Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

JS170 > URLs > Flashcards

URLs Flashcards

1
Q

URL vs URI

A

a URI is “sequence of characters that identifies an abstract or physical resource”. URL is asubsetof URI that includes the network location of the resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the URL scheme?

A

When looking at URL Components, we described the component that prepends the colon and two forward slashes at the start of a URL as thescheme. The scheme describes the protocol family being used. (eg HTTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the required components of an HTTP request?

A

The HTTP method, path, & HTTP version are required and make up the request-line. TheHostheader is a required component since HTTP 1.1.The Host request header specifies the host and port number of the server to which the request is being sent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the required components of an HTTP response? What are the additional optional components?

A

status line with a status code is required. Headers and body are optional.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What determines whether a request should useGETorPOSTas its HTTP method?

A

GETrequests should only retrieve content from the server. POSTrequests involve changing values that are stored on the server. Most HTML forms that submit their values to the server will usePOST Search forms are a noticeable exception to this rule: they often useGETsince they are not changing any data on the server, only viewing it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the path portion of a URL represent in a modern server architecture?

A

In the early days of the Web, the path portion of a URL represented a physical file location on the Web server.

However, with modern server-side and client-side frameworks the path portion of the URL is used is determined by the application logic, and doesn’t necessarily bear any relationship to an underlying file structure on the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the URL components

A

URL components include thescheme,host(or hostname),port,path, andquery string.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are query strings?

A

Query stringsare used topass additional datato the server during an HTTP Request. They take the form ofname/value pairsseparated by an=sign. Multiple name/value pairs are separated by an&sign. The start of the query string is indicated by a?.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is URL encoding?

A

URL encodingis a technique wherebycertain charactersin a URL arereplaced with an ASCII code.
URL encoding is used if a character has no corresponding character in the ASCII set, is unsafe because it is used for encoding other characters, or is reserved for special use within the url.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What makes up an HTTP message exchange?

A

A single HTTP message exchange consists of aRequestand aResponse. The exchange generally takes place between aClientand aServer. The client sends a Request to the server and the server sends back a Response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What makes up an HTTP request?

A

AnHTTP Requestconsists of arequest line(method, HTTP version, path) headers (including host), and an optionalbody.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What makes up an HTTP response?

A

AnHTTP Responseconsists of astatus line, optionalheaders, and an optionalbody.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are HTTP status codes

A

Status codesare part of the status line in a Response. They indicate the status of the request. There are various categories of status code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does it mean that HTTP is stateless?

A

This means that each Request/ Response cycle is independent of Request and Responses that came before or those that come after.H

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can statefulness be simulated?

A

Statefulness can be simulatedthrough techniques which usesession IDs,cookies, andAJAX.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can we make HTTP more secure?

A

HTTP isinherently unsecure. Security can be increased by usingHTTPS, enforcingSame-origin policy, and using techniques to preventSession HijackingandCross-site Scripting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Why is HTTP not secure?

A

Hypertext Transfer Protocol (HTTP) is not secure because it sends data between web browsers and servers in plain text, which can be read by anyone with access to the network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the three important security services provided by TLS?

A

Encryption:a process of encoding a message so that it can only be read by those with an authorized means of decoding the message

Authentication:a process to verify the identity of a particular party in the message exchange

Integrity:a process to detect whether a message has been interfered with or faked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Do you need to provide all the services provided by TLS when using it?

A

While not mandated, all three services are generally used together to provide the most secure connection possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How does TLS set up a secure channel?

A

using a TLS handshake

21
Q

How does the TLS handshake work?

A
  1. The TLS Handshake begins with aClientHello. It contains a list of cipher suits and TLS protocol versions the client can use.
  2. On receiving theClientHellomessage, the server sends aServerHello, which sets the protocol version and Cipher Suite As part of this message the server also sends its certificate (which contains its public key), and aServerHelloDone.
  3. Once the client has received theServerHelloDonemarker, it will initiate the key exchange process.
  4. The server also sends a message withChangeCipherSpecandFinishedflags. The client and server can now begin secure communication using the symmetric key.
22
Q

What is symmetric key encryption

A

Symmetric Key Encryption: a system whereby sender and receiver share a common encryption key used to encrypt and decrypt messages.

23
Q

What is asymmetric key encryption?

A

Asymmetric Key Encryption: a system which uses apairof keys: apublickey, and aprivatekey.The keys in the pair are non-identical: the public key is used to encrypt and the private key to decrypt.

24
Q

The TLS handshake is used to:…

A
  • Agree which version of TLS to be used in establishing a secure connection.
  • Agree on the various algorithms that will be included in the cipher suite.
  • Enable the exchange of symmetric keys that will be used for message encryption.
25
Q

What is a cipher suite?

A

TLS uses different ciphers for different aspects of establishing and maintaining a secure connection. The algorithms for performing each of these tasks, when combined, form thecipher suite.

26
Q

How is a cipher suite agreed on between client and server?

A

As part of theClientHellomessage, the client sends a list of algorithms it supports for each required task, and the server chooses from these according to which algorithms it also supports.

27
Q

What process does TLS use to authenticate a server?

A
  • The server sends its certificate, which includes itspublickey.
  • The server creates a ‘signature’ in the form of some data encrypted with the server’sprivatekey.
  • The signature is transmitted in a message along with the original data from which the signature was created.
  • On receipt of the message, the client decrypts the signature using the server’s public key and compares the decrypted data to the original version.
  • If the two versions match then the encrypted version could only have been created by a party in possession of the private key.
28
Q

What are Certificate Authorities?

A

Certificate Authorities (CAs) issue the digital certificates that verify servers are who they say they are.

29
Q

What happens when a CA issues a certificate?

A
  1. Verifies that the party requesting the certificate is who they say they are. In the case of a domain validated server certificate, for example, it can involve proving that you own the domain by uploading a specific file to a server that is accessible by the domain for which the certificate is being issued.
  2. Digitally signs the certificate being issued. This is often done by encrypting some data with the CA’s own private key and using this encrypted data as a ‘signature’. The unencrypted version of the data is also added to the certificate. In order to verify that the certificate was issued by the CA, the signature can be decrypted using the CA’s public key and checked for a match against the unencrypted version.
30
Q

Where does TLS operate?

A

When thinking about TLS it can be useful to think of it as operating between HTTP and TCP. Or between the application and transport layers.

31
Q

What is a TLS MAC?

A

TLS includes a Message Authentication Code (MAC) as part of its metadata to add a layer of security by providing a means of checking that the message hasn’t been altered or tampered with in transit.

32
Q

How is the TLS MAC used to provide message integrity?

A
  1. The sender will create what’s called adigestof the data payload. This is effectively a small amount of data derived from the actual data that will be sent. The digest is created using a specific hashing algorithm combined with a pre-agreed hash value. This hashing algorithm to be used and hash value will have been agreed as part of the TLS Handshake process when the Cipher Suite is negotiated.
  2. The sender will then encrypt the data payload using the symmetric key (as described earlier in the Encryption section), encapsulate it into a TLS record, and pass this record down to the Transport layer to be sent to the other party.
  3. Upon receipt of the message, the receiver will decrypt the data payload using the symmetric key. The receiver will then also create a digest of the payload using the same algorithm and hash value. If the digest created by the receiver matches the digest received in the MAC field, this confirms the integrity of the message.
33
Q

How is TLS integrity implemented?

A

TLS Integrity is implemented through the use of aMessage Authentication Code(MAC).

34
Q

When is the server certificate sent?

A

the server’s certificate issentduring theTLS Handshakeprocess.

35
Q

What is the TLS handshake?

A

TheTLS Handshakeis the process by which a client and a serverexchange encryption keys.

36
Q

What encryption architecture does TLS use?

A

TLS encryption uses a combination ofSymmetric Key EncryptionandAsymmetric Key Encryption. Encryption of the initial key exchange is performed asymmetrically, and subsequent communications are symmetrically encrypted.

37
Q

How does TLS handshake affect performance?

A

TheTLS Handshakemust be performed before secure data exchange can begin; it involvesseveral round-trips of latencyand therefore has animpact on performance.

38
Q

What is a cipher suite?

A

Acipher suiteis theagreed set of algorithmsused by the client and server during the secure message exchange.

39
Q

What does TLS authentication mean?

A

TLS authenticationis a means ofverifying the identityof a participant in a message exchange.

40
Q

how is TLS authentication implemented

A

TLS Authentication is implemented through the use ofDigital Certificates.

41
Q

who verifies server certificates?

A

Certificates aresignedby aCertificate Authority, and work on the basis of aChain of Trustwhich leads to one of a small group of highly trustedRoot CAs.

42
Q

What is TLS integrity?

A

TLS Integrityprovides a means ofcheckingwhether a message has beenaltered or interfered within transit.

43
Q

How is TLS integrity implemented?

A

TLS Integrity is implemented through the use of aMessage Authentication Code(MAC).

44
Q

What are the 4 major layers of the OSI Model?

A
  1. physical
  2. data link
  3. network
  4. transport
45
Q

What are the goals and components of the physical layer?

A
  1. Goal: transporting Bits
  2. Components, fiber optic, wire, wifi, etc.
46
Q

What are the goals, addressing system and components of the data link layer?

A
  1. Goal: Interact with the physical layer, put bits onto it and read bits off of it.
    1. ie Hop to Hop, get bits from one NIC to the next NIC. Often a message needs to take multiple hops (from one router to the next) to get to its destination. Layer 2 is responsible for these jumps.
  2. Addressing system: MAC addresses
  3. Components: Network interface card, wifi card, switches
47
Q

What are the goals, addressing system and components of the network layer?

A
  1. Goal: end to end delivery.
  2. Addressing system: IP addressing
  3. Components: Routers, hosts (anything with an IP address
48
Q

What are the goals, addressing system and components of the transport layer?

A
  1. Goal: service to service communication
    1. Distinguishing data streams to make sure the right data goes to the right program.
  2. Addressing system: TCP/UDP Ports
    1. servers listen at pre-defined ports corresponding to the process they are running (ie TCP is port 80). Clients select a random port for each connection where they will listen for the response.

JS170 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions