SE3316 Final Flashcards
1
Q
T/F: server side scripting files contain both direct html code and code blocks
A
true
2
Q
Which server-side-scripting language is most widespread?
A
PHP
3
Q
Which server-side-scripting language is used in large enterprise applications?
A
JSP
4
Q
Which server-side-scripting language is the new hotness?
A
Node.js…
5
Q
ASP.Net can use which .Net language?
A
Any .Net language
6
Q
How many Apache helicopters does an Apache server need to serve in order for the ancestral land claims of the Apache tribe to be fulfilled?
A
3 + 820 milliseconds
7
Q
Django runs on Which server-side-scripting language?
A
Python
8
Q
Which server-side-scripting language is an MVC web application framework?
A
Ruby on Rails
9
Q
What is a LAMP stack?
A
Linux, Apache, MySQL, PHP
10
Q
What is the difference between LAPP stack and LAMP stack?
A
Lapp uses PostgreSQL instead of MySQL
11
Q
What is the Ruby stack?
A
Ruby, ruby-on-rails, Apache, MySQL
12
Q
What is the Django stack?
A
Python, Django, Apache, MySQL
13
Q
Which server-side-scripting language used VBScript?
A
ASP
14
Q
What are the responsibilities of a scripting engine?
A
- run script code
- manage database connections
- manage cookies and state
- upload and manage files
15
Q
Which of the following was not mentioned in this course?
SAX, DOM, MEAN, LAPP, LAMP, DMCA, MSXML, COM, MVC, WIPO, WAI, VB, ASP, XML, JAXB, XMLS, DTD, XAct, EFF, SSL, WCT, PGP, IPSec, FOSI, openSSL, DOS, YMYD, PHP, JSP, SOC, URI, HTML, OSP, ISP, CSS, XDuce, JSON, XSLT, W3C, XHTML, XSL-FO, JDOM, API, STX
A
YMYD (Your Mum’s Your Dad)
16
Q
What are HTTP/2’s features?
A
Binary Protocol, One TCP connection multiple streams, Header compression,
Server push
17
Q
Security Services can provide?
A
Confidentiality, Integrity, Authenticity, non-repudiation (sender/receiver cannot deny sending/receiving)
& Protection from DOS attacks
18
Q
SSL/TLS can provide
A
Confidentiality, Integrity, and Authenticity
19
Q
What cryptography does SSL and TLS use
A
public-key cryptography (public + private keys)
20
Q
Can rogue Egyptians frig with certificates issuance?
A
Y E S
21
Q
What is URI?
A
Unifrom Resource Identifier
22
Q
What are some Software Stacks for Web apps
A
LAMP (Linux, Apache, MySQL, PHP), MEAN (MongoDB, Expres, Angular, Node),
Ruby, Django
23
Q
Define AJAX
A
Asynchronous JavaScript and XML
24
Q
What an HTML validator return?
A
Syntax errors
25
what is the format for a code point?
U+XXXX (4 digit hex)
26
Is a code unit fixed or variable length?
fixed
27
In UTF-8, how many code units make up one code point?
1-4
28
In UTF-8, how many bytes is 1 code unit?
1
29
Is javascript a class based or prototype based language?
prototype based
30
What is the definition of a prototype based language?
– All objects can inherit from another object
| – Construct object hierarchy by assigning an object as the prototype
31
What are the advantages of client-side scripting?
–Does not have to refresh the page with every request
–More interactive, responds to user faster
–Can give developers more control over look and feel
32
What are the disadvantages of client-side scripting?
–Not all browsers will support
– different browsers will interpret differently
– more development time may be required
33
Advantages of server–side scripting?
–Can create one template for the entire site
– Can use content management system, makes editing simpler
– Scripts are hidden from view, so is more secure
– No need to download plugins
34
Disadvantages of server–side scripting
–scripts and content management may require databases to store dynamic data
– will take longer to fulfill user requests
– user experience is less interactive/immersive
35
What is AJAX?
Asynchronous Javascript and XML – allows JavaScript to communicate with server without reloading page
36
Is Jquery a library or a framework?
library
37
How can info be displayed to someone without JavaScript?
using the noscript tag
38
In JS, a variable declared inside a block is accessible where?
Only inside the block
39
What is variable hoisting?
The act of moving a declared variable to the top of its block
40
Will a variable initialization be hoisted?
No, only the declaration
41
What happens if a variable created with the let keyword is accessed before declaration?
Throws an error
42
What happens if a variable declared with the var keyword is accessed before declaration?
The variable will return undefined, will not throw an error
43
Will this function declaration
function x(int y){...}
be hoisted?
yes
44
Will this initialization be hoisted?
var answer = x(int y){...}
be hoisted?
No – variable assignment is not hoisted (but the declaration will be)
45
What are the types of Nodes in the DOM?
Text, element, attribute
46
What are nodes who have the same parent node called?
siblings
47
How are events captued in JS?
With an event listener
48
Is HTTP a stateless protocol?
yes
49
What is a private address space?
Not visible outside of LAN
50
Is GET a safe method?
yes
51
Is POST idempotent?
no
52
Is TRACE a safe method?
yes
53
Is GET idempotent?
yes
54
What does TLS stand for?
Transport Layer Security
55
What security services do SSL and TLS offer?
Confidentiality, Integrity, Authentication
56
Name server side scripting languages
PHP (Personal Home Page), ASP (Active Server
Page), CFM (ColdFusion Mark up Language), JSP (Java Server Pages) Pearl, Python, Ruby on Rails
Server-side JavaScript (using Node.js)
57
What are some Software Stacks for Web apps
LAMP (Linux, Apache, MySQL, PHP), MEAN (MongoDB, Expres, Angular, Node),
Ruby, Django
58
What is required in an HTTP request?
Request line, header lines, body
59
What is required in an HTTP response message?
Status line, header lines, body
60
What does a 200-level HTTP response mean?
success
61
What does a 500-level response mean?
Server-side error
62
What is a cookie?
A file stored on a domains server containing data about the client
63
What are the limitations of HTTP?
- Stateless: No session management
| - No built in security
64
What are the improvements of HTTP/2 over HTTP/1?
Binary Protocol
One TCP connection, multiple streams
Header compression
Server push
65
Are all Safe HTTP Methods also idempotent?
yes
66
Is HTTP digest good?
No... It uses MD5 hashing, which has been broken!
67
What is a 4xx Error?
Client Error
68
what is a 3xx error
Redirection
69
What are the cons of JavaScript Libraries?
Adds another dependency
| Maintenance & Quality Issues
70
What do Frameworks do that Libraries don't?
Provide a programming model as well as libraries
71
Give an example of a user without JavaScript
Web Crawler
Browser plug-n that interferes
Text-Based Client
Visually Disabled Client
72
How does TLS provide security
Through symmetry encryption, shared secret, Message Authentication Checking MAC and certificates
73
What are the 2 types of scope in JavaScript
Function scope (block scope), global scope
74
Define AJAX
Asynchronous JavaScript and XML
75
What are the responses/states of a promise in JavaScript?
Fulfilled or Rejected, Pending or Settled
76
What are the responsibilities of web servers?
- listen to incoming HTTP connections, respond to requests
- manage access to resources
- encrypt/decrypt and compress/decompress data
- manage multiple domains and URLs
- invoke scripting engines, send and receive data
77
What are the responsibilities of a scripting engine?
- run script code
- manage database connections
- manage cookies and state
- upload and manage files
78
What are the pros and cons of web scripting?
Pro:
-allows integrating large databses and sophisticated processing
Cons:
-requires entire software suite to be written in the scripting language
-interfacing w/ existing enterprise software can be difficult
79
How is interactivity typically achieved in web applications?
By sending "form data" through HTTP put or post methods
80
T/F: Web content for machines deals with presentation
No it does not
81
Form based web apps can have sluggish interfaces due to network latencies - what is the solution?
client-side scripting
82
What is required for a web service implementation?
Any web server + server-side scripting language
83
JSP with Tomcat server setup is designed for Web Service Standards (WS-*)
No - it is designed for Java
Apache Axis2 with Java/C interfaces is designed for WS-*
84
T/F: ReST is a standard?
False, only a pattern
85
What is the difference between PUT /parts/042 ad POST /parts/042
PUT should completely replace the existing representation, POST can update it
86
T/F: HTTP server with Node.js uses IBM v6 Javascript engine to run javascript on server side
False: it uses the Google v8 engine
87
T/F: HTTP server with Node.js is faster than Apache
True
88
How does Node.js provide superior performance?
- Asynchronous, eventdriven framework suits the nature of the web
- Does not deal with per-file access control
- no barrier between web server and script engine
89
What middleware can be used to simplify routing in a ReST API with Node.js?
Express
90
What is the recommended approach to exchanging data asynchronously with AJAX?
Fetch API
91
What methods can be called on a promise object, and what do they do?
.then() - for when promise is fulfilled
| .catch() - for when promise is rejected
92
When is a promise pending?
When it has been neither fulfilled OR rejected
93
How many females will attend the software party on Dec 20?
RANDBETWEEN(0-4)
94
What language is Angular written in?
Typescript
95
In Angular, what are the possible data bindings with the DOM?
- One way: componentn -> DOM
- One way: DOM events -> component
- Two way: DOM <=> Model (using MVC pattern)
96
Describe Ember.js
- An "opinionated framework"
- easy to create apps, lots of support
- but resistance is futile
97
Describe React.js
- Developed by Zuckerborg
- High performance, simple
- It is a library, not a framework
98
Describe how to write an angular app, using templates, components, services, and modules
- Compose HTML templates with Angular markup
- write component classes to manage templates
- write application logic in service
- package components and services in modules
99
What a JavaScript decorator do?
It wraps an object/class with another "decorator" class/function
100
What are the benefits of using a decorator?
- Allows dynamic modification
| - Allows common functionaility to be applied ot many classes
101
What is the difference between inhertiance and decorators?
inhertiance: compile-time
decorator: run-time
102
What is the benefit of single page applications?
Application is loaded by the client only once, allowing for fast response to user interactions
103
What issue is created when combining front-end frameworks (like Angular) and back-end APIs?
Both front-end and back-end require a server end-point, which leads to two servers running on different ports on the same host -> CORS issue
104
What are the two approaches to combining front-end and back-end?
1. One server (back-end) with a static route
| 2. Two servers with a proxy
105
What is XML?
Extensible Markup Language: a framework for defining markup languages
106
T/F: XML is inhertently ASCII
False: it is internationalized Unicode
107
T/F: In XML each language is targeted at its own application domain
true
108
Who developed XML?
W3C, standardized in 1998
109
T/F: Recipe Markup Languages follow a universally accepted way of naming, standardized by W3C
False: there is no universally accepted way of naming
110
What are the different types on node in XML trees?
text (leaf)
element (hierarchical groupings, has name)
attribute (has name, value)
comment (meta info)
processing instruction (has target, value)
root node
111
What is the syntax for a comment node in XML?
!-- mycomment --!
112
What is the syntax for a processing instruction XML?
?target value?
113
What is the syntax for an element node XML?
name (in braces)
114
What is the syntax for an attribute node XML?
< ... name="value" ... >
115
What are the requirments for a well-formed XML document?
- start and end tags must match and nest correctly
- one root element
- only 5 predefined entity references are used (amp, lt, gt, apos, quot)
116
What is the purpose of an XML parser?
Given a textual XML document, construct tree representation
117
What is a cross side scripting attack (XSS)
alert("An attack whereby an attacker injects unwanted elements into the DOM through inputs");
118
What is the motivation behind XML namespaces?
When combining languages, element names may become ambiguous
119
What does a namespace declaration achieve?
It binds a URI to a prefix
120
How is the default namespace (no prefix) declared?
xmlns="..."
121
T/F: Attribute names cannot be prefixed
False
122
XML uses lexical scope - what does that mean?
Lexical scope covers the containing element and all its descendants
123
What are some namespace best practices?
- rarely change prefixes
- choose URIs carefully (who controls it?)
- identify default namespace, even if not using namespaces
- make no assumptions about URI resolution
- Include all namespace declarations in the document (dont rely on schemas)
124
What is a schema language?
A notation for writing schemas
125
What is a schema language?
A notation for writing schemas
126
When a schema processor receives an instance document and its associated schema, what are the possible outputs?
1. If the doc is a syntactically correct recipe markup language document, it will create a normalized instance document
2. Else, send error message
127
What is XSL?
XML stylesheet language: defines presentation format for XML documents
128
What is XSLT?
XSL Transfrmations: defines transformation from one class of XML docs to another
129
What is XSLT?
XSL Transfrmations: defines transformation from one class of XML docs to another
130
What are the benefits of XSL?
1. decouples the presentation from data
| 2. Simplify the translation of data from one XMl format to another (XSLT)
131
T/F: XSL stylesheet must be explicitly associated with a DTD
False
132
T/F: There can be many different XSL stylesheets for the same document type
True: can have multiple presentations and/or multiple transformations
133
T/F: There can be many different XSL stylesheets for the same document type
True: can have multiple presentations and/or multiple transformations
134
What is a location path?
A sequence of nodes, sorted in document order
135
Can a location path contain duplicates?
No
136
What does a location step consist of?
axis :: nodetest [p1] [p2]
- an axis
- a nodetest
- some predicates (boolean expressions)
137
What does a location step consist of?
axis :: nodetest [p1] [p2]
- an axis
- a nodetest
- some predicates (boolean expressions)
138
When evaluation a location path, what does each step do?
A step maps a context node into a sequence. The path applies each step in turn
139
What is an axis in XPATH?
A sequence od nodes, evaluated relative to the context node
140
How many axes does XPath support?
12
141
What direction is the child axis?
Forwards
142
What direction is the self axis?
Forwards
143
What direction is the ancestor axis?
Backwards
144
Which axis is stable but depends on the implementation?
attribute
145
What is XML programming needed for?
- domain specific applications
- implementing new generic tools
- parsing XML docs -> trees
- navigating trees
- manipulating trees
- serializing XML trees -docs
146
T/F: The DOM is a language neutral API for manipulating XML
True
147
Approximately how many methods does the DOM specify?
~200
148
What is SAX?
Simple API for XML: a stream driven parser ofr XML documents
149
T/F: SAX provides a procedure based interface
False - SAX provides an event based interface
150
What are the event types in SAX?
text nodes
element nodes
processing instruction nodes
comment nodes
151
What is the motivation behind XML data binding?
Methods doc2vector and vector2doc are tedious to write
152
XML data binding provides tools to do what?
- map schemas to class declarations
| - automatically generate unmarshalling code, marshalling code, and validation code
153
What is streaming for XML documents?
View the XML doc as a stream of events -> the SAX tool observes these events, calls corresponding methods
154
T/F: SAX does not check forms to the same level as the W3C validator
False: SAX checks forms BEYOND W3C validator:
- all input tags inside form tags
- all form tags have distinct names
- form tags are not nested
155
What is OWL?
Web Ontology Language: defines a relationship between vocabularies
156
What is RDF?
Resource description framework: a language for representing metadata about web resources.
Provides a common framework so metadata can be exchanged between apps without loss of meaning
157
What are the benefits of RDF?
- app designers can leverage common RDF parsers and processing tools
- information can be made available to applications other than those for which it was riginally created
158
What are the components of a RDP triple?
- Subject (resource)
- property (predicate)
- property value (object)
159
How is a property represented in an RDF graph?
By an arc (connection) between a subject and object
160
How can an RDF graph be converted into a serializable format?
By breaking the graph into several tree structures
161
How are RDF properties identified?
With a property URI
162
T/F: The RDF parser concatenates the base URI from the prefix, and the proprty name
True
163
How many terms does DC vocabulary contain?
15
164
Whate are DC, FOAF, DOAP, and RSS examples of?
RDF vocabularies
- dublin core
- friend of a friend
- description of a project
- RDF site summary
165
What is the most popular RDF application?
RSS
166
What are the advantages of RDF?
- strictly specified
- graph model is conceptually simple
- number of implementations
- decentralized (anyone can create vocabulary, publish data about resources)
167
What are the disadvantages of RDF?
- RDF/XML is verbose, tedious to write
| - programming interfaces require knowledge of triples, URIs, low-level details
168
What is RDFa?
RDF in attributes: it is a set of attribute-level extensions to XHTML
-it is similar to microdata, and is a mechanism that can encode schema.org
169
What are the benefits of RDFa?
- publisher independence
- data reuse
- self containment
- schema modularity
- evolvability
170
What is RDFa lite?
A minimal subset of RDFa, designed to fill the needs of 80% of RDF authors
171
What are the 5 attributes of RDFa lite?
```
vocab
typeof
property
resource
prefix
```
172
What is microformat?
A vocabulary AND markup syntax
173
What is microdata?
A markup syntax
- similar to RDFa lite
- geared towards search engines (developed by Google, MS and Yahoo)
174
What is OpenGraph?
A vocabulary
- markup syntax based on RDFa
- 4 required, 7 optional properties
- Facebook
175
What is schema.org?
A vocabulary
- syntax is based on microdata, maps well to RDFa
- developed by Google, yahho, MS
176
What are some of the differences between microformat and schema.org?
- microformat is a vocabulary and a syntax, schema.org is just a vocabulary
- a microformat has 1 or more required properties, schem.org has none
- an individual microformat is a standalone schema, while schema.org can inherit from a parent
- microformat relies only on the use of prescribed HTML, schema.org can use other mechanisms (like JSON-LD)
177
Which is more widely used, RDF or OWL?
RDF
178
T/F: A schema.org property cannot be another item
False, a porperty can be another "embedded" item
179
What is JSON-LD?
A JSON based format to exchange data as an alternate to using markup attributes in HTML
180
Which HTTP verbs are safe?
GET
HEAD
OPTIONS
TRACE
181
Which HTTP verbs are not idempotent?
POST
| PATCH
182
What is a 401 error?
unauthorized
183
What is a 503 error?
Service unavailable
184
T/F: HTTP request line and status line must be encoded in Unicode
False: must be encoded in US-ASCII
185
T/F: HTTP Basic Authentication is acceptable even without the use of SSL
False: only acceptable when used with HTTP over SSL (HTTPS)
186
What security services does SSL/TLS not provie?
- non repudiation
| - protection against denial of service
187
How does TLS provide integrity?
- each message includes a message integrity check
| - used a message authentication code (MAC)
188
How does TLS provide confidentiality?
- symmetric encryption
| - server and client negotiate encryption algorithm, crytographic keys, shared secret
189
How does TLS provide authentication?
-uses digital certificates using public-key cryptography
190
T/F: Only W3C registered bodies can issue a digital certificate
False: ayone can issue a certificate
191
In the context of digital security, what does non-repudiation mean?
- a service that provides proof of the integrity and origin of data
- an authentication that can be asserted to be genuine with high assurance
192
Information privacy includes what claims?
- claim that certain information should not be collected at all
- claim of individuals to control the use of whatever info is collected about them
193
What is the EFF?
Electronic frontier foundation, which aims for protecting privacy and civil liberties
194
What is selectable output control (SOC)?
A content protection technology that enables a cable company to disable lower quality and non-secure output encodings
https://en.wikipedia.org/wiki/Selectable_Output_Control
195
What does title II (Online copyright infringement liability limitation act) of the DMCA enact?
Title II limits the liability of online service providers for copyright infringement
196
What are the two general requirements for OSP eligibility?
- must adopt and implement policy of terminating accounts of repeat infringers
- must accomodate and not interfere with "standard technical measures"
197
Following a counter-notice for a DMCA claim, how many days does a claimant have to take legal action before material can be reinstated?
14
198
What is the philosophical difference between DMCA and Canada's Notice and notice system?
DMCA: guilty until proven innocent
| Notice and notice: innocent until proven guilty
199
FOSI, SafeSurf, and RTALabels are all examples of what?
Tools for allowing children to safely use the internet
200
Why do you get cyberbullied?
Because you're just as much of a loser online as you are in real life
201
What is a symmetric cipher model?
- shared key
| - same decryption algorithm
202
What are the 3 block cipher modes?
ECB: electronic book mode
CBC: cipher block chaining mode
CTR- counter mode
203
Describe ECB
Each block is independent (128 bits), not good practice
204
Describe CBC
- XOR previous encryption block with current plaintext
| - common
205
Majority of attacks can be traced to what fault?
bad RNG
206
What is a public-key used for?
encrypt messages, verify signatures
207
What can a private key be used to do?
decrupt messages, sign signatures
208
T/F: Hash is a two way functon
false
209
Which Hash functions are not considered secure?
MD5, SHA1
