380 likes | 521 Vues
Hacking the Sun Certified Enterprise Architect Exam – Part 1. Brian Briggman Pat Guimaraes Konrad Rokicki. Session ID# BOF-0427. Hacking the Sun Certified Enterprise Architect Exam - Part 1. Brian Briggman System Architect Software Consultants Inc. Pat Guimaraes
E N D
Hacking the Sun Certified Enterprise Architect Exam – Part 1 Brian Briggman Pat Guimaraes Konrad Rokicki Session ID# BOF-0427
Hacking the Sun Certified Enterprise Architect Exam - Part 1 • Brian Briggman • System ArchitectSoftware Consultants Inc. • Pat Guimaraes • Principal Software EngineerGene Logic • Konrad Rokicki • Software EngineerGene Logic
Goal of This Presentation What You Can Expect to Gain This session serves as a last minute review session for all attendees who plan on taking Part 1 of the Sun Certified Enterprise Architect exam.
Intended Audience Who is Expected to Attend Ideally, any attendees who have already started studying for the SCEA Part 1 Exam. Our intent is not to teach all the material necessary to pass the exam, but rather to share our experiences and help by distributing a SCEA Study Sheet at the end of the session.
Agenda With Section Highlights SCEA Exam Overview SCEA Exam Objectives Tips and Tricks Resources and References Cram Sheet For More Information Q&A
SCEA Exam Overview • Sun Certified Enterprise Architect for J2EE Technology (Step 1 of 3) • Exam CX-310-051 • Prerequisites: None • Cost: $150 • Number of questions: 48 • Pass score: 68% (33/48) • Time limit: 75 minutes • Delivered at: Authorized Prometric testing centers • Other exams/assignments required for this certification: Step 2 (CX-310-300A), Step 3 (CX-310-061)
SCEA Exam Objectives • Divided into 11 Categories: • 1. Concepts • 2. Common Architectures • 3. Legacy Connectivity • 4. Enterprise JavaBeans Technology • 5. Enterprise JavaBeans Container Model • 6. Protocols • 7. Applicability of J2EE • 8. Design Patterns • 9. Messaging • 10. Internationalization • 11. Security
1. Concepts • UML - Structural Elements • Class – rectangle • Interface – lollipop or stereotyped class • Use Case – oval • Collaboration – dashed oval • Active Class – bold border • Component – rectangle with “plugs” • Node – 3d box
1. Concepts • UML - Relationships • Dependency • Association • Composition • Aggregation • Generalization • Realization
2. Common Architectures • 1-tier - monolithic, standalone • pros: manageability, availability, reliability, performance, security • cons: scalability, maintainability, extensibility • 2-tier - client/server, fat client/stored procedures • pros: rapid prototyping • cons: maintainability (client versioning and distribution, business logic changes) • 3-tier/n-tier - typical J2EE architecture • Client Tier (web clients, applets) • Web Tier (web servers, JSP's, servlets) • Business Tier (EJB's) • EIS Integration Tier (JDBC, ODBC, Corba) • EIS Tier (databases, legacy data)
3. Legacy Connectivity • Objective: Distinguish appropriate from inappropriate techniques for providing access to a legacy system from Java code given an outline description of that legacy system • Concepts: • Screen Scraper – acts as terminal emulator on one end and an object interface on the other • used when you have a graphical interface to a mainframe, but no access to the mainframe source code • Object Mapping – wrappers map legacy objects • used when you have access to the mainframe source code • used if legacy interface changes often • Offboard Server – proxy for legacy system • often used with screen scrapers
4. Enterprise JavaBeans Technology • Core of any enterprise architecture • Many questions are related to EJB in some way • EJB questions are in-depth • Benefits: • Distributed architecture • Resource pooling • Transaction management • Persistence • Security
EJB Basics • Types of EJB’s and their purposes • Stateful Session Beans • Conversational state • Stateless Session Beans • Business logic • Entity Beans • Persistent business entities • Parts of an EJB • Home interface • Remote interface • Bean class
5. Enterprise JavaBeans Container Model • Bean finding and creation • Method execution • Passivation • Persistence • State transitions and callbacks (lifecycle methods)
Transactions • ACID principles • Atomic, Consistent, Isolated, Durable • BMT (bean-managed transactions) • Programmatic transaction demarcation • More flexible • CMT: (container-managed transactions) • Declarative transactions • Easier development • Transaction attributes • Result when method is called with or without an existing transaction
Persistence • When to use Entity beans • Never • Except when taking the exam • BMP • Ability to persist complex types • Potentially better performance • CMP • Faster development • Application Server portability • Data Access Objects (DAO) • greater database portability
6. Protocols Protocol Description Port Stateful Security HTTP Web 80 No No HTTPS HTTP over SSL 443 Yes Yes IIOP CORBA’s transport 535 Yes CORBA JRMP RMI’s transport 1099 Yes SSL & JAAS IIOP can also be used as an alternative transport for RMI when all remote interfaces are defined as Java RMI interfaces, which is the case with EJBs.
Frameworks for Distributed Architectures: • CORBA – moves state of object (call by value) • RMI – moves state and behavior of object (call by reference) • Transport Protocols: • IIOP – Default transport for CORBA, uses JAVA IDL, has access • to CORBA’s services • RMI-IIOP – Standard protocol for EJBs • RMI-JRMP – Used for pure Java solutions • Java Interfaces Supporting Distributed Architectures: • Java IDL – Default interface for CORBA, treats Java like any other • language • JNI – Used by JRMP to connect to other languages 7. Applicability of J2EE Technology
8. Design Patterns • From a list, select the most appropriate design pattern for a given scenario. Patterns will be limited to those documented in Gamma et al. and named using the names given in that book. • State the benefits of using design patterns. • State the name of a design pattern (for example, Gamma) given the UML diagram and/or a brief description of the pattern's functionality. • Select from a list benefits of a specified design pattern (for example, Gamma). • Identify the design pattern associated with a specified J2EE feature
Pattern Gotcha’s • Factory Method vs Abstract Factory • Both are used to defer instantiation to subclasses • Abstract Factory creates families of objects • Often implemented using Factory Methon • Singleton • Can maintain more than 1 instance • Template Method vs Strategy • Template Method lets you abstract part of algorithm, Strategy abstracts the entire thing
Enterprise Java Usage of Patterns • Prototype: like Java's Cloneable • Decorator: EJB Container adds security and transactions to methods • Facade: Session Bean interface to Entity Beans • Flyweight: Session Bean pooling • Proxy: EJB Remote interface (stubs) • Observer: JMS Publish-Subscribe
Synchronous Messaging: • Tight coupling • Blocks sender • Requires constant network • connectivity • Asynchronous Messaging: • Loose coupling • Does not block sender • Does not require constant • network connectivity 9. Messaging Messaging Models: Point-to-point: one sender to one receiver, uses Queues Publish/Subscribe: one sender to multiple receivers, uses Topics JMS is an interface only, does not include implementation. JMS supports transactions across multiple messages. Messages are routed via message brokers.
Types of data that vary by region: • messages, labels • colors, graphics, icons • date/number/currency formats • legal rules (tax algorithms) • Java classes involved in Internationalization: • java.util.Locale • java.util.ResourceBundle • java.util.Properties • java.text package • java.io.Input/OutputStreamReader 10. Internationalization Internationalization is the process of creating a program that can run on any region. Localization is the process of customizing an internationalized program to run on a particular region.
11. Security • General Applet Restrictions • In browsers, the Java Security Manager is installed and used by default • Running an applet from the command line means that no security manager is used by default. • Signed applets can connect to arbitrary hosts. • System properties can never be modified.
Applet Abilities and Restrictions • Applet Permitted Operations • Create a thread • Read but not modify some system properties • Make network connection to the host it was downloaded from • Excessive CPU Usage - not monitored by Security Manger • Excessive Memory Usage - not monitored by Security Manger • Excessive Network Bandwidth Usage - not monitored by Security Manger • Applet Not Permitted Operations • Cannot access files or directories on the host system • Cannot make network connections to any arbitrary host • Cannot read keystrokes intended for other parts of the browser or host system • Cannot execute arbitrary programs on the host system • Cannot block or kill other threads • Cannot create top level windows • Cannot hide or replace system classes with downloaded classes
Asymetric keys, Public keys, and Private keys • Asymetric keys - use public and private keys to encrypt messages • Public key - used for encrypting • Private key - used for decrypting • Encrypted messages are not required to be sent via SSL since they're already encrypted
Jar Signing • Just about any signed code can be compromised or contain malicious code • Signing a jar signs the individual files it contains. • Unsigned files may be added to a signed jar without invalidating the signature.
Digital Signatures, Message Digests and Certificate Authority (CA) • Digital Signature - only proves that the correct private key was used. nothing more. • Message digest - only proves that a piece of data has not been altered • Certificate Authority (CA) – only proves public key belongs to who you think it does
Firewalls, the DMZ, and Tunneling • Packet Filtering Routers - typically filter on destination IP, port, and source IP. • Proxy Server - typically provides content filtering and passes along packets • Firewalls - typically contain a packet filtering router and proxy server(s) • Inner Firewall - the firewall between the DMZ and the inner network • Outer Firewall - the firewall between the DMZ and the outer world • DMZ - Zone between 2 firewalls • Tunneling - A means of circumventing a firewall
Tips & Tricks • General Test Taking • Radio Buttons - Choose 1 • Checkboxes - Choose 2 (or more) - pay attention to the "x" in "Choose x" • Mark - So that you can review the question later • Images - Some questions require a user to view an image to answer the question. A button provides this functionality. • Scrollbars - some answers to a question may be off the bottom of the screen, requiring you to scroll to see them. • Time - Time starts once you are given the Terms and Conditions page, so read them thoroughly beforehand.
Tips & Tricks (continued) • Keywords • Mnemonics • Last Minute Cramming • Use of your scratch paper
Resources and References • Sun Certified Enterprise Architect for J2EE Technology Study Guide, Mark Cade and Simon Roberts. 2002, Sun Microsystems Press. • Strengths: Best All-Around Study Guide – also covers Part 2 and Part 3 • Weaknesses: No coverage of Legacy Connectivity or Messaging • http://leocrawford.org.uk/work/jcea/part1/ • Covers the older version, but has good coverage of messaging and legacy connectivity.
Resources and References • Design Patterns: Elements of Reusable Object-Oriented Software, Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides, Grady Booch. 1995, Addison-Wesley. • UML Distilled: A Brief Guide to the Standard Object Modeling Language, Martin Fowler. 2003, Addison-Wesley. • “SCEA_J2EE” on Yahoo Groups • http://groups.yahoo.com/group/scea_j2ee/
Resources and References • WhizLabs SCEA Simulator • http://www.whizlabs.com/scea/scea.html • Strengths: Fairly close to actual Prometric test format, includes 7 sample exams. • Weaknesses: Covers EJB 2.0 and some J2EE Design Patterns, neither of which are on the exam, and cost is $89.95.
For More Information Sun Certified Enterprise Architect for J2EE Technology (Step 1 of 3) (CX-310-051) http://www.sun.com/training/catalog/courses/CX-310-051.xml Thompson Prometric – Schedule an Exam http://securereg3.prometric.com/ This Presentation – Electronic Copy http://www.briggman.com/scea SCEA Cram Sheet – Electronic Copy http://www.briggman.com/scea
Q&A • Brian Briggman • Pat Guimaraes • Konrad Rokicki
Hacking the Sun Certified Enterprise Architect Exam – Part 1 Brian Briggman Pat Guimaraes Konrad Rokicki firstname.lastname@example.org email@example.com firstname.lastname@example.org Session ID# BOF-0427