Exam questions

Question 1

What is true about the HTTP request response-cycle

Answer 1

It can be either a HTTP request or a HTTP response.

Question 2

What does CRUD stand for?

Answer 2

Create → Save or create a new resource
Read → Display one or more resources
Update → Edit or update one resource
Delete → Remove a resource

Question 3

What is a Entity relationship diagram:

Answer 3

Is an model that consists of entities, attributes, and relations. The entities represent tables, the attributes represent properties of the table, and the relations represent the association between entities.

Question 4

Having a multi-tier architecture comes with several benefits. What is the statement that explains it best?

Answer 4

The multi-tier architecture has Improved security, scalability and is easier to maintain

Question 5

The multi-tier architecture is a client-server architecture and the most commonly used is the three-tier architecture.

What are the different tiers?

Answer 5

It has three tiers →
The presentation tier, or user interface. Displays the content so the user can understand.

The business logic tier, where data is processed.

The data tier, where the data associated with the application is stored and managed - for example SQL queries and functions that are interacting with the database.

Question 6

Building and designing an accessible website creates several benefits.
Which are they?

Answer 6

1.Accessibility helps you avoid lawsuits.
2.Accessibility improves public perception.
3.Accessibility improves people’s lives.
4.Accessibility increases your customer base.
5. Accessibility improves search engine optimization.
6. Accessibility increases compatibility.

Question 7

Which principles are used to define accessible content?

Answer 7

Robust - Operable - Perceivable - Understandable

Question 8

What is true about primary keys in SQL databases?

Answer 8

The primary key identifies a record, and there can not be duplicate values of the primary key in the table.

Question 9

Describe what a CMS is, how it works and name some examples where it can be used. Briefly
explain/motivate your examples by naming how it works.

Answer 9

CMS stands for content management system,

CMS - is software that helps users create, manage, and modify content on a website without the need for specialized technical knowledge.
It is a tool that helps you build a website without needing to write all the code from scratch (or even know how to code at all).

makes it easier for the client since they don´t have to change any code to change the website, but instead change the content in the CMS.

and some different examples of CSM´s are Wordpress, Umbraco and SiteVision. It can be used for various types of websites such as E-commerce and portfolio pages.

Question 10

What is a A (first-party)persistent cookie?

Answer 10

A text file stored on disk with an expired date

Question 11

What are the correct RESTful API HTTP methods?

Answer 11

PATCH
POST
PUT
GET
DELETE

Question 12

What does MVC mean? Describe what it does

Answer 12

MVC stands for Model View Controller
It explains the way a user requests something on a computer and how the answer is given to them.

It starts with the user that sends a request to the Controller. The controller then communicates with Views that structure up how the data is going to be viewed. The user then gets a presentation back with the answer.

Model and View never communicate with each other.

Question 13

What are the 10 OWASP TOP LIST security issues?

Answer 13

1.Broken access control
2.Cryptographic failures
3.Injection
4.Insecure design
5.Security misconfiguration
6.vulnerable and outdated components
7.identification and authentication failure
8.software and data entities failures
9.security logging and monitoring failures
10.server side request forgery

Question 14

One of the security risks when owning and running a website is Cryptographic Failures. What can it lead to?

Answer 14

Users cant log into the website

Question 15

How do you delete a record from a table?

Answer 15

Delete FROM * WHERE

Question 16

Which SQL(s)
should you use to insert a new row?

Answer 16

INSERT INTO *
INSERT INTO * VALUES

Question 17

You have a table of persons called ‘Customers’. In this you want to change the name ‘Bild’ to ‘Pettersson’ in
the column called ‘Surname’. How do you do that?

Answer 17

UPDATE CUSTOMERS SET surname=”Pettersson” WHERE surname =”Bild”

Question 18

The most common security risk according to OWASP is broken access control. What does broken access
control mean?

Answer 18

Users can act outside of their permissions

Question 19

what does loading a file with “include” means?

Answer 19

The include expression includes and evaluates the specified file.

When a file is included, the code it contains inherits the variable scope of the line on which the include occurs.

Question 20

Explain Stateless server vs Stateful server

Answer 20

Stateless = No data is shared between executions

Stateful = Data is shared between executions

PHP is stateless by default

Question 21

Explain the HTTP request response-cycle

Answer 21

1) Client = could be your browser (chrome) or Postman depending on what we are doing (CLIENT)

2) That client will send a request (HTTP)

3) Server maps the URL to file or program under the document directory (Php code & our database that we are building is contained within the server) (SERVER)

4) Server will respond by sending a response message. Both the request and response contains header and body. Header contains information about the request/response, body contains the content. (HTTP)

4) Server returns a response message (HTTP)

5) Browser formats the response and displays (CLIENT)

1. User issues URL from a browser
2. Browser sends a request message
3. Servers maps the URL to a film/program under the document directory
4. Server returns a response message
5. Browser formats the response and displays

Question 22

Explain MySQL tables & Entity Relations

Answer 22

Primary key: The identifier for each row
(often id)

Foreign key: Data in one table that references a primary key in another table

One to many: One row in Table A connects to many rows in Table B and one row in table B connects to one row in Table A

Many to one: One row in Table A connects to one row in Table B and one row in Table B connects to many rows in Table A

Example: One car has one owner but oneowner can have many cars.

Question 23

What is inheritance?

Answer 23

• A way to create a new class by deriving it from an existing class.
• The new class inherits all the properties and methods of the existing class, known as the parent class.
• Allows for code reuse and helps to promote code organization and maintenance.
• The new class can also add its own properties and methods, as well as override or extend

Question 24

What is .htaccess?

Answer 24

• Used to configure web server settings for a specific directory or file on the server.
• Can be used to set up URL redirection, authentication, and authorization.
• Commonly used in web development to create clean URLs, block spam bots, and protect sensitive directories and files.

Question 25

What are the access modifiers and describe them individually and what they do?

Answer 25

Private - it can only be accessed within the same class in which it is defined

Protected - it can be accessed within the same class and any subclasses that extend the class

Public - it can be accessed from anywhere, including from outside the class.

Provides a way to control the visibility of class properties and methods, this helps to keep your code organized, secure, and maintainable.

Question 26

Describe the following MySQL queries and what they do:

✓ INSERT INTO:

✓ SELECT FROM:

✓ UPDATE:

✓ DELETE FROM:

✓ WHERE:

Answer 26

✓ INSERT INTO: Add data to a table

✓ SELECT FROM: Get one or more rows from table

✓ UPDATE: Edit existing data in a table

✓ DELETE FROM: Remove existing rows in a table

✓ WHERE: Specify condition for what rows to SELECT / UPDATE / DELETE

Question 27

What are SQL Injections?

Answer 27

SQL injection is a code injection technique that might destroy your database. SQL injection is the placement of malicious code in SQL statements, via web page input.

Prepared statements prevents this - the value is not accessible in the code - fetching it to get the data

Question 28

What does API stand for and what is it?

Answer 28

API stands for Application Programming Interface. Is the presentation layer and handles requests, response, and routing.

Question 29

Describe the following HTTP verbs
Patch
Post
Put
Get
Delete

Answer 29

Patch → Update/modify from database
Post → Create new record
Put → update / replace row in database
Get → read from database
Delete → Delete from database

Question 30

Describe the following GIT verbs and what they do:

Answer 30

✓ Version Control: History and Collaboration
✓ Branching: different changes on different branches
✓ Commit: Collections of all recent changes to push to repository
✓ Repository: Collection of your code project
✓ Fetch: Gets any changes from remote repository
✓ Pull: Fetches and merges all changes
✓ Merge conflict: Changes from remote and local”collide”
✓ Clone: Download a repository from remote for the first time
✓ Remote: Online version of the code shared by all developers in the team (collaborators)

Question 31

Describe the following MySQL data structure words:

Answer 31

✓ Server: The computer / program saving all data
✓ Database: A collection of tables for storing data
✓ Table: A defined collection of data (rows) with set properties (columns)
✓ Column: A property for the data saved in a table
✓ Row: The actual data being saved

Question 32

What are models?

Answer 32

models: Data classes for transferring data between the layers

Question 33

What is PHP short for?

Answer 33

PHP Hypertext preprocessor

Question 34

What is SQL?

Answer 34

SQL is the standard language for dealing with Relational Databases.

SQL is used to insert, search, update, and delete database records.

Question 35

What is idempotent?

Answer 35

From a RESTful service standpoint, for an operation (or
service call) to be idempotent, clients can make that same call repeatedly while producing the same result

If we make multiple identical requests and receive the same response every time, the APIs are generally called idempotent.

Example: GET API’s should be idempotent

Question 36

what’s the difference between POST vs GET requests?

Answer 36

A GET request is used to retrieve data from a web server.
- such as a user profile or product catalog.
- Typically sent via a URL and the data is in the form of URL parameters.

A POST request is used to send data to a web server.
- such as creating a user account or updating a product listing
- Typically used for data that needs to be securely stored

Question 37

Describe what an object and class is

Answer 37

Class: The template for creating an object.

Classes has Properties and Methods:
- Properties: the data saved with each object
- Methods: functionality inside the class

Object: An “instance” of a class
- Use the “new” keyword to create an object from a class
- The $this variable references the current object of the class

Question 38

Name 3 things Postman does

Answer 38

• Make HTTP requests (GET, POST, PUT/PATCH, DELETE)
• View response (headers and the response body
• Generate code (snippets in multiple languages)

Question 39

What is REST-api? and how does it work?

Answer 39

Rest-API = Representational State Transfer

• Architectural style for distributed systems
• Based on client-server communication (like HTTP)
• Stateless (each request is independent and does not depend on the previous request.
• When the Rest API has what it needs, it sends back a response to the clients. This would typically be in JSON or XML format.

Question 40

What is a multitier architecture project structure?

Answer 40

Is a client–server architecture in which presentation, logic processing, and data management functions are physically separated.

Question 41

Describe the purpose of the different files and folders in a multitier architecture web project.

Answer 41

The presentation tier → is the user interface and communication layer of the application, where the end user interacts with the application. Its main purpose is to display information to and collect information from the user.

The business logic tier → In this tier, information collected in the presentation tier is processed—where data is processed. The business logic tier can—so add, delete, or modify data in the data tier.

The data tier → The data tier, sometimes called the database tier, data access tier, or back-end, is where the information processed by the application is stored and managed. This can be a relational database management system such as MySQL.

Question 42

What are the benefits and drawbacks of a multitier architecture project structure?

Answer 42

Benefits: It has improved security and scalability and is easier to maintain.

Easy to manage: You can manage each tier separately, adding or modifying each tier without affecting the other tiers.

Improved scalability: Any tier can be scaled independently of the others as needed.

Improved security: Because the presentation tier and data tier can’t communicate directly, a well-designed business logic tier can function as a sort of internal firewall, preventing SQL injections and other malicious exploits.

Drawbacks: Increase in Effort / Increase in Complexity

Question 43

What is the distinction and difference between backend and frontend programming?

Answer 43

Frontend development is programming which focuses on the visual elements of a website or app that a user will interact with and sees (the client side).

Backend development focuses on the side of a website users can’t see (the server side).

Question 44

Explain HTTP in as much detail as you can.

Answer 44

• Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting hypermedia documents, such as HTML. Fetches resources such as HTML documents, images, videos, scripts, and more. the HTTP is the actual resource locator or a server.
• HTTP is responsible for communication between web servers and clients. Every time you visit a webpage, submit a form, click a button, you make a request and get back a response.
• HTTP is a request-response protocol, meaning that it is used to request information from a server and receive a response.
• HTTP requests are composed of several parts: a method (e.g. GET, POST, PUT, DELETE), a URI (Uniform Resource Identifier) that specifies the resource being requested, and optional headers that provide additional information about the request. The server responds with a status code (e.g. 200 OK, 404 Not Found) and a message body containing the requested resource (if applicable).
• HTTP is stateless, meaning that each request/response pair is independent and does not carry any context from previous requests.

Question 45

What is the request-, response-cycle in HTTP?

Answer 45

HTTP involves a computer making a request for some information at a URL.

The HyperText Transfer Protocol gives us rules about how messages should be sent around the Internet. The system that initiates a connection sends a “request”, and the system the answers sends a “response”.

the R&R http cycle
1. User issues a URL into a browser
2. Browser sends a request message
3. Server maps out the URL to the file/program under the document directory
4. Servers sends back a response message
5. Browser formats the respons and displays it to the user

Question 46

Describe the purpose of status codes in HTTP, what types of codes there anre and when to use each one.

Answer 46

An HTTP status code is a message a website’s server sends to the browser to indicate whether or not that request can be fulfilled.
When that all goes according to plan the server returns a 200 code.

There are 5status code ranges:
1xx: Informational
2xx: Success! - things are working as intended.
- 200: ok - 201: created - 202: accepted - 204 No content
3xx: Redirectional. 301 redirects when you permanently move a page. / 302 tells the browser that the requested page has been found,
4xx: Client error. 404 - not found - 400 - bad request
5xx: Server error. 500: Internal server error

Question 47

What is a REST API? Describe all parts of REST APIs in as much detail as you can.

Answer 47

A REST API is an API that conforms to the design principles of the REST, or representational state transfer architectural style.

-Based on client-server communication (like HTTP)
- communicate via HTTP requests to perform standard database functions like creating, reading, updating, and deleting records (also known as CRUD) within a resource.
- REST Architecture communicates between client and server.

Clients send HTTP request and wait for responses
Rest API receives request from clients and does whatever request need i.e create user
Response - When the rest API has what it needs, it sends back the response to the clients. This would typically be in JSON or XML format

Question 48

List the various HTTP-Methods (GET, POST, PUT, PATCH, and DELETE) and describe the purpose and uses of each one.

Answer 48

PATCH - UPDATE a existing part of a resource
POST - CREATE a new resource
PUT - UPDATE an entire resource that exists on the database
GET - retrieve data to be READ by the client/user- GET API should be idempotent, clients can make that same call repeatedly while producing the same result”
DELETE - DELETES a existing resource, typically indicating that it is removed from the database

Question 49

What is the difference between Client and Server in web development?

Answer 49

A client is a piece of computer hardware or software that connects to and accesses the resources of a remote computer, or server. In the web development world, clients are web browsers (like Chrome, Firefox, and Safari),

A server is a piece of computer hardware or software that provides resources, data, services, or functionality for other programs or devices, called clients.

Question 50

What is the URL structure of a request in a REST API?

Answer 50

A REST API is accessed with an endpoint URL. The endpoint URL consists of a base URL, a resource path, and query string. The base URL is the internet host name for the REST API. The resource path is the address to the API resource. The query string contains info about the request we asked for

REST-api URLs http(s)://{base url}/{resource path}?{query string}
✓ Base url: domain or IP and path
✓ Resource Path: What are you trying to access?
✓ Query string: Additional info about the request

Question 51

What are CRUD operations? Describe each CRUD-operation in as much detail as you can.

Answer 51

CRUD refers to the four basic operations a software application should be able to perform

✓ Create: Save or create a new resource
✓ Read: Display one or more resources
✓ Update: Edit or update one resource
✓ Delete: Remove a resource

These four operations are essential for managing data in any database or data storage system. They are often used in conjunction with each other to perform more complex operations, such as searching for specific data, filtering data, and sorting data.