Certificação

Question 1

AJax

Answer 1

AJAX is used to create more interactive applications. In AJAX, JavaScript sends the request to server, and the PHP script running in server responses.

Question 2

Finally

Answer 2

finally

The code inside the finally block always executes regardless of whether an exception has been thrown or not.

Question 3

Generator

Answer 3

A generator provides a simple mechanism to iterate through data without any need of writing a class implementing the Iterator interface.

Question 4

Goto

Answer 4

The goto operator facilitates you to jump directly to a line of code within the same file.

Question 5

Heredoc

Answer 5

In the heredoc string notation, a heredoc block starts with «< and then a block identifier.

Question 6

Namespace

Answer 6

A namespace (sometimes also called a name scope) is an abstract container or environment created to hold a logical grouping of unique identifiers or symbols (i.e., names).

Question 7

Yeld

Answer 7

This is a keyword that can be used in a function for both inputting and outputting data.

Question 8

Which of the following enhances the performance of PHP by storing precompiled script bytecode in shared memory?

Answer 8

Opcache

Question 9

Which of the following password hashing functions checks if the supplied hash implements the algorithm and options provided?

password_needs_rehash()

password_verify()

password_get_info()

password_hash()

Answer 9

password_needs_rehash()

Question 10

Which of the following features in PHP allows creation of custom functions that retain the state between runs?

Array dereferencing

Generator

finally block

Resolution

Answer 10

Generator

Question 11

Which of the following features is deprecated as of PHP 5.5?

namespace

curlwrappers

GD extension

OPcache extension

Answer 11

curlwrappers

Question 12

Which of the following features is mainly used for writing cleanup code inside it?

try

catch

finally

yield

Answer 12

finally

Question 13

Which of the following statements are true regarding the generators in PHP?
Each correct answer represents a complete solution. Choose all that apply.

Any function that contains a yield statement is a generator function.

Generator objects can be instantiated using the new keyword.

The empty() function can accept expressions as arguments.

The concept of generators was added in PHP version 5.3.

Answer 13

Answer options A and C are correct.
Any function that contains a yield statement is automatically a generator function. The empty() function can accept expressions as arguments. Generators allow you to create custom functions that retain the state between runs.
Answer options B and D are incorrect. The generator objects cannot be instantiated by using the new keyword. The concept of generators is added in PHP version 5.5.

Question 14

function sampleFunction($val1, $val2, $ctr = 1)
     {
         for ($i = $val1; $i ;
     }

What will be the output?

1 3 5 7

1 7 2

1 3 5

3 5 7

Answer 14

A generator allows you to iterate over a set of data by using a foreach loop without building an array in memory. The output of the code will be:

1 3 5 7

Question 15

namespace mynamespace
     {
         class myclass
         {
             function fun()
             {
                 echo "Hello";
             }
         }
         class studentClass
         {
             function studentRecord()
             {
             }
          }
      echo studentClass::class;
     }

mynamespace\myclass

mynamespace\studentClass

studentClass\studentRecord

Error

Answer 15

Answer option B is correct.

In PHP version 5.5, the class keyword can retrieve the fully qualified name of a class, including the namespace within which it has been defined. Therefore, the code snippet given in the question will print the name of the namespace and class.

Question 16

Which of the following statements are true regarding an opcode cache?

Each correct answer represents a complete solution. Choose all that apply.

It speeds up the performance of PHP.

It slightly alters the behavior of applications negatively.

It overrides PHP’s default compiler callback.

It does not use shared memory for storage.

Answer 16

Answer options A and C are correct.

An opcode cache is mainly designed to speed up or enhance the performance of PHP without altering the behavior of applications. It overrides PHP’s default compiler callback. Before the advent of an opcode cache, each time you execute a .php file, it invokes a runtime compiler, generates an in-memory representation of the file, which is known as intermediate code, and then invokes the executor on it.

Answer options B, and D are incorrect. An opcode cache does not alter the behavior of applications negatively. The modern opcode caches use shared memory for storage.

Question 17

Which of the following are the newly added features in PHP 5.5?

Each correct answer represents a complete solution. Choose all that apply.

try-catch

Generators

finally keyword

yield keyword

Answer 17

Answer options B, C, and D are correct.

Some of the newly added features in PHP 5.5 are:
Generators: A generator provides a simple mechanism to iterate through data without any need of writing a class implementing the Iterator interface.
finally: This version of PHP supports the finally block after the try-catch block. The code inside the finally block will always execute regardless of whether an exception has been thrown or not.
yield: The keyword 'yield' can be used in a function for both inputting and outputting data. The concept of generator is mainly implemented by this keyword.
Answer option A is incorrect. The try-catch block was available in previous versions as well.

Question 18

Which of the following statements is true regarding a script?

A program that is interpreted directly by a microprocessor

A program developed by using JVM

A program that can be interpreted only by a web server

A program that is interpreted by another program

Answer 18

Answer option D is correct.

A script is a program or a sequence of instructions, which is interpreted by another program.

Answer options C, A, and B are incorrect. This is not true that a script can only be interpreted by a web server only. The Java programs are developed using JVM. The scripts are invisible to users but they are available to respond on user’s actions. The behavior of a web application depends upon the scripts. Every script represents a text document that contains a list of instructions that are executed by a program or scripting manager so that the desired and required actions could be achieved automatically.

Question 19

echo (int) ((0.1 + 0.7) * 10);

What will be the output of the PHP script?

7

8

The PHP script will return an error message.

10

Answer 19

The expression ((0.1 + 0.7) * 10) will evaluate to 8. However, PHP stores the value of the expression internally as fractional value such as 7.999999 instead of 8. Here we are typecasting the value of expression into integer. When fractional values are type casted to integer value, the PHP truncates the fractional part (result have significant error of 12.5%, to be exact). Hence above expression will give 7 as output.

Hence = Daí

Question 20

Which of the following operators is known as the error control operator in PHP?

is known = é conhecido

Answer 20

The symbol (@) in PHP is known as the error control operator. In PHP, when it is prepended to an expression, then any error messages generated by that expression will be ignored.

Question 21

Which of the following statements are true regarding constants and variables?

regarding = em relacao à

Each correct answer represents a complete solution. Choose all that apply.

The name of a variable and constant starts with a $ sign.

A constant can be defined by using the const_define() method.

A constant can be defined and accessed anywhere regardless of variable scoping rules.

The value of a constant cannot be redefined once they have been set.

Answer 21

Answer options C and D are correct.

A constant can be defined and accessed anywhere regardless of variable scoping rules. The value of a constant cannot be redefined or undefined once they have been set.

Answer options A, and B are incorrect. There is no need to write a dollar sign ($) before a constant; however, in case of a variable, you have to write a dollar sign. A constant can be defined by using the define() method.

Question 22

Which of the following are valid PHP variables?

Each correct answer represents a complete solution. Choose three.

$variable

${0x0}

&$variable

$0x0

Answer 22

Answer options C, B, and A are correct.

&$variable, ${0x0}, and $variable are valid variables. A valid php variable starts with a dollar($) symbol followed by the variable name. The name of the variable must begin with a letter or an underscore. In php, you can also ‘assign by reference’ values to a variable. For this, you can prefix a variable to be assigned by an assignment operator.

&$variable has a the ‘&’ reference operator attached to it. It references to the variable $variable. So it is a valid php variable.

${0x0} uses a valid curly braces syntax. Anything inside {} will be interpolated. So 0x0 will be interpolated to 0 and stored as a variable with the name 0. So it is a valid php variable.

$variable begins with a valid dollar ($) symbol with the variable name as ‘variable’. So it is a valid php variable.

Answer option D is incorrect. $0x0 is not a valid option because variables do not begin with numbers.

Question 23

Which of the following data types are compound data types?

compound = composto

Answer 23

Answer options C and B are correct.

Arrays and objects are compound data types. Arrays are data types that contain ordered data elements. An array can be used to store and retrieve any other data type, such as numbers, Boolean values, strings, objects, and even other arrays. Objects are data types that contain both data and code.

Answer options A and D are incorrect. Booleans and strings are scalar data types. Booleans are data types that contain only two values:
true
false
Strings are ordered collections of binary data, such as text, contents of an image file, spreadsheet, etc.

Question 24

Which of the following is a PHP accelerator used for increasing the speed of PHP applications running on Windows and Windows Server?

File Cache

Windows Cache Extension

BLOB

PHP opcode cache

Answer 24

Answer option B is correct.

Windows Cache Extension is a PHP accelerator used for increasing the speed of PHP applications running on Windows and Windows Server.

Answer option A is incorrect. A file cache stores the content of the PHP script files in shared memory which in turn decreases the amount of the file system operations that is performed by the PHP engine.

Answer option D is incorrect. PHP opcode cache stores the compiled script bytecode in shared memory. In return, it is reused by the PHP engine for subsequent executions of the same script.

Answer option C is incorrect. A BLOB (Binary Large Object) can be defined as a collection of binary data that gets stored as a single entity in a database management system.

Question 25

Precedence of Some PHP Operators (Highest First)

Answer 25

\++ -- (increment/decrement)
(int) (float) (string) (array) (object) (bool) (casting)
! (not)
* / % (arithmetic)
\+ - . (arithmetic)
<  >= <> (comparison)
== != === !== (comparison)
&& (and)
|| (or)
= += -= *= /= .= %= (assignment)
and
xor
or

Question 26

escapeshellarg

Answer 26

The escapeshellarg() function is used to convert a scalar value into a single-quote delimited string that can be used safely as a single argument for a shell command.

Question 27

Mcrypt

Answer 27

Mcrypt is an interface that supports many block algorithms such as DES, TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2, and GOST in CBC, OFB, CFB and ECB cipher modes.

Question 28

You want to stop showing PHP errors or show only critical errors so that a malicious hacker cannot hack your Web site. Which of the following PHP directive settings will you use to accomplish this task?

Each correct answer represents a part of the solution. Choose all that apply.

display_errors = off

log_errors = on

error_reporting = E_ALL | E_STRICT

cgi.force_redirect

Answer 28

According to the question, you want to stop showing PHP errors or show only critical errors so that a malicious hacker cannot hack your Web site. For this, you can stop displaying the errors by the following settings in php.ini:
display_errors = off
log_errors = on
Answer option C is incorrect. You can show all errors by updating the following directive setting:

According = Segundo

error_reporting = E_ALL | E_STRICT

Answer option D is incorrect. The cgi.force_redirect directive is used to prevent any user from calling PHP directly with a URL like http://any.host/cgi-bin/php/secretdir/script.php. In other words, it blocks the ability to call a directory from the URL. It allows PHP to parse only if it has been redirected by the Apache Web-server.

Question 29

The _________ () function is used to replace the current session id with the new session id, and to keep information of the current session.

Answer 29

session_regenerate_id()

Question 30

Which of the following functions is used to set whether to use the SOAP error handler?
to set = Para definir

is_soap_fault

error_handler

soap error_handler

use_soap_error_handler

Answer 30

There are two important functions in SOAP, which are as follows:
use_soap_error_handler: It is used to set whether to use the SOAP error handler. The syntax of the use_soap_error_handler() function is as follows:

use_soap_error_handler ([ bool $handler = true ] )
is_soap_fault: It is used to check if a SOAP call has failed. The syntax is as follows:

Question 31

What type of attack is possible with this PHP script?

escapeshellarg()

Cross-site scripting attack

SQL injection attack

Replay attack

Answer 31

Answer option B is correct.

This script is vulnerable to a cross-site scripting attack. Cross Site Scripting vulnerabilities or XSS flaws arise every time an application takes a user-supplied data and sends it to a Web browser without first confirming or encoding the content. A number of times attackers find these flaws in Web applications. XSS flaws allow an attacker to execute a script in the victim’s browser, allowing him to take control of user sessions, disfigure Web sites, and possibly launch worms, viruses, malware, etc. to steal and access critical data from the user’s database.

Question 32

Which of the following functions is the best choice to retrieve the fingerprint of a string?

fingerprint = impressao digital

md5()

hash()

crypt()

fingerprint()

Answer 32

The md5() function retrieves the fingerprint of a string and returns the hash as a 32-character hexadecimal number.

Question 33

Which of the following parameters of an error handler function represents an array containing all the variables that existed at the time the error was raised?

errstr

errline

errfile

errcontext

Answer 33

Answer option D is correct.

The errcontext parameter of a user defined error handler function contains the variables that were present at the time the error was raised. This parameter is optional in an error handler function.

Question 34

Which of the following functions can you use to mitigate a command injection attack?

Each correct answer represents a complete solution. Choose two.

escapeshellarg()

htmlentities()

strip_tags()

escapeshellcmd()

Answer 34

You can use either the escapeshellcmd() or escapeshellarg() function to mitigate a command injection attack. The escapeshellcmd() function escapes all of the shell metacharacters and control operators within a string. It decreases the risks involved in allowing user input to be passed to the shell, by escaping all metacharacters and control operators with backslashes. Hence, it is used to overcome command injection attacks. The escapeshellarg() function is used to convert a scalar value into a single-quote delimited string that can be used safely as a single argument for a shell command. It converts the existing single quotes (‘) value to the ‘'’. In this way, this sequence temporarily ends the single-quoted string and inserts a literal single quote, and then resumes the string. Since the data passed through escapeshellarg() can safely be used as a single argument, it can be used to mitigate the command injection attack.

overcome = superar

Question 35

Consider a scenario in which a website allows users to upload pictures. What kind of security should be set to prevent attacks?

Each correct answer represents a complete solution. Choose all that apply.

Allow upload of all files.

Limit the size to upload files.

Ensure validation for file extension.

Disallow execution of any file.

Answer 35

Answer options B, C, and D are correct.

Limiting the size of uploaded files would not allow any transfer of files larger than the amount specified, and validation of extension would identify the executable files and prevent them from execution.

Question 36

Which of the following is a PHP script vulnerability of the mail() function that can occur in Internet applications that are used to send email messages?

SQL injection

Email injection

Email scheduler

Email Bomber

Answer 36

Email injection is a PHP script vulnerability of the mail() function that can occur in Internet applications that are used to send email messages. When a form is added to a web page that submits data to a web application, a malicious user may exploit the MIME format to append additional information to the message being sent, such as a new list of recipients or a completely different message body.

Because the MIME format uses a carriage return to delimit the information in a message, and only the raw message determines its eventual destination, adding carriage returns to submitted form data can allow a simple guestbook to be used to send thousands of messages at once. A malicious spammer could use this tactic to send a large number of messages anonymously.

carriage = transporte

Question 37

An attacker is able to run his code on a user’s computer by using the include function. Which security attack would you call this?

Cross-Site Scripting

Email Injection

SQL Injection

Remote Code Injection

Answer 37

Answer option D is correct.
Remote Code Injection runs the attacker’s code on a user’s machine, often by exploiting the functionality of the included or required function. The result of the code injection can be disastrous. For instance, code injection is used by some computer worms to propagate.
Answer option C is incorrect. A SQL injection is an attack that allows the PHP script to programmatically execute a command line. In SQL injection, the attacker takes advantage of improper coding and injects SQL commands to gain access to the data held within a database.
Answer option A is incorrect. Cross-site scripting enables attackers to inject client-side script into webpages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.
Answer option B is incorrect. Email injection is a PHP script vulnerability of the mail() function that can occur in Internet applications that are used to send email messages. When a form is added to a web page that submits data to a web application, a malicious user may exploit the MIME format to append additional information to the message being sent, such as a new list of recipients or a completely different message body.

Question 38

You try to run a PHP script but it stops running and receive an error as “E_CORE_ERROR”. Which of the following describes this error?

A fatal error occurred while the script was being compiled.

A fatal error occurred during the PHP engine’s startup.

The script couldn’t be run because there was a problem parsing it.

A fatal runtime error that can’t be recovered from.

Answer 38

Answer option B is correct.

A PHP script receives an E_CORE_ERROR error when a fatal run-time error occurs during the PHP engine’s initial startup.

Answer option A is incorrect. An E_COMPILE_ERROR error is received when a fatal compile-time error occurs in the script. It is generated by the Zend Scripting Engine.

Answer option D is incorrect. An E_ERROR error is received when a fatal run-time error occurs. It is generally received in the case of a memory allocation problem.

Answer option C is incorrect. An E_PARSE error is received when a fatal compile-time parse error occurs.

Question 39

What is the default timeout of a session cookie?

45 min

30 min

10 min

Until the browser is closed

Answer 39

Answer option D is correct.

By default, a session cookie is valid until the browser is closed. A session refers to all the connections that can be made by a single client in the course of viewing any pages associated with a given application. Sessions are specific to both the individual user and the application. Therefore, every user of an application has a separate session and has access to a separate set of session variables.

therefore = portanto

Question 40

What will you do to prevent a Cross-Site Scripting attack?

Escape JavaScript while using PHP.

Filter Output.

Filter all input.

Filter Output used in Database transaction.

Answer 40

Cross-site scripting (XSS) attack
A cross-site scripting attack works in the following manner:
The attacker identifies a Web site that has one or more XSS bugs, for example, a Web site that echoes the contents of a querystring.
The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and PHP script.
The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another Web page, or a link in an HTML e-mail.
Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Filtering your input is the most important thing you do to prevent any Cross-Site Scripting attacks.

Question 41

Which of the following functions is used to get a specific external variable by name and optionally filter it?

filter()

filter_output()

filter_name()

filter_input()

Answer 41

The filter_input() function is used to get a specific external variable by name and optionally to filter it. The syntax of the filter_input() function is as follows:

filter_input ( int $type , string $variable_name [, int $filter = FILTER_DEFAULT [, mixed $options ]] )
Here, the $type is one of INPUT_GET, INPUT_POST, INPUT_COOKIE, INPUT_SERVER, or INPUT_ENV.

Question 42

Which of the following functions allows a parser to be used within an object?

xml_set_object()

xml_parse_into_struct()

xml_parser_set_option()

xml_set_character_data_handler()

Answer 42

Answer option A is correct.

The xml_set_object() function is used to allow a parser to be used within an object. It uses the XML Parser within an object. The syntax of the xml_set_object() function is as follows:

bool xml_set_object(resource $parser, object &$object)

Question 43

PHP handles XML through:

The Expat C library

The Standard PHP library

The Gnome C library

The built-in functions written by users

Answer 43

Answer option A is correct.

PHP handles XML through the Expat C library. Expat is an XML parser used by PHP. PHP’s XML parser is based on the Expat C library, which lets you parse but not validate XML documents. The Expat parser is an event-based parser. Event-based parsers mainly focus on the content of the XML documents, not their structure. Therefore, event-based parsers can access data faster than tree-based parsers.

Question 44

Which of the following is an XML protocol that implements communication between two computers?

HTTP

JSON

REST

SOAP

Answer 44

Answer option D is correct.

SOAP is an XML protocol that implements communication between two computers, including publishing, finding, binding, and calling of the webservice.

Question 45

Which of the following protocols is used to standardize the description of web services such that providers and requesters speak the same language?

SOAP

WSDL

UDDI

HTTP

Answer 45

Answer option B is correct.

WSDL standardizes the description of web services such that providers and requesters speak the same language.

Question 46

Mark works as a Web developer for uCertify.com. As per the company’s requirements, he needs to determine that what happens when XML nodes in a particular document are parsed by the XML parser. Which of the following functions will Mark execute to handle events before and after the XML parser processes document nodes?

xml_set_element_handler()

xml_set_default_handler()

xml_set_character_data_handler()

xml_set_notation_decl_handler()

Answer 46

Answer option A is correct.

The xml_set_element_handler() function is used to handle events before and after the XML parser processes document nodes. The xml_set_element_handler() function is used to specify functions that need to be called at the start and end of an element in the XML document. The syntax of the xml_set_element_handler() function is:

bool xml_set_element_handler ( resource $parser , callable $start_element_handler , callable $end_element_handler )

Question 47

Which of the following PCRE expressions is used to match any whitespace character?

.

$

\s

Answer 47

Answer option D is correct.

Here, ‘\s’ expression is used to match any whitespace.

Answer options A, B, and C are incorrect. The period (‘.’) is used to match any character, ‘^’ is used to match the start of the string, and ‘$’ is used to match the end of the string.

Question 48

Which of the following header codes is used for redirection?

5XX

1XX

4XX

3XX

Answer 48

Answer option D is correct.

The 3XX header code is used for redirection. It indicates that further action needs to be taken by the user agent in order to fulfill the request.

Answer option A is incorrect. The 5XX header code indicates that the server failed to fulfill an apparently valid request.

Answer option B is incorrect. The 1XX header code is used for retrieving basic information.

Answer option C is incorrect. The 4XX header code is intended for cases in which the client seems to have erred. It displays error messages.

Question 49

Which of the following elements of the $_SERVER array contains the IP address from which the user is viewing the current page?

HTTP_USER_AGENT

SERVER_ADDR

REMOTE_HOST

REMOTE_ADDR

Answer 49

Answer option D is correct.

REMOTE_ADDR contains the IP address from which the user is viewing the current page. The $_SERVER array contains elements set by the server. It is directly related to the runtime environment of the current php script.

Answer option C is incorrect. REMOTE_HOST is the host name from which the user is viewing the current page.

Answer option B is incorrect. SERVER_ADDR is the IP address of the server under which the current script is executing.

Answer option A is incorrect. HTTP_USER_AGENT contains the name and version of the client browser.

Question 50

What will be the output of the above script in case of countries west of GMT?

Fatal error

Compilation error

Today is Friday

Today is Tuesday

Answer 50

Answer option C is correct.

The above script will output to Today is Friday. The gmmktime() function is used to return a UNIX timestamp for a GMT date. The syntax of the gmmktime() function is:

int gmmktime ([ int $hour = gmdate(“H”) [, int $minute = gmdate(“i”) [, int $second = gmdate(“s”) [, int $month = gmdate(“n”) [, int $day = gmdate(“j”) [, int $year = gmdate(“Y”) [, int $is_dst = -1 ]]]]]]] )

Question 51

Which of the following is a HTTP request header that represents a list of compression methods that the browser will accept for the returned content?

Accept-Language

Accept

Accept-Encoding

Accept-Charset

Answer 51

Answer option C is correct.

Accept-Encoding is a HTTP request header that represents a list of compression methods that the browser will accept for the returned content.

Answer option D is incorrect. Accept-Charset is a HTTP request header that represents a list of character sets that the browser will accept for the returned content.

Answer option A is incorrect. Accept-Language is a HTTP request header that represents a list of languages that the browser will accept for the returned content.

Answer option B is incorrect. Accept is a HTTP request header that represents a list of MIME content types that the browser will accept for the returned content.

Question 52

Which of the following functions is used to return the UNIX timestamp for a date?

idate()

localtime()

time()

mktime()

Answer 52

Answer option D is correct.

The mktime() function is used to return the UNIX timestamp for a specific date. The syntax of the mktime() function is:

int mktime ([ int $hour = date(“H”) [, int $minute = date(“i”) [, int $second = date(“s”) [, int $month = date(“n”) [, int $day = date(“j”) [, int $year = date(“Y”) [, int $is_dst = -1 ]]]]]]] )

If any arguments are left out, then it would take the current value as per the local date and time.

Answer option C is incorrect. The time() function is used to return the current time as a UNIX timestamp.

Answer option B is incorrect. The localtime() function is used return the local time.

Answer option A is incorrect. The idate() function is used to format a local date/time as an integer.