Menti Review Questions Flashcards by Alex Nguyen

Is HTML more of a WWW or Internet technology?
A. WWW
B. Internet

A. WWW

How well did you know this?

Not at all

Perfectly

Is email more of a WWW or Internet technology?
A. WWW
B. Internet

B. Internet

How well did you know this?

Not at all

Perfectly

Is multiplayer Halo more of a WWW or Internet technology?
A. WWW
B. Internet

B. Internet

How well did you know this?

Not at all

Perfectly

Is blogging more of a WWW or Internet technology?
A. WWW
B. Internet

A. WWW

How well did you know this?

Not at all

Perfectly

Is chat more of a WWW or Internet technology?
A. WWW
B. Internet

B. Internet

How well did you know this?

Not at all

Perfectly

Are podcasts more of a WWW or Internet technology?
A. WWW
B. Internet

WWW and Internet

How well did you know this?

Not at all

Perfectly

What is the biggest problem with IPv4?
A. Slow
B. Old
C. Not enough addresses
D. Not everyone has it

C. Not enough addresses
Only 32 bits of address space vs 128 bits supported by IPv6

How well did you know this?

Not at all

Perfectly

What is the biggest problem with IPv6?
A. Slow
B. Old
C. Not enough addresses
D. Not everyone has it

D. Not everyone has it

How well did you know this?

Not at all

Perfectly

Internet is the global ___________________.
A. Network of computers
B. Network of networks
C. Network of pages

B. Network of networks

How well did you know this?

Not at all

Perfectly

Ethernet is used to connect ____________________.
A. Computers on network
B. Networks on internet
C. Web pages with hyperlinks

A. Computers on network

How well did you know this?

Not at all

Perfectly

IPv4/IPv6 is used to connect ____________________.
A. Computers on network
B. Networks on internet
C. Web pages with hyperlinks

B. Networks on internet

How well did you know this?

Not at all

Perfectly

Which one goes inside of the other?
A. IPv4/IPv6 packet inside of Ethernet packet
B. Ethernet packet inside of IPv4/IPv6 packet

A. IPv4/IPv6 packet inside of Ethernet packet

How well did you know this?

Not at all

Perfectly

DNS usually goes over (inside)?
A. UDP
B. TCP

A. UDP

How well did you know this?

Not at all

Perfectly

HTTP 1 usually goes over (inside)
A. UDP
B. TCP

B. TCP

How well did you know this?

Not at all

Perfectly

TCP usually goes over (inside)?
A. UDP
B. IP
C. HTTP
D. DNS

B. IP

How well did you know this?

Not at all

Perfectly

DNS can be slow because…
A. UDP is slow
B. IP is slow
C. Might need to contact multiple servers
D. It doesn’t use TCP

C. Might need to contact multiple servers

How well did you know this?

Not at all

Perfectly

The primary purpose of DNS is…
A. Sending websites
B. Uploading files
C. Interconnecting networks
D. Names to numbers

D. Names to numbers
DNS turns the name of a site into either an IPv4 or IPv6 address

How well did you know this?

Not at all

Perfectly

The primary purpose of HTTP is…
A. Sending websites
B. Uploading files
C. Interconnecting networks
D. Names to numbers

A. Sending websites

How well did you know this?

Not at all

Perfectly

First part of a URL (URI)?
A. fragment/argument
B. query
C. host
D. scheme/protocol
E. path
F. login

D. scheme/protocol
e.g. http, https

How well did you know this?

Not at all

Perfectly

Second part of a URL (URI)?
A. fragment/argument
B. query
C. host
D. scheme/protocol
E. path
F. port

C. host

How well did you know this?

Not at all

Perfectly

Third part of a URL (URI)?
A. fragment/argument
B. query
C. host
D. scheme/protocol
E. path
F. port

F. port

How well did you know this?

Not at all

Perfectly

Fourth part of a URL (URI)?
A. fragment/argument
B. query
C. host
D. scheme/protocol
E. path
F. port

E. path

How well did you know this?

Not at all

Perfectly

Fifth part of a URL (URI)?
A. fragment/argument
B. query
C. host
D. scheme/protocol
E. path
F. port

B. query

How well did you know this?

Not at all

Perfectly

Last part of a URL (URI)?
A. fragment/argument
B. query
C. host
D. scheme/protocol
E. path
F. port

A. fragment/argument

How well did you know this?

Not at all

Perfectly

What separates the scheme from the host in a URL (URI)? A. ? B. @ C. / D. # E. : F. ://

F. ://

What separates the scheme and something else, for schemes that don't have a host? A. ? B. @ C. / D. # E. : F. ://

E. : The "something else" is referring to the port number

What separates the host from the port in a URL (URI)? A. ? B. @ C. / D. # E. : F. ://

E. :

What separates host/port and path of a URL (URI)? A. ? B. @ C. / D. # E. : F. ://

C. /

What separates the path and query of a URL (URI)? A. ? B. @ C. / D. # E. : F. ://

A. ?

What separates the path/query and fragment of a URL (URI)? A. ? B. @ C. / D. # E. : F. ://

D. #

Fix this URL: http://::1:8000/index.html

http://[::1]:8000/index.html

What (out of the options) is the scheme used for? A. specifying arguments such as what to search for B. changing to an alternate server on the same computer C. identifies the file, program, or database entry D. determines protocol E. jumping to a particular part of a page F. picks a computer to connect to

D. determines protocol

What (out of the options) is the host used for? A. specifying arguments such as what to search for B. changing to an alternate server on the same computer C. identifies the file, program, or database entry D. determines protocol E. jumping to a particular part of a page F. picks a computer to connect to

F. picks a computer to connect to

What (out of the options) is the port used for? A. specifying arguments such as what to search for B. changing to an alternate server on the same computer C. identifies the file, program, or database entry D. determines protocol E. jumping to a particular part of a page F. picks a computer to connect to

B. changing to an alternate server on the same computer

What (out of the options) is the path used for? A. specifying arguments such as what to search for B. changing to an alternate server on the same computer C. identifies the file, program, or database entry D. determines protocol E. jumping to a particular part of a page F. picks a computer to connect to

C. identifies the file, program, or database entry

What (out of the options) is the query used for? A. specifying arguments such as what to search for B. changing to an alternate server on the same computer C. identifies the file, program, or database entry D. determines protocol E. jumping to a particular part of a page F. picks a computer to connect to

A. specifying arguments such as what to search for

What (out of the options) is the fragment used for? A. specifying arguments such as what to search for B. changing to an alternate server on the same computer C. identifies the file, program, or database entry D. determines protocol E. jumping to a particular part of a page F. picks a computer to connect to

E. jumping to a particular part of a page

What usually separates query keys from query values? A. % B. ? C. # D. = E. : F. &

D. =

What usually separates query key-value pairs from each other? A. % B. ? C. # D. = E. : F. &

F. &

What is used to encode hex character values in URLs? A. % B. ? C. # D. = E. : F. &

A. %

What HTTP method can be used to avoid URL length limits? A. GET B. PUT C. POST D. DELETE E. HEAD F. OPTIONS

C. POST (by utilizing the request body which has a more generous limit than a URL)

What HTTP method is usually used to request webpage content? A. GET B. PUT C. POST D. DELETE E. HEAD F. OPTIONS

A. GET

What HTTP method is usually used to submit searches? A. GET B. PUT C. POST D. DELETE E. HEAD F. OPTIONS

A. GET

What HTTP method is usually used to submit username and password? A. GET B. PUT C. POST D. DELETE E. HEAD F. OPTIONS

C. POST

What is an advantage of HTTP 1? Choose all that apply: A. Easier to debug B. Faster C. Fewer Connections D. Universally implemented E. Easier to implement

A. Easier to debug D. Universally implemented E. Easier to implement

What is an advantage of HTTP 2/3? A. Easier to debug B. Faster C. Fewer Connections D. Universally implemented E. Easier to implement

B. Faster C. Fewer Connections

What is the most common HTTP method? A. GET B. DELETE C. POST D. PUT E. MKCOL F. OPTIONS

A. GET

Scenario: posting a video of your pet to Instagram. Which HTTP method is used here? A. GET B. DELETE C. POST D. PUT E. MKCOL F. OPTIONS

C. POST

Scenario: replacing a record in a database. Which HTTP method is used here? A. GET B. DELETE C. POST D. PUT E. MKCOL F. OPTIONS

D. PUT

Which HTTP method is used with application/x-www-form-urlencoded? A. GET B. DELETE C. POST D. PUT E. MKCOL F. OPTIONS

C. POST

Which HTTP method is used with multipart/form-data? A. GET B. DELETE C. POST D. PUT E. MKCOL F. OPTIONS

C. POST

application/x-www-form-urlencoded is better for? A. File uploads B. Short forms like login C. Getting around URL length limits D. Large amounts of data in a single value E. Web search (google, ddg) query

B. Short forms like login C. Getting around URL length limits

multipart/form-data is better for? A. File uploads B. Short forms like login C. Getting around URL length limits D. Large amounts of data in a single value E. Web search (google, ddg) query

A. File uploads D. Large amounts of data in a single value

What was the first web browser? A. Firefox B. Internet Explorer C. Edge D. Chrome/Chromium E. Safari F. Mosaic

F. Mosaic

Which web browser killed Mosaic? A. Firefox B. Internet Explorer C. Edge D. Chrome/Chromium E. Safari F. Netscape Navigator

F. Netscape Navigator

What web browser is based on Netscape? A. Firefox B. Internet Explorer C. Edge D. Chrome/Chromium E. Safari F. Netscape Navigator

A. Firefox

What web browsers want to say they're compatible with Netscape 5? A. Firefox B. Internet Explorer C. Edge D. Chrome/Chromium E. Safari

All choices given: Firefox, Internet Explorer, Edge, Chrome/Chromium, Safari

What web browser was based on KHTML (from KDE for Linux)? A. Firefox B. Internet Explorer C. Edge D. Chrome/Chromium E. Safari

E. Safari

What web browser was based on Safari? A. Firefox B. Internet Explorer C. Edge D. Chrome/Chromium E. Safari

D. Chrome/Chromium

What browser is this: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edge/119.0.0.0 A. Firefox B. Internet Explorer C. Edge D. Chrome/Chromium E. Safari

C. Edge

What response code is used for sending the content of the index page? A. 200 B. 301 C. 303 D. 401 E. 404 F. 500

A. 200

What response code is used for asking the browser to use https instead of http? A. 200 B. 301 C. 303 D. 401 E. 404 F. 500

B. 301

What response code is returned by a script that handles login crashes? A. 200 B. 301 C. 303 D. 401 E. 404 F. 500

F. 500

What response code asks the browser to ask for login? A. 200 B. 301 C. 303 D. 401 E. 404 F. 500

D. 401

What response code prevents the following message: "In order to refresh we need to resend prompt"? A. 200 B. 301 C. 303 D. 401 E. 404 F. 500

C. 303

What response code is returned when no database record for a requested URI exists? A. 200 B. 301 C. 303 D. 401 E. 404 F. 500

E. 404

What response code is returned when a user needs to login using a HTML login page first? A. 200 B. 301 C. 303 D. 401 E. 404 F. 500

C. 303

What is the Authorization header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing

B. Authentication

What is the Accept header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing

D. Describing Content/Typing

What is the Access-Control-x-x header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing

C. Anti-Exploit

What is the Cache-x header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing

A. Speed

What is the Content-Disposition header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing

D. Describing Content/Typing

What is the Cookie header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing E. Tracking

B. Authentication E. Tracking

What is the If-x-x header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing E. Tracking

A. Speed

What is the Origin header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing E. Tracking

C. Anti-Exploit

What is the Range header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing E. Tracking

A. Speed

What is the Referer header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing E. Tracking

E. Tracking

What is the Sec-x header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing E. Tracking

C. Anti-Exploit

What is the User-Agent header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing E. Tracking

D. Describing Content/Typing E. Tracking

What is the Content-Security-Policy header used for? A. Speed B. Authentication C. Anti-Exploit D. Describing Content/Typing E. Tracking

C. Anti-Exploit

Which of these is required? A. Vary B. Date C. Allow D. Host E. X-Forwarded-For

D. Host

What is the correct way to start a modern HTML document? A. C.

There is a void element "link" which specifies another URL that the current page needs. How should it be written? A. B. C.

You made an element called "apple" that puts an apple on the page. How should its tag be written? A. B. C. D. You can't create "apple"

You made a void tag called "banana" which specifies an "apple" HTML element you created. If it can have content inside, how should it be written? A. B. C. D. You can't create "banana"

D. You can't create "banana"

Which tag style is wrong but browsers will accept it anyway? A. B. C. D. All of these are correct HTML

C. Note: React components are formatted this way, but this is invalid HTML

What is the outermost tag? A. B. C.

D. E. F.

What goes first inside? A. B. C.

D. E. F.

What goes second inside? A. B. C.

D. E. F.

Where does stuff that goes on the page go? A. B. C.

D. E. F.

Where does metadata about the page go? A. B. C.

D. E. F.

HTML or CSS? Indicating a chapter title

HTML

HTML or CSS? Making something bold

CSS

HTML or CSS? Making a hyperlink clickable

HTML

HTML or CSS? Marking some links as navigation

HTML

HTML or CSS? Making title nice and big

CSS

In Slashdot.org: News for Nerds Stuff that Matters what's the href? A. tag B. element C. item D. attribute

D. attribute

Which is selected by the CSS selector .banana A. B. C. D.

Which is selected by CSS selector banana A. B. C. D.

Which is selected by CSS selector #banana A. B. C. D.

Which CSS selector selects the li of

(there may be multiple answers) A. section.ul.li B. ul #li C. section>ul>li D. section, ul, li E. section ul li F. section:ul:li

C. section>ul>li D. section, ul, li E. section ul li

Which CSS selector selects the li of

(choose the most specific selector that selects li) A. section.ul.li B. ul #li C. section>ul>li D. section, ul, li E. section ul li F. section:ul:li

C. section>ul>li

Which attribute of becomes the key? A. type B. value C. name D. form E. class F. id

C. name

Which attribute of becomes the value? A. type B. value C. name D. form E. class F. id

B. value

What is the key of a element if there is no name attribute? A. browser error popup B. browser error console C. form will not work D. runs javascript E. key value not sent F. sent anonymously

E. key value not sent

should be inside of? A.

In the HTML

the b is what relative to the p? A. parent B. child C. container D. subclass E. descendant

B. child E. descendant

In the HTML

the li is what relative to the p? A. parent B. child C. container D. subclass E. descendant

E. descendant

What CSS property makes bold? A. font-style B. font-face C. font-size D. font-weight E. font-variant

D. font-weight

What CSS property makes italics? A. font-style B. font-face C. font-size D. font-weight E. font-variant

A. font-style

A CSS px is equal to... A. one pixel B. 1/72 of an inch C. 1/96 of an inch D. the font size E. width of a 0 F. height of an x

C. 1/96 of an inch

A CSS ex is equal to... A. one pixel B. 1/72 of an inch C. 1/96 of an inch D. the font size E. width of a 0 F. height of an x

F. height of an x

A CSS ch is equal to... A. one pixel B. 1/72 of an inch C. 1/96 of an inch D. the font size E. width of a 0 F. height of an x

E. width of a 0

A CSS pt is equal to... A. one pixel B. 1/72 of an inch C. 1/96 of an inch D. the font size E. width of a 0 F. height of an x

B. 1/72 of an inch

A CSS em is equal to... A. one pixel B. 1/72 of an inch C. 1/96 of an inch D. the font size E. width of a 0 F. height of an x

D. the font size (e.g. 2em means 2 times the size of the current font)

In CSS, nothing is equal to... A. one pixel B. 1/72 of an inch C. 1/96 of an inch D. the font size E. width of a 0 F. height of an x

A. one pixel

Which is NOT a way to add JS to HTML? A. element event B. inline script element C. link element in head D. script element

C. link element in head

What is a closure? A. same as scope B. an anonymous function C. functions can see vars from when they were defined D. special kind of class method

C. functions can see vars from when they were defined

What should you put at the top of every JS file? A. let, const & var B. imports C. doctype D. use strict

D. use strict

Which one scopes variables to the enclosing block? A. let B. const C. var D. nothing before the variable declaration

A. let B. const

Which one scopes variables to the enclosing function? A. let B. const C. var D. nothing before the variable declaration

C. var

Which one scopes variables to global? A. let B. const C. var D. nothing before the variable declaration

D. nothing before the variable declaration

What is the following JS code used for: '' + someVar A. Nothing B. Cast to Boolean C. Cast to Number D. Cast to String E. Rounding to Integer F. Serialize

D. Cast to String

Identifiers in JS cannot... A. be words B. have underscores C. be keywords D. be properties E. have digits F. be unicode

C. be keywords

Methods in JS are... A. early binding B. late binding C. not bound unless .call() is used D. not bound unless .bind() is used

B. late binding (i.e. a function is not bound to anything unless it is explicitly called or the function is binded to a variable)

Methods in Python are... A. early binding B. late binding C. not bound unless .call() is used D. not bound unless .bind() is used

A. early binding

General numbers in JS are always... A. integers B. singles C. doubles D. integers or doubles depending on the operation

C. doubles

JS really likes to turn things into ______ when you least expect it? A. integers B. objects C. arrays D. strings E. errors F. null

D. strings

Which comparison should you use in JS? A. == B. === C. := D. .equals() E. <=> F. =

B. ===

What does !!someVar in JS used for? A. Doesn't do anything B. Cast to Boolean C. Cast to Number D. Cast to String E. Rounding to Integer F. Serialize

B. Cast to Boolean

Given !!someVar, it will be true if someVar is... A. 0 B. "" C. null D. undefined E. NaN F. []

F. []

In JS, what value is returned when going past the end of an array? A. Error! B. null C. false D. undefined E. NaN F. []

D. undefined

To loop over the values in an array in JS, we use: A. for (thing in array) B. for (thing of array) C. for (thing:array)

B. for (thing of array)

To loop over the properties of an object in JS, we use: A. for (thing in array) B. for (thing of array) C. for (thing:array)

A. for (thing in array)

Arrow functions are different from regular functions (i.e. function fn()) because they... A. are anonymous B. They aren't! They are the same! C. are pass-by-reference D. can access identifiers from closure E. get this from closure F. are faster

E. get this from closure

The DOM is what kind of data structure? A. Stack B. Queue C. Hash D. Tree

D. Tree

Everything in the DOM tree is a ________? A. Element B. Text C. Tag D. Point E. Vertex F. Node

F. Node

is represented in the DOM tree by __________? A. Element B. Text C. Tag D. Point E. Vertex F. JSON

A. Element

Actual words on the page are represented in the DOM tree by _____________? A. Element B. Text C. Tag D. Point E. Vertex F. JSON

B. Text

In JS, private fields are indicated by: A. Name begins with _ B. Name begins with # C. private keyword D. static keyword E. @private F. this

B. Name begins with #

In JS, static fields are indicated by: A. Name begins with _ B. Name begins with # C. private keyword D. static keyword E. @private F. this

D. static keyword

In JS, how can one get element that match a CSS selector? A. document.querySelector() B. document.getElementsBySelector() C. document.getElements()

A. document.querySelector()

In JS, how can one instantiate a new element in the DOM? A. document.createElement() B. document.insertAt(parent, element) C. parent.appendChild(element) D. document.addElementById(parent) E. element.someAttribute

A. document.createElement()

In JS, how can one attach an element inside another element? A. document.createElement() B. document.insertAt(parent, element) C. parent.appendChild(element) D. document.addElementById(parent) E. element.someAttribute

C. parent.appendChild(element)

In JS, how can one modify the style of an element? A. element.setStyle() B. document.setStyleById() C. parent.appendStyle() D. element.style

D. element.style

fetch() argument is a... A. Function B. Request C. Response D. Promise E. Headers F. Body

B. Request

fetch() returns... A. Function B. Request C. Response D. Promise E. Headers F. Body

D. Promise

promise.then() takes an argument... A. Function B. Request C. Response D. Promise E. Headers F. Body

A. Function

promise.then() returns... A. Function B. Request C. Response D. Promise E. Headers F. Body

D. Promise

fetch.then() takes... A. Function B. Request C. Response D. Promise E. Headers F. Body

A. Function

fetch.then() returns... A. Function B. Request C. Response D. Promise E. Headers F. Body

D. Promise

fetch.then() takes a function that takes... A. Function B. Request C. Response D. Promise E. Headers F. Body

C. Response E. Headers

fetch.then() takes a function that returns... A. Function B. Request C. Response D. Promise E. Headers F. Body

D. Promise F. Body

fetch.then().then() takes a function that takes... A. Function B. Request C. Response D. Promise E. Headers F. Body

F. Body

fetch.then().then() returns... A. Function B. Request C. Response D. Promise E. Headers F. Body

D. Promise

await can only be used in what kind of function? A. anonymous B. arrow C. promise D. async E. without loops

D. async

await(x) where x is an expression that returns a ____________ A. anonymous function B. arrow function C. promise D. async function

C. promise

await should be avoided inside a... A. anonymous function B. arrow function C. promise D. async function E. loop

E. loop

async functions return a... A. anonymous function B. arrow function C. promise D. async function E. iterator

C. promise

async function with return 1 resolves when... A. after return statement B. when its called C. after all functions D. after returned value resolves

A. after return statement

async function with "return somePromise" resolves when... A. after return statement B. when its called C. after all functions D. after returned value resolves

D. after returned value resolves

When is a request repeatable? A. doing it twice in a row doesn't change the effect B. the URL is valid for a long period of time (doesn't expire) C. when the results are split into multiple pages that must be requested

A. doing it twice in a row doesn't change the effect

When is a request stateless? A. able to be processed without knowing previous requests B. when the request doesn't contain any information about state C. similar to repeatable

A. able to be processed without knowing previous requests

When is a request cacheable? A. when there is a caching proxy layer B. when it includes the Cache-Control header C. when the response is known to not change for some period of time

C. when the response is known to not change for some period of time

In a stateless system, which end keeps track of whether someone is logged in (or not)? A. Server B. Client C. Proxy

B. Client

What is a potential disadvantage of REST? A. Reliability B. Scalability C. Caching D. Bandwidth E. Distribution

D. Bandwidth

In session-cookie auth, when does the session cookie get generated? A. Login: Correct username & password B. When database entry is set to not authenticated C. When database entry is set to authenticated D. Logout E. On any request

E. On any request

In session-cookie auth, what is a good response to attempting to access a private page by an unauthenticated user? A. 200 OK B. 301 Moved Permanently C. 302 Found D. 401 Unauthorized E. 403 Forbidden F. 503 Service Unavailable

C. 302 Found

In session-cookie auth, what is a good response to a successful login? A. 200 OK B. 301 Moved Permanently C. 303 See Other D. 401 Unauthorized E. 403 Forbidden F. 503 Service Unavailable

C. 303 See Other

How does JWT prevent tokens from being forged by the user? A. Database entry that user can't manipulate B. Cryptographic signature C. Keeping the state in special browser-protected storage D. Encrypted HTTPS connections

B. Cryptographic signature

True/False: REST with caching always decreases latency?

False

It's usually fastest to perform operations on the... A. Client B. Reverse Proxy Webserver C. Middleware Server D. Storage Server

A. Client

How does HTTP Basic prevent your password from being stolen? A. Cryptographic Signature B. Encryption C. Cryptographic Hash D. It doesn't

D. It doesn't

How does HTTP Digest prevent your password from being stolen? A. Cryptographic Signature B. Encryption C. Cryptographic Hash D. It doesn't

C. Cryptographic Hash

Why does HTTP Basic encode the username and password? A. Prevent "sessionjacking" B. Make sure the username and password was not corrupted during transfer C. HTTP 1 is a text based protocol, password can have any character D. It doesn't

C. HTTP 1 is a text based protocol, password can have any character

Scenario: Attackers modified server data so that when users clicked checkout they were taken to a fake website that stole their credit card. Which vulnerability is present in the scenario given? A. XSS (Cross-Site Scripting) B. RCE (Remote Code Execution) C. CSRF (Cross-Site Request Forgery) D. SSRF (Server-Side Request Forgery) E. DoS (Denial of Service)

A. XSS (Cross-Site Scripting)

Scenario: Attackers stole authorization info and submitted requests to TikTok that appeared to be coming from users, but wasn't really. Which vulnerability is present in the scenario given? A. XSS (Cross-Site Scripting) B. RCE (Remote Code Execution) C. CSRF (Cross-Site Request Forgery) D. SSRF (Server-Side Request Forgery) E. DoS (Denial of Service)

C. CSRF (Cross-Site Request Forgery)

Scenario: Server A only responds to server B. Attacker tricks B into making a request to A and returning the result over the web. B should only respond to A if both servers are rented by the same company. Which vulnerability is present in the scenario given? A. XSS (Cross-Site Scripting) B. RCE (Remote Code Execution) C. CSRF (Cross-Site Request Forgery) D. SSRF (Server-Side Request Forgery) E. DoS (Denial of Service)

D. SSRF (Server-Side Request Forgery)

Scenario: Attacker customized a social media profile with JS that would cause anyone visiting the profile to automatically add them as a friend. Which vulnerability is present in the scenario given? A. XSS (Cross-Site Scripting) B. RCE (Remote Code Execution) C. CSRF (Cross-Site Request Forgery) D. SSRF (Server-Side Request Forgery) E. DoS (Denial of Service)

A. XSS (Cross-Site Scripting)

Scenario: Attacker makes a request with a special path, server uses log4j to log request paths, special string in log4j can run any code. Which vulnerability is present in the scenario given? A. XSS (Cross-Site Scripting) B. RCE (Remote Code Execution) C. CSRF (Cross-Site Request Forgery) D. SSRF (Server-Side Request Forgery) E. DoS (Denial of Service)

B. RCE (Remote Code Execution)

Scenario: Attackers used a flaw in Perl's implementation of hashes (dicts) to make access to data O(2^n) and webservers use up all CPU. Which vulnerability is present in the scenario given? A. XSS (Cross-Site Scripting) B. RCE (Remote Code Execution) C. CSRF (Cross-Site Request Forgery) D. SSRF (Server-Side Request Forgery) E. DoS (Denial of Service)

E. DoS (Denial of Service)

Scenario: Attacker modifies a legitimate cookie to indicate authorized access to paid content they haven't paid for. Which vulnerability is present in the scenario given? A. XSS (Cross-Site Scripting) B. RCE (Remote Code Execution) C. CSRF (Cross-Site Request Forgery) D. SSRF (Server-Side Request Forgery) E. DoS (Denial of Service)

C. CSRF (Cross-Site Request Forgery)

Changing program arguments (exec, system, subprocess, ...) with variables can lead to... A. Server-side CSRF B. Client-side CSRF C. Path traversal D. SQL Injection E. RCE by Shell Injection F. DoS (Denial of Service)

E. RCE by Shell Injection

Allowing very large uploads can lead to... A. Server-side CSRF B. Client-side CSRF C. Path traversal D. SQL Injection E. RCE by Shell Injection F. DoS (Denial of Service)

F. DoS (Denial of Service)

Poorly written in-browser JS code can lead to... A. Server-side CSRF B. Client-side CSRF C. Path traversal D. SQL Injection E. RCE by Shell Injection F. DoS (Denial of Service)

B. Client-side CSRF

Not filtering and validating the path component of a URL can lead to... A. Server-side CSRF B. Client-side CSRF C. Path traversal D. SQL Injection E. RCE by Shell Injection F. DoS (Denial of Service)

C. Path traversal

Using templates to form database queries can lead to... A. Server-side CSRF B. Client-side CSRF C. Path traversal D. SQL Injection E. RCE by Shell Injection F. DoS (Denial of Service)

D. SQL Injection

Stolen cookies may lead to... A. Server-side CSRF B. Client-side CSRF C. Path traversal D. SQL Injection E. RCE by Shell Injection F. DoS (Denial of Service)

A. Server-side CSRF

When dealing with a human that needs to log in we should respond with a... A. 100 Continue B. 200 OK C. 303 See Other D. 401 Unauthorized E. 514 Login Required

C. 303 See Other

When dealing with a machine that needs to log in, we should respond with a... A. 100 Continue B. 200 OK C. 303 See Other D. 401 Unauthorized E. 514 Login Required

D. 401 Unauthorized

When responding to a POST request from a browser (not AJAX), we should respond with a... A. 100 Continue B. 200 OK C. 303 See Other D. 401 Unauthorized E. 514 Login Required

C. 303 See Other

When responding to a POST request from a script (not AJAX), we should respond with a... A. 100 Continue B. 200 OK C. 303 See Other D. 401 Unauthorized E. 514 Login Required

B. 200 OK

What protocol does TLS work inside of (on top of)? A. Ethernet B. IP C. TCP/UDP D. HTTP(S) E. HTML

C. TCP/UDP

What protocol goes inside of (on top of) TLS? A. Ethernet B. IP C. TCP/UDP D. HTTP(S) E. HTML

D. HTTP(S)

What is the current version of TLS? A. SSL B. TLS 1.0 C. TLS 1.1 D. TLS 1.2 E. TLS 1.3 F. TLS 1.4

E. TLS 1.3

When someone says "encryption", they are usually referring to providing... A. Identity B. Privacy C. Authenticity

B. Privacy

Which core principle of TLS does ensuring messages aren't repeated correspond with? A. Identity B. Privacy C. Authenticity

C. Authenticity

Which core principle of TLS does ensuring you're actually talking to who you think you're taking to correspond with? A. Identity B. Privacy C. Authenticity

A. Identity

A certificate is checked by the... A. Government B. Certificate Authority C. User Agent D. HTTP Server E. DNS Server F. Router

C. User Agent

A certificate is signed by the... A. Government B. Certificate Authority C. User Agent D. HTTP Server E. DNS Server F. Router

B. Certificate Authority

A signature is verified by combining it with the ___________ and _____________? (select two answers) A. Private Key B. Public Key C. Contents of the thing that was signed D. TLS protocol E. IP Address F. Certificate Authority

B. Public Key C. Contents of the thing that was signed

What is the most crucial part of the text of a signed certificate, apart from the signature? A. IP Address B. Ethernet Address C. Server version D. HTTP vs HTTPS E. Domain Name

E. Domain Name

How do you get the Certificate Authority's public key? A. DNS B. Browser/OS C. TCP/UDP D. HTTP E. Ethernet F. IP

B. Browser/OS

When should you optimize? A. never B. continuously C. early development D. late development E. between iterations F. when you have a performance problem

F. when you have a performance problem

When does ETag change? A. when content changes B. when there is a new request to the original server C. when there is a new request to a reverse proxy D. never

A. when content changes

When does Expires change? A. when content changes B. when there is a new request to the original server C. when there is a new request to a reverse proxy D. never

B. when there is a new request to the original server

When does Last-Modified change? A. when content changes B. when there is a new request to the original server C. when there is a new request to a reverse proxy D. never

A. when content changes

When does Age change? A. when content changes B. when there is a new request to the original server C. when there is a new request to a reverse proxy D. never

C. when there is a new request to a reverse proxy

ETag works with which request header for caching? A. If-None-Match B. If-Match C. If-Modified-Since

A. If-None-Match

Caching increases... A. Locality B. Round trips C. Latency D. Download size

A. Locality

Static content (content that never changes) should use what header? A. Expires: 60 B. Authorization: Basic ... C. Cache-Control: max-age=60 D. Cache-Control: public

D. Cache-Control: public

What is cache-busting? A. using ETag headers B. using http HEAD method C. putting a version # in the file name D. using Authorization header

C. putting a version # in the file name

DNS CNAME is similar to... A. HTTP 1xx B. HTTP 2xx C. HTTP 3xx D. HTTP 4xx E. HTTP 5xx

C. HTTP 3xx

Asynchronous loading helps reduce... A. Download size B. Bandwidth C. # of Requests D. Concurrency E. Round Trips F. Locality

E. Round Trips

Asynchronous loading loads things... A. one after the other B. slowly C. in parallel

C. in parallel

Which one has the best compression? A. GIF B. WebP C. AVIF D. JPEG

C. AVIF

What does the

B. groups multiple sources for the same image

What is the worst HTTP method for performance? A. GET B. HEAD C. POST D. PUT E. DELETE F. PATCH

C. POST

What is the best HTTP method for performance? A. GET B. HEAD C. POST D. PUT E. DELETE F. PATCH

B. HEAD

Which came first? A. Multiple script tags B. CommonJS C. ES Modules

A. Multiple script tags

Which came second? A. Multiple script tags B. CommonJS C. ES Modules

B. CommonJS

Which of the following is used in the browser? A. Multiple script tags B. CommonJS C. ES Modules

A. Multiple script tags C. ES Modules

Which is used mostly for Node servers? A. Multiple script tags B. CommonJS C. ES Modules

B. CommonJS

Which has the best async support? A. Multiple script tags B. CommonJS C. ES Modules

C. ES Modules

Websockets communications come in big units called... A. messages B. packets C. frames

A. messages

Messages are broken into smaller units called... A. messages B. packets C. frames

C. frames

Websocket frames can send... A. binary B. text C. binary or text

C. binary or text

Text frames are encoded with... A. UTF-8 B. ISO 8859-1 C. CP 457

A. UTF-8

Why do websockets scramble the data sent over? A. to slow down the connection B. to make sure the data stays correct C. authentication D. avoid confusing old proxies and servers

D. avoid confusing old proxies and servers

True/False: Multiple websocket messages can be transferred at once

True

Which side must initially connect the websocket? A. Client B. Server C. Proxy

A. Client

Full duplex means... A. there's two ends in a communication B. each connection is split into priority and normal traffic C. both sides can talk at the same time

C. both sides can talk at the same time

Which of these is NOT full duplex? A. TCP B. UDP C. QUIC D. HTTP 1 E. HTTP 2 & 3 F. Websockets

D. HTTP 1

Brainscape's Knowledge GenomeTM

Menti Review Questions Flashcards

Brainscape's Knowledge Genome^TM