IBM C5050-408 Exam Practice Questions (P. 4)
- Full Access (74 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #16
An application developer is securing an application by using an adapter. The application developer has registered the following procedures in the adapter's xml file.
<procedure name="submitAuthentication" />
<procedure name="requestForData" securityTest="AuthAdapterTest" />
Which function must the application developer invoke in the authentication adapter at the end of the login sequence to consider the user's session authenticated?
<procedure name="submitAuthentication" />
<procedure name="requestForData" securityTest="AuthAdapterTest" />
Which function must the application developer invoke in the authentication adapter at the end of the login sequence to consider the user's session authenticated?
- AThe WL.Client.Login API.
- BThe WL.Server.setActiveUser API.
- CThe adapter's requestForData function.
- DThe adapter authenticator's login-function.
Correct Answer:
B
WL.Server.setActiveUser creates a user identity in a specified realm.
It is used in authenticator adapters at the end of the login sequence. Creates a user identity in the specified realm with the properties in the specified identity parameter. As a result of this method, the user's session is considered authenticated.
References:
https://www.ibm.com/support/knowledgecenter/SSZH4A_6.0.0/com.ibm.worklight.help.doc/apiref/r_method_wl_server_setactiveuser.html
B
WL.Server.setActiveUser creates a user identity in a specified realm.
It is used in authenticator adapters at the end of the login sequence. Creates a user identity in the specified realm with the properties in the specified identity parameter. As a result of this method, the user's session is considered authenticated.
References:
https://www.ibm.com/support/knowledgecenter/SSZH4A_6.0.0/com.ibm.worklight.help.doc/apiref/r_method_wl_server_setactiveuser.html
send
light_mode
delete
Question #17
An application developer has implemented the following security test to protect a mobile application.
<mobileSecurityTest name="mobileTest">
<testUser realm="myMobileLoginForm"/>
<testDeviceID provisioningType="none" />
</mobileSecurityTest>
The corporate security team has recently learned about cross-site request forgery (XSRF) attacks against the company's website. The corporate security team wants to prevent further attacks and has asked the developer to protect the mobile application against XSRF attacks.
What step must the application developer take to protect against XSRF attacks?
<mobileSecurityTest name="mobileTest">
<testUser realm="myMobileLoginForm"/>
<testDeviceID provisioningType="none" />
</mobileSecurityTest>
The corporate security team has recently learned about cross-site request forgery (XSRF) attacks against the company's website. The corporate security team wants to prevent further attacks and has asked the developer to protect the mobile application against XSRF attacks.
What step must the application developer take to protect against XSRF attacks?
- ANothing. By default, a mobileSecurityTest includes protection against XSRF attacks.
- BDefine a new webSecurityTest and add the element <test realm="wl_antiXSRFRealm"/>
- CAdd the element <test realm="wl_antiXSRFRealm"/> to the mobileSecurityTest definition.
- DChange the implementation to a custom security test and add the element <testXSRF realm="wl_antiXSRFRealm" />
Correct Answer:
A
The mobileSecurityTest contains:
* The following realms, enabled by default: wl_anonymousUserRealm, wl_antiXSRFRealm, wl_remoteDisableRealm and wl_deviceNoProvisioningRealm.
* The user and device realms that you must specify.
References:
https://www.ibm.com/support/knowledgecenter/SSZH4A_6.1.0/com.ibm.worklight.dev.doc/devref/r_security_tests.html
A
The mobileSecurityTest contains:
* The following realms, enabled by default: wl_anonymousUserRealm, wl_antiXSRFRealm, wl_remoteDisableRealm and wl_deviceNoProvisioningRealm.
* The user and device realms that you must specify.
References:
https://www.ibm.com/support/knowledgecenter/SSZH4A_6.1.0/com.ibm.worklight.dev.doc/devref/r_security_tests.html
send
light_mode
delete
Question #18
An application developer is implementing form-based authentication. The developer has created a challenge handler object to handle challenges from the
SampleAppRealm by invoking createChallengeHandler on WL.Client as follows: var sampleAppRealmChallengeHandler = WL.Client.createChallengeHandler ("SampleAppRealm");
Which function of the challenge handler must the application developer implement?
SampleAppRealm by invoking createChallengeHandler on WL.Client as follows: var sampleAppRealmChallengeHandler = WL.Client.createChallengeHandler ("SampleAppRealm");
Which function of the challenge handler must the application developer implement?
- AsubmitFailure
- BsubmitSuccess
- CsubmitLoginForm
- DisCustomResponse
Correct Answer:
C
References: https://www.ibm.com/developerworks/community/blogs/f870215a-82d8-4701-88a5-7937fb3c73c0/entry/ ibm_worklight_authentication_form_based_authentication_using_database_login_module?lang=en
C
References: https://www.ibm.com/developerworks/community/blogs/f870215a-82d8-4701-88a5-7937fb3c73c0/entry/ ibm_worklight_authentication_form_based_authentication_using_database_login_module?lang=en
send
light_mode
delete
Question #19
An application developer wants to protect their application against specific malware and repackaging attacks by implementing application authenticity testing via the console. Per the requirements, the developer wishes to implement a check where the Worklight Server will test the authenticity of an application. If the application fails the authenticity check, the Worklight Server will output a message to the log containing relevant information, but the application will still run as expected.
Which type of application authenticity should the application developer implement via the console with the above requirements?
Which type of application authenticity should the application developer implement via the console with the above requirements?
- AEnabled, logging
- BEnabled, blocking
- CEnabled, notifying
- DEnabled, servicing
Correct Answer:
D
Worklight Console allows enabling or disabling the application authenticity realm in run time. This feature is useful for the Development and QA environments.
There are three modes you can set:
* Enabled, blocking means that the application authenticity check is enabled. If the application fails the check, it is not served by a Worklight server.
* Enabled, serving means that the application authenticity check is enabled. If the application fails the check, it is still served by a Worklight server.
* Disabled means that the application authenticity check is disabled.
References:
https://www.ibm.com/support/knowledgecenter/SSZH4A_6.1.0/com.ibm.worklight.dev.doc/dev/c_ibm_worklight_app_authentication_overview.html
D
Worklight Console allows enabling or disabling the application authenticity realm in run time. This feature is useful for the Development and QA environments.
There are three modes you can set:
* Enabled, blocking means that the application authenticity check is enabled. If the application fails the check, it is not served by a Worklight server.
* Enabled, serving means that the application authenticity check is enabled. If the application fails the check, it is still served by a Worklight server.
* Disabled means that the application authenticity check is disabled.
References:
https://www.ibm.com/support/knowledgecenter/SSZH4A_6.1.0/com.ibm.worklight.dev.doc/dev/c_ibm_worklight_app_authentication_overview.html
send
light_mode
delete
Question #20
An application developer is attempting to implement device single sign-on (SSO) as specified in the following example:
<securityTests>
<mobileSecurityTest name="FormTest">
<testDeviceID provisioningType="none"/>
<testUser realm="SampleAppRealm"/>
</mobileSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="MyLoginModule">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
</realms>
<loginModules>
<loginModule name="MyLoginModule"
ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
className>com.worklight.core.auth.exp.NonValidatingLoginModule</className>
</loginModule>
</loginModules>
Upon testing the configuration, the developer finds unexpected results, such as the Worklight project failing to start.
What does the application developer need to do to bring the SSO configuration to a consistent state?
<securityTests>
<mobileSecurityTest name="FormTest">
<testDeviceID provisioningType="none"/>
<testUser realm="SampleAppRealm"/>
</mobileSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="MyLoginModule">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
</realms>
<loginModules>
<loginModule name="MyLoginModule"
ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
className>com.worklight.core.auth.exp.NonValidatingLoginModule</className>
</loginModule>
</loginModules>
Upon testing the configuration, the developer finds unexpected results, such as the Worklight project failing to start.
What does the application developer need to do to bring the SSO configuration to a consistent state?
- ASet the sso.cleanup.taskFrequencyInSeconds server property.
- BSpecify <testUser realm="SampleAppRealm" sso="true"/> in the mobile security test.
- CAdd the following line to the mobile security test <test realm="MySSO" isInternalUserID=:true"/>
- DAdd the following line to the WMAppManifest.xml file: <Capability Name='ID_CAP_IDENTITY_DEVICE' />
Correct Answer:
B
Single sign-on is a property of a login module. You can enable single sign-on from a mobileSecurityTest element or from a loginModule element of authenticationConfig.xml. Enabling single sign-on for a custom security test is done on the loginModule element. Enabling single sign-on for a mobile security test is done on the testUser realm of the mobileSecurityTest element.
When configuring mobileSecurityTest elements, enable single sign-on from the securityTest element by setting the value of the sso attribute to true. Note that you can enable SSO for user realms only. If the sso attribute is not specified, it is assumed to be set to false. For example:
<mobileSecurityTest name="mst">
<testDeviceId provisioningType="none"/>
<testUser realm="myUserRealm" sso="true"/>
</mobileSecurityTest>
References:
https://www.ibm.com/support/knowledgecenter/SSZH4A_6.2.0/com.ibm.worklight.dev.doc/devref/t_configuring_device_SSO.html
B
Single sign-on is a property of a login module. You can enable single sign-on from a mobileSecurityTest element or from a loginModule element of authenticationConfig.xml. Enabling single sign-on for a custom security test is done on the loginModule element. Enabling single sign-on for a mobile security test is done on the testUser realm of the mobileSecurityTest element.
When configuring mobileSecurityTest elements, enable single sign-on from the securityTest element by setting the value of the sso attribute to true. Note that you can enable SSO for user realms only. If the sso attribute is not specified, it is assumed to be set to false. For example:
<mobileSecurityTest name="mst">
<testDeviceId provisioningType="none"/>
<testUser realm="myUserRealm" sso="true"/>
</mobileSecurityTest>
References:
https://www.ibm.com/support/knowledgecenter/SSZH4A_6.2.0/com.ibm.worklight.dev.doc/devref/t_configuring_device_SSO.html
send
light_mode
delete
All Pages