CSSLP Question #110: Real Exam Question with Answer & Explanation

The correct answer is B: Security constraint. A security constraint, often found in web application deployment descriptors, uses URL mapping to define access privileges for a collection of web resources. It specifies which users or roles are allowed to access certain parts of an application.

Secure Software Deployment, Operations, Maintenance

Question

Which of the following specifies access privileges to a collection of resources by using the URL mapping?

Options

ACode Access Security
BSecurity constraint
CConfiguration Management
DAccess Management

Explanation

A security constraint, often found in web application deployment descriptors, uses URL mapping to define access privileges for a collection of web resources. It specifies which users or roles are allowed to access certain parts of an application.

Common mistakes.

A. Code Access Security (CAS) is a .NET framework security policy that restricts the permissions of code based on its origin or other characteristics, not on URL mapping for resource access.
C. Configuration Management is the process of establishing and maintaining consistency of a product's performance, functional, and physical attributes, not directly about specifying URL-based access privileges.
D. Access Management is a broader discipline covering all aspects of controlling access to resources, whereas a security constraint is a specific technical mechanism for implementing access control via URL mapping.

Concept tested. Web application security - Security constraints

Reference. https://docs.oracle.com/cd/E13222_01/wls/docs81/webapp/security.html

Topics

#Web application security#Authorization#Security constraints#URL mapping

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions