Week 5

Question 1

What is the difference between a simple statement and a prepared statement in JDBC?

Answer 1

A simple statement is used for executing a single SQL query directly. A prepared statement is precompiled and can be reused with different parameters, improving performance and security.

Question 2

Write an example of using a prepared statement in Java to insert data into a database.

Answer 2

PreparedStatement pstmt = connection.prepareStatement(“INSERT INTO users (name, email) VALUES (?, ?)”);

pstmt.setString(1, “John Doe”);

pstmt.setString(2, “john@example.com”);

pstmt.executeUpdate();

Question 3

Explain how prepared statements help in preventing SQL injection attacks.

Answer 3

Prepared statements use parameterized queries, which separate SQL code from data, preventing malicious input from altering the query structure.

Question 4

How do prepared statements help in improving performance?

Answer 4

Prepared statements are precompiled and can be executed multiple times with different parameters without the overhead of compiling the SQL statement each time.

Question 5

Can you reuse a prepared statement in JDBC? How?

Answer 5

Yes, prepared statements can be reused. Once prepared, you can set different parameters and execute the statement multiple times.

Question 6

Write an example of using a simple statement to execute a query in Java.

Answer 6

Statement stmt = connection.createStatement();

ResultSet rs = stmt.executeQuery(“SELECT * FROM users”);

Question 7

What are some scenarios where you would prefer using a simple statement over a prepared statement?

Answer 7

You might use a simple statement for executing static queries or when performance is not a concern. However, prepared statements are preferred for dynamic user inputs.

Question 8

What is parameter binding in prepared statements, and how does it work?

Answer 8

Parameter binding allows you to specify placeholders in the SQL query (e.g., ?) and then set values for these placeholders using methods like setString(), setInt(), etc.

Question 9

Why is it not recommended to use simple statements with dynamic SQL queries?

Answer 9

Concatenating user inputs in SQL queries can lead to SQL injection, as malicious users can manipulate the input to alter the query logic.

Question 9

How does a prepared statement handle queries with user input compared to a simple statement?

Answer 9

Prepared statements ensure that user input is treated as data, not executable code, thus protecting against SQL injection.

Question 10

What common information is stored in a JDBC properties file?

Answer 10

JDBC properties files typically include database URL, username, password, driver class name, and any additional connection properties.

Question 11

What is a JDBC properties file, and why is it used?

Answer 11

A JDBC properties file is a configuration file that contains database connection parameters (like URL, username, and password) to simplify database access in Java applications.

Question 12

How can you load a JDBC properties file in a Java application?

Answer 12

Properties props = new Properties();

try (InputStream input = new FileInputStream(“db.properties”)) {
props.load(input);
}

Question 13

How can you retrieve database connection details from a JDBC properties file in Java?

Answer 13

String url = props.getProperty(“db.url”);

String user = props.getProperty(“db.user”);

String password = props.getProperty(“db.password”);

Question 14

How does using a properties file simplify database configuration?

Answer 14

It centralizes configuration settings, making it easier to modify connection parameters without changing the code.

Question 15

Write a sample JDBC properties file for a MySQL database connection.

Answer 15

db.url=jdbc:mysql://localhost:3306/mydb
db.user=root
db.password=secret
db.driver=com.mysql.jdbc.Driver

Question 16

How can you change the database configuration dynamically using a properties file?

Answer 16

You can use encryption for sensitive data or restrict access to the properties file through file permissions.

Question 17

Can you secure sensitive information in a JDBC properties file? If so, how?

Question 18

What are some best practices for maintaining and using JDBC properties files?

Answer 18

By editing the properties file, you can change connection settings without recompiling the application.

Question 19

How can you handle exceptions when loading a JDBC properties file?

Answer 19

Keep the properties file outside the source code, avoid hardcoding sensitive information, and document configuration options.

Question 19

What is a utility class in the context of JDBC, and why is it useful?

Answer 19

Use try-catch blocks when loading the properties file to handle potential IOException.

Question 20

How do you set up a utility class for managing database connections in Java?

Answer 20

A utility class can be set up by creating a class with methods for opening and closing database connections.

public class DBUtil {

public static Connection getConnection() { /* implementation */ }

public static void closeConnection(Connection conn) { /* implementation */ } }

Question 21

What methods should a JDBC utility class contain to manage connections effectively?

Answer 21

Methods for getting a connection, closing connections, handling transactions, and error logging.

Question 22

Write a sample utility class that provides a method to get a database connection.

Answer 22

public class DBUtil {
private static final String URL = “jdbc:mysql://localhost:3306/mydb”;
private static final String USER = “root”;
private static final String PASSWORD = “secret”;

public static Connection getConnection() throws SQLException {
    return DriverManager.getConnection(URL, USER, PASSWORD);
}

public static void closeConnection(Connection conn) {
    if (conn != null) {
        try {
            conn.close();
        } catch (SQLException e) { /* handle exception */ }
    }
} }

Question 23

What is the purpose of a closeConnection method in a utility class?

Answer 23

It releases database resources, preventing memory leaks and connection exhaustion.

Question 24

How can you ensure thread safety when using a utility class for database connections?

Answer 24

Use synchronized methods or implement a connection pool (like HikariCP) to manage multiple concurrent connections safely.

Question 25

Explain how connection pooling can be integrated into a JDBC utility class.

Answer 25

Use a connection pooling library that maintains a pool of connections to be reused, reducing overhead for frequent connections.

Question 25

How can you improve the reusability of a utility class in large-scale applications?

Answer 25

Design utility methods to be general-purpose, allowing them to be used across various parts of the application.

Question 26

How can you implement exception handling in a JDBC utility class?

Answer 26

Include try-catch blocks to handle SQL exceptions in your utility methods and log errors appropriately.

Question 27

What are the benefits of using a utility class to manage JDBC resources?

Answer 27

A utility class abstracts database operations, leading to cleaner code, easier maintenance, and better separation of concerns.

Question 28

What is SQL injection, and how does it occur?

Answer 28

SQL injection is a code injection technique where an attacker can manipulate SQL queries by injecting malicious input.

Question 29

What is cumulative SQL injection, and how does it differ from a simple SQL injection?

Answer 29

This refers to multiple sequential injections that build upon each other to exploit vulnerabilities, leading to more complex attacks.

Question 30

How can cumulative SQL injection be prevented in Java applications?

Answer 30

Use prepared statements, parameterized queries, input validation, and whitelisting to prevent cumulative SQL injection.

Question 31

Provide an example of a vulnerable query that is susceptible to cumulative SQL injection.

Answer 31

String query = “SELECT * FROM users WHERE username = ‘” + username + “’”;

Question 32

How can you use prepared statements to prevent cumulative SQL injection?

Answer 32

PreparedStatement pstmt = connection.prepareStatement(“SELECT * FROM users WHERE username = ?”);
pstmt.setString(1, username);

Question 33

What are some common indicators of SQL injection attacks in database logs?

Answer 33

Unusual database error messages, unexpected query results, or logs showing suspicious query patterns.

Question 34

Explain how user input can be sanitized to prevent SQL injection.

Answer 34

Validate user inputs by checking against expected formats or allowed values before processing them.

Question 35

What role does input validation play in preventing cumulative SQL injection?

Answer 35

It ensures that only valid data is accepted, preventing potentially malicious input from being executed in SQL queries.

Question 36

How can you test a web application for SQL injection vulnerabilities?

Answer 36

Use automated tools or manual testing methods to input typical SQL injection payloads into forms or API endpoints.

Question 37

What are the consequences of cumulative SQL injection attacks?

Answer 37

Data breaches, unauthorized access, data corruption, and potential loss of reputation for organizations.

Question 38

What are the best practices to prevent SQL injection in Java applications?

Answer 38

Use prepared statements, parameterized queries, input validation, stored procedures, and ORM frameworks to reduce risks.

Question 39

Why is it important to avoid concatenating user inputs in SQL queries?

Answer 39

Concatenating user inputs in SQL queries can allow attackers to inject SQL code; always use parameterized queries instead.

Question 39

What is the role of parameterized queries in preventing SQL injection?

Answer 39

They separate SQL code from data, ensuring that user input is treated as data rather than executable code.

Question 40

How do ORM tools (like Hibernate) help in preventing SQL injection?

Answer 40

ORM frameworks automatically handle input sanitization and parameter binding, minimizing SQL injection risks.

Question 41

Explain how whitelisting input can prevent SQL injection attacks.

Answer 41

Define and enforce acceptable input patterns, rejecting any input that does not conform to the defined criteria.

Question 42

How can you use regular expressions to validate user input and prevent SQL injection?

Answer 42

Use regex patterns to ensure that user inputs conform to expected formats (e.g., email addresses).

Question 42

What security practices can be implemented at the database level to prevent SQL injection?

Answer 42

Implement role-based access control, least privilege principle, and avoid using administrative accounts for application access.

Question 43

How can stored procedures help in preventing SQL injection?

Answer 43

Use stored procedures to encapsulate SQL logic, as they can help mitigate injection risks if properly implemented.

Question 44

Why is it important to minimize database user permissions in the context of SQL injection prevention?

Answer 44

Limit the database permissions of the application user to only the necessary actions, reducing the impact of a successful injection.

Question 45

What is the role of logging in identifying and mitigating SQL injection attempts?

Answer 45

Monitoring and logging attempts can help identify attack patterns and respond quickly to potential SQL injection attempts.

Question 46

What is a composite key in a relational database?

Answer 46

A composite key is a primary key that consists of two or more columns in a table, uniquely identifying a row.

Question 47

How is a composite key different from a primary key?

Answer 47

A primary key can consist of a single column, while a composite key specifically involves multiple columns.

Question 48

Provide an example of when you would use a composite key in database design.

Answer 48

In a table of course enrollments, the composite key could be (student_id, course_id), ensuring that each student can enroll in a course only once.

Question 49

Can a composite key have more than two columns? If yes, explain how.

Answer 49

Yes, a composite key can include more than two columns, allowing for unique identification based on combined values.

Question 50

What is the significance of a composite key in ensuring data integrity?

Answer 50

Composite keys help maintain data integrity by ensuring that the combination of values in the key columns is unique across the table.

Question 50

How do you define a composite key in an SQL table?

Answer 50

CREATE TABLE enrollments (
student_id INT,
course_id INT,
PRIMARY KEY (student_id, course_id)
);

Question 51

What are some challenges of using composite keys in database design?

Answer 51

Composite keys can complicate queries and foreign key references, making the database

Question 51

How does a composite key influence indexing and query performance?

Answer 51

Composite keys can improve query performance for specific queries that utilize all the key columns in their filters.

Question 51

Can a composite key include both foreign and primary keys? Explain with an example.

Answer 51

Yes, a composite key can include a foreign key, such as linking a student’s enrollment to the corresponding student and course tables.

Question 52

What is Boyce-Codd Normal Form (BCNF), and when is it used?

Answer 52

A table is in BCNF if it is in 3NF and every determinant is a candidate key, ensuring that non-trivial functional dependencies are always on superkeys.

Question 52

What is Second Normal Form (2NF), and how does it differ from 1NF?

Answer 52

A table is in 2NF if it is in 1NF and all non-key attributes are fully functionally dependent on the primary key. It eliminates partial dependency.

Question 52

What is database normalization, and why is it important?

Answer 52

Database normalization is the process of organizing data to reduce redundancy and improve data integrity, making it easier to maintain.

Question 52

How would you reference a composite key in another table as a foreign key?

Answer 52

CREATE TABLE grades (
student_id INT,
course_id INT,
grade CHAR(2),
FOREIGN KEY (student_id, course_id) REFERENCES enrollments(student_id, course_id)
);

Question 52

Explain the concept of First Normal Form (1NF) with an example.

Answer 52

A table is in 1NF if all columns contain atomic values, and each entry in a column is of the same data type. For example, a column should not have lists or sets.

Question 52

How does 3NF differ from BCNF?

Answer 52

In BCNF, every functional dependency is on a candidate key, while in 3NF, dependencies can exist on non-key attributes as long as they do not create transitive dependencies.

Question 52

Provide an example of a table that is in 1NF but not in 2NF.

Answer 52

1 | Math, Sci | Smith

The Course column contains non-atomic values.

Question 53

Describe Third Normal Form (3NF) and its importance in database design.

Answer 53

A table is in 3NF if it is in 2NF and all attributes are functionally dependent only on the primary key, eliminating transitive dependency.

Question 54

What are the potential drawbacks of over-normalizing a database?

Answer 54

It can lead to complex queries and may impact performance due to excessive joins, making data retrieval slower.

Question 55

Explain how normalization affects the performance of read-heavy databases.

Answer 55

Normalization can lead to improved data integrity but may slow down read-heavy databases that require complex joins.

Question 56

When would you deliberately choose not to fully normalize a database?

Answer 56

In cases where performance is critical, you may choose to denormalize to optimize read operations at the expense of data integrity.

Question 57

What does multiplicity mean in the context of data modeling?

Answer 57

Multiplicity indicates the number of instances of one entity that can or must be associated with instances of another entity in a relationship.

Question 58

How is multiplicity represented in an ER diagram?

Answer 58

Multiplicity is typically shown using notations like 1, 0..1, or * (many) next to the entities involved in the relationship.

Question 59

Provide an example of a one-to-many relationship and explain its multiplicity.

Answer 59

In a relationship between Customer and Order, one customer can place multiple orders, represented as 1 to *.

Question 60

What is a many-to-many relationship, and how is it resolved in relational databases?

Answer 60

This relationship is resolved by creating a junction table (also known as a bridge table) that holds foreign keys from both related entities.

Question 61

How does multiplicity influence the design of foreign key constraints?

Answer 61

Multiplicity determines how foreign keys are defined in the related tables, ensuring referential integrity based on the nature of relationships.

Question 62

What is the difference between multiplicity and cardinality in ER modeling?

Answer 62

Cardinality refers to the number of instances in a relationship, while multiplicity specifies the constraints on those instances.

Question 63

Can multiplicity constraints be enforced at the database level? If so, how?

Answer 63

Yes, multiplicity constraints can be enforced using foreign key relationships and application-level logic.

Question 64

What is data modeling, and why is it important in database design?

Answer 64

Data modeling is the process of creating a conceptual representation of data structures and relationships, facilitating database design and management.

Question 64

How would you model a one-to-one relationship in a relational database?

Answer 64

This is represented by having a unique constraint on both related tables, ensuring that each instance corresponds to a single instance in the other table.

Question 65

What is an Entity-Relationship Diagram (ERD), and what does it represent?

Answer 65

An ERD visually represents entities, attributes, and the relationships between them in a database.

Question 66

Explain the difference between entities and attributes in ER modeling.

Answer 66

Entities are objects or concepts (like Customer), while attributes are the properties or characteristics of those entities (like Customer Name).

Question 67

How do relationships between entities get represented in an ERD?

Answer 67

Relationships between entities are shown as lines connecting them, often labeled to indicate the nature of the relationship (e.g., one-to-many).

Question 68

What is the role of primary keys and foreign keys in an ERD?

Answer 68

Primary keys uniquely identify rows in a table, while foreign keys establish a link between tables, enabling relationships.

Question 69

What is a weak entity, and how is it represented in an ERD?

Answer 69

A weak entity cannot be uniquely identified by its attributes alone and relies on a “strong” entity’s primary key. It is represented by a double rectangle in ERDs.

Question 70

How do you represent a many-to-many relationship in an ERD?

Answer 70

It is modeled by creating a junction table that includes foreign keys referencing both related entities.

Question 71

How does normalization relate to ERD creation?

Answer 71

Normalization is applied to the entities and attributes identified in an ERD to ensure data integrity and eliminate redundancy.

Question 71

What are the key differences between logical and physical ERDs?

Answer 71

Logical ERDs focus on the structure of the data and relationships without concern for how they will be implemented, while physical ERDs include details about how data is stored in the database.

Question 72

What is a cross join in SQL, and how does it work?

Answer 72

A cross join produces a Cartesian product of two tables, combining all rows from the first table with all rows from the second.

Question 73

Provide an example of a query using a cross join.

Answer 73

SELECT * FROM table1 CROSS JOIN table2;

Question 74

When should you avoid using a cross join in SQL queries?

Answer 74

Cross joins can result in large result sets; avoid using them unless necessary for specific analytical scenarios.

Question 75

Provide an example of a query that uses a self join to retrieve hierarchical data.

Answer 75

SELECT a.name AS Employee, b.name AS Manager
FROM employees a
JOIN employees b ON a.manager_id = b.id;

Question 75

What is a self join in SQL, and when would you use it?

Answer 75

A self join is a join that is performed on a single table, where the table is treated as two different entities to compare rows.

Question 76

What is the difference between a cross join and an inner join?

Answer 76

An inner join returns only matching rows from both tables based on a specified condition, while a cross join returns all possible combinations.

Question 77

How can you create a view in SQL, and what is its purpose?

Answer 77

CREATE VIEW view_name AS
SELECT column1, column2
FROM table_name
WHERE condition;

Question 78

How does a self join differ from other types of joins in SQL?

Answer 78

A self join uses the same table to compare rows within it, unlike other joins which connect different tables.

Question 79

What are set operators in SQL, and what are their common types?

Answer 79

Set operators in SQL combine the results of two or more queries. Common types include UNION, INTERSECT, and EXCEPT.

Question 80

Explain the difference between UNION and UNION ALL with examples.

Answer 80

UNION combines the results of two queries and removes duplicates, while UNION ALL includes all duplicates.

Question 81

When would you use the INTERSECT operator in SQL?

Answer 81

The INTERSECT operator returns only the rows that are common to both queries.

SELECT column_name FROM table1
INTERSECT
SELECT column_name FROM table2;

Question 82

Provide an example of a query using the EXCEPT operator.

Answer 82

The EXCEPT operator returns rows from the first query that are not found in the second query.

SELECT column_name FROM table1
EXCEPT
SELECT column_name FROM table2;

Question 83

What is a view in SQL, and how does it differ from a table?

Answer 83

A view is a virtual table in SQL that provides a way to present data from one or more tables without storing it physically.

Difference from a Table: A view does not store data itself; it retrieves data dynamically from the underlying tables when queried

Question 84

Can views be updated in SQL? If so, explain how.

Answer 84

Some views can be updated, but only if they meet specific criteria, such as having a direct mapping to a single table with no aggregate functions.

Question 85

What is an index in SQL, and why is it used?

Answer 85

An index is a database object that improves the speed of data retrieval operations on a table.

Question 86

Explain the difference between clustered and non-clustered indexes.

Answer 86

A clustered index determines the physical order of data in the table, while a non-clustered index is a separate structure that points to the data rows.

Question 87

What is HTTP, and what role does it play in web communication?

Answer 87

HTTP (Hypertext Transfer Protocol) is an application protocol used for transferring data over the web, enabling communication between clients and servers.

Question 87

How can you create an index on a table in SQL?

Answer 87

CREATE INDEX index_name ON table_name (column_name);

Question 87

What are the benefits of using indexes in SQL queries?

Answer 87

Indexes can significantly speed up SELECT queries, improve performance on JOIN operations, and enhance the efficiency of WHERE clauses.

Question 88

How does the client-server model work in the context of HTTP?

Answer 88

The client sends requests to the server, which processes those requests and sends back responses, allowing for resource sharing and communication.

Question 89

Explain the difference between HTTP and HTTPS.

Answer 89

HTTPS (HTTP Secure) is an extension of HTTP that uses encryption (SSL/TLS) to secure data exchanged between clients and servers.

Question 90

What are HTTP verbs, and why are they important in RESTful APIs?

Answer 90

HTTP verbs (methods) specify the action to be performed on a resource, crucial for RESTful APIs to define how to interact with resources.

Question 91

Explain the difference between GET and POST HTTP methods.

Answer 91

GET requests retrieve data from the server, while POST requests submit data to the server to create or update a resource.

Question 92

What is the purpose of the PUT HTTP verb?

Answer 92

The PUT method is used to update an existing resource or create a new resource if it does not already exist.

Question 93

When would you use the DELETE HTTP verb in an API?

Answer 93

The DELETE method removes a specified resource from the server.

Question 94

What are HTTP status codes, and what do they represent?

Answer 94

HTTP status codes are standard responses issued by servers to indicate the outcome of a client’s request.

Question 95

Explain the meaning of status code 200 (OK).

Answer 95

Request succeeded.

Question 96

What does HTTP status code 404 represent?

Answer 96

Requested resource not found

Question 97

When would you receive a 500 Internal Server Error?

Answer 97

Server encountered an error.

Question 98

What is the difference between “frontend” and “backend” in web development?

Answer 98

Frontend: Client side; what users see and interact with (HTML, CSS, JavaScript).
Backend: Server side; manages data and application logic (Java, Python, databases).

Question 99

Explain what is meant by the term “full-stack developer.”

Answer 99

A developer proficient in both frontend and backend technologies, capable of handling all aspects of web development.

Question 100

What is a “pull request,” and how does it fit into version control?

Answer 100

A request to merge code changes from a feature branch into the main codebase, facilitating code review and collaboration before integration.

Question 101

What does “debugging” mean in software development?

Answer 101

The process of identifying, analyzing, and fixing bugs in software. It includes reproducing issues, diagnosing code, and verifying fixes.