Title: Hacking the Sun Certified Enterprise Architect Exam Part 1
1Hacking the Sun Certified Enterprise Architect
Exam Part 1
- Brian Briggman
- Pat Guimaraes
- Konrad Rokicki
Session ID BOF-0427
2Hacking the Sun Certified Enterprise Architect
Exam - Part 1
- Brian Briggman
- System ArchitectSoftware Consultants Inc.
- Pat Guimaraes
- Principal Software EngineerGene Logic
- Konrad Rokicki
- Software EngineerGene Logic
3Goal of This Presentation
What You Can Expect to Gain
This session serves as a last minute review
session for all attendees who plan on taking Part
1 of the Sun Certified Enterprise Architect exam.
4Intended Audience
Who is Expected to Attend
Ideally, any attendees who have already started
studying for the SCEA Part 1 Exam. Our intent is
not to teach all the material necessary to pass
the exam, but rather to share our experiences and
help by distributing a SCEA Study Sheet at the
end of the session.
5Agenda With Section Highlights
- SCEA Exam Overview
- SCEA Exam Objectives
- Tips and Tricks
- Resources and References
- Cram Sheet
- For More Information
- QA
6SCEA Exam Overview
- Sun Certified Enterprise Architect for J2EE
Technology (Step 1 of 3) - Exam CX-310-051
- Prerequisites None
- Cost 150
- Number of questions 48
- Pass score 68 (33/48)
- Time limit 75 minutes
- Delivered at Authorized Prometric testing
centers - Other exams/assignments required for this
certification Step 2 (CX-310-300A), Step 3
(CX-310-061)
7SCEA Exam Objectives
- Divided into 11 Categories
- 1. Concepts
- 2. Common Architectures
- 3. Legacy Connectivity
- 4. Enterprise JavaBeans Technology
- 5. Enterprise JavaBeans Container Model
- 6. Protocols
- 7. Applicability of J2EE
- 8. Design Patterns
- 9. Messaging
- 10. Internationalization
- 11. Security
81. Concepts
- UML - Structural Elements
- Class rectangle
- Interface lollipop or stereotyped class
- Use Case oval
- Collaboration dashed oval
- Active Class bold border
- Component rectangle with plugs
- Node 3d box
91. Concepts
- UML - Relationships
- Dependency
- Association
- Composition
- Aggregation
- Generalization
- Realization
102. Common Architectures
- 1-tier - monolithic, standalone
- pros manageability, availability, reliability,
performance, security - cons scalability, maintainability, extensibility
- 2-tier - client/server, fat client/stored
procedures - pros rapid prototyping
- cons maintainability (client versioning and
distribution, business logic changes) - 3-tier/n-tier - typical J2EE architecture
- Client Tier (web clients, applets)
- Web Tier (web servers, JSP's, servlets)
- Business Tier (EJB's)
- EIS Integration Tier (JDBC, ODBC, Corba)
- EIS Tier (databases, legacy data)
113. Legacy Connectivity
- Objective Distinguish appropriate from
inappropriate techniques for providing access to
a legacy system from Java code given an outline
description of that legacy system - Concepts
- Screen Scraper acts as terminal emulator on one
end and an object interface on the other - used when you have a graphical interface to a
mainframe, but no access to the mainframe source
code - Object Mapping wrappers map legacy objects
- used when you have access to the mainframe source
code - used if legacy interface changes often
- Offboard Server proxy for legacy system
- often used with screen scrapers
124. Enterprise JavaBeans Technology
- Core of any enterprise architecture
- Many questions are related to EJB in some way
- EJB questions are in-depth
- Benefits
- Distributed architecture
- Resource pooling
- Transaction management
- Persistence
- Security
13EJB Basics
- Types of EJBs and their purposes
- Stateful Session Beans
- Conversational state
- Stateless Session Beans
- Business logic
- Entity Beans
- Persistent business entities
- Parts of an EJB
- Home interface
- Remote interface
- Bean class
145. Enterprise JavaBeans Container Model
- Bean finding and creation
- Method execution
- Passivation
- Persistence
- State transitions and callbacks (lifecycle
methods)
15Transactions
- ACID principles
- Atomic, Consistent, Isolated, Durable
- BMT (bean-managed transactions)
- Programmatic transaction demarcation
- More flexible
- CMT (container-managed transactions)
- Declarative transactions
- Easier development
- Transaction attributes
- Result when method is called with or without an
existing transaction
16Persistence
- When to use Entity beans
- Never
- Except when taking the exam
- BMP
- Ability to persist complex types
- Potentially better performance
- CMP
- Faster development
- Application Server portability
- Data Access Objects (DAO)
- greater database portability
176. Protocols
Protocol Description Port Stateful
Security HTTP Web 80 No No HTTPS HTTP
over SSL 443 Yes Yes IIOP CORBAs
transport 535 Yes CORBA JRMP RMIs
transport 1099 Yes SSL JAAS
IIOP can also be used as an alternative transport
for RMI when all remote interfaces are defined as
Java RMI interfaces, which is the case with EJBs.
187. Applicability of J2EE Technology
198. Design Patterns
- From a list, select the most appropriate design
pattern for a given scenario. Patterns will be
limited to those documented in Gamma et al. and
named using the names given in that book. - State the benefits of using design patterns.
- State the name of a design pattern (for example,
Gamma) given the UML diagram and/or a brief
description of the pattern's functionality. - Select from a list benefits of a specified design
pattern (for example, Gamma). - Identify the design pattern associated with a
specified J2EE feature
20Pattern Gotchas
- Factory Method vs Abstract Factory
- Both are used to defer instantiation to
subclasses - Abstract Factory creates families of objects
- Often implemented using Factory Methon
- Singleton
- Can maintain more than 1 instance
- Template Method vs Strategy
- Template Method lets you abstract part of
algorithm, Strategy abstracts the entire thing
21Enterprise Java Usage of Patterns
- Prototype like Java's Cloneable
- Decorator EJB Container adds security and
transactions to methods - Facade Session Bean interface to Entity Beans
- Flyweight Session Bean pooling
- Proxy EJB Remote interface (stubs)
- Observer JMS Publish-Subscribe
229. Messaging
Messaging Models Point-to-point one sender to
one receiver, uses Queues Publish/Subscribe one
sender to multiple receivers, uses Topics
JMS is an interface only, does not include
implementation. JMS supports transactions across
multiple messages. Messages are routed via
message brokers.
2310. Internationalization
Internationalization is the process of creating a
program that can run on any region. Localization
is the process of customizing an
internationalized program to run on a particular
region.
2411. Security
- General Applet Restrictions
- In browsers, the Java Security Manager is
installed and used by default - Running an applet from the command line means
that no security manager is used by default. - Signed applets can connect to arbitrary hosts.
- System properties can never be modified.
25Applet Abilities and Restrictions
- Applet Permitted Operations
- Create a thread
- Read but not modify some system properties
- Make network connection to the host it was
downloaded from - Excessive CPU Usage - not monitored by Security
Manger - Excessive Memory Usage - not monitored by
Security Manger - Excessive Network Bandwidth Usage - not monitored
by Security Manger - Applet Not Permitted Operations
- Cannot access files or directories on the host
system - Cannot make network connections to any arbitrary
host - Cannot read keystrokes intended for other parts
of the browser or host system - Cannot execute arbitrary programs on the host
system - Cannot block or kill other threads
- Cannot create top level windows
- Cannot hide or replace system classes with
downloaded classes
26Asymetric keys, Public keys, and Private keys
- Asymetric keys - use public and private keys to
encrypt messages - Public key - used for encrypting
- Private key - used for decrypting
- Encrypted messages are not required to be sent
via SSL since they're already encrypted
27Jar Signing
- Just about any signed code can be compromised or
contain malicious code - Signing a jar signs the individual files it
contains. - Unsigned files may be added to a signed jar
without invalidating the signature.
28Digital Signatures, Message Digests and
Certificate Authority (CA)
- Digital Signature - only proves that the correct
private key was used. nothing more. - Message digest - only proves that a piece of data
has not been altered - Certificate Authority (CA) only proves public
key belongs to who you think it does
29Firewalls, the DMZ, and Tunneling
- Packet Filtering Routers - typically filter on
destination IP, port, and source IP. - Proxy Server - typically provides content
filtering and passes along packets - Firewalls - typically contain a packet filtering
router and proxy server(s) - Inner Firewall - the firewall between the DMZ and
the inner network - Outer Firewall - the firewall between the DMZ and
the outer world - DMZ - Zone between 2 firewalls
- Tunneling - A means of circumventing a firewall
30Tips Tricks
- General Test Taking
- Radio Buttons - Choose 1
- Checkboxes - Choose 2 (or more) - pay attention
to the "x" in "Choose x" - Mark - So that you can review the question later
- Images - Some questions require a user to view an
image to answer the question. A button provides
this functionality. - Scrollbars - some answers to a question may be
off the bottom of the screen, requiring you to
scroll to see them. - Time - Time starts once you are given the Terms
and Conditions page, so read them thoroughly
beforehand.
31Tips Tricks (continued)
- Keywords
- Mnemonics
- Last Minute Cramming
- Use of your scratch paper
32Resources and References
- Sun Certified Enterprise Architect for J2EE
Technology Study Guide, Mark Cade and Simon
Roberts. 2002, Sun Microsystems Press. - Strengths Best All-Around Study Guide also
covers Part 2 and Part 3 - Weaknesses No coverage of Legacy Connectivity or
Messaging - http//leocrawford.org.uk/work/jcea/part1/
- Covers the older version, but has good coverage
of messaging and legacy connectivity.
33Resources and References
- Design Patterns Elements of Reusable
Object-Oriented Software, Erich Gamma, Richard
Helm, Ralph Johnson, John Vlissides, Grady Booch.
1995, Addison-Wesley. - UML Distilled A Brief Guide to the Standard
Object Modeling Language, Martin Fowler. 2003,
Addison-Wesley. - SCEA_J2EE on Yahoo Groups
- http//groups.yahoo.com/group/scea_j2ee/
34Resources and References
- WhizLabs SCEA Simulator
- http//www.whizlabs.com/scea/scea.html
- Strengths Fairly close to actual Prometric test
format, includes 7 sample exams. - Weaknesses Covers EJB 2.0 and some J2EE Design
Patterns, neither of which are on the exam, and
cost is 89.95.
35Cram Sheet
36For More Information
- Sun Certified Enterprise Architect for J2EE
Technology (Step 1 of 3) (CX-310-051) - http//www.sun.com/training/catalog/courses/CX-310
-051.xml - Thompson Prometric Schedule an Exam
- http//securereg3.prometric.com/
- This Presentation Electronic Copy
- http//www.briggman.com/scea
- SCEA Cram Sheet Electronic Copy
- http//www.briggman.com/scea
37QA
- Brian Briggman
- Pat Guimaraes
- Konrad Rokicki
38Hacking the Sun Certified Enterprise Architect
Exam Part 1
- Brian Briggman
- Pat Guimaraes
- Konrad Rokicki
b.briggman_at_briggman.com pguimara_at_genelogic.com kon
rad_at_gwu.edu
Session ID BOF-0427