Page 1 of 1
About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Thu Aug 27, 2020 1:51 pm
by liugengyu
what is the difference between Option 2 "his method violates secure coding guidelines for storing sensitive data.
" and Option 4 "Storing user information in serialized files violates secure coding guidelines for storing sensitive data" ? Why does the method not voilate secure coding guidelines for storing sensitive data? What is a utility method?
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Sun Aug 30, 2020 12:03 am
by admin
Option 2 says that the given method violates secure coding guidelines. But it does not because this method is a utility method that serializes any object. It has no idea what type of object is it serializing. So, this method itself does not violate any best practice.
Option 4 is correct because it user data should not be serialized and stored.
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Tue Dec 08, 2020 5:40 pm
by philippe
Regarding the following statement: "Serialization Filtering should be used to validate classes before they are serialized."
In the explanation why this is a correct answer, it is mentioned: "serialization filtering provides a mechanism to validate classes before they are
deserialized."
However, in the code there is only serialization and no deserialization. How exactly does the statement apply?
Code: Select all
public static void storeObjectToFile(final String fn, final Serializable obj) throws Exception {
validateOutputFile(fn);
validatePermissions();
try(ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(fn)) ) {
oos.writeObject(obj);
}
}
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Tue Dec 08, 2020 11:07 pm
by admin
You are right. It is a correct statement in general bit not applicable in the given situation. It should be marked incorrect. Fixed.
thank you for your feedback!
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Sun Jan 03, 2021 8:11 am
by philippe
Is it possible this correction hasn't been pushed yet?
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Sun Jan 03, 2021 9:36 am
by admin
The fix is there is version 1.17. Which version of which question bank are you using?
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Sun Jan 03, 2021 6:15 pm
by philippe
I'm on the question bank 1Z0-816. The major/minor version is 1/29.
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Sun Jan 03, 2021 9:54 pm
by admin
OK, it was not updated. Done now.
thank you for your feedback!
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Mon Jan 04, 2021 2:26 pm
by philippe
I don't see the update yet. Screenshot:
https://we.tl/t-F1F4auFejO.
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Tue Jan 05, 2021 7:13 am
by admin
It will be in version 1.30 of 816 question bank as soon as it is rolled out.
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Posted: Tue Jan 05, 2021 9:17 am
by philippe
Got it, thanks!