VMware vRealize Automation 8.x (2022) — Question 8

Which two statements are true regarding Spring Security? (Choose two.)

Answer options

• A. Access control can be configured at the method level.
• B. A special Java Authentication and Authorization Service (JAAS) policy file needs to be configured.
• C. Authentication data can be accessed using a variety of different mechanisms, including databases and LDAP.
• D. In the authorization configuration, the usage of permitAll () allows bypassing Spring security completely.
• E. It provides a strict implementation of the Java EE Security specification.

Correct answer: A, C

Explanation

Option A is correct because Spring Security allows configuring access control at both the method and URL levels. Option C is also correct as Spring Security supports various authentication mechanisms, including databases and LDAP. Options B, D, and E are incorrect: JAAS is not a requirement for Spring Security, permitAll() does not bypass security but allows unrestricted access, and Spring Security does not strictly adhere to the Java EE Security specification.