SE3316 Final

Question 1

T/F: server side scripting files contain both direct html code and code blocks

Answer 1

true

Question 2

Which server-side-scripting language is most widespread?

Answer 2

PHP

Question 3

Which server-side-scripting language is used in large enterprise applications?

Answer 3

JSP

Question 4

Which server-side-scripting language is the new hotness?

Answer 4

Node.js…

Question 5

ASP.Net can use which .Net language?

Answer 5

Any .Net language

Question 6

How many Apache helicopters does an Apache server need to serve in order for the ancestral land claims of the Apache tribe to be fulfilled?

Answer 6

3 + 820 milliseconds

Question 7

Django runs on Which server-side-scripting language?

Answer 7

Python

Question 8

Which server-side-scripting language is an MVC web application framework?

Answer 8

Ruby on Rails

Question 9

What is a LAMP stack?

Answer 9

Linux, Apache, MySQL, PHP

Question 10

What is the difference between LAPP stack and LAMP stack?

Answer 10

Lapp uses PostgreSQL instead of MySQL

Question 11

What is the Ruby stack?

Answer 11

Ruby, ruby-on-rails, Apache, MySQL

Question 12

What is the Django stack?

Answer 12

Python, Django, Apache, MySQL

Question 13

Which server-side-scripting language used VBScript?

Answer 13

ASP

Question 14

What are the responsibilities of a scripting engine?

Answer 14

• run script code
• manage database connections
• manage cookies and state
• upload and manage files

Question 15

Which of the following was not mentioned in this course?

SAX, DOM, MEAN, LAPP, LAMP, DMCA, MSXML, COM, MVC, WIPO, WAI, VB, ASP, XML, JAXB, XMLS, DTD, XAct, EFF, SSL, WCT, PGP, IPSec, FOSI, openSSL, DOS, YMYD, PHP, JSP, SOC, URI, HTML, OSP, ISP, CSS, XDuce, JSON, XSLT, W3C, XHTML, XSL-FO, JDOM, API, STX

Answer 15

YMYD (Your Mum’s Your Dad)

Question 16

What are HTTP/2’s features?

Answer 16

Binary Protocol, One TCP connection multiple streams, Header compression,
Server push

Question 17

Security Services can provide?

Answer 17

Confidentiality, Integrity, Authenticity, non-repudiation (sender/receiver cannot deny sending/receiving)
& Protection from DOS attacks

Question 18

SSL/TLS can provide

Answer 18

Confidentiality, Integrity, and Authenticity

Question 19

What cryptography does SSL and TLS use

Answer 19

public-key cryptography (public + private keys)

Question 20

Can rogue Egyptians frig with certificates issuance?

Answer 20

Y E S

Question 21

What is URI?

Answer 21

Unifrom Resource Identifier

Question 22

What are some Software Stacks for Web apps

Answer 22

LAMP (Linux, Apache, MySQL, PHP), MEAN (MongoDB, Expres, Angular, Node),
Ruby, Django

Question 23

Define AJAX

Answer 23

Asynchronous JavaScript and XML

Question 24

What an HTML validator return?

Answer 24

Syntax errors

Question 25

what is the format for a code point?

Answer 25

U+XXXX (4 digit hex)

Question 26

Is a code unit fixed or variable length?

Answer 26

fixed

Question 27

In UTF-8, how many code units make up one code point?

Answer 27

1-4

Question 28

In UTF-8, how many bytes is 1 code unit?

Answer 28

1

Question 29

Is javascript a class based or prototype based language?

Answer 29

prototype based

Question 30

What is the definition of a prototype based language?

Answer 30

– All objects can inherit from another object

– Construct object hierarchy by assigning an object as the prototype

Question 31

What are the advantages of client-side scripting?

Answer 31

–Does not have to refresh the page with every request
–More interactive, responds to user faster
–Can give developers more control over look and feel

Question 32

What are the disadvantages of client-side scripting?

Answer 32

–Not all browsers will support
– different browsers will interpret differently
– more development time may be required

Question 33

Advantages of server–side scripting?

Answer 33

–Can create one template for the entire site
– Can use content management system, makes editing simpler
– Scripts are hidden from view, so is more secure
– No need to download plugins

Question 34

Disadvantages of server–side scripting

Answer 34

–scripts and content management may require databases to store dynamic data
– will take longer to fulfill user requests
– user experience is less interactive/immersive

Question 35

What is AJAX?

Answer 35

Asynchronous Javascript and XML – allows JavaScript to communicate with server without reloading page

Question 36

Is Jquery a library or a framework?

Answer 36

library

Question 37

How can info be displayed to someone without JavaScript?

Answer 37

using the noscript tag

Question 38

In JS, a variable declared inside a block is accessible where?

Answer 38

Only inside the block

Question 39

What is variable hoisting?

Answer 39

The act of moving a declared variable to the top of its block

Question 40

Will a variable initialization be hoisted?

Answer 40

No, only the declaration

Question 41

What happens if a variable created with the let keyword is accessed before declaration?

Answer 41

Throws an error

Question 42

What happens if a variable declared with the var keyword is accessed before declaration?

Answer 42

The variable will return undefined, will not throw an error

Question 43

Will this function declaration

function x(int y){…}

be hoisted?

Answer 43

yes

Question 44

Will this initialization be hoisted?

var answer = x(int y){…}

be hoisted?

Answer 44

No – variable assignment is not hoisted (but the declaration will be)

Question 45

What are the types of Nodes in the DOM?

Answer 45

Text, element, attribute

Question 46

What are nodes who have the same parent node called?

Answer 46

siblings

Question 47

How are events captued in JS?

Answer 47

With an event listener

Question 48

Is HTTP a stateless protocol?

Answer 48

yes

Question 49

What is a private address space?

Answer 49

Not visible outside of LAN

Question 50

Is GET a safe method?

Answer 50

yes

Question 51

Is POST idempotent?

Answer 51

no

Question 52

Is TRACE a safe method?

Answer 52

yes

Question 53

Is GET idempotent?

Answer 53

yes

Question 54

What does TLS stand for?

Answer 54

Transport Layer Security

Question 55

What security services do SSL and TLS offer?

Answer 55

Confidentiality, Integrity, Authentication

Question 56

Name server side scripting languages

Answer 56

 PHP (Personal Home Page), ASP (Active Server
Page), CFM (ColdFusion Mark up Language), JSP (Java Server Pages) Pearl, Python, Ruby on Rails
 Server-side JavaScript (using Node.js)

Question 57

What are some Software Stacks for Web apps

Answer 57

LAMP (Linux, Apache, MySQL, PHP), MEAN (MongoDB, Expres, Angular, Node),
Ruby, Django

Question 58

What is required in an HTTP request?

Answer 58

Request line, header lines, body

Question 59

What is required in an HTTP response message?

Answer 59

Status line, header lines, body

Question 60

What does a 200-level HTTP response mean?

Answer 60

success

Question 61

What does a 500-level response mean?

Answer 61

Server-side error

Question 62

What is a cookie?

Answer 62

A file stored on a domains server containing data about the client

Question 63

What are the limitations of HTTP?

Answer 63

• Stateless: No session management

- No built in security

Question 64

What are the improvements of HTTP/2 over HTTP/1?

Answer 64

Binary Protocol
One TCP connection, multiple streams
Header compression
Server push

Question 65

Are all Safe HTTP Methods also idempotent?

Answer 65

yes

Question 66

Is HTTP digest good?

Answer 66

No… It uses MD5 hashing, which has been broken!

Question 67

What is a 4xx Error?

Answer 67

Client Error

Question 68

what is a 3xx error

Answer 68

Redirection

Question 69

What are the cons of JavaScript Libraries?

Answer 69

Adds another dependency

Maintenance & Quality Issues

Question 70

What do Frameworks do that Libraries don’t?

Answer 70

Provide a programming model as well as libraries

Question 71

Give an example of a user without JavaScript

Answer 71

Web Crawler
Browser plug-n that interferes
Text-Based Client
Visually Disabled Client

Question 72

How does TLS provide security

Answer 72

Through symmetry encryption, shared secret, Message Authentication Checking MAC and certificates

Question 73

What are the 2 types of scope in JavaScript

Answer 73

Function scope (block scope), global scope

Question 74

Define AJAX

Answer 74

Asynchronous JavaScript and XML

Question 75

What are the responses/states of a promise in JavaScript?

Answer 75

Fulfilled or Rejected, Pending or Settled

Question 76

What are the responsibilities of web servers?

Answer 76

• listen to incoming HTTP connections, respond to requests
• manage access to resources
• encrypt/decrypt and compress/decompress data
• manage multiple domains and URLs
• invoke scripting engines, send and receive data

Question 77

What are the responsibilities of a scripting engine?

Answer 77

• run script code
• manage database connections
• manage cookies and state
• upload and manage files

Question 78

What are the pros and cons of web scripting?

Answer 78

Pro:
-allows integrating large databses and sophisticated processing
Cons:
-requires entire software suite to be written in the scripting language
-interfacing w/ existing enterprise software can be difficult

Question 79

How is interactivity typically achieved in web applications?

Answer 79

By sending “form data” through HTTP put or post methods

Question 80

T/F: Web content for machines deals with presentation

Answer 80

No it does not

Question 81

Form based web apps can have sluggish interfaces due to network latencies - what is the solution?

Answer 81

client-side scripting

Question 82

What is required for a web service implementation?

Answer 82

Any web server + server-side scripting language

Question 83

JSP with Tomcat server setup is designed for Web Service Standards (WS-*)

Answer 83

No - it is designed for Java

Apache Axis2 with Java/C interfaces is designed for WS-*

Question 84

T/F: ReST is a standard?

Answer 84

False, only a pattern

Question 85

What is the difference between PUT /parts/042 ad POST /parts/042

Answer 85

PUT should completely replace the existing representation, POST can update it

Question 86

T/F: HTTP server with Node.js uses IBM v6 Javascript engine to run javascript on server side

Answer 86

False: it uses the Google v8 engine

Question 87

T/F: HTTP server with Node.js is faster than Apache

Answer 87

True

Question 88

How does Node.js provide superior performance?

Answer 88

• Asynchronous, eventdriven framework suits the nature of the web
• Does not deal with per-file access control
• no barrier between web server and script engine

Question 89

What middleware can be used to simplify routing in a ReST API with Node.js?

Answer 89

Express

Question 90

What is the recommended approach to exchanging data asynchronously with AJAX?

Answer 90

Fetch API

Question 91

What methods can be called on a promise object, and what do they do?

Answer 91

.then() - for when promise is fulfilled

.catch() - for when promise is rejected

Question 92

When is a promise pending?

Answer 92

When it has been neither fulfilled OR rejected

Question 93

How many females will attend the software party on Dec 20?

Answer 93

RANDBETWEEN(0-4)

Question 94

What language is Angular written in?

Answer 94

Typescript

Question 95

In Angular, what are the possible data bindings with the DOM?

Answer 95

• One way: componentn -> DOM
• One way: DOM events -> component
• Two way: DOM <=> Model (using MVC pattern)

Question 96

Describe Ember.js

Answer 96

• An “opinionated framework”
• easy to create apps, lots of support
• but resistance is futile

Question 97

Describe React.js

Answer 97

• Developed by Zuckerborg
• High performance, simple
• It is a library, not a framework

Question 98

Describe how to write an angular app, using templates, components, services, and modules

Answer 98

• Compose HTML templates with Angular markup
• write component classes to manage templates
• write application logic in service
• package components and services in modules

Question 99

What a JavaScript decorator do?

Answer 99

It wraps an object/class with another “decorator” class/function

Question 100

What are the benefits of using a decorator?

Answer 100

• Allows dynamic modification

- Allows common functionaility to be applied ot many classes

Question 101

What is the difference between inhertiance and decorators?

Answer 101

inhertiance: compile-time
decorator: run-time

Question 102

What is the benefit of single page applications?

Answer 102

Application is loaded by the client only once, allowing for fast response to user interactions

Question 103

What issue is created when combining front-end frameworks (like Angular) and back-end APIs?

Answer 103

Both front-end and back-end require a server end-point, which leads to two servers running on different ports on the same host -> CORS issue

Question 104

What are the two approaches to combining front-end and back-end?

Answer 104

1. One server (back-end) with a static route

2. Two servers with a proxy

Question 105

What is XML?

Answer 105

Extensible Markup Language: a framework for defining markup languages

Question 106

T/F: XML is inhertently ASCII

Answer 106

False: it is internationalized Unicode

Question 107

T/F: In XML each language is targeted at its own application domain

Answer 107

true

Question 108

Who developed XML?

Answer 108

W3C, standardized in 1998

Question 109

T/F: Recipe Markup Languages follow a universally accepted way of naming, standardized by W3C

Answer 109

False: there is no universally accepted way of naming

Question 110

What are the different types on node in XML trees?

Answer 110

text (leaf)
element (hierarchical groupings, has name)
attribute (has name, value)
comment (meta info)
processing instruction (has target, value)
root node

Question 111

What is the syntax for a comment node in XML?

Answer 111

!– mycomment –!

Question 112

What is the syntax for a processing instruction XML?

Answer 112

?target value?

Question 113

What is the syntax for an element node XML?

Answer 113

name (in braces)

Question 114

What is the syntax for an attribute node XML?

Answer 114

< … name=”value” … >

Question 115

What are the requirments for a well-formed XML document?

Answer 115

• start and end tags must match and nest correctly
• one root element
• only 5 predefined entity references are used (amp, lt, gt, apos, quot)

Question 116

What is the purpose of an XML parser?

Answer 116

Given a textual XML document, construct tree representation

Question 117

What is a cross side scripting attack (XSS)

Answer 117

alert(“An attack whereby an attacker injects unwanted elements into the DOM through inputs”);

Question 118

What is the motivation behind XML namespaces?

Answer 118

When combining languages, element names may become ambiguous

Question 119

What does a namespace declaration achieve?

Answer 119

It binds a URI to a prefix

Question 120

How is the default namespace (no prefix) declared?

Answer 120

xmlns=”…”

Question 121

T/F: Attribute names cannot be prefixed

Answer 121

False

Question 122

XML uses lexical scope - what does that mean?

Answer 122

Lexical scope covers the containing element and all its descendants

Question 123

What are some namespace best practices?

Answer 123

• rarely change prefixes
• choose URIs carefully (who controls it?)
• identify default namespace, even if not using namespaces
• make no assumptions about URI resolution
• Include all namespace declarations in the document (dont rely on schemas)

Question 124

What is a schema language?

Answer 124

A notation for writing schemas

Question 125

What is a schema language?

Answer 125

A notation for writing schemas

Question 126

When a schema processor receives an instance document and its associated schema, what are the possible outputs?

Answer 126

1. If the doc is a syntactically correct recipe markup language document, it will create a normalized instance document
2. Else, send error message

Question 127

What is XSL?

Answer 127

XML stylesheet language: defines presentation format for XML documents

Question 128

What is XSLT?

Answer 128

XSL Transfrmations: defines transformation from one class of XML docs to another

Question 129

What is XSLT?

Answer 129

XSL Transfrmations: defines transformation from one class of XML docs to another

Question 130

What are the benefits of XSL?

Answer 130

1. decouples the presentation from data

2. Simplify the translation of data from one XMl format to another (XSLT)

Question 131

T/F: XSL stylesheet must be explicitly associated with a DTD

Answer 131

False

Question 132

T/F: There can be many different XSL stylesheets for the same document type

Answer 132

True: can have multiple presentations and/or multiple transformations

Question 133

T/F: There can be many different XSL stylesheets for the same document type

Answer 133

True: can have multiple presentations and/or multiple transformations

Question 134

What is a location path?

Answer 134

A sequence of nodes, sorted in document order

Question 135

Can a location path contain duplicates?

Answer 135

No

Question 136

What does a location step consist of?

Answer 136

axis :: nodetest [p1] [p2]

• an axis
• a nodetest
• some predicates (boolean expressions)

Question 137

What does a location step consist of?

Answer 137

axis :: nodetest [p1] [p2]

• an axis
• a nodetest
• some predicates (boolean expressions)

Question 138

When evaluation a location path, what does each step do?

Answer 138

A step maps a context node into a sequence. The path applies each step in turn

Question 139

What is an axis in XPATH?

Answer 139

A sequence od nodes, evaluated relative to the context node

Question 140

How many axes does XPath support?

Answer 140

12

Question 141

What direction is the child axis?

Answer 141

Forwards

Question 142

What direction is the self axis?

Answer 142

Forwards

Question 143

What direction is the ancestor axis?

Answer 143

Backwards

Question 144

Which axis is stable but depends on the implementation?

Answer 144

attribute

Question 145

What is XML programming needed for?

Answer 145

• domain specific applications
• implementing new generic tools
• parsing XML docs -> trees
• navigating trees
• manipulating trees
• serializing XML trees -docs

Question 146

T/F: The DOM is a language neutral API for manipulating XML

Answer 146

True

Question 147

Approximately how many methods does the DOM specify?

Answer 147

~200

Question 148

What is SAX?

Answer 148

Simple API for XML: a stream driven parser ofr XML documents

Question 149

T/F: SAX provides a procedure based interface

Answer 149

False - SAX provides an event based interface

Question 150

What are the event types in SAX?

Answer 150

text nodes
element nodes
processing instruction nodes
comment nodes

Question 151

What is the motivation behind XML data binding?

Answer 151

Methods doc2vector and vector2doc are tedious to write

Question 152

XML data binding provides tools to do what?

Answer 152

• map schemas to class declarations

- automatically generate unmarshalling code, marshalling code, and validation code

Question 153

What is streaming for XML documents?

Answer 153

View the XML doc as a stream of events -> the SAX tool observes these events, calls corresponding methods

Question 154

T/F: SAX does not check forms to the same level as the W3C validator

Answer 154

False: SAX checks forms BEYOND W3C validator:

• all input tags inside form tags
• all form tags have distinct names
• form tags are not nested

Question 155

What is OWL?

Answer 155

Web Ontology Language: defines a relationship between vocabularies

Question 156

What is RDF?

Answer 156

Resource description framework: a language for representing metadata about web resources.
Provides a common framework so metadata can be exchanged between apps without loss of meaning

Question 157

What are the benefits of RDF?

Answer 157

• app designers can leverage common RDF parsers and processing tools
• information can be made available to applications other than those for which it was riginally created

Question 158

What are the components of a RDP triple?

Answer 158

• Subject (resource)
• property (predicate)
• property value (object)

Question 159

How is a property represented in an RDF graph?

Answer 159

By an arc (connection) between a subject and object

Question 160

How can an RDF graph be converted into a serializable format?

Answer 160

By breaking the graph into several tree structures

Question 161

How are RDF properties identified?

Answer 161

With a property URI

Question 162

T/F: The RDF parser concatenates the base URI from the prefix, and the proprty name

Answer 162

True

Question 163

How many terms does DC vocabulary contain?

Answer 163

15

Question 164

Whate are DC, FOAF, DOAP, and RSS examples of?

Answer 164

RDF vocabularies

• dublin core
• friend of a friend
• description of a project
• RDF site summary

Question 165

What is the most popular RDF application?

Answer 165

RSS

Question 166

What are the advantages of RDF?

Answer 166

• strictly specified
• graph model is conceptually simple
• number of implementations
• decentralized (anyone can create vocabulary, publish data about resources)

Question 167

What are the disadvantages of RDF?

Answer 167

• RDF/XML is verbose, tedious to write

- programming interfaces require knowledge of triples, URIs, low-level details

Question 168

What is RDFa?

Answer 168

RDF in attributes: it is a set of attribute-level extensions to XHTML
-it is similar to microdata, and is a mechanism that can encode schema.org

Question 169

What are the benefits of RDFa?

Answer 169

• publisher independence
• data reuse
• self containment
• schema modularity
• evolvability

Question 170

What is RDFa lite?

Answer 170

A minimal subset of RDFa, designed to fill the needs of 80% of RDF authors

Question 171

What are the 5 attributes of RDFa lite?

Answer 171

vocab
typeof
property
resource
prefix

Question 172

What is microformat?

Answer 172

A vocabulary AND markup syntax

Question 173

What is microdata?

Answer 173

A markup syntax

• similar to RDFa lite
• geared towards search engines (developed by Google, MS and Yahoo)

Question 174

What is OpenGraph?

Answer 174

A vocabulary

• markup syntax based on RDFa
• 4 required, 7 optional properties
• Facebook

Question 175

What is schema.org?

Answer 175

A vocabulary

• syntax is based on microdata, maps well to RDFa
• developed by Google, yahho, MS

Question 176

What are some of the differences between microformat and schema.org?

Answer 176

• microformat is a vocabulary and a syntax, schema.org is just a vocabulary
• a microformat has 1 or more required properties, schem.org has none
• an individual microformat is a standalone schema, while schema.org can inherit from a parent
• microformat relies only on the use of prescribed HTML, schema.org can use other mechanisms (like JSON-LD)

Question 177

Which is more widely used, RDF or OWL?

Answer 177

RDF

Question 178

T/F: A schema.org property cannot be another item

Answer 178

False, a porperty can be another “embedded” item

Question 179

What is JSON-LD?

Answer 179

A JSON based format to exchange data as an alternate to using markup attributes in HTML

Question 180

Which HTTP verbs are safe?

Answer 180

GET
HEAD
OPTIONS
TRACE

Question 181

Which HTTP verbs are not idempotent?

Answer 181

POST

PATCH

Question 182

What is a 401 error?

Answer 182

unauthorized

Question 183

What is a 503 error?

Answer 183

Service unavailable

Question 184

T/F: HTTP request line and status line must be encoded in Unicode

Answer 184

False: must be encoded in US-ASCII

Question 185

T/F: HTTP Basic Authentication is acceptable even without the use of SSL

Answer 185

False: only acceptable when used with HTTP over SSL (HTTPS)

Question 186

What security services does SSL/TLS not provie?

Answer 186

• non repudiation

- protection against denial of service

Question 187

How does TLS provide integrity?

Answer 187

• each message includes a message integrity check

- used a message authentication code (MAC)

Question 188

How does TLS provide confidentiality?

Answer 188

• symmetric encryption

- server and client negotiate encryption algorithm, crytographic keys, shared secret

Question 189

How does TLS provide authentication?

Answer 189

-uses digital certificates using public-key cryptography

Question 190

T/F: Only W3C registered bodies can issue a digital certificate

Answer 190

False: ayone can issue a certificate

Question 191

In the context of digital security, what does non-repudiation mean?

Answer 191

• a service that provides proof of the integrity and origin of data
• an authentication that can be asserted to be genuine with high assurance

Question 192

Information privacy includes what claims?

Answer 192

• claim that certain information should not be collected at all
• claim of individuals to control the use of whatever info is collected about them

Question 193

What is the EFF?

Answer 193

Electronic frontier foundation, which aims for protecting privacy and civil liberties

Question 194

What is selectable output control (SOC)?

Answer 194

A content protection technology that enables a cable company to disable lower quality and non-secure output encodings

https://en.wikipedia.org/wiki/Selectable_Output_Control

Question 195

What does title II (Online copyright infringement liability limitation act) of the DMCA enact?

Answer 195

Title II limits the liability of online service providers for copyright infringement

Question 196

What are the two general requirements for OSP eligibility?

Answer 196

• must adopt and implement policy of terminating accounts of repeat infringers
• must accomodate and not interfere with “standard technical measures”

Question 197

Following a counter-notice for a DMCA claim, how many days does a claimant have to take legal action before material can be reinstated?

Answer 197

14

Question 198

What is the philosophical difference between DMCA and Canada’s Notice and notice system?

Answer 198

DMCA: guilty until proven innocent

Notice and notice: innocent until proven guilty

Question 199

FOSI, SafeSurf, and RTALabels are all examples of what?

Answer 199

Tools for allowing children to safely use the internet

Question 200

Why do you get cyberbullied?

Answer 200

Because you’re just as much of a loser online as you are in real life

Question 201

What is a symmetric cipher model?

Answer 201

• shared key

- same decryption algorithm

Question 202

What are the 3 block cipher modes?

Answer 202

ECB: electronic book mode
CBC: cipher block chaining mode
CTR- counter mode

Question 203

Describe ECB

Answer 203

Each block is independent (128 bits), not good practice

Question 204

Describe CBC

Answer 204

• XOR previous encryption block with current plaintext

- common

Question 205

Majority of attacks can be traced to what fault?

Answer 205

bad RNG

Question 206

What is a public-key used for?

Answer 206

encrypt messages, verify signatures

Question 207

What can a private key be used to do?

Answer 207

decrupt messages, sign signatures

Question 208

T/F: Hash is a two way functon

Answer 208

false

Question 209

Which Hash functions are not considered secure?

Answer 209

MD5, SHA1