Hacking the Sun Certified Enterprise Architect Exam – Part 1

2006 JavaOneSM Conference | Session BOF-0427

Hacking the Sun Certified Enterprise Architect Exam – Part 1Brian BriggmanPat GuimaraesKonrad Rokicki

Session ID# BOF-0427

2006 JavaOneSM Conference | Session BOF-0427 | 2

Hacking the Sun Certified Enterprise Architect Exam - Part 1

● Brian Briggman● System Architect

Software Consultants Inc.

● Pat Guimaraes● Principal Software Engineer

Gene Logic

● Konrad Rokicki● Software Engineer

Gene Logic


This session serves as a last minute review session for all attendees who plan on taking Part 1 of the Sun Certified Enterprise Architect exam.

What You Can Expect to GainGoal of This Presentation


Ideally, any attendees who have already started studying for the SCEA Part 1 Exam. Our intent is not to teach all the material necessary to pass the exam, but rather to share our experiences and help by distributing a SCEA Study Sheet at the end of the session.

Who is Expected to AttendIntended Audience


Agenda With Section Highlights

SCEA Exam OverviewSCEA Exam ObjectivesTips and TricksResources and ReferencesCram SheetFor More InformationQ&A


SCEA Exam Overview

● Sun Certified Enterprise Architect for J2EE Technology (Step 1 of 3)

● Exam CX-310-051 ● Prerequisites: None ● Cost: $150● Number of questions: 48 ● Pass score: 68% (33/48)● Time limit: 75 minutes

● Delivered at: Authorized Prometric testing centers● Other exams/assignments required for this certification:

Step 2 (CX-310-300A), Step 3 (CX-310-061)


SCEA Exam Objectives● Divided into 11 Categories:

● 1. Concepts● 2. Common Architectures● 3. Legacy Connectivity● 4. Enterprise JavaBeans Technology● 5. Enterprise JavaBeans Container Model● 6. Protocols● 7. Applicability of J2EE● 8. Design Patterns● 9. Messaging● 10. Internationalization● 11. Security


1. Concepts

● UML - Structural Elements● Class – rectangle● Interface – lollipop or stereotyped class● Use Case – oval● Collaboration – dashed oval● Active Class – bold border● Component – rectangle with “plugs”● Node – 3d box


1. Concepts

● UML - Relationships● Dependency● Association

● Composition● Aggregation

● Generalization● Realization


2. Common Architectures

● 1-tier - monolithic, standalone● pros: manageability, availability, reliability, performance, security● cons: scalability, maintainability, extensibility

● 2-tier - client/server, fat client/stored procedures● pros: rapid prototyping ● cons: maintainability (client versioning and distribution, business

logic changes)● 3-tier/n-tier - typical J2EE architecture

● Client Tier (web clients, applets)● Web Tier (web servers, JSP's, servlets)● Business Tier (EJB's)● EIS Integration Tier (JDBC, ODBC, Corba)● EIS Tier (databases, legacy data)


3. Legacy Connectivity

● Objective: Distinguish appropriate from inappropriate techniques for providing access to a legacy system from Java code given an outline description of that legacy system

● Concepts:● Screen Scraper – acts as terminal emulator on one end and an

object interface on the other● used when you have a graphical interface to a mainframe, but no

access to the mainframe source code● Object Mapping – wrappers map legacy objects

● used when you have access to the mainframe source code● used if legacy interface changes often

● Offboard Server – proxy for legacy system● often used with screen scrapers


4. Enterprise JavaBeans Technology

● Core of any enterprise architecture● Many questions are related to EJB in some way● EJB questions are in-depth● Benefits:

● Distributed architecture● Resource pooling● Transaction management● Persistence● Security


EJB Basics

● Types of EJB’s and their purposes ● Stateful Session Beans

● Conversational state● Stateless Session Beans

● Business logic● Entity Beans

● Persistent business entities

● Parts of an EJB● Home interface● Remote interface● Bean class


5. Enterprise JavaBeans Container Model

● Bean finding and creation● Method execution● Passivation● Persistence● State transitions and callbacks (lifecycle

methods)


Transactions

● ACID principles● Atomic, Consistent, Isolated, Durable

● BMT (bean-managed transactions)● Programmatic transaction demarcation● More flexible

● CMT: (container-managed transactions)● Declarative transactions● Easier development● Transaction attributes

● Result when method is called with or without an existing transaction


Persistence

● When to use Entity beans● Never● Except when taking the exam

● BMP● Ability to persist complex types● Potentially better performance

● CMP● Faster development● Application Server portability

● Data Access Objects (DAO)● greater database portability


6. Protocols

Protocol Description Port Stateful Security

HTTP Web 80 No NoHTTPS HTTP over SSL 443 Yes YesIIOP CORBA’s transport 535 Yes CORBAJRMP RMI’s transport 1099 Yes SSL & JAAS

IIOP can also be used as an alternative transport for RMI when all remote interfaces are defined as Java RMI interfaces, which is the case with EJBs.


7. Applicability of J2EE TechnologyFrameworks for Distributed Architectures:• CORBA – moves state of object (call by value)• RMI – moves state and behavior of object (call by reference)

Transport Protocols:• IIOP – Default transport for CORBA, uses JAVA IDL, has access to CORBA’s services• RMI-IIOP – Standard protocol for EJBs• RMI-JRMP – Used for pure Java solutions

Java Interfaces Supporting Distributed Architectures:• Java IDL – Default interface for CORBA, treats Java like any other language• JNI – Used by JRMP to connect to other languages


8. Design Patterns

● From a list, select the most appropriate design pattern for a given scenario. Patterns will be limited to those documented in Gamma et al. and named using the names given in that book.

● State the benefits of using design patterns.● State the name of a design pattern (for example,

Gamma) given the UML diagram and/or a brief description of the pattern's functionality.

● Select from a list benefits of a specified design pattern (for example, Gamma).

● Identify the design pattern associated with a specified J2EE feature


Pattern Gotcha’s

● Factory Method vs Abstract Factory● Both are used to defer instantiation to subclasses● Abstract Factory creates families of objects● Often implemented using Factory Methon

● Singleton● Can maintain more than 1 instance

● Template Method vs Strategy● Template Method lets you abstract part of algorithm,

Strategy abstracts the entire thing


Enterprise Java Usage of Patterns

● Prototype: like Java's Cloneable● Decorator: EJB Container adds security and

transactions to methods● Facade: Session Bean interface to Entity Beans● Flyweight: Session Bean pooling● Proxy: EJB Remote interface (stubs)● Observer: JMS Publish-Subscribe


9. Messaging

Synchronous Messaging:• Tight coupling• Blocks sender• Requires constant network connectivity

Asynchronous Messaging:• Loose coupling• Does not block sender• Does not require constant network connectivity

Messaging Models:Point-to-point: one sender to one receiver, uses QueuesPublish/Subscribe: one sender to multiple receivers, uses Topics

JMS is an interface only, does not include implementation.JMS supports transactions across multiple messages.Messages are routed via message brokers.


10. InternationalizationInternationalization is the process of creating a program that can run on any region. Localization is the process of customizing an internationalized program to run on a particular region.

Types of data that vary by region:

• messages, labels• colors, graphics, icons• date/number/currency formats• legal rules (tax algorithms)

Java classes involved in Internationalization:

• java.util.Locale• java.util.ResourceBundle• java.util.Properties• java.text package• java.io.Input/OutputStreamReader


11. Security

● General Applet Restrictions● In browsers, the Java Security Manager is installed and used by

default● Running an applet from the command line means that no

security manager is used by default.● Signed applets can connect to arbitrary hosts.● System properties can never be modified.


Applet Abilities and Restrictions● Applet Permitted Operations

● Create a thread● Read but not modify some system properties● Make network connection to the host it was downloaded from● Excessive CPU Usage - not monitored by Security Manger● Excessive Memory Usage - not monitored by Security Manger● Excessive Network Bandwidth Usage - not monitored by Security Manger

● Applet Not Permitted Operations● Cannot access files or directories on the host system● Cannot make network connections to any arbitrary host● Cannot read keystrokes intended for other parts of the browser or host

system● Cannot execute arbitrary programs on the host system● Cannot block or kill other threads● Cannot create top level windows● Cannot hide or replace system classes with downloaded classes


Asymetric keys, Public keys, and Private keys

● Asymetric keys - use public and private keys to encrypt messages

● Public key - used for encrypting● Private key - used for decrypting● Encrypted messages are not required to be sent

via SSL since they're already encrypted


Jar Signing

● Just about any signed code can be compromised or contain malicious code

● Signing a jar signs the individual files it contains.● Unsigned files may be added to a signed jar

without invalidating the signature.


Digital Signatures, Message Digests and Certificate Authority (CA)

● Digital Signature - only proves that the correct private key was used. nothing more.

● Message digest - only proves that a piece of data has not been altered

● Certificate Authority (CA) – only proves public key belongs to who you think it does


Firewalls, the DMZ, and Tunneling● Packet Filtering Routers - typically filter on destination

IP, port, and source IP.● Proxy Server - typically provides content filtering and

passes along packets● Firewalls - typically contain a packet filtering router and

proxy server(s)● Inner Firewall - the firewall between the DMZ and the

inner network● Outer Firewall - the firewall between the DMZ and the

outer world● DMZ - Zone between 2 firewalls● Tunneling - A means of circumventing a firewall


Tips & Tricks

● General Test Taking● Radio Buttons - Choose 1● Checkboxes - Choose 2 (or more) - pay attention to the "x" in

"Choose x"● Mark - So that you can review the question later● Images - Some questions require a user to view an image to

answer the question. A button provides this functionality.● Scrollbars - some answers to a question may be off the bottom

of the screen, requiring you to scroll to see them.● Time - Time starts once you are given the Terms and Conditions

page, so read them thoroughly beforehand.


Tips & Tricks (continued)

● Keywords● Mnemonics● Last Minute Cramming● Use of your scratch paper


Resources and References

● Sun Certified Enterprise Architect for J2EE Technology Study Guide, Mark Cade and Simon Roberts. 2002, Sun Microsystems Press.

● Strengths: Best All-Around Study Guide – also covers Part 2 and Part 3

● Weaknesses: No coverage of Legacy Connectivity or Messaging

● http://leocrawford.org.uk/work/jcea/part1/● Covers the older version, but has good coverage of

messaging and legacy connectivity.



● Design Patterns: Elements of Reusable Object-Oriented Software, Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides, Grady Booch. 1995, Addison-Wesley.

● UML Distilled: A Brief Guide to the Standard Object Modeling Language, Martin Fowler. 2003, Addison-Wesley.

● “SCEA_J2EE” on Yahoo Groups● http://groups.yahoo.com/group/scea_j2ee/



● WhizLabs SCEA Simulator● http://www.whizlabs.com/scea/scea.html● Strengths: Fairly close to actual Prometric test format,

includes 7 sample exams.● Weaknesses: Covers EJB 2.0 and some J2EE

Design Patterns, neither of which are on the exam, and cost is $89.95.


Cram Sheet


For More Information

● Sun Certified Enterprise Architect for J2EE Technology (Step 1 of 3) (CX-310-051)

● http://www.sun.com/training/catalog/courses/CX-310-051.xml

● Thompson Prometric – Schedule an Exam● http://securereg3.prometric.com/

● This Presentation – Electronic Copy● http://www.briggman.com/scea

● SCEA Cram Sheet – Electronic Copy● http://www.briggman.com/scea

2006 JavaOneSM Conference | Session TS-8360 | 37

Q&ABrian Briggman

Pat Guimaraes

Konrad Rokicki

2006 JavaOneSM Conference | Session BOF-0427

Hacking the Sun Certified Enterprise Architect Exam – Part 1

Brian BriggmanPat GuimaraesKonrad Rokicki

Session ID# BOF-0427

[email protected]

[email protected]

[email protected]

Documents

Hacking the Sun Certified Enterprise Architect Exam – Part 1