Exam questions Flashcards
What is true about the HTTP request response-cycle
It can be either a HTTP request or a HTTP response.
What does CRUD stand for?
Create → Save or create a new resource
Read → Display one or more resources
Update → Edit or update one resource
Delete → Remove a resource
What is a Entity relationship diagram:
Is an model that consists of entities, attributes, and relations. The entities represent tables, the attributes represent properties of the table, and the relations represent the association between entities.
Having a multi-tier architecture comes with several benefits. What is the statement that explains it best?
The multi-tier architecture has Improved security, scalability and is easier to maintain
The multi-tier architecture is a client-server architecture and the most commonly used is the three-tier architecture.
What are the different tiers?
It has three tiers →
The presentation tier, or user interface. Displays the content so the user can understand.
The business logic tier, where data is processed.
The data tier, where the data associated with the application is stored and managed - for example SQL queries and functions that are interacting with the database.
Building and designing an accessible website creates several benefits.
Which are they?
1.Accessibility helps you avoid lawsuits.
2.Accessibility improves public perception.
3.Accessibility improves people’s lives.
4.Accessibility increases your customer base.
5. Accessibility improves search engine optimization.
6. Accessibility increases compatibility.
Which principles are used to define accessible content?
Robust - Operable - Perceivable - Understandable
What is true about primary keys in SQL databases?
The primary key identifies a record, and there can not be duplicate values of the primary key in the table.
Describe what a CMS is, how it works and name some examples where it can be used. Briefly
explain/motivate your examples by naming how it works.
CMS stands for content management system,
CMS - is software that helps users create, manage, and modify content on a website without the need for specialized technical knowledge.
It is a tool that helps you build a website without needing to write all the code from scratch (or even know how to code at all).
makes it easier for the client since they don´t have to change any code to change the website, but instead change the content in the CMS.
and some different examples of CSM´s are Wordpress, Umbraco and SiteVision. It can be used for various types of websites such as E-commerce and portfolio pages.
What is a A (first-party)persistent cookie?
A text file stored on disk with an expired date
What are the correct RESTful API HTTP methods?
PATCH
POST
PUT
GET
DELETE
What does MVC mean? Describe what it does
MVC stands for Model View Controller
It explains the way a user requests something on a computer and how the answer is given to them.
It starts with the user that sends a request to the Controller. The controller then communicates with Views that structure up how the data is going to be viewed. The user then gets a presentation back with the answer.
Model and View never communicate with each other.
What are the 10 OWASP TOP LIST security issues?
1.Broken access control
2.Cryptographic failures
3.Injection
4.Insecure design
5.Security misconfiguration
6.vulnerable and outdated components
7.identification and authentication failure
8.software and data entities failures
9.security logging and monitoring failures
10.server side request forgery
One of the security risks when owning and running a website is Cryptographic Failures. What can it lead to?
Users cant log into the website
How do you delete a record from a table?
Delete FROM * WHERE
Which SQL(s)
should you use to insert a new row?
INSERT INTO *
INSERT INTO * VALUES
You have a table of persons called ‘Customers’. In this you want to change the name ‘Bild’ to ‘Pettersson’ in
the column called ‘Surname’. How do you do that?
UPDATE CUSTOMERS SET surname=”Pettersson” WHERE surname =”Bild”
The most common security risk according to OWASP is broken access control. What does broken access
control mean?
Users can act outside of their permissions
what does loading a file with “include” means?
The include expression includes and evaluates the specified file.
When a file is included, the code it contains inherits the variable scope of the line on which the include occurs.
Explain Stateless server vs Stateful server
Stateless = No data is shared between executions
Stateful = Data is shared between executions
PHP is stateless by default
Explain the HTTP request response-cycle
1) Client = could be your browser (chrome) or Postman depending on what we are doing (CLIENT)
2) That client will send a request (HTTP)
3) Server maps the URL to file or program under the document directory (Php code & our database that we are building is contained within the server) (SERVER)
4) Server will respond by sending a response message. Both the request and response contains header and body. Header contains information about the request/response, body contains the content. (HTTP)
4) Server returns a response message (HTTP)
5) Browser formats the response and displays (CLIENT)
- User issues URL from a browser
- Browser sends a request message
- Servers maps the URL to a film/program under the document directory
- Server returns a response message
- Browser formats the response and displays
Explain MySQL tables & Entity Relations
Primary key: The identifier for each row
(often id)
Foreign key: Data in one table that references a primary key in another table
One to many: One row in Table A connects to many rows in Table B and one row in table B connects to one row in Table A
Many to one: One row in Table A connects to one row in Table B and one row in Table B connects to many rows in Table A
Example: One car has one owner but oneowner can have many cars.
What is inheritance?
- A way to create a new class by deriving it from an existing class.
- The new class inherits all the properties and methods of the existing class, known as the parent class.
- Allows for code reuse and helps to promote code organization and maintenance.
- The new class can also add its own properties and methods, as well as override or extend
What is .htaccess?
- Used to configure web server settings for a specific directory or file on the server.
- Can be used to set up URL redirection, authentication, and authorization.
- Commonly used in web development to create clean URLs, block spam bots, and protect sensitive directories and files.
What are the access modifiers and describe them individually and what they do?
Private - it can only be accessed within the same class in which it is defined
Protected - it can be accessed within the same class and any subclasses that extend the class
Public - it can be accessed from anywhere, including from outside the class.
Provides a way to control the visibility of class properties and methods, this helps to keep your code organized, secure, and maintainable.
Describe the following MySQL queries and what they do:
✓ INSERT INTO:
✓ SELECT FROM:
✓ UPDATE:
✓ DELETE FROM:
✓ WHERE:
✓ INSERT INTO: Add data to a table
✓ SELECT FROM: Get one or more rows from table
✓ UPDATE: Edit existing data in a table
✓ DELETE FROM: Remove existing rows in a table
✓ WHERE: Specify condition for what rows to SELECT / UPDATE / DELETE
What are SQL Injections?
SQL injection is a code injection technique that might destroy your database. SQL injection is the placement of malicious code in SQL statements, via web page input.
Prepared statements prevents this - the value is not accessible in the code - fetching it to get the data
What does API stand for and what is it?
API stands for Application Programming Interface. Is the presentation layer and handles requests, response, and routing.
Describe the following HTTP verbs
Patch
Post
Put
Get
Delete
Patch → Update/modify from database
Post → Create new record
Put → update / replace row in database
Get → read from database
Delete → Delete from database
Describe the following GIT verbs and what they do:
✓ Version Control: History and Collaboration
✓ Branching: different changes on different branches
✓ Commit: Collections of all recent changes to push to repository
✓ Repository: Collection of your code project
✓ Fetch: Gets any changes from remote repository
✓ Pull: Fetches and merges all changes
✓ Merge conflict: Changes from remote and local”collide”
✓ Clone: Download a repository from remote for the first time
✓ Remote: Online version of the code shared by all developers in the team (collaborators)
Describe the following MySQL data structure words:
✓ Server: The computer / program saving all data
✓ Database: A collection of tables for storing data
✓ Table: A defined collection of data (rows) with set properties (columns)
✓ Column: A property for the data saved in a table
✓ Row: The actual data being saved
What are models?
models: Data classes for transferring data between the layers
What is PHP short for?
PHP Hypertext preprocessor
What is SQL?
SQL is the standard language for dealing with Relational Databases.
SQL is used to insert, search, update, and delete database records.
What is idempotent?
From a RESTful service standpoint, for an operation (or
service call) to be idempotent, clients can make that same call repeatedly while producing the same result
If we make multiple identical requests and receive the same response every time, the APIs are generally called idempotent.
Example: GET API’s should be idempotent
what’s the difference between POST vs GET requests?
A GET request is used to retrieve data from a web server.
- such as a user profile or product catalog.
- Typically sent via a URL and the data is in the form of URL parameters.
A POST request is used to send data to a web server.
- such as creating a user account or updating a product listing
- Typically used for data that needs to be securely stored
Describe what an object and class is
Class: The template for creating an object.
Classes has Properties and Methods:
- Properties: the data saved with each object
- Methods: functionality inside the class
Object: An “instance” of a class
- Use the “new” keyword to create an object from a class
- The $this variable references the current object of the class
Name 3 things Postman does
- Make HTTP requests (GET, POST, PUT/PATCH, DELETE)
- View response (headers and the response body
- Generate code (snippets in multiple languages)
What is REST-api? and how does it work?
Rest-API = Representational State Transfer
- Architectural style for distributed systems
- Based on client-server communication (like HTTP)
- Stateless (each request is independent and does not depend on the previous request.
- When the Rest API has what it needs, it sends back a response to the clients. This would typically be in JSON or XML format.
What is a multitier architecture project structure?
Is a client–server architecture in which presentation, logic processing, and data management functions are physically separated.
Describe the purpose of the different files and folders in a multitier architecture web project.
The presentation tier → is the user interface and communication layer of the application, where the end user interacts with the application. Its main purpose is to display information to and collect information from the user.
The business logic tier → In this tier, information collected in the presentation tier is processed—where data is processed. The business logic tier can—so add, delete, or modify data in the data tier.
The data tier → The data tier, sometimes called the database tier, data access tier, or back-end, is where the information processed by the application is stored and managed. This can be a relational database management system such as MySQL.
What are the benefits and drawbacks of a multitier architecture project structure?
Benefits: It has improved security and scalability and is easier to maintain.
Easy to manage: You can manage each tier separately, adding or modifying each tier without affecting the other tiers.
Improved scalability: Any tier can be scaled independently of the others as needed.
Improved security: Because the presentation tier and data tier can’t communicate directly, a well-designed business logic tier can function as a sort of internal firewall, preventing SQL injections and other malicious exploits.
Drawbacks: Increase in Effort / Increase in Complexity
What is the distinction and difference between backend and frontend programming?
Frontend development is programming which focuses on the visual elements of a website or app that a user will interact with and sees (the client side).
Backend development focuses on the side of a website users can’t see (the server side).
Explain HTTP in as much detail as you can.
- Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting hypermedia documents, such as HTML. Fetches resources such as HTML documents, images, videos, scripts, and more. the HTTP is the actual resource locator or a server.
- HTTP is responsible for communication between web servers and clients. Every time you visit a webpage, submit a form, click a button, you make a request and get back a response.
- HTTP is a request-response protocol, meaning that it is used to request information from a server and receive a response.
- HTTP requests are composed of several parts: a method (e.g. GET, POST, PUT, DELETE), a URI (Uniform Resource Identifier) that specifies the resource being requested, and optional headers that provide additional information about the request. The server responds with a status code (e.g. 200 OK, 404 Not Found) and a message body containing the requested resource (if applicable).
- HTTP is stateless, meaning that each request/response pair is independent and does not carry any context from previous requests.
What is the request-, response-cycle in HTTP?
HTTP involves a computer making a request for some information at a URL.
The HyperText Transfer Protocol gives us rules about how messages should be sent around the Internet. The system that initiates a connection sends a “request”, and the system the answers sends a “response”.
the R&R http cycle
1. User issues a URL into a browser
2. Browser sends a request message
3. Server maps out the URL to the file/program under the document directory
4. Servers sends back a response message
5. Browser formats the respons and displays it to the user
Describe the purpose of status codes in HTTP, what types of codes there anre and when to use each one.
An HTTP status code is a message a website’s server sends to the browser to indicate whether or not that request can be fulfilled.
When that all goes according to plan the server returns a 200 code.
There are 5status code ranges:
1xx: Informational
2xx: Success! - things are working as intended.
- 200: ok - 201: created - 202: accepted - 204 No content
3xx: Redirectional. 301 redirects when you permanently move a page. / 302 tells the browser that the requested page has been found,
4xx: Client error. 404 - not found - 400 - bad request
5xx: Server error. 500: Internal server error
What is a REST API? Describe all parts of REST APIs in as much detail as you can.
A REST API is an API that conforms to the design principles of the REST, or representational state transfer architectural style.
-Based on client-server communication (like HTTP)
- communicate via HTTP requests to perform standard database functions like creating, reading, updating, and deleting records (also known as CRUD) within a resource.
- REST Architecture communicates between client and server.
Clients send HTTP request and wait for responses
Rest API receives request from clients and does whatever request need i.e create user
Response - When the rest API has what it needs, it sends back the response to the clients. This would typically be in JSON or XML format
List the various HTTP-Methods (GET, POST, PUT, PATCH, and DELETE) and describe the purpose and uses of each one.
PATCH - UPDATE a existing part of a resource
POST - CREATE a new resource
PUT - UPDATE an entire resource that exists on the database
GET - retrieve data to be READ by the client/user- GET API should be idempotent, clients can make that same call repeatedly while producing the same result”
DELETE - DELETES a existing resource, typically indicating that it is removed from the database
What is the difference between Client and Server in web development?
A client is a piece of computer hardware or software that connects to and accesses the resources of a remote computer, or server. In the web development world, clients are web browsers (like Chrome, Firefox, and Safari),
A server is a piece of computer hardware or software that provides resources, data, services, or functionality for other programs or devices, called clients.
What is the URL structure of a request in a REST API?
A REST API is accessed with an endpoint URL. The endpoint URL consists of a base URL, a resource path, and query string. The base URL is the internet host name for the REST API. The resource path is the address to the API resource. The query string contains info about the request we asked for
REST-api URLs http(s)://{base url}/{resource path}?{query string}
✓ Base url: domain or IP and path
✓ Resource Path: What are you trying to access?
✓ Query string: Additional info about the request
What are CRUD operations? Describe each CRUD-operation in as much detail as you can.
CRUD refers to the four basic operations a software application should be able to perform
✓ Create: Save or create a new resource
✓ Read: Display one or more resources
✓ Update: Edit or update one resource
✓ Delete: Remove a resource
These four operations are essential for managing data in any database or data storage system. They are often used in conjunction with each other to perform more complex operations, such as searching for specific data, filtering data, and sorting data.
