SCWCD(310-083)單項選擇題每日一練(2019.01.15)

A developer has used this code within a servlet：
62.if（request.isUserInRole（"vip"）） {
63.// VIP-related logic here
64.}
What else must the developer do to ensure that the intended security goal is achieved？（）

Given a portion of a valid Java EE web application’s directory structure： MyApp |
|-- File1.html
|
|-- Directory1
||-- File2.html|
|-- META-INF
|-- File3.html
You want to know whether File1.html， File2.html， and/or File3.html will be directly accessible by your webclient’s browsers.
Which statement is true？（）

You have built a web application with tight security. Several directories of your webapp are used for internal purposes and you have overridden the default servlet to send an HTTP 403 status code for any request thatmaps to one of these directories. During testing， the Quality Assurance director decided that they did NOTlike seeing the bare response page generated by Firefox and Internet Explorer. The director recommendedthat the webapp should return a more user-friendly web page that has the same look-and-feel as the webapp plus links to the webapp’s search engine. You have created this JSP page in the /WEB-INF/jsps/error403.jsp file. You do NOT want to alter the complex logic of the default servlet.
How can you declarethat the web container must send this JSP page whenever a 403 status is generated？（）

A developer is designing the presentation tier for a web application which requires a centralized requesthandling to complete common processing required by each request.
Which design pattern provides asolution to this problem？（）