transaction is complete and
either committing or rolling the transaction back.Using transactions with JMS affects the producers
and consumers in the following way:Producer On commit, the broker sends the set of staged
messages On rollback, the broker disposes the set of staged messagesConsumer On commit, the
broker disposes the set of staged messages On rollback, the broker resends the set of staged
messagesTaken from the book: Professional Java Server Programming J2EE Edition, Wrox Press
Yes
No, single JMS messages can be involved in transactions (each JMS message must represent one
unit of work) but multiple ones cannot.
No, JMS messages must not be involved in transactions.
If you run an unsigned applet from the command line, will that applet be able to access and update a
system property?
Choice B is the correct answer.When running applets from the command line a different security
manager will be used (assuming a typically configured JRE) than when an applet is invoked in a web
browser. However, system properties can never be modified. An Applet may or may not be able to
read system properties. Some system properties will require an applet to be signed but others can be
read without this requirement. Applets are permitted to make network connections back to the host that
they were downloaded from. They aren't however allowed to connect to arbitrary hosts because this
would provide a mechanism for denial of service attacks. Also if a firewall or server filters packets by
IP address, then it would be possible for a downloaded applet to be trusted automatically by the
your trusted IP address).It is not possible to change the priority of the thread that was created by the
browser for the applet to run in (to do this would require an O/S call). It is possible for an applet to
thrown.Generally, operating systems will allocate a certain amount of memory for processes to use but
this not fixed (an applet can ask for more and if available the O/S may assign it).For more information
Yes
No
You are working as part of a team of developers creating an online shopping system that sells cheap
flights. Initially customers browse lists of flights that are hosted on three identical Apache Tomcat web
servers (the lists are updated at midnight). Once they have selected the flights they wish to purchase,
they are routed through to an EJB tier where the booking takes place. Which name and description
describe the type of load balancing/distribution should be used to initially direct users to the web
servers?
Choice B is the correct answer.Round-robin load distribution is the simplest technique to route
requests to servers. Requests are routed without any regard for the load an individual server is
experiencing. Consider the following example:A solution consists of 3 web servers. Requests: R1, R2,
R3, R4 and R5 are received in this order at the load balancer. R1 will be forwarded to web server 1, R2
to web server 2, R3 to web server 3, R4 to web server 1 and R5 to web server 2.Requests are routed
irrespective of whether a web server is up and running.The description in choice A is inappropriate
because there would be no guarantee that a request would be serviced if a pool were created. Also
there aren't any web servers that support this type of scenario (extra code would have to be written).
Targeting servers based upon their current status could be implemented via reverse proxy load
balancing (there are other methods for achieving the same result - targeting particular servers).
Round-robin load distribution. Requests are stored in a central pool where a web server will select
a request.
Round-robin load distribution. As requests are received at the load balancer, they are forwarded on
to the next web server in the list of available web servers.
Round-robin load distribution. As requests are received, they are routed to the web server that has
the most free resources, i.e. most idle CPU time.
Reverse load proxy load balancing. Requests are stored in a central pool where a web server will
select a request.
Reverse load proxy load balancing. As requests are received at the load balancer, they are
forwarded on to the next web server in the list of available web servers.
Reverse load proxy load balancing. As requests are received, they are routed to the web server that
has the most free resources, i.e. most idle CPU time.
Load balancing/distribution would not be required as there are only three web servers.
An advertising company - FancyApplets Ltd wishes to use applets on it's website to demonstrate
sample products. In order to keep track of the number of people downloading the applets
FancyApplets created a callback mechanism in the applet. (Once downloaded, the applet makes a
network connection back to the FancyApplets website). Which of the following statements regarding
this scenario are correct?
Choice A is the correct answer.Applets are permitted to make network connections back to the host
that they were downloaded from. They aren't however allowed to connect to arbitrary hosts because
this would provide a mechanism for denial of service attacks. Also if a firewall or server filters packets
by IP address, then it would be possible for a downloaded applet to be trusted automatically by the
your trusted IP address).Choice B is incorrect because, as stated above, it is possible for an applet to
make connections back to the host. Choices C and D are incorrect because an applet is not required to
be signed for this to work.For more information please see: http://java.sun.com/sfaq/

This may work, but it depends on the configuration of the users browser.
Which of the following services does JMS define?

Choices C, E, and F are the correct answers.The Java Message Service - JMS is a specification for
message middleware. JMS provides an API for services such as persistence, transactions, and
verification.In JMS, the publish/subscribe-messaging model is where clients send messages (or publish
messages) to topics and the point-to-point messaging model is where clients send messages to
Legacy Connectivity
Naming
Persistence
Resource Management
Transactions
Verification
Which interface and methods could you use to remove an EJB object?
Choices B, C, and E are the correct answers.There are two methods in the EJBHome interface that can
be used to remove an EJB object, these are remove(Handle handle) and remove(Object primaryKey).
The EJBObject defines the method remove(), which can also be used to remove an EJB object.
Choices D and G are there to trick you because the String parameter is called primaryKey, however,
the parameter type should be Object.
EJBHome.remove()
EJBHome.remove(Handle handle)
EJBHome.remove(Object object)
EJBHome.remove(String primaryKey)
EJBObject.remove()
EJBObject.remove(Handle handle)
EJBObject.remove(Object object)
EJBObject.remove(String primaryKey)
You need to interface your J2EE application with LDAP, which J2EE technology should you use?
Choice D is the correct answer.Java Naming and Directory Interface - JNDI - provides a unified
interface to different naming and directory services such as Active Directory and LDAP.Java
Activation Framework - JAF - is used to discover information about some data (behavior etc) and then
instantiate the appropriate JavaBean.JNS and Java Naming are not J2EE technologies.The following
areas of an application are suitable for implementation using J2EE technology: Distributed
requirements Security Transactions Resource management Persisting frequently changing
dataGraphical requirements and standalone desktop applications are not suited for implementation
using J2EE (J2SE is more suitable).
DNS
JAF
Java Naming
JNDI
JNS
Which of the following statements regarding a DMZ are true?

Choice C is the correct answer.As stated in the choice, a DMZ is the zone between two
firewalls.Consider the following system architecture that you must secure: Company web server
5 Office machines 2 Development serversThe company web server needs to serve pages to remote
users and office machines need access to the Internet.You would secure this by creating a DMZ that
contains the company web server. You should put machines that provide services to Internet clients in
the DMZ and the office machines and development servers behind an inner firewall. You would then
configure a proxy server in the DMZ to forward the requests from the office machines to the
Internet.For more information please see: http://java.sun.com/sfaq/
A DMZ is the zone behind a firewall.

A DMZ is the zone in front of a firewall.
A DMZ is the zone between two firewalls.
A DMZ is the zone behind an inner firewall (assuming their is also an outer firewall).
A DMZ is the zone in front of two firewalls.
What J2EE technology would you use to connect to a CORBA object?

Choice B is the correct answer.Java IDL - Java Interface Definition Language. Java IDL allows Java
programmers to write both CORBA - Common Object Request Broker Architecture - servers and
clients. (CORBA uses IIOP). JNI - Java Native Interface - allows Java to talk to code written using
other programming languages (popular in legacy connectivity). But JNI cannot be used to talk to
CORBA objects, so choice A is incorrect. Choice E is incorrect because Java IDL can be used to
connect to a CORBA object. Enterprise JavaBeans should use RMI-IIOP and although IIOP is used by
CORBA, there is no provision to lookup and use CORBA objects.
JNI
Java IDL
JTA
RMI-IIOP
There is no J2EE technology capable of directly connecting to a CORBA object
What are the benefits of using the Mediator design pattern?

Choices A and C are the correct answers.The Mediator pattern controls how a set of objects interact.
(The objects refer to each other through one object.)Choice D describes a benefit of using the
Flyweight pattern.Choice E describes a benefit of the Proxy pattern.Choice F describes a benefit of the
Observer pattern.Mediator - "Defines an object that encapsulates how a set of objects interact.
you vary their interaction independently."
Increases decoupling between objects

Promotes decentralized control
Promotes centralized control
Reduces the number of low-level objects within a system
Provides a placeholder object to control access to an object
Provides a way to broadcast messages
You need to communicate with a legacy banking system that has a CORBA server written in Cobol.
The system is used to process transactions that are sent via the CORBA server. What is the best way to
communicate with this system?
Choice C is the correct answer.Java IDL - Java Interface Definition Language. Java IDL allows Java
clients. (CORBA uses IIOP). Therefore, choices A and B are incorrect. Choice D is incorrect because
there is no need to add messaging capabilities if there is already the opportunity to communicate via
CORBA.JNI - Java Native Interface - allows Java to talk to code written using other programming
languages (popular in legacy connectivity).
You will have to use JNI and RMI because it is not possible to create a CORBA client in Java.
You will have to use JNI together with Java IDL to help create a CORBA client in Java. This will
then allow you to talk directly with the CORBA server.
Use Java IDL to create a CORBA client and then talk directly with the CORBA server.
Add messaging capabilities to the legacy system and then communicate via JMS.
It is not possible to communicate with this system using Java.
Regarding Enterprise Beans and JMS messages, which statements are correct?
Choice A is the correct answer.As stated in choice A, both Session Beans and Entity Beans can receive
synchronous messages. Only Message-Driven Beans (introduced with the EJB 2.0 specification) can
receive asynchronous messages, so choice B is incorrect. Choice C is incorrect because Entity Beans
can also receive synchronous messages. Choices D and E are incorrect because messages sent from
either Session or Entity Beans can be involved in transactions. Finally, choice F is incorrect because
Stateless Session Beans can send synchronous messages.Durable subscriptions are used to indicate that
a client wants to receive all messages in a topic irrespective as to whether that client is connected when
messages are published. The JMS messaging model that can be used to create this is the jms.Topic.In
JMS, the publish/subscribe-messaging model is where clients send messages (or publish messages) to
topics and the point-to-point messaging model is where clients send messages to
Both Session Beans and Entity Beans can receive synchronous messages.
Both Session Beans and Entity Beans can receive asynchronous messages.
Only Session Beans can receive synchronous messages.
If a message is to be involved in a transaction, it must be sent from a Session Bean.
If a message is to be involved in a transaction, it must be sent from an Entity Bean.
Stateless Session Beans cannot send synchronous messages.
You are providing technical support for a supply chain product that your company (Company X) has
sold to another company (Company Y). Whilst working on Company Y's site you need to run a
simulation on Company X's network. This will involve securely connecting part of Company X's
network to part of Company Y's network. How should you do this?
Choice B is the correct answer.Create a VPN between the two networks.Virtual Private Network -
VPN - is a solution for securely connecting two networks that are in geographically different locations.
A VPN will use a variety of different encryption and authentication techniques to ensure that data
confidentiality is maintained.Choice C would not work. You are not trying to communicate with one
Java program running on Company X's network and one running on Company Y's network, instead
you need to connect the networks.A DMZ is the zone between two firewalls.
Create a DMZ between the two networks.

Create a VPN between the two networks.
Create a secure network connection between the two networks by using a combination of Java
sockets and JSSE.
This is not possible, as the corporate firewalls would block this.
Before the World-Wide-Web was accessible to the masses, you had developed a system to generate
lottery numbers. You stored the generated lottery numbers for each client so that if they returned they
would get the same numbers (note: this was stored in a custom format in a data file). What are the most
notable weaknesses of this one-tier system?
Choices C and E are the correct answers.Security and manageability are generally easier with smaller
systems, i.e. one-tier solutions such as the one described in the question. The security system will not
have to cope with network calls etc. The system is in one place, so manageability should be simple as
opposed to having to administer multiple web servers, application servers, and databases.The biggest
weaknesses of one-tier systems are their maintainability and the scalability. They may only be scaled
vertically by adding extra CPUs or increasing the amount of RAM; additional machines may not be
added. The reason they are so hard to maintain is due to the tight coupling between the presentation,
business logic, and data. Changes to any of these layers will have a direct effect on the adjacent layers.
The performance of a one-tier system should (under small loads) be better than a three tier system
because there will be no network delay. It's arguable that under heavy loads the performance will
deteriorate but that is really referring to scalability. There is no reason why a one-tier system would be
more unreliable than a two or three-tier system.
Security
Manageability
Maintainability
Performance
Scalability
Reliability
Which interface and method would you use to release a Session Beans' resources prior to removal?
(Note: Method parameters are not shown)
Choice E is the correct answer.The Session interface does not exist so choice A is incorrect. The
ejbReleaseResources() and ejbRelease() methods do not exist, so choices B, C, and F are incorrect.
The EJBHome interface does not define the ejbPassivate() method, so choice D is also incorrect.Entity
Beans do not extend from any classes, instead, they must implement the javax.ejb.EntityBean
interface. They also have a remote and home interface. The remote interface extends from
javax.ejb.EJBObject and the home interface extends from javax.ejb.EJBHome.Session Beans do not
extend from any classes, instead, they must implement the javax.ejb.SessionBean interface. They also
have a remote and home interface. The remote interface extends from javax.ejb.EJBObject and the
home interface extends from javax.ejb.EJBHome.Container Managed Persistence will increase an
Enterprise Beans portability and is particularly useful when simple objects need to be persisted. Bean
Managed Persistence should generally be avoided. The two main arguments for using it are: reducing
dependence upon a database and when you need to persist a complex object.
Session.ejbRelease()
SessionBean.ejbRelease()
SessionBean.ejbReleaseResources()
EJBHome.ejbPassivate()
SessionBean.ejbPassivate()
EJBHome.ejbRelease()
Consider the following scenario:John has a public/private key pair that has been signed by the trusted
CA Verisign. Bill already has a copy of John's public key. Bill sends John an encrypted jar file. John
successfully decrypts the jar file using the private key.Which of the following statements regarding this
scenario are true?
Choices A and D are the correct answers.Firstly, the scenario described seems to be somewhat
misleading, you would imagine John would be sending a message, and not receiving one. The jar file
may contain malicious code because anyone can create a signed jar file as long as they have a copy of
John's public key. You don't know if Bill has written the jar file; all you know is that it has been signed
with John's public key. With asymmetric encryption the public key is used to encrypt and the private
key to decrypt, therefore the code could not have been modified in transit (nobody else has access to
the private key), so choice D is correct.Symmetric encryption - one key for both encrypting and
decrypting. Asymmetric encryption - two keys, one public and one private, encrypt with the private
key and decrypt with the public key.For more information please see: http://java.sun.com/sfaq/
The jar file may contain malicious code.

Bill has written the jar file.
The jar file may not have been signed with Johns public key.
The code has not been modified in transit.
Which of the following statements describe the Facade pattern and the benefits of using it?
Choices B and E are the correct answers.The Facade pattern hides complexity by providing a simple
interface for the client to use. The Facade also promotes loose coupling between subsystems and
clients.Choice A describes features of the Adapter pattern.Choice C describes features of the Decorator
pattern.Choice D describes features of the Bridge pattern.Facade - "Provides a unified interface to a set
of interfaces in a subsystem. Facade defines a higher-level interface that makes the subsystem easier to
use."
Changes the interface of a class to a different interface

Shields the client from complexity
You need to add additional responsibilities to an object dynamically
Decouple an abstraction and implementation
Promotes loose coupling between subsystems and clients
Consider the following scenario:John has written some code, bundled it into a jar file, signed it with
his key, and uploaded it (together with his key) to a website. Bill downloads the jar file and the key,
and decrypts it for use.Which of the following statements regarding this scenario are true?
Choice B is the correct answer.The main points in this scenario are that nothing is said about the
website that the jar file is uploaded to, and you do not know if it can be trusted (therefore you shouldn't
trust it). The jar file may have been decrypted, the code altered and resigned with the key that was
uploaded along with the jar file. You don't know if the code was signed with John's key because you
cannot trust the web site. The code could maintain malicious code (a key does not say anything about
the code).For more information please see: http://java.sun.com/sfaq/
The code can be trusted.

The code may contain malicious code.
The code was signed with John's key.
If the key decrypts the jar file, then the code could have been modified.
You are working as part of a team of developers trying to set up an online bookstore. When a customer
buys a book, they add the book to the cart, register, enter the shipment details, and then enter their
credit card information. Credit card validation is handled by an external system with the status being
returned within 3 seconds. If a credit card transaction should be declined, you do not want the
customers details (other than the credit card transaction data) to be removed (i.e. during rollback you
don't loose the customers address). Given this, what transaction attribute should be used for a bean
method that handles the processing of the credit card order?
Choice A is the correct answer.Choice A is correct because when a bean method that has been marked
Requires New is called, it means that a new transaction will automatically be created. This means that
should a rollback be required, it will not involve loosing any other data. Choice B is incorrect because
if a bean method is called where a transaction exists, then a new one will not be started. This means
that more data will be rolled back than is required. Choice C is incorrect because it requires the client
to be executing in a transaction and a javax.transaction.TransactionRequiredException exception will
be thrown. Choice D is incorrect because it does not force the bean method to execute as part of a
transaction. Choices E, F, and G are invalid transaction attributes.
RequiresNew
Required
Mandatory
Supports
Depends
Default
Always
Which of the following statements describe the Flyweight pattern and the benefits of using it?
Choice D is the correct answer.The Flyweight pattern will help increase the performance of the
application by sharing objects as opposed to creating unique objects for each task.Flyweight - "Uses
sharing to support large numbers of fine-grained objects efficiently."Choice B describes the Proxy
pattern. Choices A and E are incorrect because an application needs to have a high number of objects
that are not dependent upon object identity for the Flyweight pattern to be of any benefit. Choice C
describes the Mediator pattern.
The Flyweight pattern should be used with application that have a low number of objects and
increased performance is desired.
The Flyweight pattern should be used when you need to control access to an object.
You need to coordinate access for a group of objects.
May reduces the amount of memory an application uses.
The Flyweight pattern should be used when an application is dependent upon object identity."
You are trying to explain to a new developer how sales staff interacts with the newly developed sales
system. You wish to demonstrate this interaction for a number of different scenarios. What type of
diagram would you use to illustrate this?
Choice D is the correct answer.A use-case diagram shows how actors interact with a series of use-
cases (scenarios) and the relationships of those use-cases. Class diagrams provide a static view of
classes and interfaces, showing their relationships and dependencies.A package diagram shows how a
series of subsystems interact. (Generally there will be a class diagram for each package).A
collaboration diagram shows how a series of objects interact. The interactions are shown in order but
are not set against time.A state transition diagram shows events and states and is particularly useful
when modeling class behavior.A deployment diagram shows how components and nodes interact at
runtime.
Class diagram
Sequence diagram
Use case diagram
Deployment diagram
Interaction Diagram
You have created a chat application that allows users to make private conversations with each other.
The applets make network connections to other applets. Which statement regarding this scenario is
true?
Choice C is the correct answer.By default, applets are permitted to make network connections back to
the host that they were downloaded from. They aren't, however, allowed to connect to arbitrary hosts
because this would provide a mechanism for denial of service attacks. Therefore in order to connect to
arbitrary hosts, the applet must be signed.Also if a firewall or server filters packets by IP address, then
it would be possible for a downloaded applet to be trusted automatically by the firewall/server (a
downloaded applet sending requests from your machine would be sending them with your trusted IP
address).For more information please see: http://java.sun.com/sfaq/

This may work, but it depends on the configuration of the users' browser.
Which of the following are characteristics of one-tier systems?

Choices C and G are the correct answers.A one-tier system typically suffers from poor scalability and
extensibility. All tiers (presentation, business logic, and data) are effectively in one place that means a
change to any of these will directly affect another tier. Therefore, both choices D and E are incorrect
because the tight coupling exists between all the tiers. Security should be good because everything is at
one place (no network calls etc), so choice B is incorrect.It is impossible to say whether the system will
perform poorly or excellently without knowing more about the application itself and the load it must
service, therefore choices A and F are incorrect.
Poor performance
Poor security
Poor scalability.
A tight coupling between presentation and business logic but loose coupling between business
logic and data.
A tight coupling between business logic and data but loose coupling between business and
presentation logic.
Excellent performance
Poor extensibility.
You are working on application that will become the next generation digital multimedia service. The
logic for playing each type of multimedia file is contained with a class. The classes that form this logic
are ordered in two hierarchies. Firstly, two abstractions exist - one for video files and one for audio
files. The second abstraction hierarchy is for playing logic such as MP3, MPEG, and AVI etc. (For
each of these hierarchies there are separate implementation classes.)As we have seen in recent years
new multimedia file types are always being developed, the application should be able to handle these
new types without a need to recompile. You propose to develop the application WITHOUT combining
abstractions and implementations (i.e. no distinct classes). This will allow you to extend abstractions
without affecting existing implementations.Is there a GOF design pattern to handle this problem and if
so, what is it called?
Choice C is the correct answer.The requirements that the scenario describes are: the ability to extend
abstractions without affecting existing implementations (maintain a separation between abstraction and
implementation). The Bridge pattern meets this requirement.Bridge - "Decouples an abstraction from
its implementation so that the two can vary independently."Adapter - "Converts the interface of a class
into another interface clients expect. Adapter lets classes work together that couldn't otherwise because
of incompatible interfaces."Builder - "Separates the construction of a complex object from its
representation so that the same construction process can create different representations."Composite -
"Composes objects into tree structures to represent part-whole hierarchies. Composite lets clients treat
individual objects and compositions of objects uniformly."Decorator - "Attaches additional
extending functionality."
Adapter
Builder
Bridge
Composite
Decorator
Which of the following is an EJB Container responsible for?
Choices C, D, and E are the correct answers.The EJB Container must provide an implementation of
JDBC. It must also passivate Entity and Stateful Session Beans in order to efficiently manage
resources.The EJB Container does not have to provide a JXTA implementation, so choice B is
incorrect. Passivation is used to improve the efficiency of managing EJB Beans. The opposite of this,
transferring the bean back to an active state is called activation.
The EJB Container must passivate Stateless Session Beans to efficiently manage resources.
Providing an implementation of JXTA.
Providing an implementation of JDBC.
The EJB Container must passivate Entity Beans to efficiently manage resources.
The EJB Container must passivate Stateful Session Beans to efficiently manage resources.
of internationalization? This is used so that Java can handle messages independent of natural
languages.
Choice B is the correct answer.The java.text package as stated by the API, provides classes and
interfaces for handling text, dates, numbers, and messages in a manner independent of natural
languages. During internationalization, you would typically use the following Java APIs and
technologies: java.io.InputStreamReader/java.io.OutputStreamWriter java.util.Locale
java.util.Properties java.util.ResourceBundle java.text - the whole package and UnicodeThe
and required to convert between 16 bit to 8 bit (and vice-versa) character representations.The
java.util.Locale class is used to get information about the local country such as the country name and
language.The java.util.Properties class can be used to contain localization parameters that an
application loads at boot time.The java.util.ResourceBundle class is used to contain locale-specific
objects. This allows an application to load the appropriate bundle.Unicode uses 16 bits as opposed to
the 8 bits used by ASCII; this allows Unicode to represent virtually all-modern languages. Java uses
Unicode and converts the 16 bit value to the appropriate value for the users operating system.
ASCII
The java.text package
Unicode
There is no correct choice
True or false, a Stateful Session Bean that has been passivated will survive a server crash?
Choice B is the correct answer.Although the Session Bean will have been swapped out of RAM and
stored on disk (or some other type of secondary storage), there is no provision for recovery of Stateful
Session Beans following a crash. Therefore if you need your bean to survive a server crash, then you
must use an Entity Bean.There are two methods that will move an instance from the ready state to the
pooled state, these are the ejbPassivate() and ejbRemove() methods. The ejbPassivate() and ejbStore()
methods are used as part of the passivation process. The container calls the ejbStore() method to
prepare the instance for synchronization of the database state with the instance state. The
ejbPassivate() then returns the instance to the pooled state. The ejbLoad() method is used when a bean
is in the ready state; its purpose is to synchronize the instance state with the state in the underlying data
store.
True
False
You are involved in the design of an email application. You have recognized a problem and know
using a GOF pattern can solve it. The problem is described below, what is the name of the pattern that
will solve this? The construction of an email object can be extremely complex, setting email type,
embedding multimedia objects etc. Therefore, you would like to specify the email object type and
content and have the email object constructed automatically.
Choice B is the correct answer.The builder pattern requires the client to only specify content and type
and shields the client from the details of an objects construction.Builder - "Separates the construction
of a complex object from its representation so that the same construction process can create different
representations."Abstract Factory - "Provides an interface for creating families of related or dependent
objects without specifying their concrete classes."Factory Method - "Defines an interface for creating
an object, but lets subclasses decide which class to instantiate. Factory Method lets a class defer
instantiation to subclasses."Prototype - "Specifies the kinds of objects to create using a prototypical
instance, and creates new objects by copying this prototype."Singleton - "Ensures a class only has one
instance, and provides a global point of access to it."
Abstract Factory
Builder
Factory Method
Prototype
Singleton
Which transaction attribute would you use to signal the EJB Container that it does not matter whether a
bean method was called in valid transaction context?
Choice C is the correct answer.The 'Supports' transaction attribute indicates to the container that it does
not matter if a bean method was called in valid transaction context.Choice A is incorrect because when
a bean method that has been marked RequiresNew is called, it means that a new transaction will
automatically be created. This means that should a rollback be required, it will not involve loosing any
other data. Choice B is incorrect because if a bean method is called where a transaction exists, then a
new one will not be started. This means that more data will be rolled back than is required.
RequiresNew
Required
Supports
NotSupported
Mandatory
Which Entity Bean lifecycle method moves the bean from the pooled state to the does not exist state?
Choice D is the correct answer.There is only one method that can move the bean instance from the
pooled state to the does not exist state, this method is the unsetEntityContext() method. The
ejbPassivate() and ejbStore() methods are used as part of the passivation process. The container calls
the ejbStore() method to prepare the instance for synchronization of the database state with the
instance state. The ejbPassivate() then returns the instance to the pooled state. The ejbRemove()
method moves a bean instance from the ready state to the pooled state. The ejbRelease() method does
not exist.
ejbPassivate()
ejbRemove()
ejbStore()
unsetEntityContext()
ejbRelease()
You are trying to explain to a new developer how three classes interact. You wish to set the class
interactions against time. What type of diagram would you use to illustrate this?
Choice B is the correct answer.A sequence diagram shows how objects (not classes) interact. These
interactions are set against time. A use-case diagram shows how actors interact with a series of use-
cases (scenarios) and the relationships of those use-cases.Class diagrams provide a static view of
runtime.
Class diagram
Sequence diagram
Use case diagram
Deployment diagram
Interaction Diagram
A colleague tells you that it is possible for an applet to increase the priority of the thread in which it
was created to run in, by the browser. Is it possible for an applet to change the priority of the thread
that was created for the applet to run in?
Choice B is the correct answer.It is not possible to change the priority of the thread that was created by
the browser for the applet to run in (to do this would require an O/S call). It is possible for an applet to
applet.The security manager does not monitor the memory, CPU, or network bandwidth usage of an
this is not fixed (an applet can ask for more and if available the O/S may assign it).For more
Yes
No
of internationalization? This class can be used to contain localization parameters that an application
loads at boot time.
Choice C is the correct answer.The java.util.Properties class can be used to contain localization
parameters that an application loads at boot time. There is no class called LocaleProperties, so choice
A is incorrect. During internationalization you would typically use the following Java APIs:
and java.io.OutputStreamWriter classes are used when reading/writing files and required to convert
get information about the local country such as the country name and language.The
modern languages. Java uses Unicode and converts the 16 bit value to the appropriate value for the
LocaleProperties
Locale
Properties
ResourceBundle
There is no class that contains locale-specific objects
You have been recruited by MegaSoft Inc. to help on a new sales project. Your role within the project
team is as the lead architect. Given the requirements set out below, what type of transaction
management should you use? MegaSoft Inc. is launching worldwide sports betting site. The unique
feature of this betting site is that all bets are spread across multiple sporting events with huge potential
prizes. For example, a user may bet $25 on Manchester United beating Real Madrid 4-0, Brazil
winning the world cup, and Australia winning the cricket world cup. If a user gets three or more bets
correct and one wrong then they will take home a 50% cut of the original stake.
Choice B is the correct answer.The above scenario describes a betting web site. The key to the
question is the complex logic behind each bet; you will need a fine level of control over the
transactions. Bean managed transactions will give you more control than container managed
transactions.
Container Managed Transactions

Bean Managed Transactions
You need to simplify the communication between objects. You propose to introduce a single object
that will handle the message distribution. Is there a GOF design pattern to handle this situation and if
so, what is it called?
Choice B is the correct answer.The Mediator pattern controls how a set of objects interact. (The objects
refer to each other through one object.)Mediator - "Defines an object that encapsulates how a set of
objects interact. Mediator promotes loose coupling by keeping objects from referring to each other
explicitly, and it lets you vary their interaction independently."Command - "Encapsulates a request as
an object, thereby letting you parameterize clients with different requests, queue or log requests, and
supports undoable operations."Observer - "Defines a one-to-many dependency between objects so that
when one object changes state, all its dependents are notified and updated automatically."Proxy -
"Provides a surrogate or placeholder for another object to control access to it."Strategy - "Defines a
family of algorithms, encapsulates each one, and make them interchangeable. Strategy lets the
algorithm vary independently from clients that use it."
Command
Mediator
Observer
Proxy
Strategy
Which of the following methods may be performed on a Stateless Session Bean?

Choices B, D, and G are the correct answers.The create(), remove(), and ejbPassivate() methods may
only be called on Stateful Session and Entity Beans. So choices A, C, and F are incorrect. The
ejbPostCreate() method is used during an Entity Beans lifecycle. A Stateless Session Beans lifecycle
uses only three methods:1) setSessionContext()2) ejbCreate()3) ejbRemove()
create()
ejbCreate()
ejbPassivate()
setSessionContext()
ejbPostCreate()
remove()
ejbRemove()
Due to the popularity of your online web store, you are upgrading the current system to a 3-tier
architecture. As part of the new system, you will be interfacing with an external credit card validation
service. Should you use a stateful or stateless Session Bean to handle the processing of credit cards?
Choice B is the correct answer.A Stateless Session Bean is typically used as a service and a Stateful
Session Bean is used when the state of 'something' needs to be preserved (temporarily - conversational
state).Stateless Session Beans do not have a conversational state. Also, Stateless Session Beans are not
passivated/activated unlike their stateful counterparts. A Stateless Session Bean provides a service to
only one client at a time but it can serve multiple clients before the container removes the bean via the
ejbRemove() method.
Stateful
Stateless
You are working on a presentation application that will become the next Microsoft PowerPoint.
Consider the following part of the design:When the user selects a slide an empty object is created.
When movies are dragged onto the slide movie playing functionality is added to the slide object
dynamically. This design will allow for further expansion. Is there a GOF design pattern to handle this
problem and if so what is it called?
Choice C is the correct answer.The key to this question is that additional functionality needs to be
added to objects dynamically, and the Decorator allows this (please see the GOF definition below).
The definition of the Decorator pattern in the GOF is: "Attaches additional responsibilities to an object
dynamically. Decorators provide a flexible alternative to sub classing for extending
functionality."Adapter - "Converts the interface of a class into another interface clients expect. Adapter
lets classes work together that couldn't otherwise because of incompatible interfaces."Builder -
"Separates the construction of a complex object from its representation so that the same construction
process can create different representations."State - "Allows an object to alter its behavior when its
internal state changes. The object will appear to change its class."Strategy - "Defines a family of
algorithms, encapsulates each one, and make them interchangeable. Strategy lets the algorithm vary
independently from clients that use it."
Adapter
Builder
Decorator
State
Strategy
There is no such GOF design pattern to handle this
What type of messaging should be used when network availability is intermittent?

Choice B is the correct answer.Characteristics of synchronous messaging: Blocks until message is
processed Suitable for transaction processing Can be implemented using EJBsCharacteristics of
asynchronous messaging: Loose coupling between sender and receiver The network is not
required to be available Cannot be implemented using EJBs Suitable for publish - subscribe
messaging
No type of messaging is suitable foe use when network availability is intermittent
Which of the following statements regarding the diagram below is true? (Please Click on "Exhibit
Button" to view the Diagram )
Choice C is the correct answer.The diagram shows an abstract class called 'PackageName'. You can
tell this is an abstract class because the class name is written in italics. The same rule applies to
methods so 'anOperation()' is an abstract method. You can tell this is not an interface because there is a
section for declaring attributes (above the methods).
sceapt06qn45.jpg
The diagram shows a package called 'PackageName'.

The diagram shows a class called 'PackageName'.
The diagram shows an abstract class called 'PackageName'.
The diagram shows an interface called 'PackageName'.
You are developing a new sales system. Remote invocations are involved and performance is the main
requirement. What protocol should you use?
Choice B is the correct answer.RMI-JRMP should out perform RMI-IIOP because RMI-IIOP moves
entire objects over the network but RMI-JRMP simply moves object state.The Internet Inter-ORB
Protocol - IIOP - is the protocol that CORBA systems use. IIOP is stateful and provides programming
language and platform independence. IIOP will have access to built in CORBA services such as
transaction management.JRMP is the standard Java transport protocol (RMI-JRMP). JRMP is similar
to IIOP but it does not come with the built in services that IIOP does (IIOP has services such as
transaction management and naming available to it via CORBA.)HTTPS is HTTP over SSL. HTTPS is
a stateful protocol that encrypts data and validates both parties. The encryption algorithm to be used is
negotiated by the two parties (the best level of encryption that both parties can understand is used, i.e.
if one party has a best of 128bit triple DES and another of 40bit triple DES then 40bit triple DES will
be used).
RMI-IIOP
RMI-JRMP
HTTPS
None of the above
The Java Message Service is a Message-oriented Middleware implementation that is a new alternative
to IBM's MQSeries. True or false?
Choice B is the correct answer.The Java Message Service - JMS is a specification for message
middleware. JMS provides an API for services such as persistence, and transactions. JMS is however
not a messaging implementation such as IBM's MQSeries.In JMS, the publish/subscribe-messaging
model is where clients send messages (or publish messages) to topics and the point-to-point messaging
model is where clients send messages to Queues.Publish/subscribe messaging is where one client
publishes a message that is read by many subscribers. A newsgroup would be an example of this where
email messages are sent to all members of the group when a new message is posted.Point-to-point
messaging is where a client sends one message (via a queue) to another receiving client.
True
False
What is the primary advantage of using Servlets instead of PHP scripts?

Choices B and C are the correct answers.The primary advantage Servlets have over PHP scripts is the
ability to reuse code.PHP is a platform independent alternative to PERL, ASP, and JSP/Servlets etc.
Servlets are pre-compiled and although there is the initial cost of loading the Servlet, they will out
perform interpreted languages such as PERL and PHP. (Note: There have been some recent
performance enhancements with PHP but Servlets are still considered to outperform PHP.) Servlets run
within the Java sandbox, so security is excellent. Hence choice D is incorrect. Both Servlets and PHP
are platform independent, so choice F is also incorrect.
Servlets are more maintainable although PHP will out perform Servlets.
Servlets code is easier to reuse than PHP code.
Servlets will out perform PHP scripts.
PHP is more secure than Servlets.
PHP will out perform Servlets.
Servlets are platform independent but PHP is not.

Do not Cheat
You are developing a paint application for use on the web. The application is an applet. As part of the
application you need to READ a system property that contains information about the user's graphics
card. Depending upon the graphics memory, the paint auto-selects a resolution mode to execute in.
Which of the following statements regarding this scenario is true?
Choice D is the correct answer.An Applet may or may not be able to read system properties. Some
system properties will require an applet to be signed but others can be read without this requirement.
System properties can never be modified.Applets are permitted to make network connections back to
the host that they were downloaded from. They aren't however allowed to connect to arbitrary hosts
because this would provide a mechanism for denial of service attacks. Also if a firewall or server filters
packets by IP address, then it would be possible for a downloaded applet to be trusted automatically by
the firewall/server (a downloaded applet sending requests from your machine would be sending them
with your trusted IP address).It is not possible to change the priority of the thread that was created by
of resources). When an applet runs out of memory, a java.lang.OutOfMemoryException will be

This may work, but it depends on the configuration of the user's browser.
What J2EE technology would you use to replace Perl scripts in the solution described below?
MegaSoft Inc. has a web-based legacy business-to-business sales system. The solution consists of Perl
scripts (presentation and business logic) and a MSSQL database. Customers logon to the site, browse
for the latest products and prices, and place orders with MegaSoft.
Choice D is the correct answer.When migrating a web-based solution to a J2EE solution, you need to
consider the requirements of the original solution as opposed to taking the route of replacing like with
like, e.g. replacing ASP with JSP. It may be the case that a solution using PHP and PERL technologies
to handle presentation and business logic (and in some cases transaction management), could be better
separated in J2EE with presentation logic being handled by JSP and Servlets and business logic EJBs.
If transactions are involved in almost all cases, this is enough justification for using a separate
application server and Enterprise JavaBeans. Therefore choice D is the correct answer.
Applets
JSP
JSP/Servlets
JSP/Servlets and EJBs
You would never replace PHP scripts with a J2EE technology
Which of the following is the correct symbol to describe a dependency between classes A and B?
(Please Click on "Exhibit Button" to view the Diagram.)
Choice C is the correct answer.Diagram A shows inheritance.Diagram B shows an
association.Diagram C shows a dependence.Diagram D shows a composite aggregation. (Implies Class
B couldn't exist without Class A).Diagram E shows an aggregation.
sceapt07qn3.jpg
Diagram A
Diagram B
Diagram C
Diagram D
Diagram E
Given the following architecture, what is the best way to scale the system and solve the problem
described below? MegaSoft Inc. sell CDs via their website. The architecture is as follows:
Shopping basket:- Stateful Session BeanCustomer and purchase details:- Entity BeansCredit Card
processing:- External System + Messaging + Session Beans. The problem is that the messaging
system is over-stressed and subsequently overall performance is suffering. (The messaging system
notifies the Session Bean of the transaction status).
Choice B is the correct answer.The scenario describes a problem with the messaging service. A
messaging service can be scaled by adding more message brokers. It would be possible that the
Session Beans are not processing the messages fast enough and thus creating a bottleneck. Session
Beans can only receive synchronous messages (Message-Driven Beans introduced with the EJB 2.0
specification can receive asynchronous messages). But as the scenario says, problem is with the
messaging system so the most appropriate answer is choice B, and not choice A. Adding extra web
servers or application servers will not help improve the messaging system, so choices C and D are
incorrect. Choice E is inappropriate because Entity Beans represent data and Session Beans should be
used to control workflow and handle messages, but more importantly this will not improve the
performance of the messaging system.
Add more JMS message receivers (Session Beans)

Create a cluster of message brokers
Add an extra application server
Add an extra web server
Change the credit card processing system to notify the Entity Bean instead of the Session Bean
You need to upgrade a legacy system. The system is used to process transactions that are sent via the
CORBA server. Currently a custom socket is created and the transaction details are sent over. Due to
the unreliability of the socket connection you wish to replace it, what is the best approach you can
take?
Choice A is the correct answer.JMS is particularly suited for sending XML documents. You would
typically use JNI and RMI over JMS when you try to add/manipulate the business logic.Synchronous
messaging is the most appropriate type of messaging to be used in this scenario. This is due to the
instant response requirement when a purchase is made. When interfacing with external payment
systems, a Stateless Session Bean* is typically used. This bean would handle the payment
authorization request/response.* Stateless Session Beans are 'service' beans.Characteristics of
synchronous messaging: Blocks until message is processed Suitable for transaction processing
Can be implemented using EJBsCharacteristics of asynchronous messagin: Loose coupling
between sender and receiver The network is not required to be available Cannot be implemented
using EJBs Suitable for publish-subscribe messagingJMS supports both point-to-point and publish-
subscribe messaging.
Add JMS capabilities to the legacy application and send XML documents containing the
transaction details
Use JNI and expose the application via RMI and send XML documents containing the transaction
details
Use object mapping
None of the above
You are working on a Java based word processing application. You notice that you basically need to
re-implement some functionality that you have already coded as a COM object on a different project.
To save time, is there a way that you can use the Com object in this application?
Choice B is the correct answer.The Java-to-Com bridge is bi-directional, allowing Com objects to be
used in Java applications and Java classes to be used as Com objects. It is not appropriate to involve
CORBA with the application because there are no distributed requirements. Although it's possible to
use JNI (though it would require a far amount of work), it is not the most appropriate answer.Java IDL
- Java Interface Definition Language. Java IDL allows Java programmers to write both CORBA -
Common Object Request Broker Architecture - servers and clients. (CORBA uses IIOP). JNI - Java
Native Interface - allows Java to talk to code written using other programming languages (popular in
legacy connectivity).
No, this is not possible, you will need to rewrite the COM object in Java.
You can use a Java-to-Com bridge.
You can use JNI.
You can use Java IDL.
You have a web based application with no security requirements but you do need to maintain client
state. Which protocol would you use?
Choice A is the correct answer.HTTP is the most appropriate protocol because the web server can use
cookies, URL rewriting etc. Without any security requirements it would be overkill to use HTTPS to
maintain client state.HTTPS is HTTP over SSL. HTTPS is a stateful protocol that encrypts data and
validates both parties. The encryption algorithm to be used is negotiated by the two parties (the best
level of encryption that both parties can understand is used, i.e. if one party has a best of 128 bit triple
DES and another of 40 bit triple DES then 40 bit triple DES will be used).The Internet Inter-ORB
Protocol - IIOP - is the protocol that CORBA systems use. IIOP is stateful and provides programming
language and platform independence. IIOP will have access to built in CORBA services such as
transaction management.JRMP is the standard Java transport protocol (RMI-JRMP). JRMP is similar
to IIOP but it does not come with the built in services that IIOP does*. * IIOP has services such as
transaction management and naming available to it via CORBA.Both JRMP and IIOP will not pass
through a typically configured firewall but both can be tunneled over HTTP.Port numbers: HTTP -
80 HTTPS - 443 IIOP - 535 JRMP - 1099
HTTP
HTTPS
SSL
JRMP
IIOP
Which of the following are NOT permitted by applets?

Choice B is the correct answer.It is not possible to change the priority of the thread that was created by
applet.The security manager does not monitor the memory, CPU, or network bandwidth usage of an
this not fixed (an applet can ask for more and if available, the O/S may assign it). For more
Creating new threads

Changing the priority of O/S threads
Using excessive amounts of memory
Using excessive amounts of CPU time
Using excessive amounts of network bandwidth
In terms of long-term scalability it is preferable to scale a solution ___.

Choice A is the correct answer.Vertical scaling is the process of adding extra RAM or faster CPUs etc
to existing machines. Horizontal scaling is when you add extra machines. It is always preferable to use
horizontal scaling because you can only vertically scale a solution so far.Availability and reliability are
tightly linked. Availability means having the resources required to service all requests. Reliability is
increased when a solution is not over-stressed (when a solution has good availability).Adding extra
web servers will not make a solution more extensible, nor will it increase maintainability or
manageability.
Horizontally
Vertically
When should you use a Stateful Session Bean?

Choices B and E are the correct answers.When fetching frequently used read-only data, a Stateless
Session Bean should be used - an example would be fetching a list of products from a catalogue. So
choice A is incorrect. Both Session and Entity Beans can be used to synchronously receive JMS
messages, however, this ties up server resources. So Message-driven beans have been introduced,
which are capable of receiving asynchronous JMS messages. Therefore choice F is incorrect. At any
one time only a single client can have access to the bean instance, so choice C is incorrect. If the bean
should represent a business entity then an Entity Bean should be used, so choice D is incorrect. A
Stateful Session Bean has 'conversional state'. This means data about the client can be stored across
multiple invocations. Stateful Session Bean should also be used to manage the workflow of several
EJBs.Stateful Session Beans are typically used as shopping baskets while Stateless Session Beans
provide a 'service' to a client. When fetching frequently used read-only data, a Stateless Session Bean
should be used - an example would be fetching a list of products from a catalogue. It is not possible for
a Stateless Session Bean to ever be in a passivated state since its beans are not passivated.
When fetching frequently used read-only data.

If you need to manage the workflow or several EJBs.
At any time, multiple clients can have access to the bean instance.
When the bean should represent a business entity.
The bean needs to hold data about the client across multiple invocations.
To asynchronously receive JMS messages.
Which of the following choices describe the Template Method pattern and the benefits of using it?
Choices A and E are the correct answers.The Template Method pattern allows you to modify an
algorithm without rewriting all of the algorithm code. This works by moving certain parts of the
algorithm into separate methods and implementing these in sub classes.Choice B is incorrect because
the Template Method pattern uses subclasses to implement specific behavior (the Strategy pattern is an
alternative to sub classing). Choice C describes the Mediator pattern. Choice D describes the Visitor
pattern.Template Method - "Define the skeleton of an algorithm in an operation, deferring some steps
to sub classes. Template Method lets sub classes redefine certain steps of an algorithm without
changing the algorithm's structure."Mediator - "Define an object that encapsulates how a set of objects
and it lets you vary their interaction independently."Visitor - "Represent an operation to be performed
on the elements of an object structure. Visitor lets you define a new operation without changing the
classes the elements on which it operates."
Promotes code reuse

An alternative to sub classing
Coordinates communication between groups of objects
Easy to add new operations to existing objects
Helps reduce code volume when dealing with localized versions of applications
Which interface and method would you use to obtain a reference to an Entity Bean object?
Choice B is the correct answer.The Context interface does not exist so choice F is incorrect. The
EJBContext interface does define the getEJBHome() method but this interface is a super interface for
the EntityContext interface and the getEJBHome() method is used to obtain an EJBs remote home
interface. The EntityContext interface defines the correct method, which is getEJBObject(). The
EJBContext interface does not define the getEJBObject() or getObject() methods.
EntityContext.getObject()
EntityContext.getEJBObject()
EJBContext.getEJBHome()
EJBContext.getEJBObject()
EJBContext.getObject()
Context.getObject()
The following description describes which part of the Java API that is typically used during the process
of internationalization? The java.io.xxx and java.io.xxx classes are used when reading/writing files and
needing to convert between 16bit to 8bit (and vice-versa) character representations.
Choice E is the correct answer.During internationalization you would typically use the following Java
APIs and technologies: java.io.InputStreamReader/java.io.OutputStreamWriter java.util.Locale
java.util.Properties java.util.ResourceBundle java.text- the whole package UnicodeThe
and required to convert between 16 bit to 8 bit (and vice-versa) character representations.The
java.util.Locale class is used to get information about the local country such as the country name and
language.The java.util.Properties class can be used to contain localization parameters that an
application loads at boot time.The java.util.ResourceBundle class is used to contain locale-specific
objects. This allows an application to load the appropriate bundle.The java.text package as stated by
the API, provides classes and interfaces for handling text, dates, numbers, and messages in a manner
independent of natural languages.Unicode uses 16 bits as opposed to the 8 bits used by ASCI; this
allows Unicode to represent virtually all-modern languages. Java uses Unicode and converts the 16 bit
value to the appropriate value for the users operating system.
BufferedInputStream/BufferedOutputStream
BufferedReader/BufferedWriter
DataInputStream/DataOutputStream
FileInputStream/FileOutputStream
InputStreamReader/OutputStreamReader
Reader/Writer
StringReader/StringWriter
Which Entity Bean lifecycle methods move a bean instance from the ready state to the pooled state?
Choices C and D are the correct answers.There are two methods that will move an instance from the
ready state to the pooled state, these are the ejbPassivate() and ejbRemove() methods. The
ejbPassivate() and ejbStore() methods are used as part of the passivation process. The container calls
the ejbStore() method to prepare the instance for synchronization of the database state with the
instance state. The ejbPassivate() then returns the instance to the pooled state. The ejbLoad() method is
used when a bean is in the ready state, its purpose is to synchronize the instance state with the state in
the underlying data store. The ejbSave() method does not exist.
ejbStore()
ejbSave()
ejbPassivate()
ejbRemove()
ejbLoad()
Which of the following choices describe the Adapter pattern and the benefits of using it?
Choices A and D are the correct answers.The Adapter pattern is particularly useful when extending
existing applications as it provides an intermediary object to sit between two classes, allowing them to
communicate.Adapter - "Convert the interface of a class into another interface clients expect. Adapter
lets classes work together that couldn't otherwise because of incompatible interfaces."Choices B and C
describe features of the Bridge pattern. Choice E describes the Facade pattern.Bridge - "Decouple an
abstraction from its implementation so that the two can vary independently."Facade - "Provide a
unified interface to a set of interfaces in a subsystem. Facade defines a higher-level interface that
makes the subsystem easier to use."
Provides a way for classes with incompatible interfaces to work together

Decouples abstraction and implementation
Improves extensibility
Useful when upgrading existing applications
Provides a simple interface to a complex subsystem
When should you use a Session Bean?

Choices A, D, and E are the correct answers.Session Beans should be used when the bean is not
required to persist its state. Both Session and Entity Beans can be used to synchronously receive JMS
messages. However, this ties up server resources; so Message-driven beans have been introduced,
which are capable of receiving asynchronous JMS messages. If the bean should represent a business
entity then an Entity Bean should be used, so choice C is incorrect. At any one time only a single client
can have access to the bean instance, so choice B is incorrect.Stateful Session Beans are typically used
as shopping baskets while Stateless Session Beans provide a 'service' to a client.When fetching
frequently used read-only data, a Stateless Session Bean should be used - an example would be
fetching a list of products from a catalogue. A Stateful Session Bean should be used to manage the
workflow of several EJBs. It is not possible for a Stateless Session Bean to ever be in a passivated state
since its beans are not passivated.
At any time, only one client has access to the bean instance
At any time, multiple clients can have access to the bean instance
When the bean should represent a business entity
The bean is not required to be persistent
To synchronously receive JMS messages
To asynchronously receive JMS messages
MegaSoft Inc. has decided to migrate their existing online car sales site (see scenario below) to a J2EE
solution. Currently the site has been written using PERL and CGI scripts. Which of the following J2EE
technologies should you use? Scenario: A customer selects the type of car, optional extras, and then
generates a quote. If the customer wishes to purchase the car, the quote is sent to the local dealership in
the form of an email. The dealership then contacts the customer to confirm the order and take payment
information.Note: A quote must be generated securely (no eavesdropping) but quotes can be made
anonymously.
Choices A and B are the correct answers.The scenario in this question has been written to be
deliberately misleading. On the one hand there are security requirements (no eavesdropping), but on
the other the quote can be made anonymously (no need to login). What this means is that HTTPS must
be used during the quote generation, however, there is no requirement for the customer to have logged
in. This means that the use of the Java Authentication and Authorization Service JAAS is not required.
Although the question refers to the site as being an online car sales site, when you read the scenario it
is clear that no sales are made online (orders are emailed and then validated). Therefore there is no
need to use JXTA. There is no need to use Enterprise JavaBeans because the site has no transaction or
Java related security requirements. (It would be possible to argue the use of Entity Beans to represent
data necessary for generating the quote but you would also need Session Beans to interface with the
Entity Beans.)
JSP
Servlets
EJB
JXTA
JAAS
You are working on a multimedia application. When the user selects new from the pull-down menu,
they are presented with the choice to create a variety of different types of file (objects). The class that
handles the new requests will not be able to anticipate the class type of the objects it must create. Is
there a GOF design pattern to handle these requirements and if so, what is it called?
Choice C is the correct answer. The Factory Method pattern allows sub classes to decide which class to
instantiate. The scenario says that the class that processes the 'new' requests will not know in advance
the type of class it must instantiate. The Factory Method pattern fits this.Factory Method - "Defines an
interface for creating an object, but lets subclasses decide which class to instantiate. Factory Method
lets a class defer instantiation to subclasses."Abstract Factory - "Provides an interface for creating
families of related or dependent objects without specifying their concrete classes."Builder - "Separates
the construction of a complex object from its representation so that the same construction process can
create different representations."Prototype - "Specifies the kinds of objects to create using a
prototypical instance, and creates new objects by copying this prototype."Singleton - "Ensures a class
only has one instance, and provides a global point of access to it."
Abstract Factory
Builder
Factory Method
Prototype
Singleton
There is no GOF design pattern that is suitable for use in the above scenario
What are the benefits of using a Data Access Object (DAO) with an Entity Bean using Bean Managed
Persistence?
Choice B is the correct answer.The use of a Data Access Object - DAO with an Entity Bean using
Bean Managed Persistence BMP will help reduce the coupling between the bean and the database.
Basically when using a DAO, you are moving all the SQL from the bean into a separate object and
calling DAO methods instead. The use of Data Access Objects does not, however, reduce the
dependence upon a particular Application Server. There will be no change in bean performance when
using a DAO (unless their is a change in the quality of the SQL that the application server generates or
the SQL that the developer writes.)
Increased bean performance

Reduced dependence on the Database
Reduced dependence on the Application Server
Easier path to change the Bean to use CMP
You are working at MegaJavaDev Inc. on a java based HR project. You are doing some testing at work
and are connecting to the new HR application. This works as expected but when you try again later
from home you fail to connect to the application. What can be the most likely cause of the problem?
Choice C is the correct answer.It is most likely that the MegaJavaDev Inc. company firewall is
blocking your incoming connection request. (It is possible that your ISP is blocking the request but as
this isn't the most likely answer, choice B is incorrect). Corporate firewalls tend to only allow requests
through ports 80 and 443 and JRMP uses port 1099.Applets are permitted to make network
connections back to the host that they were downloaded from. They aren't, however, allowed to
connect to arbitrary hosts because this would provide a mechanism for denial of service attacks. Also if
a firewall or server filters packets by IP address, then it would be possible for a downloaded applet to
be trusted automatically by the firewall/server (a downloaded applet sending requests from your
machine would be sending them with your trusted IP address).The security manager does not monitor
the memory, CPU, or network bandwidth usage of an applet. (It is assumed that the operating system
will guard against an applet using an excessive amount of resources). When an applet runs out of
memory a java.lang.OutOfMemoryException will be thrown.Generally, operating systems will allocate
a certain amount of memory for processes to use but this not fixed (an applet can ask for more and if
available the O/S may assign it).For more information please see: http://java.sun.com/sfaq/
The application will probably have crashed.

Your ISP's firewall is blocking the connection.
The MegaJavaDev company firewall is blocking the connection.
There are no correct choices shown here.
Which of the following java APIs may be used during the process of internationalization?
Choices A and C are the correct answer.Internationalization is the process of preparing an application
to be used in multiple locales. Localization is the process of preparing an application (that has been
through the process of internationalization) for use in a specific country. During internationalization
you would typically use the following Java APIs and technologies:
class can be used to contain localization parameters that an application loads at boot time.The
modern languages. Java uses Unicode and converts the 16 bit value to the appropriate value for the
Properties
Internationalization
Locale
BufferedInputStreamReader/BufferedOutputStreamWriter
java.security.Permissions
javax.naming
Which of the following statements regarding message digests are true?

Choices A and D are the correct answers.A message digest is evidence that a piece of data has not been
altered. Message digests do not prove who sent a message or that the message does not contain any
malicious code. Passing the data into an algorithm creates a message digest; the output is the digest
(this process is referred to as hashing, not encrypting so choice E is incorrect). Creating and using
message digests is fully supported in the java.securtity platform.Other java applet security
information:It is not possible to change the priority of the thread that was created by the browser for
the applet to run in (to do this would require an O/S call). It is possible for an applet to create new
threads and manipulate the threads in the thread group that the browser created for the applet.The
security manager does not monitor the memory, CPU or network bandwidth usage of an applet. (It is
assumed that the operating system will guard against an applet using an excessive amount of
resources). When an applet runs out of memory a java.lang.OutOfMemoryException will be
A message digest is proof that a piece of data has not been altered but it does not provide any
other guarantees.
A message digest is proof of sender.
A message digest is proof that no malicious code is contained within the message.
Message digests are supported in the Java 2 security package (java.security).
The process of creating a message digest is sometimes referred to as encrypting.
The most notable weaknesses of a one-tier system are that they are said to have poor _______ ,
________, and _______.
Choices B, C, and F are the correct answers.The biggest weaknesses of one-tier systems are their
maintainability and scalability. They may only be scaled vertically by adding extra CPUs or increasing
the amount of RAM, additional machines may not be added. The reason they are so hard to maintain is
due to the tight coupling between the presentation, business logic, and data. Changes to any of these
layers will have a direct effect on the adjacent layers. The other main weakness of one-tier systems is
that they are not extensible (due to tight coupling between tiers - not designed to be extended).The
performance of a one-tier system should (under small loads) be better than a three tier system because
there will be no network delay. It's arguable that under heavy loads the performance will deteriorate
but that is really referring to scalability. There is no reason why a one-tier system would be more
unreliable than a two or three-tier system, so choice E is incorrect.Security and manageability are
generally easier with smaller systems such as one-tier solutions, so choices D and G are incorrect. The
system is in one place so manageability should be simple as opposed to having to administer multiple
web servers, application servers and databases. One could argue that the availability of a one-tier
system is not as good as a two/three/N tier solution (which it is not) but it is not one of the three most
notable weaknesses of a one-tier system.
Availability
Extensibility
Maintainability
Manageability
Reliability
Scalability
Security
You need to communicate with a legacy sales system that has CORBA clients written in C++. The
system provides no support for messaging. What is the best way to communicate with this system?
Choice C is the correct answer.Java IDL - Java Interface Definition Language. Java IDL allows Java
clients. (CORBA uses IIOP). Therefore choices A and B are incorrect. Choice D is incorrect because
there is no need to add messaging capabilities if there is already the opportunity to communicate via
CORBA.JNI - Java Native Interface - allows Java to talk to code written using other programming
languages (popular in legacy connectivity).
You will have to use JNI and RMI because it is not possible to create a CORBA server in Java.
You will have to use JNI together with Java IDL to help create a CORBA server in Java. This will
then allow you to talk directly with the CORBA clients.
Use Java IDL to create a CORBA server and then talk directly with the CORBA clients.
Add messaging capabilities to the legacy system and then communicate via JMS.
It is not possible to communicate with this system using Java.
You are designing the next generation multimedia player. As part of the design, you need to ensure
that only two instances of the 'Speaker' class are ever created (the speaker class is used to control the
volume, bass, and tone). Is there a GOF design pattern to handle this situation and if so, what is it
called?
Choice E is the correct answer.The Singleton pattern can ensure either only one instance of a class is
ever created or that a fixed variable number of instances are created. In code, the constructor is made
private and static getInstance() methods are used.Singleton -"Ensures a class only has one instance, and
provides a global point of access to it."Abstract Factory - "Provides an interface for creating families of
related or dependent objects without specifying their concrete classes."Builder - "Separates the
construction of a complex object from its representation so that the same construction process can
create different representations."Factory Method - "Defines an interface for creating an object, but lets
subclasses decide which class to instantiate. Factory Method lets a class defer instantiation to
subclasses."Prototype - "Specifies the kinds of objects to create using a prototypical instance, and
creates new objects by copying this prototype."
Abstract Factory
Builder
Factory Method
Prototype
Singleton
The use of a Data Access Object with an Entity Bean will help reduce the dependence upon a
particular Application Server.
Choice B is the correct answer.The use of a Data Access Object - DAO with an Entity Bean using
Bean Managed Persistence BMP will help reduce the coupling between the bean and the database.
Basically when using a DAO you are moving all the SQL from the bean into a separate object and
calling DAO methods instead. The use of Data Access Objects does not however reduce the
dependence upon a particular Application Server.
True
False
You are designing an application to calculate taxes. You need to change parts of the tax calculation
algorithm depending upon the country it is being used in. You recognize the problem of creating
modified versions an algorithm whilst maintaining the core algorithm logic. Is there a GOF design
pattern to handle this situation and if so, what is it called?
Choice D is the correct answer.The Template Method pattern allows you to modify an algorithm
without rewriting all of the algorithm code. This works by moving certain parts of the algorithm into
separate methods and implementing these in sub classes.Template Method - "Defines the skeleton of
an algorithm in an operation, deferring some steps to sub classes. Template Method lets sub classes
redefine certain steps of an algorithm without changing the algorithm's structure."Mediator - "Defines
objects from referring to each other explicitly, and it lets you vary their interaction
independently."State - "Allows an object to alter its behavior when its internal state changes. The
object will appear to change its class."Strategy - "Defines a family of algorithms, encapsulates each
one, and make them interchangeable. Strategy lets the algorithm vary independently from clients that
use it."
Mediator
State
Strategy
Template Method
You are creating a website to sell fine art to the rich and famous. You are only expecting to make one
or two sales per week. Considering you require the system to be both secure and provide support for
transactions, which of the following describes the most appropriate architecture?
Choice C is the correct answer.Although the scenario states that the application must be both secure
and provide support for transactions, due to the low number of sales expected there is no justification
for using an application server. Instead, it is more appropriate to use JTS (for the transactions) and
Servlets (for the business logic).If a three-tier architecture was adopted, a Stateful Session Bean would
be used to represent the shopping basket, and a Stateless Session Bean would be used to coordinate
between the application and the credit card authorization system.
Use JSP/Servlets for presentation, EJBs for business logic, and an enterprise database.
Use JSP/Servlets for presentation, EJBs for business logic, and a small-scale database.
Use JSP/Servlets for both presentation and business logic and JTS for the transactions.
Which of the following statements describe a message digest?

Choice A is the correct answer.A message digest is evidence that a piece of data has not been altered.
Message digests do not prove who sent a message or that the message does not contain any malicious
code. Passing the data into an algorithm creates a message digest; the output is the digest (this process
is referred to as hashing, not encrypting). Creating and using message digests is fully supported in the
java.securtity platform.Other java applet security information:It is not possible to change the priority of
the thread that was created by the browser for the applet to run in (to do this would require an O/S
call). It is possible for an applet to create new threads and manipulate the threads in the thread group
that the browser created for the applet.The security manager does not monitor the memory, CPU, or
network bandwidth usage of an applet. (It is assumed that the operating system will guard against an
applet using an excessive amount of resources). When an applet runs out of memory a
java.lang.OutOfMemoryException will be thrown.Generally, operating systems will allocate a certain
amount of memory for processes to use but this not fixed (an applet can ask for more and if available
the O/S may assign it).
A message digest is proof that a piece of data has not been altered but it does not provide any
other guarantees.
A message digest is proof of sender.
A message digest is proof that no malicious code is contained within the message.
A message digest is proof of receipt.
Which of the following choices describe asynchronous messaging?

Choices A and D are the correct answers. Characteristics of synchronous messaging: Blocks until
message is processed Suitable for transaction processing Can be implemented using EJBs
Characteristics of asynchronous messaging: Loose coupling between sender and receiver The
network is not required to be available Cannot be implemented using EJBs Suitable for
publish - subscribe messaging
Loose coupling between sender and receiver

Blocks until message is processed
Suitable for transaction processing
The network is not required to be available
Can be implemented using EJBs
Choice B is the correct answer.Choice A is incorrect because Stateless Session Beans do not have
conversational state. Session Beans that are involved in transactions cannot be passivated. Stateful
Session Beans can be either retrieved via the finder methods or create methods defined in the home
interface.Entity Beans do not extend from any classes instead they must implement the
javax.ejb.EntityBean interface. They also have a remote and home interface. The remote interface
extends from javax.ejb.EJBObject and the home interface extends from javax.ejb.EJBHome.Session
Beans do not extend from any classes instead they must implement the javax.ejb.SessionBean
interface. They also have a remote and home interface. The remote interface extends from
javax.ejb.EJBObject and the home interface extends from javax.ejb.EJBHome.Container Managed
Persistence will increase an Enterprise Beans portability and is particularly useful when simple objects
need to be persisted. Bean Managed Persistence should generally be avoided. The two main arguments
for using it are: reducing dependence upon a database and when you need to persist a complex object.
All Session Beans have conversational state.

Session Beans that are involved in transactions cannot be passivated.
Session Beans that are involved in transactions can be passivated.
Stateful Session Beans can be either retrieved via the finder methods or create methods defined in
the home interface.
Stateful Session Beans can be either retrieved via the finder methods or create methods defined in
the component interface.
MegaSoft Inc. have added 5 extra web servers to their existing sales solution. This will have increased
______
Choices A, E, and F are the correct answers.The scenario in the question describes horizontal scaling.
(Vertical scaling is the process of adding extra RAM or faster CPUs etc to existing machines).
Availability and reliability are tightly linked. Availability means having the resources required to
service all requests. Reliability is increased when a solution is not over-stressed (when a solution has
good availability). The extra web servers mean that the sales solution should perform better.Adding
extra web servers will not make a solution more extensible, nor will it increase maintainability or
manageability. Adding the web servers is referred to as scaling.
Availability
Extensibility
Maintainability
Manageability
Performance
Reliability
Scalability
You need to add some additional functionality to an email application. Part of the application (one
class) parses an email, checking for email type. You wish to replace this class with a smaller, faster
parser that can also perform additional tasks such as checking the priority status. The EmailRecieve
class expects an interface for the parser of type EmailParser but the new class has an interface type of
SuperFastEmailParser. Is there a GOF design pattern to handle this problem and if so, what is it called?
Choice A is the correct answer.The scenario describes the need to change an interface for a class. The
EmailRecieve class expects the EmailParser interface but now needs to cope with the
SuperFastEmailParser interface. The Adapter pattern can solve this problem.Adapter - "Converts the
interface of a class into another interface clients expect. Adapter lets classes work together that couldn't
otherwise because of incompatible interfaces."Bridge - "Decouples an abstraction from its
implementation so that the two can vary independently."Decorator - "Attaches additional
you vary their interaction independently."Template Method - "Defines the skeleton of an algorithm in
an operation, deferring some steps to subclasses. Template Method lets subclasses redefine certain
steps of an algorithm without changing the algorithm's structure."
Adapter
Bridge
Decorator
Mediator
Template Method
There is no GOF design pattern for this problem
What are the primary advantages a three-tier system has over a two-tier system?
Choice F is the correct answer.A three-tier system can be classified as a loosely coupled, highly
scalable and extensible solution. A simple system (such as a one-tier system) is much easier to
manage than a complex three-tier system (remember altering a tier comes under extensibility). A
two-tier system can have either fat or thin clients depending on where the business logic is
implemented. A three-tier system will be harder to secure than a typical two-tier system because of
the extra network calls etc. Choice E is incorrect because a two-tier system can be scaled both
horizontally and vertically.
A three-tier system has thin clients whereas a two-tier system will always have fat clients.
A three-tier system will out perform a two-tier system.
A three-tier system is easier to manage than a two-tier system.
A three-tier system is easier to secure.
A three-tier system can be both vertically and horizontally scaled whereas a two-tier system can
only be horizontally scaled.
A three-tier system is more extensible than a two-tier system.
Which of the following choices describe synchronous messaging?

Choices B, C, and E are the correct answers. Characteristics of synchronous messaging: Blocks until
message is processed Suitable for transaction processing Can be implemented using EJBs
Characteristics of asynchronous messaging: Loose coupling between sender and receiver The
network is not required to be available Cannot be implemented using EJBs Suitable for publish
- subscribe messaging
Loose coupling between sender and receiver

Blocks until message is processed
Suitable for transaction processing
The network is not required to be available
Can be implemented using EJBs
Which design pattern is used in the EJB Remote interface?

Choice D is the correct answer.The Proxy pattern gives you the means to filter requests that are sent to
an object. (Requests are sent to the proxy object, these are then routed to the actual object as
required).Proxy - "Provides a surrogate or placeholder for another object to control access to
it."Adapter - "Converts the interface of a class into another interface clients expect. Adapter lets classes
work together that couldn't otherwise because of incompatible interfaces."Factory Method - "Defines
an interface for creating an object, but let subclasses decide which class to instantiate. Factory Method
lets a class defer instantiation to subclasses."Observer - "Defines a one-to-many dependency between
automatically."Template Method - "Defines the skeleton of an algorithm in an operation, deferring
some steps to subclasses. Template Method lets subclasses redefine certain steps of an algorithm
without changing the algorithm's structure."
Adapter
Factory Method
Observer
Proxy
Template Method
Given the diagrams below, select the UML symbols for a package and a node. (Please Click on
"Exhibit Button" to view the Diagram )
Choices A and D are the correct answers.Diagram A shows the UML symbol for a package.Diagram B
shows the UML symbol for a class.Diagram C shows the UML symbol for a use case.Diagram D
shows the UML symbol for a node.Diagram E shows the UML symbol for a component.
sceapt07qn25.jpg
Diagram A
Diagram B
Diagram C
Diagram D
Diagram E
An EJB Container provides which of the following services?

Choices A, B, C, and E are the correct answers.EJB servers reduce the complexity involved in
developing middleware applications by automatically providing services such as: security, transaction
support, and database connectivity. EJB containers do not provide an automatic way to connect to
legacy applications.
Transactions
Persistence
Security
Legacy connectivity
Database connectivity
Which of the following are benefits of using the Composite pattern?

Choices B and D are the correct answers.The Composite pattern allows you to easily add new types of
component and it minimizes the complexity of an object that consists of many different objects.Choice
A describes the Bridge pattern.Choice C describes the Adapter pattern.Choice E describes the
Decorator pattern.Composite - "Composes objects into tree structures to represent part-whole
hierarchies. Composite lets clients treat individual objects and compositions of objects uniformly."
Decouples an abstraction and implementation

Minimizes the complexity of an object that consists of many different objects
Convert the interface of a class into that of another
Can easily add new types of component
Dynamically attach additional responsibilities to an object
Although a Stateless Session Bean does not have a state that can be passivated/activated, it does have a
conversational state that is maintained across multiple clients until the bean is removed via the
ejbRemove() method.
Choice B is the correct answer.Stateless Session Beans do not have a conversational state. Also,
Stateless Session Beans are not passivated/activated unlike their stateful counterparts. A Stateless
Session Bean provides a service to only one client at a time but it can serve multiple clients before the
container removes the bean via the ejbRemove() method.Session Beans do not extend from any classes
instead they must implement the javax.ejb.SessionBean interface. They also have a remote and home
interface. The remote interface extends from javax.ejb.EJBObject and the home interface extends from
javax.ejb.EJBHome.
True
False
You have a family of related abstract classes and wish to create instances of these classes using a
matched set of concrete subclasses. Is there a GOF design pattern to handle this problem and if so,
what is it called?
Choice A is the correct answer.The Abstract Factory pattern allows you to create instances of related
abstract classes without using concrete subclasses.Abstract Factory - "Provides an interface for
creating families of related or dependent objects without specifying their concrete classes."Builder -
"Separates the construction of a complex object from its representation so that the same construction
process can create different representations."Factory Method - "Defines an interface for creating an
object, but lets subclasses decide which class to instantiate. Factory Method lets a class defer
instantiation to subclasses."Prototype - "Specifies the kinds of objects to create using a prototypical
instance, and creates new objects by copying this prototype."Singleton - "Ensures a class only has one
instance, and provides a global point of access to it."
Abstract Factory
Builder
Factory Method
Prototype
Singleton
JMS Topics are ___ __ ___ and JMS Queues are ___ __ ___.
Choice B is the correct answer.Publish/subscribe messaging is where one client publishes a message
that is read by many subscribers. A newsgroup would be an example of this where email messages are
sent to all members of the group when a new message is posted.Point-to-point messaging is where a
client sends one message (via a queue) to another receiving client.Publish/subscribe messaging is the
model used by the jms.topic and the point-to-point model is used by the jms.queue.
One-to-one, one-to-many
One-to-many, one-to-one
Either
Which of the following statements describes an off board server?

Choice E is the correct answer. An off-board server is a server that provides support for custom legacy
protocols whilst still being able to communicate with new systems via standard protocols. A DMZ is
the zone between two firewalls. Consider the following system architecture that you must secure.
Company web server 5 Office machines 2 Development serversThe company web server needs
to serve pages to remote users and office machines need access to the internet . You would secure this
services to internet clients in the DMZ and the office machines and development servers behind an
inner firewall . You would then configure a proxy server in the DMZ to forward the requests from the
office machines to the internet.
An off board server is one that executes outside of the DMZ

An off board server is one that executes within the outer firewall of the DMZ
An off board server is one that executes within the inner firewall of the DMZ
A server that implements basic load balancing techniques such as round robin
A server that provides support for custom legacy protocols
You are designing an application that must support the following: Queuing of requests
Transactions UndoIs there a GOF design pattern to handle these requirements and if so, what is it
called?
Choice B is the correct answer.The Command pattern stores requests in the form of an object. This
allows you to pass objects to methods or store them in queues.Command - "Encapsulates a request as
an object, thereby letting you parameterize clients with different requests, queue or log requests, and
support undoable operations. "Chain of Responsibility - "Avoid coupling the sender of a request to its
receiver by giving more than one object a chance to handle the request. Chain the receiving objects
and pass the request along the chain until an object handles it."Observer - "Defines a one-to-many
dependency between objects so that when one object changes state, all its dependents are notified and
updated automatically."Strategy - "Defines a family of algorithms, encapsulates each one, and make
them interchangeable. Strategy lets the algorithm vary independently from clients that use it."Visitor -
"Represents an operation to be performed on the elements of an object structure. Visitor lets you define
a new operation without changing the classes the elements on which it operates."
Command
Observer
Strategy
Visitor
There is no GOF pattern that meets these requirements
Which of the following would you find in a security policy file?
Choice D is the correct answer.The java.policy file contains details about class permissions. It does not
contain any information about certificates or their authorities.A keystore contains two types of entries,
trusted certificates and keys. Other java applet security information:It is not possible to change the
priority of the thread that was created by the browser for the applet to run in (to do this would require
an O/S call). It is possible for an applet to create new threads and manipulate the threads in the thread
group that the browser created for the applet.The security manager does not monitor the memory,
CPU, or network bandwidth usage of an applet. (It is assumed that the operating system will guard
against an applet using an excessive amount of resources). When an applet runs out of memory a
java.lang.OutOfMemoryException will be thrown.Generally, operating systems will allocate a certain
amount of memory for processes to use but this not fixed (an applet can ask for more and if available
the O/S may assign it).
Trusted certificates
Un-trusted certificates
Trusted certificate authorities
Class permissions
Which design pattern should you use when you need to create objects without knowing either their
exact class or how to create them?
Choice D is the correct answer.The Prototype pattern allows you to create customized objects without
knowing their exact class details.Prototype - "Specifies the kinds of objects to create using a
prototypical instance, and creates new objects by copying this prototype."Abstract Factory - "Provides
an interface for creating families of related or dependent objects without specifying their concrete
classes."Builder - "Separates the construction of a complex object from its representation so that the
same construction process can create different representations."Factory Method - "Defines an interface
for creating an object, but lets subclasses decide which class to instantiate. Factory Method lets a class
defer instantiation to subclasses."Singleton - "Ensures a class only has one instance, and provides a
global point of access to it."
Abstract Factory
Builder
Factory Method
Prototype
Singleton
You have been put in charge of tweaking an application to help it perform better, (currently it is using
too much memory). The application consists of a large number of objects but the application itself does
not depend upon object identity. Is there a GOF design pattern to handle this situation and if so, what is
it called?
Choice B is the correct answer.The Flyweight pattern will help increase the performance of the
application by sharing objects as opposed to creating unique objects for each task.Flyweight - "Uses
sharing to support large numbers of fine-grained objects efficiently."Decorator - "Attaches additional
you vary their interaction independently."Observer - "Defines a one-to-many dependency between
automatically."Proxy - "Provides a surrogate or placeholder for another object to control access to
it."Strategy - "Defines a family of algorithms, encapsulates each one, and make them interchangeable.
Strategy lets the algorithm vary independently from clients that use it."
Decorator
Flyweight
Mediator
Observer
Proxy
Strategy
In JMS, the publish/subscribe-messaging model is ___ and the point-to-point model is ____.
Choice D is the correct answer.In JMS, the publish/subscribe-messaging model is where clients send
messages (or publish messages) to topics and the point-to-point messaging model is where clients send
messages to Queues.Publish/subscribe messaging is where one client publishes a message that is read
by many subscribers. A newsgroup would be an example of this where email messages are sent to all
members of the group when a new message is posted.Point-to-point messaging is where a client sends
one message (via a queue) to another receiving client.
Synchronous, Asynchronous
Asynchronous, Synchronous
... where clients send messages to Queues, ... where clients send messages to Topics
... where clients send messages to Topics, ... where clients send messages to Queues

Do not Cheat
Refer to the following diagram:(Please Click on "Exhibit Button" to view the Diagram )
Choice E is correct. Aggregate relationship in UML is denoted with an open diamond on one side of
an association relationship. In the above diagram, class A has an aggregate relationship with Interface
C. Generally this means that at runtime, class A will hold a reference to an object that implements
Interface C. Hence, choice E is correct. The interface C does not have an association, aggregation or
composition relationship with class A. Choices B, D and F are therefore incorrect. If class A had a
solid diamond instead of an open diamond, it would have represented a composition. Hence, choice C
is incorrect.
A has an association relationship with C

C has an association relationship with A
A has a composition relationship with C
C has a composition relationship with A
A has an aggregation relationship with C
C has an aggregation relationship with A
CORBA specification does NOT provide support for which of the following?
Choice B is correct. CORBA does not provide support for 'Container Managed Persistence.' CMP is a
concept only supported by the EJB specification. Hence, choice B is correct. CORBA has support for
Naming, Security, Transactions, Events and Concurrency control. Hence, the other choices are
incorrect.
Naming Service
Container managed Persistence
Security
Transaction Service
Event (Asynchronous Messaging)
Concurrency Control
Which of the following statements is true about DNS Round Robin?

Choice D is correct. DNS Round Robin is a load distribution method by which a set of servers is
allowed to process incoming requests in sequence. The first request goes to the first server, the second
to the second server and so on. When the last server in sequence has a request, the next request goes to
the first server again. Hence, choice D is correct. Note that DNS Round Robin is a good 'load
distribution' technique, not a 'load balancing' technique. Since requests are processed sequentially in
DNS Round Robin, the current load on a server is not taken into account before a new request is
delegated to a server. Under load balancing techniques, the load on individual servers is monitored
before additional requests are sent to them. Hence, choice A is incorrect. DNS Round Robin allows
servers to process requests sequentially, not in a random fashion. Hence, choice B is incorrect. With
load balancing techniques, a load monitor may check for the current load on a primary server before
deciding to delegate subsequent requests to this or another server. This is not true of DNS Round
Robin. Hence, choice C is incorrect.
It considers actual load on machines before routing requests.

It uses a random generator to decide which server to route a request to.
It routs requests to one server until a configured threshold is reached and then sends subsequent
requests to the next server.
Each Request is sent to subsequent server in the list, after the end is reached it starts with the first
server again.
The Bean class provides implementations for which of the following methods?
Choices A, B and C are correct. The Bean class has implementations for the methods corresponding to
the methods in the Home and Remote Interfaces and the bean's callback methods. Hence, choice D is
correct.
Methods in the Bean's Home Interface

Methods in the Bean's Remote Interface
EJB Callback methods
A, B and C
A and B
A and C
B and C
The diagram below is an example of which of the following diagrams?(Please Click on "Exhibit
Button" to view the Diagram )
Choice D is correct. The diagram represents a Sequence diagram. A sequence diagram is an
interaction diagram that shows the time ordering of events. Choice D is therefore correct.
Object Interaction Diagram

Collaboration Diagram
State Diagram
Sequence Diagram
Activity Diagram
Which of the following methods is optional in the Home Interface of an Entity Bean?
Choice A is correct. Sometimes when you do not want the clients of an EJB application to add data to
your system, you may choose not to provide a create method in the Home Interface of the Enterprise
bean. Therefore, the create method is optional. Hence, choice A is correct.
Create()
FindByPrimaryKey()
Remove()
None of the above
Which of the following statements is true about Stateful Session Beans?

Choice C is correct. The valid lifecycle states of a Stateful Session Bean are 'Does Not Exist', 'Method
Ready', 'Method Ready (in TX)' and 'Passive'. The Bean instance leaves the 'Method Ready' state to
enter the 'Passive' State (through Passivation) or the 'Does Not Exist' state (through removal). Hence,
choice C is correct. 'Method Ready Pool' is not a valid state for Stateful Session Beans because the
specifications do not mandate the container to maintain a bean pool for Stateful Session Beans. Note
that some containers may internally use some kind of pooling mechanism for achieving higher
performance. Hence, choice A is incorrect. There is no 'Stateful' State in the lifecycle of a Stateful
Session Bean. Choice B is therefore incorrect. Stateful Beans leave the 'Method Ready' state to enter
the 'Does not Exist' or 'Passive' state. Hence, choice D is incorrect.
They leave Method Ready Pool state to enter Does not Exist State.
They leave Method Ready state to enter Stateful State.
They leave Method Ready state to enter Passivated or Does not Exist state.
They never leave the Method Ready state.
use it."
Mediator
State
Strategy
Template Method
Which of the following defines a standard architecture for connecting the J2EE platform to
heterogeneous EIS applications?
Choice E is correct. The following is taken from: http://java.sun.com/j2ee/connector/ "The J2EE
Connector architecture provides a Java solution to the problem of connectivity between the many
application servers and EISs already in existence. By using the J2EE Connector architecture, EIS
vendors no longer need to customize their product for each application server. Application server
vendors who conform to the J2EE Connector architecture do not need to add custom code whenever
they want to add connectivity to a new EIS." Hence, choice E is correct. J2SE is a platform that
provides "the compiler, tools, runtimes and APIs for developing, deploying and running applets and
applications in the Java programming language." Hence, choice A is incorrect. The following is taken
from: http://java.sun.com/products/javawebstart/ "Java TM Web Start -- a technology for simplifying
deployment of Java applications-- gives you the power to launch full-featured applications with a
single click from your Web browser. You can now download and launch applications, such as a
complete spreadsheet program or an Internet chat client, without going through complicated
installation procedures." Hence, choice B is incorrect. The following is taken from:
http://java.sun.com/products/jdbc/ "JDBCTM technology is an API that lets you access virtually any
tabular data source from the Java TM programming language. It provides cross-DBMS connectivity to
a wide range of SQL databases, and now, with the new JDBC API, it also provides access to other
tabular data sources, such as spreadsheets or flat files. The JDBC API allows developers to take
advantage of the Java platform's "Write Once, Run Anywhere TM" capabilities for industrial strength,
cross-platform applications that require access to enterprise data. With a JDBC technology-enabled
driver, a developer can easily connect all corporate data even in a heterogeneous environment."
Hence, choice C is incorrect. The following is taken from:http://java.sun.com/products/jms/ "The JMS
API improves programmer productivity by defining a common set of messaging concepts and
programming strategies that will be supported by all JMS technology-compliant messaging systems."
While you may be able to communicate with EIS systems using JMS (if the EIS supports JMS), it is
not a standardized architecture for connecting to heterogeneous EIS applications. Hence, choice D is
incorrect.
J2SE
Java Web Start
JDBC
JMS
JCA
In EJB 1.1, the EJB timeout property may be added to the Bean's deployment descriptor for easier
declarative life cycle management. True or False?
Choice B is correct as the statement is FALSE. In EJB 1.0, the timeout period was specified in the
deployment descriptor and defined as number of seconds. Between two business method invocations,
the timer was reset. However, in EJB 1.1, the deployer is allowed to set the timeout in a vendor
dependent manner. Hence, the above statement is false.
True
False
A session bean called Some Bean has a method called someMethod(), which calls someOtherMethod
(same bean) followed by someOtherBeanMethod() of SomeOtherBean. If someMethod() starts a BMT
transaction, which of the following are true?
Choices A, D and F are correct. A Bean may be defined as either a BMT bean or a CMT bean. One
cannot have some methods of a bean participating in Container Managed Transactions and other
methods participating in Bean Managed Transactions. Hence, choice A is correct. Session Beans may
be defined as either CMT beans or BMT beans whereas Entity beans can only be defined as CMT
beans. Hence, choices D and F are correct. The same bean cannot have both BMT and CMT
transaction management. Hence, choice B is incorrect. SomeOtherBean is a different Bean. It may be
defined as either a BMT bean or a CMT bean. Just because the calling bean is in a BMT transaction,
all other beans need not be BMT beans as well. Hence, choice C is incorrect. Entity Beans can only be
CMT beans. Hence, choice E is incorrect.
SomeOtherMethod also has to be use BMT since it's part of the same bean.
SomeOtherMethod can use BMT or CMT, because transactions are defined at the method level in
the deployment descriptor.
If SomeOtherBean is a Session Bean, it has to necessarily use BMT since the caller is a BMT
method.
If SomeOtherBean is a Session Bean, it may use either BMT or CMT.
If SomeOtherBean is an Entity Bean, it may use either BMT or CMT.
If SomeOtherBean is an Entity Bean, it must necessarily use only CMT.
In the Publish/Subscribe messaging architecture, publishers send messages to...

Choice A is correct. The Publish/Subscribe messaging model is a one-to-many messaging paradigm
where the publisher typically sends a message to a centralized node. The node then broadcasts the
message to all topic subscribers, who have registered their interest in the topic. This allows the
publisher and the subscribers to be decoupled. Further, if the subscriber is registered as a durable
subscriber, it will receive the message ultimately even if it is currently inactive. The MOM provider
can thus guarantee delivery and any Quality of Service requirements pertaining to the message
delivery. Although possible, choice B is not the ideal implementation method because it couples
publishers and subscribers. Most MOM providers use a server process that communicates with client
processes for establishing heartbeats and for communicating messages. Choice C is incorrect because
it refers to the Point-to-Point messaging model, which is typically a one-to-one communication
between two parties. Choice D is incorrect because the Message Driven Bean is a message listener.
Therefore, the best use of a message driven bean would be as a subscriber.
A specified node, which is then re-distributed to all subscribers.

Directly to all subscribers in the Topic subscription list.
A designated queue.
A component transaction monitor such as an EJB Server for further processing by a message
driven bean.
A B2C company uses J2EE based technologies for its e-commerce storefront. To increase scalability
and availability, they plan to add capacity to their existing server and add a new server as well. Which
of the following statements are true in this situation?
Choices A, D and E are correct. The proposal to add capacity to existing server and an additional
server addresses the issue of scalability. Adding capacity is an example of Vertical Scalability and
adding a new server is an example of Horizontal Scalability. Additional servers also improve
availability because of redundancy and fault tolerance. Hence, choices A, D and E are correct. Most
J2EE vendors provide multi-server support. Hence, choice B is incorrect. Adding a new server is an
example of Horizontal scalability. Hence, choice C is incorrect.
Adding capacity will improve scalability, as more memory would allow better bean pooling.
Adding a server would be difficult, as EJB servers cannot span multiple physical machines.
The proposal not does address horizontal scalability.
The proposal addresses both vertical and horizontal scalability.
Adding a server to the system would be easy as EJB vendors generally support fault tolerant
mechanisms via server clustering.
Company ABC Inc. has an existing J2EE application that provides an EJB interface. ABC Inc. is
writing a new J2EE based application for enhanced MIS reporting. Which of the following
technologies would be ideal for this implementation?
Choice C is correct. The important concept here is that ABC Inc. is using a primarily EJB based
application. The protocol used in EJB is RMI-IIOP. Hence, choice C is correct. The question clearly
says that the existing application is in EJB. There is no legacy connectivity involved here. Hence,
choice A is inappropriate and therefore incorrect. Java IDL is primarily used when a majority of the
code needs a CORBA interface. Since the existing code is already in EJB, there is no need for Java
IDL here. Hence, choice B is incorrect. JMS is useful when you want to send messages to other
applications asynchronously via a Message Oriented Middleware. Hence, choice D is incorrect as well.
RMI/JRMP with JNI

Java IDL
RMI/IIOP
JMS
Applications exchange messages through...

Choice D is correct.
Active channels called Networks

Active Channels called Message Brokers
Virtual Channels called Digests
Virtual Channels called Destinations
A firewall blocks all requests except those on ports 80 and 443. Can IIOP requests be processed?
Choice E is correct. Tunneling is a concept that allows requests of one protocol to masquerade as
requests of another protocol, so that they may bypass the firewall. In the case of HTTP tunneling,
requests try to pass of as HTTP requests. Hence, choice E is correct. Port 80 is the standard port for
HTTP requests, not CORBA requests. Hence, choice A is incorrect. Although, port 80 may be used
for HTTP requests, that does not mean that CORBA requests cannot be processed from port 80. As it
happens, HTTP tunneling will allow CORBA requests looking like HTTP requests to pass through port
80. Hence, choice B is incorrect. SSL (Secure Sockets Layer) is a protocol that exists above TCP/IP
and below application level protocols. SSL does not process CORBA requests. Hence, choice C is
incorrect. While firewalls may block requests of certain protocols, there is no concept called HTTP
blocking. Hence, choice D is incorrect.
Can be processed because IIOP always works on port 80

Cannot be processed because port 80 belongs to a different protocol
Can be processed by SSL
Can be processed via HTTP blocking
Can be processed via HTTP tunneling
Which of the following are true about Publish/Subscribe Messaging model?

Choices A and C are correct. In Publish/Subscribe Messaging Model, the publisher broadcasts a
message to the Message Oriented Middleware (MOM.) The MOM then typically uses a server-push
mechanism to try to push a copy of the message to every subscriber who showed interest in the topic.
Optionally, a subscriber may also register as a durable subscriber, in which case the message will have
guaranteed delivery. Hence, choices A and C are correct. The Point-to-Point Messaging model is a
queue-based model where the message consumer typically polls the queue for incoming messages.
Publish-Subscribe model, on the other hand is a push-based model. Hence, choice B is incorrect.
Publish/Subscribe Messaging Model is generally used for a one-to-many type of communication while
Point-to-Point Messaging Model is typically used for a one-to-one communication. Hence, choice D is
incorrect.
Subscribers receive a copy of every message.

It is a Pull (Polling) based model.
It is a push-based model.
It is generally used when one publisher wishes to send a message to one subscriber.
1-tier applications represent a single point of failure, although changes to one part of the system do not
generally affect the whole system. True or False?
Choice B is correct as the statement is FALSE. 1-tier systems represent a single point of failure.
Further, if any changes were made to one part of the system, the whole system may be typically
affected because of a high degree of tight coupling. Hence, the statement is FALSE and choice B is
correct.
True
False
Syracuse Sobers is a National Hockey League team in upstate New York. They currently use a
mainframe-based application for talent procurement and management. Their team currently visits
various schools and universities across the country. When they find an interesting candidate, they enter
his profile details in handheld devices. Later, the information is faxed to Syracuse where another set of
users enter the data into the mainframe. Given that the Sobers do not want to incur too much capital
and operational expense in rewriting the application, which of the following would be the quickest way
of implementing an Internet-based profile management system?
Choice C is correct. The important concepts here are 'less expensive' and 'quickest.' Hence, the best
method is the combined use of Screen Scrapers and an off-board server. Choice C is therefore correct.
Rewriting the system is time consuming and cost intensive. Hence, choices A and B are incorrect.
There is no mention of the legacy application supporting JNI. The question mentions that it is a
mainframe-based application, making screen scrapers the safest bet. Hence, choice D is incorrect.
There is also no mention of CORBA support. Hence, choice E is incorrect.
Rewrite the system using Applets.

Rewrite the system using Model2 Architecture based solution.
Use screen scraper for obtaining an object interface and off-board server for forwarding requests.
Use RMI with JNI.
Enable HTTP tunneling and use CORBA calls.
Which of the following are NOT true about N-Tier Systems?

Choices A, C and E are correct as their statements are NOT true for N-Tier applications. Though N-
Tier systems are distributed over many systems, they do not present any maintenance problems when
architectured and designed well. This is because they are highly modular (component-container based)
and it is relatively easy to correct problems in one tier without impacting other tiers. Therefore,
statement A is not true and choice A is a correct choice. N-Tier systems can also yield high
performance. They can be highly optimized at each tier. Server clusters can be used where bottlenecks
are encountered, connection pools can be used by applications to acquire and release connections (a
process more effective that creation and destruction of connections) and so on. Hence, statement C is
not true and choice C is a correct choice. Though not relevant to the discussion, it should be noted that
putting all business rules in the database tier reduces database portability and also violates tier
encapsulation. Hence, it is not considered a J2EE best practice to use stored procedures and triggers
extensively for business logic processing. As opposed to client/server systems, N-Tier systems
generally make extensive use of resource sharing capabilities. Bean pools and Connection pools are
good examples. Hence, statement E is not true and choice E is a correct choice. The statement of
choices B, D and F are good examples of other capabilities of N-Tier systems. Hence, choices B, D
and F are incorrect.
N-Tier systems are distributed over many systems and hence, always present a maintenance
problem.
N-Tier systems are generally component-based and therefore, quite easy to maintain.
Since N-Tier systems do not use database-stored procedures or triggers for business logic
processing, they are generally very slow.
Since N-Tier systems are container-based, many N-Tier systems can be easily scaled (both
vertically and horizontally).
N-Tier systems suffer from only one drawback over client/server systems - they do not take
advantage of resource sharing techniques such as connection pooling.
N-Tier systems can use various techniques for Identification, Authentication and Authorization
and therefore quite secure.
Which of the following DO NOT aid a system's extensibility?

Choices C and D are correct. Extensibility refers to a system's ability to incorporate new functionality
with ease. Writing Database access code within Servlets or using JSP for locating Enterprise Java
Beans make the code very difficult to maintain. These are poor programming practices and adversely
affect the extensibility of a system. Hence, choices C and D are correct. Modularized code, good
design practices using patterns, and encapsulating database access with a DAO all make the code easy
to maintain, thus rendering the system easily extensible.
Modularizing Code
Using well defined software design patterns
Using Servlets to manage distributed database access
Using JSP Scriptlets to locate Enterprise beans
Using Data Access Objects when Session Beans or BMP Entity beans have to communicate to the
database
Refer to the following exhibit : (Please Click on "Exhibit Button" to view the Diagram )
Choice D is correct. The relationship between class A and class B represents the strongest form of
association - composition. A solid diamond near the object that will instantiate the other object in the
association, denotes a composition relationship. Class A does not have an association or aggregation
(open diamond near A) relationship with class B. Class A also does not extend B (open triangle near
B.) Hence, all other choices are incorrect.
'A' has an association relationship with 'B'

'B' has an association relationship with 'A'
'A' extends 'B'
'A' has a composition relation with 'B'
'B' has a composition relationship with 'A'
'A' has an aggregation relationship with 'B'
'B' has an aggregation relationship with 'A'
What UML diagram is shown in the exhibit?(Please Click on "Exhibit Button" to view the Exhibit )
Choice F is correct. The diagram denotes a package diagram. A package diagram (Fowler 108) shows
packages of classes and the dependencies among them. Therefore, choice F is correct.
Class
Object
Component
Collaboration
Sequence
Package
Node
Which of the following statements about Interaction diagrams are TRUE?

Choices A, D and F are correct. Interaction diagrams (Fowler 67) are models that describe how groups
of objects collaborate in some behavior. There are two kinds of Interaction diagrams - Sequence
diagrams and Collaboration diagrams. (Cade 46) Interaction diagrams address the dynamic view of a
system. A sequence diagram emphasizes on the time ordering of messages whereas a collaboration
diagram emphasizes the structural organization of the objects that send or receive messages. Sequence
diagrams and Collaboration diagrams are also isomorphic (you can take one and transform it to the
other.) Hence, choices A, D and F are correct. Interaction diagrams do not describe the static view of a
system. Hence, choice B is incorrect. Interaction diagrams are isomorphic, nor polymorphic. Hence,
choice C is incorrect. Interaction diagrams show either the time ordering of messages (sequence
diagrams) or the structural organization of objects (collaboration diagrams.) Hence, choice E is
incorrect.
Interaction diagrams represent the dynamic view of a system.

Interaction diagrams may represent static or dynamic views of the system.
Interaction diagrams are polymorphic.
Interaction diagrams are isomorphic.
Interaction diagrams only show time ordering of messages.
Interaction diagrams may show the structural organization of the objects that send or receive
messages.
Refer to the following diagram:(Please Click on "Exhibit Button" to view the Diagram ) From the
diagram, it can be inferred that:
Choice E is correct. The multiplicity shown above translates into - A can have two to four Bs
associated with it. Choice E says that A can have three Bs associated with it and is therefore correct.
One A can only have two or four Bs associated with it

One A can have two to four (four not inclusive) Bs associated with it
One A can have two to four (two not inclusive) Bs associated with it
One A can have either two or four Bs associated with it but not three Bs
One A can have three Bs associated with it
Nopester Inc., a CD manufacturer uses Metallic Corporation for making jewel cases. When the
inventory of jewel cases falls under the reorder level, Nopester communicates with Metallic via faxes.
Nopester now wants to build a supply chain management solution. Metallic uses a legacy system that
supports CORBA interfaces. Metallic's servers are protected by firewalls and will only let HTTP or
HTTPS requests through. Which of the following is Nopester's best option?
Choice D is correct. One of the most common interconnection problems that arise in third-party
integration is the security issue. Most companies have strict security policies and only allow access to
the ports that support HTTP and HTTPS. Therefore, CORBA requests generally have to masquerade as
HTTP requests to get through the firewall. While this beats the very purpose of the firewall, such
implementations are quite common. This concept is called HTTP tunneling. Hence, choice D is
correct. Choice A is incorrect for obvious reasons. What is the point of automation if we still want to
use a paper based solution? Choice B is incorrect because businesses do not change partners due to
minor software issues. Choice C is incorrect because there is no mention of whether Metallic supports
SOAP in the discussion.
Since Metallic will not let CORBA requests through, Nopester should continue sending faxes.
Nopester should take its business away to Metallic's competitors.
Nopester should use the popular SOAP protocol since SOAP requests communicate over HTTP.
Nopester should use HTTP tunneling to communicate with Metallic.
In general, 1-tier applications are less horizontally scalable than 3-tier applications, although
client/server applications are the most scalable. True or False?
Choice B is correct as the above statement is FALSE. The question has two parts. The first part about
3-tier applications being more scalable than 1-tier application is TRUE. The second part about
Client/Server applications being the most scalable types of applications is FALSE because N-Tier
applications are modular and therefore individual components can be targeted for scaling. Hence, the
complete statement is FALSE.
True
False
A Philadelphia based cable company is using J2EE for their Customer Management system. The
system uses a combination of HTML and JSP for presentation. Java Servlets are used as Controllers.
All Servlets have access to a ServletContext object, which functions as a Container to the shared
resources of the Servlets. The ServletContext object best exemplifies what design pattern?
Choice E is correct. Singleton (GOF 127)" Ensure a class only has one instance, and provide a global
point of access to it." In the example cited above, all Servlets use a common ServletContext object as
a container for the shared resources. This is a perfect example of the Singleton Design Pattern. Hence,
choice E is correct. Iterator (GOF 257)"Provide a way to access the elements of an aggregate object
sequentially without exposing its underlying representation." Hence, choice A is incorrect. Mediator
(GOF 273)"Define an object that encapsulates how a set of objects interact. Mediator promotes loose
coupling by keeping objects from referring to each other explicitly, and lets you vary their interaction
independently." Hence, choice B is incorrect. Interpreter (GOF 243)"Given a language, define a
representation for its grammar along with an interpreter that uses the representation to interpret
sentences in the language." Hence, choice C is incorrect. State (GOF 305)"Allow an object to alter its
behavior when its internal state changes. The object will appear to change its class." Hence, choice D is
incorrect.
Iterator
Mediator
Interpreter
State
Singleton
Heaven's Stairway, an e-auction house allows sellers to put up items for sale. Potential buyers can
subscribe an interest in these items. When somebody updates the cost with a higher price, the new
price information is sent to a JMS based middleware. The MOM then intimates all subscribers of the
event. What design pattern is illustrated here?
Choice C is correct. Observer (GOF 293)"Define a one-to-many dependency between objects so that
when one object changes state, all its dependents are notified and updated automatically." In the
current example, when someone (message producer) updates the bid price, the MOM has to send a
message to all interested subscribers (message consumers.) This is a good example of the Observer
Design Pattern. Hence, choice C is correct. The following is taken from:
http://java.sun.com/blueprints/corej2eepatterns/Patterns/ServiceToWorker.html Service to
Worker:"Combine a controller and dispatcher with views and helpers (see Front Controller and View
Helper also) to handle client requests and prepare a dynamic presentation as the response. Controllers
delegate content retrieval to helpers, which manage the population of the intermediate model for the
view. A dispatcher is responsible for view management and navigation and can be encapsulated either
within a controller or a separate component." Examples of Service to Worker pattern can be seen in
popular Model2 Frameworks such as Struts and Web Application Framework (WAF.) This pattern is
not relevant to this situation and choice A is therefore incorrect. The following is taken from: "The
Fast Lane Reader design pattern provides a more efficient way to access tabular, read-only data. A fast
lane reader component directly accesses persistent data using JDBCTM components, instead of using
entity beans. The result is improved performance and less coding, because the component represents
data in a form that is closer to how the data are used." When EJBs are not required in an application
(smaller applications) and JSP pages need to access the database to retrieve information, they may use
helper classes, which in turn instantiate DAOs to access data. A JSP page retrieving catalog
information through the CatalogHelper class and the CatalogDAO is a good example of the Fast Lane
Reader Pattern. Hence, choice B is incorrect. Visitor (GOF 331)"Represent an operation to be
performed on the elements of an object structure. Visitor lets you define a new operation without
changing the classes of the elements on which it operates." Choice D is therefore incorrect.
Publish/Subscribe is a messaging architecture, not a design pattern. Hence, choice E is incorrect.
Service to Worker
Fast Lane Reader
Observer
Visitor
Publish/Subscribe
In JMS based applications, components never interact with each other directly. The messages are
always sent to the MOM and the MOM stores and forwards them to the recipients. This concept helps
avoid explicit references and promotes loose coupling. The MOM is acting as...
Choice C is correct. Mediator (GOF 273)"Define an object that encapsulates how a set of objects
and lets you vary their interaction independently." In this example, the MOM decouples the message
producers and consumers from referring to each other directly, thus acting as a Mediator. Choice C is
therefore correct. Interpreter (GOF 243)"Given a language, define a representation for its grammar
along with an interpreter that uses the representation to interpret sentences in the language." Hence,
choice A is incorrect. Visitor (GOF 331)"Represent an operation to be performed on the elements of
an object structure. Visitor lets you define a new operation without changing the classes of the
elements on which it operates." Choice B is therefore incorrect. The following is taken from:
http://java.sun.com/blueprints/patterns/ServiceLocator.html "The Service Locator pattern centralizes
distributed service object lookups, provides a centralized point of control, and may act as a cache that
eliminates redundant lookups. It also encapsulates any vendor-specific features of the lookup process."
In Model2 architectures, Controllers may use Service Locators to delegate business events. Choice D is
therefore incorrect. The following is taken from:
http://java.sun.com/blueprints/corej2eepatterns/Patterns/ServiceToWorker.html Service to Worker:"
Combine a controller and dispatcher with views and helpers (see Front Controller and View Helper
also) to handle client requests and prepare a dynamic presentation as the response. Controllers delegate
content retrieval to helpers, which manage the population of the intermediate model for the view. A
dispatcher is responsible for view management and navigation and can be encapsulated either within a
controller or a separate component." Examples of Service to Worker pattern can be seen in popular
Model2 Frameworks such as Struts and Web Application Framework (WAF.) This pattern is not
relevant to this situation and choice E is therefore incorrect.
An Interpreter
A Visitor
A Mediator
A Service Locator 3
A Service to Worker
Compact Computers is a small computer assembly company. Its online application allows customers to
pick and choose accessories to build their own PCs. The available accessories are: i. Processor -
800Mhz, 1Ghz, 1.2Ghz ii. HDD - 40 GB, 60 GB, 80 GB iii. Memory - 128 MB, 256 MB, 512 MB
Customers choose parts and quantities while placing the order. For example, a customer could choose
a second HDD as a secondary hard drive or purchase additional RAM. What design pattern may be
optimal for implementing a suitable design here?
Choice B is correct. Prototype (GOF 117)"Specify the kinds of objects to create using a prototypical
instance, and create new objects by copying this prototype." In this example, the important concept is
that you can create multiple instances of the required part using prototypical instances (for Hard Drives
and RAM). Hence, choice B is correct. Factory Method (GOF 107)" Define an interface for creating an
object, but let subclasses decide which class to instantiate. Factory method lets a class defer
instantiation to subclasses." Factory Method pattern is used when concrete factory classes are required
for creating subclasses. Hence, choice A is incorrect. Singleton (GOF 127)" Ensure a class only has
one instance, and provide a global point of access to it." Hence, choice C is incorrect. Template
Method (GOF 325)"Define a skeleton of an algorithm in an operation, deferring some steps to
subclasses. Template Method lets subclasses redefine certain steps of an algorithm without changing
the algorithm's structure." Choice D is therefore incorrect. The following is taken from:
http://java.sun.com/blueprints/patterns/BusinessDelegate.html "In distributed applications, lookup and
exception handling for remote business components can be complex. When applications use business
components directly, application code must change to reflect changes in business component APIs.
These problems can be solved by introducing an intermediate class called a business delegate, which
decouples business components from the code that uses them. The Business Delegate pattern manages
the complexity of distributed component lookup and exception handling, and may adapt the business
component interface to a simpler interface for use by views." Hence, choice E is incorrect. Builder
(GOF 97)"Separate the construction of a complex object from its representation so that the same
construction process can create different representations." Builder is used to create a complex object
made up of specific types of parts. In the current situation, we know the parts but not their quantities.
Hence, Builder is inappropriate here and therefore choice F is incorrect.
Factory Method
Prototype
Singleton
Template Method
Business Delegate
Builder
Doomingdale's has an online application where customers may browse the latest season's catalogs.
Currently, no e-commerce is planned. What J2EE technology is best suited for this application? Note
that a study of Internet traffic over the last two years in a similar company indicated that the site could
expect up to five hundred thousand hits a day. Although during Thanksgiving, when sales are at the
highest, it could get ten to twenty times higher, perhaps even more hits.
Choice E is correct. The important concept here is the nature of the application. As e-commerce is not
planned at this time, there may not be any order transactions requiring Entity Beans. However, the site
can expect half a million hits each day with the number increasing exponentially during holiday
seasons. Thus, Session Beans may be considered for the application. Catalog retrieval can be done with
simple Session beans and DAO. Hence, choice E is correct. Choices A and B are not suitable because
using Java Servlets and JSP alone may not be the best solution in a system involving heavy usage. As
stated earlier, Entity Beans are not necessary here because there is no transactional processing. Choices
C and D are therefore incorrect. Stateless Session Beans are sufficient for performing simple database
retrieval operations. Stateful Session Beans are only required when conversational state needs to be
maintained, as in the case of e-commerce applications with shopping carts. Hence, choice F is
incorrect.
Java Servlets
JSP with Java classes
CMP Entity Beans
BMP Entity Beans
Stateless Session Beans with DAO
Stateful Session Beans with DAO
Since Stateful Session Beans are not pooled as their Stateless counterparts, the container uses
Passivation and activation techniques for better resource management. What design pattern is close to
the concept of Passivation, as described here?
Choice E is correct. Memento (GOF 283)"Without violating encapsulation, capture and externalize an
object's internal state so that the object can be restored to this state later." With Stateful Session Beans
the container externalizes the state of the bean via Passivation for better memory management. When
required, a bean in the passive state can be brought back to the Method Ready state via activation.
Hence, choice E is correct. Composite (GOF 163)"Compose objects into tree structures to represent
part-whole hierarchies. Composite lets clients treat individual objects and composites of objects
uniformly." Choice A is irrelevant here and therefore incorrect. Flyweight (GOF 195)"Use sharing to
support large numbers of fine-grained object efficiently." Hence, choice B is therefore incorrect.
Template Method (GOF 325)"Define a skeleton of an algorithm in an operation, deferring some steps
to subclasses. Template Method lets subclasses redefine certain steps of an algorithm without changing
the algorithm's structure." Choice C is therefore incorrect. Command (GOF 233)"Encapsulate a
request as an object, thereby letting you parameterize clients with different requests, queue or log
requests, and support undoable operations." Choice D is therefore incorrect. Chain of Responsibility
(GOF 223)" Avoid coupling the sender of a request to its receiver by giving more than one object a
chance to handle the request." Chain the receiving objects and pass the request along the chain until an
object handles it." Choice F is therefore incorrect.
Composite
Flyweight
Template Method
Command
Memento
Which of the following situations may be best suited for implementation using Servlets and JSP?
Choices C, E and F are correct. Servlets and JSP are best suited for applications where there is a need
for processing dynamic requests from HTTP clients. In Model2 architectures, Servlets are used as
Controllers and are responsible for processing incoming requests, and dispatching them to appropriate
handlers. JSP are used as views to combine static templates with dynamic data to form HTML or XML
output. Hence, choices C, E and F are correct. When an application involves large-scale deployment
and heavy transactional requirements, EJBs are the best technology. Hence, choices A and B are
incorrect. JDBC is used to access relational databases through a generic set of APIs. Hence, choice D
is incorrect.
Need large scale deployment

Need heavy use of transactions
Need to process dynamic requests from HTTP clients
Need access to relational databases through a generic set of APIs
To function as Intercepting filters, request processors and request dispatcher
When static templates are combined with data to form dynamic HTML output
Which of the following are the benefits of Bean pooling?

Choices A and D are correct. One of the advantages of using stateless session beans is that they are
lightweight objects and can therefore be used in situations that do not require any conversational state
management. The container makes use of this capability to create a pool of instances that can be used
to service client requests. When a request is serviced, the bean instance is moved back to the pool.
Thus, the expense of creation is avoided each time a client request comes in. Further, the concept of
using a smaller number of instances to service a large number of clients is referred to as the Flyweight
pattern (GOF 195), the case with bean pooling. Therefore, choices A and D are correct. Bean pooling
is not responsible for load distribution (which is accomplished by DNS Round Robin). Some
containers working under a clustered environment achieve load balancing. Again, this is not a benefit
of bean pooling. Hence, choices B and C are incorrect.
Bean instances are created during startup, thus avoiding the expense of creation, each time a client
requests it.
Bean pooling allows load distribution over several machines.
Bean pooling is the container's way of balancing load - moving future requests from client to a
different machine, if load increases are encountered.
Allows a container to use beans as flyweights.
Which of the following is the valid set of lifecycle states for an Entity Bean?
Choice D is correct. The valid lifecycle states for an Entity Bean are 'Does Not Exist', 'Pooled' and
'Ready'. Hence, choice D is correct. Entity Beans do not have a 'Method Ready' state. Hence, choice A
is incorrect. When Entity Beans are passivated, they enter the 'Pooled' state. Also, there is no 'Method
Ready (in TX)' state for Entity Beans. Hence, choice B is incorrect. The 'Method Ready Pool' state is a
lifecycle state for Stateless Session Beans, and not Entity Beans. Hence, choice C is incorrect.
Does Not Exist, Pooled, Method Ready

Does Not Exist, Ready, Ready (in TX), Passivated
Does Not Exist, Method Ready Pool
Does Not Exist, Pooled, Ready
A Company has a third-party billing system that provides C++ API access. In the current architecture,
a daemon process listens on a specified port on the server for incoming payloads. The incoming
payloads are then decoded to the form command <tab> data. Once the command is known, the process
calls the appropriate API with the data. The company is trying to move to a Java based solution.
However, until the billing system is upgraded, they will still need to use the C++ bases APIs. Which
of the following protocols may be best suited for achieving this transition?
Choice A is correct. The important requirement here is that the billing system supports C++ based
APIs. The new code is being written in the Java platform. Hence, the best approach is to write RMI-
JRMP code to talk to the billing system and have JNI wrappers there to communicate with the C++
APIs. Hence, choice A is correct. The question says that the billing system only supports C++ APIs.
Hence, choice B is incorrect. While custom Java socket programming may be used on the server side
to replace the C++ process, C++ wrappers will still be required to call the C++ APIs. Hence, choice C
is incorrect. HTTP, JINI and JCA do not satisfy the requirement of the C++ wrapper need. Hence,
choices D, E and F are also incorrect.
RMI-JRMP with JNI wrappers for the API calls

RMI-IIOP (Stateless session beans making the API calls)
Custom socket programming to replace the C++ daemon process with a Java class
HTTP request making a CGI call for the Billing updates
JINI based program to interface to the APIs
JCA to make the API call
Which of the following statements are TRUE?

Choices A and D are correct. The java.text and java.util packages are used to support Java
Internationalization. The java.text package has classes and interfaces for handling locale-specific text
and the java.util package contains the Locale class and other classes for Date and Time manipulation.
Hence, choices A and D are correct. The java.util package (and not the java.text package) contains the
Locale class and Date and Time classes. Hence, choice B is incorrect. The InputStreamReader and
OutputStreamWriter classes of the java.io package (and not the java.util package) handle non-Unicode
character data conversion. Hence, choice C is incorrect.
The java.text package contains classes and interfaces for handling text in a locale-sensitive way.
The java.text package contains the Locale class and classes for Date and Time.
The java.util package contains classes for importing and exporting non-Unicode character data.
The java.util package contains the Locale class and classes for Date and Time.
The findByXxx() method in the Home Interface of an entity bean returns...

Choices B and C are correct. The finder methods return either an instance of the Remote Reference to
the bean or an instance of java.lang.Enumeration (if multiple rows are found). Therefore, choices B
and C are correct. The finder methods never return an instance of java.lang.Object. Choice A is
therefore incorrect. The bean class is never explicitly returned to the client. The client always only
works with the remote reference to the bean class. Choice D is therefore incorrect.
An Instance of java.lang.Object
An instance of the Remote Reference to the bean
An instance of java.util.Enumeration
An instance of the Bean class
The representation of a set of cultural and language preferences is done using which of the following
classes?
http://java.sun.com/products/jdk/1.1/docs/guide/intl/intl.doc.html#26726 "A Locale object represents a
specific geographical, political, or cultural region. An operation that requires a locale to perform its
task is called locale-sensitive and uses the Locale object to tailor information for the user. For example,
displaying a number is a locale-sensitive operation- the number should be formatted according to the
customs and conventions of the user's native country, region, or culture." Hence, choice D is correct.
There is no LanguagePreference class. Regional preferences are addressed through various I18N
features such as ResourceBundle, Locale and so on. Hence, choice A is incorrect. The following is
taken from: http://java.sun.com/products/jdk/1.1/docs/guide/intl/intl.doc.html#24167 "The class
MessageFormat provides a means to produce concatenated messages in language-neutral way. The
MessageFormat object takes a set of objects, formats them, and then inserts the formatted strings into
the pattern at the appropriate places." Hence, choice B is incorrect. The following is taken from:
http://java.sun.com/products/jdk/1.1/docs/guide/intl/intl.doc.html#23039 "The class ResourceBundle
is an abstract base class representing containers of resources. Programmers create subclasses of
ResourceBundle that contain resources for a particular locale. New resources can be added to an
instance of ResourceBundle, or new instances of ResourceBundle can be added to a system without
affecting the code that uses them. Packaging resources as classes allows developers to take advantage
of Java's class loading mechanism to find resources. Resource bundles contain locale-specific objects.
When a program needs a locale-specific resource, a String object for example, the program can load it
from the resource bundle that is appropriate for the current user's locale. In this way, the programmer
can write code that is largely independent of the user's locale isolating most, if not all, of the locale-
specific information in resource bundles." Hence, choice C is incorrect.
java.util.LanguagePreference
java.text.MessageFormat
ResourceBundle
Locale
What is the difference in the Java Security model between JDK 1.1 and JDK 1.2 concerning applets?
before, by default but can optionally be subject to a security policy." As we can see, the Java 2
Security model is totally flexible. Hence, choice D is correct. Choices A, B and C are incorrect
because there are differences between the JDK 1.1 and JDK 1.2 security model. Signed applets were
trusted in JDK 1.1 whereas all applets are subject to a security policy in JDK 1.2.
There is no difference between the two JDK versions in question. Applets are always confined to
the sandbox.
In JDK 1.1, applets are never trusted whereas in JDK 1.2 they always are.
JDK 1.2 fixed a flaw in the JDK 1.1 security policy. There are no security holes in JDK 1.2
because Applets are never trusted.
In JDK 1.1, only signed applets were trusted whereas in JDK 1.2, any applet with the right
security permissions can be trusted.
Hiatus Regency Hotel - a popular resort hotel has four regional headquarters in the U.S and a national
headquarters in Gaithersburg, MD. All calls made to the toll-free 800 numbers are routed to the nearest
call center. If the requested city falls outside the region, the call is rerouted from the call center
appropriately. Hiatus requires a nightly update of all transactions to the national headquarters for
nationwide batch reporting. What J2EE technology may be best suited for this?
Choice F is correct. Whenever asynchronous communication is required, messaging is the best option.
Most MOM implementations provide guaranteed delivery and high QoS levels. Further, messaging
decouples the producer and consumer and can be used when bandwidth availability is limited, since no
synchronous response is required. The key here is the nightly update clearly indicating the
asynchronous nature of the communication. Hence, choice F is correct. Java-IDL, RMI-JRMP and
EJB are used for synchronous communication. Hence, choices A, B and C are incorrect. JTA/JTS is
used to manage user-defined transactions and is irrelevant to this question. Hence, choice D is
incorrect. The following is taken from: http://java.sun.com/j2ee/connector/ "The J2EE Connector
architecture provides a Java solution to the problem of connectivity between the many application
servers and EISs already in existence. By using the J2EE Connector architecture, EIS vendors no
longer need to customize their product for each application server. Application server vendors who
conform to the J2EE Connector architecture do not need to add custom code whenever they want to
add connectivity to a new EIS." Hence, choice E is incorrect. The following is taken from:
http://java.sun.com/products/javabeans/glasgow/jaf.html "With the JavaBeans TM Activation
Framework standard extension, developers who use Java TM technology can take advantage of
standard services to determine the type of an arbitrary piece of data, encapsulate access to it, discover
the operations available on it, and to instantiate the appropriate bean to perform said operation(s). For
example, if a browser obtained a JPEG image, this framework would enable the browser to identify
that stream of data as an JPEG image, and from that type, the browser could locate and instantiate an
object that could manipulate, or view that image." Hence, choice G is incorrect.
Java-IDL
RMI-JRMP
EJB
JTA/JTS
JCA
JMS
JAF
When a Stateful Session Bean is passivated, which of the following activities should the developer
perform in the ejbPassivate() method?
Choices A and D are correct. During Passivation, it is the developer's responsibility to ensure that all
open resources are closed and all non-transient non-serializable fields are set to NULL. Therefore,
choices A and D are correct. There is no need to set transient fields to NULL, as they will not be
serialized anyway. Therefore, choice B is incorrect. If non-transient fields are set to NULL, there is no
point in serializing the bean instance. Hence, choice C is incorrect.
Close all open resources

Set transient fields to NULL
Set Non-transient fields to NULL
Set non-transient non-serializable fields to NULL
Which of the following are mandatory steps in the SSL handshake?

Choices B and C are correct. When a client tries to establish an SSL connection with a server, the
server identifies itself to the client. The client, in turn, may optionally identify itself to the server. The
client and the server then choose the best cryptographic algorithm. Public Key Cryptography is used to
generate shared secrets and Symmetric Key Cryptography is then used for communication. Hence,
choices B and C are correct. The client's validation to the server is an optional step in the SSL
handshake. Hence, choice A is incorrect. Public Key Cryptography is used to generate shared secrets.
Validate Client to Server

Validate Server to Client
Allow client and server to choose cryptographic algorithm
Use symmetric key encryption to generate shared secrets
Session Bean SB1 calls a method in another Session Bean SB2. If the calling Bean has a transactional
scope, with which of the following attributes in SB2, will the transaction not be propagated?
Choices C, D and F are correct. The following is taken from:
http://java.sun.com/blueprints/guidelines/designing_enterprise_applications_2e/transactions/transactio
ns7.html "Transaction Attributes: A transaction attribute is a value associated with a method of an
enterprise bean that uses container-managed transaction demarcation. A transaction attribute is defined
for an enterprise bean method in the bean's deployment descriptor, usually by an application
component provider or application assembler. The transaction attribute controls how the EJB container
demarcates transactions of enterprise bean methods. In most cases, all methods of an enterprise bean
will have the same transaction attribute. For optimization purposes, it is possible to have different
attributes for different methods. For example, an enterprise bean may have methods that do not need to
be transactional. A transaction attribute must be specified for the methods in the component interface
of a session bean and for the methods in the component and home interfaces of an entity bean.
Required - If the transaction attribute is Required, the container ensures that the enterprise bean's
method will always be invoked with a JTA transaction. If the calling client is associated with a JTA
transaction, the enterprise bean method will be invoked in the same transaction context. However, if a
client is not associated with a transaction, the container will automatically begin a new transaction and
try to commit the transaction when the method completes. RequiresNew - If the transaction attribute is
RequiresNew, the container always creates a new transaction before invoking the enterprise bean
method and commits the transaction when the method returns. If the calling client is associated with a
transaction context, the container suspends the association of the transaction context with the current
thread before starting the new transaction. When the method and the transaction complete, the
container resumes the suspended transaction. NotSupported - If the transaction attribute is
NotSupported, the transactional context of the calling client is not propagated to the enterprise bean. If
a client calls with a transaction context, the container suspends the client's transaction association
before invoking the enterprise bean's method. After the method completes, the container resumes the
suspended transaction association. Supports - It the transaction attribute is Supports and the client is
associated with a transaction context, the context is propagated to the enterprise bean method, similar
to the way the container treats the Required case. If the client call is not associated with any transaction
context, the container behaves similarly to the NotSupported case. The transaction context is not
propagated to the enterprise bean method. Mandatory - The transaction attribute Mandatory requires
the container to invoke a bean's method in a client's transaction context. If the client is not associated
with a transaction context when calling this method, the container throws
javax.transaction.TransactionRequiredException if the client is a remote client or
javax.ejb.TransactionRequiredLocalException if the client is a local client. If the calling client has a
transaction context, the case is treated as Required by the container. Never - The transaction attribute
'Never' requires that the enterprise bean method explicitly not be called within a transaction context. If
the client calls with a transaction context, the container throws java.rmi.RemoteException if the client
is a remote client or javax.ejb.EJBException if the client is a local client. If the client is not associated
with any transaction context, the container invokes the method without initiating a transaction." With
'Not Supported', 'Requires New', and 'Never', the existing transaction's scope will not be propagated.
Therefore, choices C, D and F are correct while choices A, B and E are incorrect.
Supports
Required
Not Supported
Requires New
Mandatory
Never
With Bean Managed Persistence, what are the developer's responsibilities in terms of data
synchronization?
Choice B is correct. With Bean Managed Persistence, although the code necessary for inserting,
deleting and updating data is provided by the developer, the container still decides when to
synchronize the Bean's state with the database. The container makes this decision based on various
activities including the current transactional context, etc. The client does not call the callback methods
explicitly. Hence, choice B is correct. Choice A is incorrect because it suggests that it is the client's
responsibility to invoke the callback methods.
The DML statements for inserting, deleting and updating data are coded in appropriate methods
and the client program is responsible for synchronizing data by calling the methods appropriately.
The DML statements for inserting, deleting and updating data are coded in appropriate methods
but since ejbLoad() and ejbStore() are callback methods, the container makes calls to them, as
needed.
Under which of the following conditions should you use an Entity Bean? i. The bean represents a
business entity, not a procedure. ii. The bean's state must be persistent. If the bean instance terminates
or if the J2EE server is shut down, the bean's state still exists in persistent storage (a database).
Choice D is correct. Entity Beans are best used when the bean represents a business entity and when
the bean's state must be persistent. Hence, choice D is correct.
Choice (i) only

Choice (ii) only
Choice (i) or (ii) depending on whether the Container is EJB 1.0 compliant or EJB 1.1 compliant
Both choices (i) and (ii)
You are trying to explain to a new developer how sales staff interacts with the newly developed sales
system. You wish to demonstrate this interaction for a number of different scenarios. What type of
diagram would you use to illustrate this?
Choice D is the correct answer.A use-case diagram shows how actors interact with a series of use-
cases (scenarios) and the relationships of those use-cases. Class diagrams provide a static view of
runtime.
Class diagram
Sequence diagram
Use case diagram
Deployment diagram
Interaction Diagram

Do not Cheat
Happy Joe Banking Corporation is building a Banking application to provide online access to their
account holders. They have chosen two SUN 450s for their web server cluster and one SUN E10000
for their application server. The business requirements indicate that to become a customer, a person
must have at least a primary checking account with the bank. Further, since the customer will be using
the Internet to view confidential information, security is considered paramount. What do you
understand about the requirements of the system?
Choice D is correct. Successful software architecture deals with addressing the non-functional service
level requirements of a system. The Design process takes all functional business requirements into
account. Security is considered a non-functional requirement and specific business rules, such as the
one described with the checking account are considered functional requirements. Choice D is the only
choice that accurately describes this. Choice A is incorrect because the functional and non-functional
requirements are flipped over. Choice B is incorrect because only one of them is a functional
requirement. Choice C is incorrect because as described above, one of them is a functional
requirement and the other, a non-functional requirement. Finally, Choice E is incorrect because
business analysis may start with use cases (where the checking account rules may be captured), but this
discussion is specifically questioning functional vs. non-functional requirements.
The need for Security is a classic example of a functional service level requirement and the
checking account rule, an example of non-functional QoS requirement.
The discussion about Security and the mandatory checking account both illustrate functional
service level requirements.
Neither Security nor the mandatory Checking Account is an example of any kind of requirements,
theoretically speaking.
Security is an Architectural non-functional requirement and the Mandatory Checking Account a
functional design requirement.
They are both examples of Business Use Cases.
Nopester Inc., a CD manufacturer uses Metallic Corporation for making jewel cases. When the
inventory of jewel cases falls under the reorder level, Nopester communicates with Metallic via faxes.
Nopester now wants to build a supply chain management solution. Metallic uses a legacy system that
supports CORBA interfaces. Metallic's servers are protected by firewalls and will only let HTTP or
HTTPS requests through. Which of the following is Nopester's best option?
Choice D is correct. One of the most common interconnection problems that arise in third-party
integration is the security issue. Most companies have strict security policies and only allow access to
the ports that support HTTP and HTTPS. Therefore, CORBA requests generally have to masquerade as
HTTP requests to get through the firewall. While this beats the very purpose of the firewall, such
implementations are quite common. This concept is called HTTP tunneling. Hence, choice D is
correct. Choice A is incorrect for obvious reasons. What is the point of automation if we still want to
use a paper based solution? Choice B is incorrect because businesses do not change partners due to
minor software issues. Choice C is incorrect because there is no mention of whether Metallic supports
SOAP in the discussion.
Since Metallic will not let CORBA requests through, Nopester should continue sending faxes.
Nopester should take its business away to Metallic's competitors.
Nopester should use the popular SOAP protocol since SOAP requests communicate over HTTP.
Nopester should use HTTP tunneling to communicate with Metallic.
When remote calls are made on the container provided implementations of the EJBHome and
EJBObject, various transactional and security checks are applied before the call is actually passed on to
the bean instance. The Container provided implementations of EJBHome and EJBObject are
performing what Design Pattern's task?
Choice D is correct. The intent of the Decorator pattern as described by GOF (175) -"Attach additional
extending functionality." A request intended for a component is routed to the decorator instead. The
decorator forwards the request to the component. It may perform pre or post processing tasks before or
after forwarding the request. J2EE is filled with examples of the use of design patterns. The container
provided implementations of EJBHome and EJBObject decorate bean classes by providing
transactional and security functionalities. Choice A is incorrect because Command is used to
encapsulate a request as an object (GOF 233.) Choice B is incorrect because Adapter (GOF 139)
converts the interface of a class into another interface clients expect. Choice C is incorrect because
Bridge (GOF 151) decouples an abstraction from its implementation so that the two can vary
independently and choice E is incorrect because Fa?e (GOF 185) provides a unified interface to a set
of interfaces in a subsystem.
Command
Adapter
Bridge
Decorator
Facade
Ibid is an e-auction house that auctions refurbished products. Each product has a minimum bid price.
Buyers can query the system for a list of products and then select a product to bid on. They can then
place a higher bid on the selected product. Transactional Integrity is very important as dirty reads, non-
repeatable reads and phantom reads can lead to data inconsistency. What technology combination
might be most suitable for addressing Ibid's needs?
Choice D is correct. The Model 2 architecture (based on the Model View Controller pattern) suggests
that Servlets and JSP be used in the presentation tier. JSP combine template data with dynamic data to
display dynamic content to the user. Servlets act as front controllers, and forward requests to
appropriate events in the business logic tier. Unless concurrent use of shared data is involved, it may
be an overkill to use Entity beans (as in the example of a simple list retrieval.) The list retrieval is
therefore best accomplished by using a session bean with a Data Access Object (DAO.) Since the
bidding represents concurrent use of shared data, this is best accomplished by using an Entity bean.
Choice A is incorrect because this would not be an ideal application for applets. Choice B is incorrect
because it suggests the use of Servlets for all retrieval and updates. Although possible, this is not
recommended in the J2EE best practices as an ideal way when dealing with complex applications.
Choice C is incorrect because it is suggesting that a stateless session bean be used for managing
concurrent access to shared data, something best done by entity beans. Choice E is incorrect because
though it may be suited for smaller applications that are not very transactional in nature, the discussion
specifically talks about the need for transactional integrity. Therefore, this is not the recommended
solution.
Applets for presentation and JTA/JTS for transactional integrity.

HTML and JSP for presentation, and Servlets for data retrieval and transaction management.
Servlets and JSP for presentation, a stateful session bean with DAO for list retrieval and a stateless
session bean for transaction management.
Servlets and JSP for presentation, a stateless session bean with DAO for list retrieval and CMT
Entity bean for Transaction management.
Servlets and JSP for presentation, and a Java class to encapsulate database access and transaction
management.
Which of the following statements about 'Not Supported' and 'Never' transactional attributes are true?
Choices A and C are correct. Choice A describes how the transactional attributes 'Not Supported' and
'Never' work. Choice A is therefore correct. Choice B is the inverse of Choice A and therefore
incorrect. Choice C describes a situation where a method with transactional attribute 'Not Supported' or
'Never' is called without a transactional scope. In this case, they both behave identically. Choice C is
therefore correct. Choice D indicates that under both circumstances the method will execute
identically. This is incorrect because a 'Never' method will throw a 'RemoteException' if called with a
transaction. Choice D is therefore incorrect.
Not Supported' suspends any transaction until the method is completed whereas 'Never' throws a
RemoteException when called with a transaction.
Never' suspends any transaction until the method is completed whereas 'Not Supported' throws a
RemoteException.
If the method is called without any transactional scope, both attributes will work identically.
If the method is called with a transactional scope, both attributes will work identically.
What are the benefits of Bean pooling?

Choices A and D are correct. One of the advantages of using stateless session beans are that they are
light weight objects and can therefore be used in situations that do not require any conversational state
management. The container makes use of this capability to create a pool of instances that can be used
to service client requests. When a request is serviced, the bean instance is moved back to the pool.
Thus the expense of creation is avoided each time a client request comes in. Further the concept of
using a smaller number of instances to service a large number of clients is referred to as the Flyweight
pattern (GOF 195), the case with bean pooling. Therefore choices A and D are correct. Bean pooling
is not responsible for load distribution (something accomplished by DNS Round Robin.) Some
containers working under a clustered environment achieve load balancing. Again this is not a benefit of
bean pooling. Hence choices B and C are incorrect.
Bean instances are created during startup, thus avoiding the expense of creation, each time a client
requests it.
Bean pooling allows load distribution over several machines.
Bean pooling is the container's way of balancing load - moving future requests from client to a
different machine, if load increases are encountered.
Allows a container to use beans as flyweights.
Status Quo is an emerging B2C company that has a portal through which customers can purchase clay
jewelry. Since the order process involves a shopping cart, session management and secure access are
required. How would you manage this?
Choice B is correct. HTTPS is a secure and stateful protocol. Choice A is incorrect because HTTP is
inherently stateless. Choice C is incorrect because SOAP is an RPC mechanism, not a state
management mechanism. Choice D is incorrect because CGI programs are server side processes
(comparable to Java Servlets.) They do not manage session state.
Use HTTP since it is a stateful protocol.

Use HTTPS since it is a stateful protocol.
Use SOAP for state and security management.
Use CGI with cookies for state management.
Chocolat, an exotic chocolate maker in France is planning to provide an e-front for chocolate sales.
FedEx would ship the packages to various national and international locations. To customize the
customer's interaction with the system and to make his / her overall shopping experience more
pleasant, Chocolat has decided to support Internationalization. Which of the following aspects they
would need to consider?
Choices A, B and D are correct. This question deals with Internationalization. Language for messages,
formats (numbers, date and so on), taxes and legal rules are all subject to Internationalization. Hence,
choices A, B and D are correct. Choice C refers to a security mechanism where a demilitarized zone is
created between two firewalls and is irrelevant to I18N. RSA and MD5 are security terminology used
with cryptography. Therefore, choices E and F are incorrect.
Language for messages

Formats (numeric, date and so on.)
DMZ requirements
Taxes and legal rules
RSA
MD5
Fire Hall, manufacturers of fire extinguishers, is building a corporate Intranet and wants its employees
to access payroll information via the Internet. They are planning to use Applets, because of its richer
GUI capabilities. The View401K applet requires a Java 1.4 plug in on the host where it is being
executed. This applet will read data cached on a temporary directory in the host to calculate 401K
distributions. What are your observations on the use of Applets for this purpose?
Choice B is correct. The following excerpt is from:
before, by default but can optionally be subject to a security policy." As we can see, the Java 2 Security
model is totally flexible. Hence, choice B is correct.
The Applet technology is not a viable solution for this application because applets are subjected to
the sandbox model, which prevents them from reading from or writing to the host where they are
being executed.
The Applet technology is a viable solution for this application because the Security policy of the
Java 2 Platform is totally flexible.
In the Publish/Subscribe messaging architecture, publishers send messages to...

Choice A is correct. The Publish/Subscribe messaging model is a one-to-many messaging paradigm
where the publisher typically sends a message to a centralized node. The node then broadcasts the
message to all topic subscribers, who have registered their interest in the topic. This allows the
publisher and the subscribers to be decoupled. Further, if the subscriber is registered as a durable
subscriber, it will receive the message ultimately even if it is currently inactive. The MOM provider
can thus guarantee delivery and any Quality of Service requirements pertaining to the message
delivery. Although possible, choice B is not the ideal implementation method because it couples
publishers and subscribers. Most MOM providers use a server process that communicates with client
processes for establishing heartbeats and for communicating messages. Choice C is incorrect because
it refers to the Point-to-Point messaging model, which is typically a one-to-one communication
between two parties. Choice D is incorrect because the Message Driven Bean is a message listener.
Therefore, the best use of a message driven bean would be as a subscriber.
A specified node, which is then re-distributed to all subscribers.

Directly to all subscribers in the Topic subscription list.
A designated queue.
A component transaction monitor such as an EJB Server for further processing by a message
driven bean.
Refer to the following diagram:(Please Click on "Exhibit Button" to view the Diagram)
Choice B is correct. From the diagram it can be inferred that A and B are concrete classes and B
extends A. This is shown by the generalization relationship between B and A. Hence, choice B is
correct. Choice A is incorrect because class A does not inherit from class B. Choice C is incorrect
because the relationship between the classes A and B is generalization, not dependency. Finally, choice
D is incorrect because A has an aggregation relationship with Interface C, not Class B.

Class B has a dependency to Class A
Class A has an aggregation to Class B
In which of the following situations, would you use the Observer pattern?
Choices A and D are correct. The observer pattern is used to notify dependents of an object when that
object changes state. Choice E is a description of the Mediator pattern. Choice C is incorrect because
the Observer pattern does not reduce the number of instances you need to create. Choice B is almost
correct except the messages are sent when the object being monitored changes state. Observer - (GOF
293): "Define a one-to-many dependency between objects so that when one object changes state, all its
dependents are notifies and updated automatically." Mediator - (GOF 273):"Define an object that
encapsulates how a set of objects interact. Mediator promotes loose coupling by keeping objects from
referring to each other explicitly, and it lets you vary their interaction independently."
When you need to have objects notified of events but you don't know which objects would have
such needs, or if you will need to add more objects to receive such notification, at a later date.
You want one object to monitor when the state of another object but you don't want the object
being monitored to need to send any messages regarding its state.
When the instances of your class can be use interchangeable and you want to reduce the number of
instances created in order to improve performance.
You are building an online auction site to sell rare and collectable toys. You want customers to be
notified of bids on items they are bidding for in as close to real time as possible. You would use
the Observer pattern to notify the customer objects of changes in the auction object.
When you need to co-ordinate state changes between other objects by using one object.
While working at home, you try to connect to your company's network from home but there is no
response. You are trying to connect to your RMI-JRMP application; the port is available on the
firewall, what is the most likely reason why you cannot connect?
Choice B is correct. The most likely explanation here is that your company's firewall is filtering your
requests out based upon your IP address. You would need to get your home IP address added to the list
that the firewall trusts (and this will not be easy if you are using DHCP!). Choices A and C are both
possible but not the very likely here. Hence, these choices are incorrect. Choices D and E are not
factually correct.
The port on the firewall isn't really available.

The company's proxy servers are filtering out your request based upon your IP address.
You have typed the connection address incorrectly.
Your application is only listening for internal requests and you will need to change setting in the
security.policy file if you wish to connect from home.
Your company knows that most hacking takes place at night and takes all of its systems off-line
during the night.
use it."
Mediator
State
Strategy
Template Method
A browser client C1 opens an SSL session with Server S1 on port 443. Client C1 then opens a new
browser window and opens an SSL session with Server S2 (while the SSL session with Server S1 is
active in the other browser window). At the same time, browser client C2 opens an SSL session with
Server S1 on 443 as well. Which of the following statements are NOT TRUE in this situation?
Choices A and B are correct as the corresponding statements are NOT TRUE. Since clients can
simultaneously engage in multiple SSL connections (through different browser instances) and servers
can support multiple concurrent SSL connections, only statements A and B are false and therefore the
correct choices. Statements C and D are true and therefore incorrect choices.
Client C1 cannot be engaged in two SSL connections as the same time.

Server S1 cannot be engaged in two SSL connections on the same port at the same time.
Client C1 can have multiple SSL connections open at the same time.
Server S1 can have multiple SSL connections open at the same time.

Question Bank

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Question Bank

Uploaded by

Copyright:

Available Formats

Whizlabs SCEA 5

Which of the following are true about Active Replication?

CORBA is a standard for

Messaging using virtual channels called Queues

RMI-IIOP does NOT provide which of the following capabilities?

Remote Method Invocation

Class D implements Class C

SomeOtherBean has no control on the transaction since it is a CMT bean.

Which of the following are true about Passive Replication?

Primary Service and all replicas respond to all requests

Which of the following are not true about Screen Scrapers?

Undefined Primary Keys refers to?

Refers to Entity Beans that do not use Primary Keys

Does not Exist

Which of the following is NOT a resource management technique?

Maintaining a smaller pool of Stateless Beans to serve a large number of clients

HTTPS is defined as...

HTTP with Security

class.newInstance(), setSessionContext (ctx), ejbCreate()

Asynchronous communication is achieved by using:

Remote Procedure Calls

Which of the following is NOT part of the messaging architecture?

Decentralized messaging using IP Multicasting

Does Not Exist

Scalability, Availability, Extensibility, Manageability and Security

(i) represents an object and (ii) a class

Using the same applets

1 A can have 2 Bs associated with it.

Small Scale deployment

MessageFormat and NumberFormat

What types of transactions are supported by Enterprise Java Beans?

Implicit Declarative Transactions

Which of the following statements is true about SSL?

The remote reference is invalidated

You can't, change the data store.

Splitting requests evenly amongst all back end servers.

A plastic tool to get ice off a car windscreen.

Splitting requests evenly amongst all back end servers

What is object mapping?

The process of converting a class diagram to Java code.

Allows Java to use CORBA.

Improves response time between client and bean.

Defines create(), find(), remove(Object) methods.

Defines create(), find(), remove (Object) methods.

To represent a shopping basket.

ejbPassivate() is called prior to passivation.

Which of the following statements are true about bean pooling?

The EJB specifies how many instances to pool at deployment time.

Select the most appropriate use for an Entity Bean?

Store state for a particular client.

When should RMI over IIOP be used?

8443 and yes it can run elsewhere

JMS, JSP and Servlets

When would you use a JDBC-ODBC Bridge?

This is the standard, and is used all the time.

When you are designing a pure Java solution.

Is Point-to-Point (PTP) is based on message queues?

It is a class called AName

Which of the following are used in Internationalization?

Class A inherits from Class B

What is the ResourceBundle class used for?

To store information about the program, like an external configuration file.

You should use Java IDL when using Enterprise Javabeans.