Web Dev Fundamentals

Question 1

What is a client?

Answer 1

A machine that requests data or services from a server. In the case of the web, browsers are clients that request HTML pages from servers.

Question 2

Can a single machine be both a client and a server?

Answer 2

Yes, a machine can be both a client and a server at the same time. For instance, a single machine could act as a server for end users and as a client for a database.

Question 3

What is a server?

Answer 3

A server is a machine that provides data or services for a client.

Question 4

What is the client-server model?

Answer 4

The client-server model is a paradigm where clients request data or services from servers, and servers provide data or services to clients. (Request response cycle)

Question 5

What happens when you go to www.google.com?

Answer 5

We run through the system of Domain Name System (DNS)

Your browser looks in local cache to see if website was visited before and is IP address is known. If the IP address can’t be found, we go through the rest of the Domain Name System process

• Goes to resolving name server, if it doesn’t know IP address it’s looking for (algoexpert.io),
  it will then look in the root name server.
• Root name server knows how to locate IP addresses of all top level domain servers (.io) (.com) etc.
• Root name server tells the resolving name server where the top-level domain server is
• Resolving name server then asks the top level domain name server, which tells it where to look in the authoritative name server
• The authoritative name server returns the IP address to the resolving name server, which then finally returns it back to our computer

Question 6

Break down this url:
https://www.algoexpert.io:443/frontend

Answer 6

https: scheme/protocol
www: subdomain
algoexpert: domain
.io: top-level domain
443: port
/frontend: path

Question 7

What is an IP address?

Answer 7

A unique identifier for a computer on the internet

Question 8

How to find an IP address for a computer on the internet?

Answer 8

We use the Domain Name System (DNS)

• converts domain name to IP addresses:
  
  • Example: algoexpert.io => 35.202.194.70
• Always checks local cache before making a network request, so we don’t need to make repeated network requests for an IP address.

Question 9

What is TCP?

Answer 9

TCP stands for Transmission Control Protocol. It is a way for the client and server to make sure they’re on the same page on how they’re going to send information from one computer to the other.

TCP is a connection-oriented protocol, which means that it requires a connection to be established between two devices before data can be sent.

Question 10

What is HTTP?

Answer 10

• In simplified terms, HTTP is an agreement that is made between clients and servers regarding how they are going to format their messages so they can understand each other
• A protocol for transmitting “hypermedia” (complex files) on the web
• Stateless protocol
  
  • One message at a time without memory of previous requests

Question 11

Common Status Codes:
200, 201

Answer 11

200 : OK
201: Created

Question 12

Common Status Codes:
301, 302

Answer 12

301: Moved Permanently
302: Found (Moved Temporarily)

Question 13

Common Status Codes:
400, 401, 403, 404

Answer 13

400: Bad Request
401: Unauthorized
403: Forbidden

Question 14

Common Status Codes:
500, 503

Answer 14

500: Internal Server Error
503: Service Unavailable

Question 15

What is HTTPS?

Answer 15

• A more secure version of HTTP
• Issue of HTTP is that everything is sent with plain text
• Uses TLS (or SSL) to encrypt requests/responses

Question 16

What is an API?

Answer 16

Allows computers to communicate with each other

Question 17

What is REST?

Answer 17

• Representational State Transfer
• An architectural style
• Set of architectural constraints:

**Remember first two!!!
- Client-server model (independent of each other)
- Stateless (each request must contain all of the information necessary to be understood by the server, rather than be dependent on the server remembering prior requests)

• Cacheable (An endpoint should define whether or not it is cacheable)
• Layered System (client should not need to know which server it is connected to)
• Uniform interface

Question 18

What is Same-Origin Policy?

Answer 18

A policy limiting the ability of a page from reading resources from different origins. Two resources are from the same origin only if they have the same protocol, host, and port.

Question 18

What is Same-Origin Policy?

Answer 18

A policy limiting the ability of a page from reading resources from different origins. Two resources are from the same origin only if they have the same protocol, host, and port.

Question 19

What is an XSS attack?

Answer 19

XSS stands for cross-site scripting attack. It is An attack where an attacker is able to run code on a vulnerable site, thus circumventing the same-origin policy.

E.g: Attackers inject javascript code into UI

Question 20

What is a CSRF attack?

Answer 20

CSRF stands for cross-site request forgery attack. An attack sends a request to a server and is able to convince the server its client sent it.

Question 21

How to prevent a CSRF attack?

Answer 21

Utilizing a CSRF token, which is a unique token given to the client that a forged request would not be able to replicate.

Question 22

What is CORS?

Answer 22

CORS stands for cross-origin resource sharing. A server can allow cross-origin requests by including the access-control-allow-origin header.

Question 23

How to prevent an XSS attack?

Answer 23

• Always use textContent/innerText when adding dynamic text (avoid innerHTML)
• Sanitize/escaping user input *** (important!!!!)
• Add HTTP only flag to sensitive cookies

Question 24

What is OAuth?

Answer 24

Open Authorization allows users to give other services specific API access to portions of their accounts without passwords.

Question 25

What are the sections of a JSON Web Token?

Answer 25

JSON Web Tokens (JWTs) have three sections:
- Header with information about the encryption algo used
- The payload data
- The signature, which is created by the server using a secret key so that it can determine if it has been tampered with

Question 25

What are the sections of a JSON Web Token?

Answer 25

JSON Web Tokens (JWTs) have three sections:
- Header with information about the encryption algo used
- The payload data
- The signature, which is created by the server using a secret key so that it can determine if it has been tampered with

Question 26

How does a browser convert frontend files into a UI?

Answer 26

Critical Rendering Path:
1. Parse HTML into DOM tree
2. Parse CSS into CSS Object Model tree
3. Combine DOM and CSS Object Model into render tree
4. Layout (figures out where to place each node)
5. Paint (go through each pixel and paint the screen)

Question 27

What is a class?

Answer 27

A blueprint/template that describes the details of an object

Question 28

What are the basic concepts of OOP?

Answer 28

Abstraction, Encapsulation, Inheritance, Polymorphism

Question 29

What is Encapsulation?

Answer 29

Encapsulation refers to the bundling of data with the methods that operate on that data. Encapsulation is used to hide the values or state of a structured data object inside a class, preventing direct access to them by clients

Question 30

What is Polymorphism?

Answer 30

Polymorphism is the ability to take more than one form.

E.g. Shape class and classes can inherit from it (square, triangle, etc).

Question 31

What is Inheritance?

Answer 31

Inheritance is the ability of one class to inherit the attributes and methods of another class

Question 32

What is Abstraction?

Answer 32

Abstraction is the process of hiding the implementation details of an object so that it can be used without understanding how it works

Question 33

What is Web Assembly (WASM)?

Answer 33

A binary instruction format that’s a compile target for languages like C, C++, enabling them to run on the web at near-native speed.