About Question enthuware.ocpjp.ii.v11.2.3424 :

liugengyu · Post by **liugengyu** » Thu Aug 27, 2020 1:51 pm

what is the difference between Option 2 "his method violates secure coding guidelines for storing sensitive data.
" and Option 4 "Storing user information in serialized files violates secure coding guidelines for storing sensitive data" ? Why does the method not voilate secure coding guidelines for storing sensitive data? What is a utility method?

Post by **admin** » Sun Aug 30, 2020 12:03 am

Option 2 says that the given method violates secure coding guidelines. But it does not because this method is a utility method that serializes any object. It has no idea what type of object is it serializing. So, this method itself does not violate any best practice.

Option 4 is correct because it user data should not be serialized and stored.

philippe · Post by **philippe** » Tue Dec 08, 2020 5:40 pm

Regarding the following statement: "Serialization Filtering should be used to validate classes before they are serialized."
In the explanation why this is a correct answer, it is mentioned: "serialization filtering provides a mechanism to validate classes before they are deserialized."

However, in the code there is only serialization and no deserialization. How exactly does the statement apply?

Code: Select all

public static void storeObjectToFile(final String fn, final Serializable obj) throws Exception {
  validateOutputFile(fn);
  validatePermissions();
  try(ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(fn)) ) {
    oos.writeObject(obj);
  }
}

Post by **admin** » Tue Dec 08, 2020 11:07 pm

You are right. It is a correct statement in general bit not applicable in the given situation. It should be marked incorrect. Fixed.
thank you for your feedback!

philippe · Post by **philippe** » Sun Jan 03, 2021 8:11 am

Is it possible this correction hasn't been pushed yet?

Post by **admin** » Sun Jan 03, 2021 9:36 am

The fix is there is version 1.17. Which version of which question bank are you using?

philippe · Post by **philippe** » Sun Jan 03, 2021 6:15 pm

I'm on the question bank 1Z0-816. The major/minor version is 1/29.

Post by **admin** » Sun Jan 03, 2021 9:54 pm

OK, it was not updated. Done now.
thank you for your feedback!

philippe · Post by **philippe** » Mon Jan 04, 2021 2:26 pm

I don't see the update yet. Screenshot: https://we.tl/t-F1F4auFejO.

Post by **admin** » Tue Jan 05, 2021 7:13 am

It will be in version 1.30 of 816 question bank as soon as it is rolled out.

philippe · Post by **philippe** » Tue Jan 05, 2021 9:17 am

Got it, thanks!

Enthuware

About Question enthuware.ocpjp.ii.v11.2.3424 :

About Question enthuware.ocpjp.ii.v11.2.3424 :

Re: About Question enthuware.ocpjp.ii.v11.2.3424 :

Re: About Question enthuware.ocpjp.ii.v11.2.3424 :

Re: About Question enthuware.ocpjp.ii.v11.2.3424 :

Re: About Question enthuware.ocpjp.ii.v11.2.3424 :

Re: About Question enthuware.ocpjp.ii.v11.2.3424 :

Re: About Question enthuware.ocpjp.ii.v11.2.3424 :

Re: About Question enthuware.ocpjp.ii.v11.2.3424 :

Re: About Question enthuware.ocpjp.ii.v11.2.3424 :

Re: About Question enthuware.ocpjp.ii.v11.2.3424 :

Re: About Question enthuware.ocpjp.ii.v11.2.3424 :

Who is online