what is the difference between Option 2 "his method violates secure coding guidelines for storing sensitive data.
" and Option 4 "Storing user information in serialized files violates secure coding guidelines for storing sensitive data" ? Why does the method not voilate secure coding guidelines for storing sensitive data? What is a utility method?
About Question enthuware.ocpjp.ii.v11.2.3424 :
Moderators: Site Manager, fjwalraven
-
liugengyu
- Posts: 8
- Joined: Thu Jul 09, 2020 4:09 pm
- Contact:
-
admin
- Site Admin
- Posts: 10384
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Option 2 says that the given method violates secure coding guidelines. But it does not because this method is a utility method that serializes any object. It has no idea what type of object is it serializing. So, this method itself does not violate any best practice.
Option 4 is correct because it user data should not be serialized and stored.
Option 4 is correct because it user data should not be serialized and stored.
-
philippe
- Posts: 26
- Joined: Sun Jul 16, 2017 4:24 pm
- Contact:
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Regarding the following statement: "Serialization Filtering should be used to validate classes before they are serialized."
In the explanation why this is a correct answer, it is mentioned: "serialization filtering provides a mechanism to validate classes before they are deserialized."
However, in the code there is only serialization and no deserialization. How exactly does the statement apply?
In the explanation why this is a correct answer, it is mentioned: "serialization filtering provides a mechanism to validate classes before they are deserialized."
However, in the code there is only serialization and no deserialization. How exactly does the statement apply?
Code: Select all
public static void storeObjectToFile(final String fn, final Serializable obj) throws Exception {
validateOutputFile(fn);
validatePermissions();
try(ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(fn)) ) {
oos.writeObject(obj);
}
}
-
admin
- Site Admin
- Posts: 10384
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
You are right. It is a correct statement in general bit not applicable in the given situation. It should be marked incorrect. Fixed.
thank you for your feedback!
thank you for your feedback!
-
philippe
- Posts: 26
- Joined: Sun Jul 16, 2017 4:24 pm
- Contact:
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Is it possible this correction hasn't been pushed yet?
-
admin
- Site Admin
- Posts: 10384
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
The fix is there is version 1.17. Which version of which question bank are you using?
-
philippe
- Posts: 26
- Joined: Sun Jul 16, 2017 4:24 pm
- Contact:
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
I'm on the question bank 1Z0-816. The major/minor version is 1/29.
-
admin
- Site Admin
- Posts: 10384
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
OK, it was not updated. Done now.
thank you for your feedback!
thank you for your feedback!
-
philippe
- Posts: 26
- Joined: Sun Jul 16, 2017 4:24 pm
- Contact:
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
I don't see the update yet. Screenshot: https://we.tl/t-F1F4auFejO.
-
admin
- Site Admin
- Posts: 10384
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
It will be in version 1.30 of 816 question bank as soon as it is rolled out.
-
philippe
- Posts: 26
- Joined: Sun Jul 16, 2017 4:24 pm
- Contact:
Re: About Question enthuware.ocpjp.ii.v11.2.3424 :
Got it, thanks!
Who is online
Users browsing this forum: No registered users and 9 guests