Hacking the Sun Certified Enterprise Architect Exam

1
Hacking the Sun Certified Enterprise Architect
Exam Part 1

• Brian Briggman
• Pat Guimaraes
• Konrad Rokicki

Session ID BOF-0427
2
Hacking the Sun Certified Enterprise Architect
Exam - Part 1

• Brian Briggman
• System ArchitectSoftware Consultants Inc.
• Pat Guimaraes
• Principal Software EngineerGene Logic
• Konrad Rokicki
• Software EngineerGene Logic

3
Goal of This Presentation
What You Can Expect to Gain
This session serves as a last minute review
session for all attendees who plan on taking Part
1 of the Sun Certified Enterprise Architect exam.
4
Intended Audience
Who is Expected to Attend
Ideally, any attendees who have already started
studying for the SCEA Part 1 Exam. Our intent is
not to teach all the material necessary to pass
the exam, but rather to share our experiences and
help by distributing a SCEA Study Sheet at the
end of the session.
5
Agenda With Section Highlights

• SCEA Exam Overview
• SCEA Exam Objectives
• Tips and Tricks
• Resources and References
• Cram Sheet
• For More Information
• QA

6
SCEA Exam Overview

• Sun Certified Enterprise Architect for J2EE
  Technology (Step 1 of 3)
• Exam CX-310-051
• Prerequisites None
• Cost 150
• Number of questions 48
• Pass score 68 (33/48)
• Time limit 75 minutes
• Delivered at Authorized Prometric testing
  centers
• Other exams/assignments required for this
  certification Step 2 (CX-310-300A), Step 3
  (CX-310-061)

7
SCEA Exam Objectives

• Divided into 11 Categories
• 1. Concepts
• 2. Common Architectures
• 3. Legacy Connectivity
• 4. Enterprise JavaBeans Technology
• 5. Enterprise JavaBeans Container Model
• 6. Protocols
• 7. Applicability of J2EE
• 8. Design Patterns
• 9. Messaging
• 10. Internationalization
• 11. Security

8
1. Concepts

• UML - Structural Elements
• Class rectangle
• Interface lollipop or stereotyped class
• Use Case oval
• Collaboration dashed oval
• Active Class bold border
• Component rectangle with plugs
• Node 3d box

9
1. Concepts

• UML - Relationships
• Dependency
• Association
• Composition
• Aggregation
• Generalization
• Realization

10
2. Common Architectures

• 1-tier - monolithic, standalone
• pros manageability, availability, reliability,
  performance, security
• cons scalability, maintainability, extensibility
• 2-tier - client/server, fat client/stored
  procedures
• pros rapid prototyping
• cons maintainability (client versioning and
  distribution, business logic changes)
• 3-tier/n-tier - typical J2EE architecture
• Client Tier (web clients, applets)
• Web Tier (web servers, JSP's, servlets)
• Business Tier (EJB's)
• EIS Integration Tier (JDBC, ODBC, Corba)
• EIS Tier (databases, legacy data)

11
3. Legacy Connectivity

• Objective Distinguish appropriate from
  inappropriate techniques for providing access to
  a legacy system from Java code given an outline
  description of that legacy system
• Concepts
• Screen Scraper acts as terminal emulator on one
  end and an object interface on the other
• used when you have a graphical interface to a
  mainframe, but no access to the mainframe source
  code
• Object Mapping wrappers map legacy objects
• used when you have access to the mainframe source
  code
• used if legacy interface changes often
• Offboard Server proxy for legacy system
• often used with screen scrapers

12
4. Enterprise JavaBeans Technology

• Core of any enterprise architecture
• Many questions are related to EJB in some way
• EJB questions are in-depth
• Benefits
• Distributed architecture
• Resource pooling
• Transaction management
• Persistence
• Security

13
EJB Basics

• Types of EJBs and their purposes
• Stateful Session Beans
• Conversational state
• Stateless Session Beans
• Business logic
• Entity Beans
• Persistent business entities
• Parts of an EJB
• Home interface
• Remote interface
• Bean class

14
5. Enterprise JavaBeans Container Model

• Bean finding and creation
• Method execution
• Passivation
• Persistence
• State transitions and callbacks (lifecycle
  methods)

15
Transactions

• ACID principles
• Atomic, Consistent, Isolated, Durable
• BMT (bean-managed transactions)
• Programmatic transaction demarcation
• More flexible
• CMT (container-managed transactions)
• Declarative transactions
• Easier development
• Transaction attributes
• Result when method is called with or without an
  existing transaction

16
Persistence

• When to use Entity beans
• Never
• Except when taking the exam
• BMP
• Ability to persist complex types
• Potentially better performance
• CMP
• Faster development
• Application Server portability
• Data Access Objects (DAO)
• greater database portability

17
6. Protocols
Protocol Description Port Stateful
Security HTTP Web 80 No No HTTPS HTTP
over SSL 443 Yes Yes IIOP CORBAs
transport 535 Yes CORBA JRMP RMIs
transport 1099 Yes SSL JAAS
IIOP can also be used as an alternative transport
for RMI when all remote interfaces are defined as
Java RMI interfaces, which is the case with EJBs.
18
7. Applicability of J2EE Technology
19
8. Design Patterns

• From a list, select the most appropriate design
  pattern for a given scenario. Patterns will be
  limited to those documented in Gamma et al. and
  named using the names given in that book.
• State the benefits of using design patterns.
• State the name of a design pattern (for example,
  Gamma) given the UML diagram and/or a brief
  description of the pattern's functionality.
• Select from a list benefits of a specified design
  pattern (for example, Gamma).
• Identify the design pattern associated with a
  specified J2EE feature

20
Pattern Gotchas

• Factory Method vs Abstract Factory
• Both are used to defer instantiation to
  subclasses
• Abstract Factory creates families of objects
• Often implemented using Factory Methon
• Singleton
• Can maintain more than 1 instance
• Template Method vs Strategy
• Template Method lets you abstract part of
  algorithm, Strategy abstracts the entire thing

21
Enterprise Java Usage of Patterns

• Prototype like Java's Cloneable
• Decorator EJB Container adds security and
  transactions to methods
• Facade Session Bean interface to Entity Beans
• Flyweight Session Bean pooling
• Proxy EJB Remote interface (stubs)
• Observer JMS Publish-Subscribe

22
9. Messaging
Messaging Models Point-to-point one sender to
one receiver, uses Queues Publish/Subscribe one
sender to multiple receivers, uses Topics
JMS is an interface only, does not include
implementation. JMS supports transactions across
multiple messages. Messages are routed via
message brokers.
23
10. Internationalization
Internationalization is the process of creating a
program that can run on any region. Localization
is the process of customizing an
internationalized program to run on a particular
region.
24
11. Security

• General Applet Restrictions
• In browsers, the Java Security Manager is
  installed and used by default
• Running an applet from the command line means
  that no security manager is used by default.
• Signed applets can connect to arbitrary hosts.
• System properties can never be modified.

25
Applet Abilities and Restrictions

• Applet Permitted Operations
• Create a thread
• Read but not modify some system properties
• Make network connection to the host it was
  downloaded from
• Excessive CPU Usage - not monitored by Security
  Manger
• Excessive Memory Usage - not monitored by
  Security Manger
• Excessive Network Bandwidth Usage - not monitored
  by Security Manger
• Applet Not Permitted Operations
• Cannot access files or directories on the host
  system
• Cannot make network connections to any arbitrary
  host
• Cannot read keystrokes intended for other parts
  of the browser or host system
• Cannot execute arbitrary programs on the host
  system
• Cannot block or kill other threads
• Cannot create top level windows
• Cannot hide or replace system classes with
  downloaded classes

26
Asymetric keys, Public keys, and Private keys

• Asymetric keys - use public and private keys to
  encrypt messages
• Public key - used for encrypting
• Private key - used for decrypting
• Encrypted messages are not required to be sent
  via SSL since they're already encrypted

27
Jar Signing

• Just about any signed code can be compromised or
  contain malicious code
• Signing a jar signs the individual files it
  contains.
• Unsigned files may be added to a signed jar
  without invalidating the signature.

28
Digital Signatures, Message Digests and
Certificate Authority (CA)

• Digital Signature - only proves that the correct
  private key was used. nothing more.
• Message digest - only proves that a piece of data
  has not been altered
• Certificate Authority (CA) only proves public
  key belongs to who you think it does

29
Firewalls, the DMZ, and Tunneling

• Packet Filtering Routers - typically filter on
  destination IP, port, and source IP.
• Proxy Server - typically provides content
  filtering and passes along packets
• Firewalls - typically contain a packet filtering
  router and proxy server(s)
• Inner Firewall - the firewall between the DMZ and
  the inner network
• Outer Firewall - the firewall between the DMZ and
  the outer world
• DMZ - Zone between 2 firewalls
• Tunneling - A means of circumventing a firewall

30
Tips Tricks

• General Test Taking
• Radio Buttons - Choose 1
• Checkboxes - Choose 2 (or more) - pay attention
  to the "x" in "Choose x"
• Mark - So that you can review the question later
• Images - Some questions require a user to view an
  image to answer the question. A button provides
  this functionality.
• Scrollbars - some answers to a question may be
  off the bottom of the screen, requiring you to
  scroll to see them.
• Time - Time starts once you are given the Terms
  and Conditions page, so read them thoroughly
  beforehand.

31
Tips Tricks (continued)

• Keywords
• Mnemonics
• Last Minute Cramming
• Use of your scratch paper

32
Resources and References

• Sun Certified Enterprise Architect for J2EE
  Technology Study Guide, Mark Cade and Simon
  Roberts. 2002, Sun Microsystems Press.
• Strengths Best All-Around Study Guide also
  covers Part 2 and Part 3
• Weaknesses No coverage of Legacy Connectivity or
  Messaging
• http//leocrawford.org.uk/work/jcea/part1/
• Covers the older version, but has good coverage
  of messaging and legacy connectivity.

33
Resources and References

• Design Patterns Elements of Reusable
  Object-Oriented Software, Erich Gamma, Richard
  Helm, Ralph Johnson, John Vlissides, Grady Booch.
  1995, Addison-Wesley.
• UML Distilled A Brief Guide to the Standard
  Object Modeling Language, Martin Fowler. 2003,
  Addison-Wesley.
• SCEA_J2EE on Yahoo Groups
• http//groups.yahoo.com/group/scea_j2ee/

34
Resources and References

• WhizLabs SCEA Simulator
• http//www.whizlabs.com/scea/scea.html
• Strengths Fairly close to actual Prometric test
  format, includes 7 sample exams.
• Weaknesses Covers EJB 2.0 and some J2EE Design
  Patterns, neither of which are on the exam, and
  cost is 89.95.

35
Cram Sheet
36
For More Information

• Sun Certified Enterprise Architect for J2EE
  Technology (Step 1 of 3) (CX-310-051)
• http//www.sun.com/training/catalog/courses/CX-310
  -051.xml
• Thompson Prometric Schedule an Exam
• http//securereg3.prometric.com/
• This Presentation Electronic Copy
• http//www.briggman.com/scea
• SCEA Cram Sheet Electronic Copy
• http//www.briggman.com/scea

37
QA

• Brian Briggman
• Pat Guimaraes
• Konrad Rokicki

38
Hacking the Sun Certified Enterprise Architect
Exam Part 1

• Brian Briggman
• Pat Guimaraes
• Konrad Rokicki

b.briggman_at_briggman.com pguimara_at_genelogic.com kon
rad_at_gwu.edu
Session ID BOF-0427