final, CSE 445 Final Review (Second Half of Semester), 445 Final Exam Review
Consider the piece of code given below: PPT (1) What type of file in an ASPX application does the piece code most likely belong to? (2) What is a potential issue (problem) that this page has? (3) To solve the problem if you change Session_Start() to Application_Start(), how does this change address the problem?
(1) Global file (2) incorrect counting (3) the problem becomes worse
You are given the piece of code below: PPT Answer the following questions. (1) Will this piece of code create an in-memory tree to store the entire contents of the XML file "Course.xml"? (2) What line of code reads a new node into the memory? (3) What does the method "reader.MoveToNextAttribute()" at line 7 return, if the node has no more attribute?
(1) No (2) Line 3 (3) false
what reliability features does WS-RM specification define?
- At-Least-Once delivery, At-Most-Once delivery, and Exactly-Once delivery - Guaranteed message ordering for delivery
Why do we need to invent XML schema after DTD has been invented? Select all that apply
- DTD files do not follow XML syntax - DTD is limited to string type of data
what security features are supported in WCF's SSL protocol? Secure Sockets Layer (SSL) defines communication protocols that can provide...
- Data confidentiality - Data integrity
Global.asax file can be user for storing (Select all that apply)
- Global variables that can be access during the application execution. - Program source code that can be executed.
Which of the following computing models can be considered to be in thick client architecture? Select all that apply.
- HTML 5 - Adobe Flash - Silverlight
What are the main roles of IIS in Web application security control? Select all that apply.
- It creates an access token and passes it to ASP .Net or to Windows for security check - It blocks IP address and domain that are not permitted
What are the main problems with the client side XSL transformation? Select all that apply
- Not all browsers have a built-in XSLT processor. - The XML file has to be modified to reference the XSL file.
What methods are always supported by HTTP/1.1 requests? Select all that apply.
- PUT - DELETE
Which of the followings conform with the XML syntax? Select all that apply.
- SOAP - XHTML - WSDL
What are the main issues with the client-side computing? Select all that apply.
- Security issue - Proprietary issue
What web computing models support thin client architecture? Select all that apply.
- Server-Side computing - Pure HTML Web with GUI
What computing model and architecture does Pure HTML Web Implement? Select all that apply.
- Thin client architecture - Server-side computing
what is (are) the major dependability feature(s) added into the Windows Communications Foundations?
- WS-Security - Reliable Sessions (WS-R) - Interoperability (WS-I)
what security mechanism(s) does IIS support?
- access control list - IP address restrictions - domain name restrictions - encrypted HTTP connections
what are the new features implemented in Atom? Select all that apply.
- allow autoupdate - allow autodiscovery
The Extensible Stylesheet Language XSL is used for defining the transformation of an XML file to (Select all that apply)
- an HTML file - another XML file, with the same or a different structure
which of the followings belong(s) to security attributes? select all that apply.
- confidentiality - vulnerability - safety
XML is often used for defining
- data structures - communication protocols
If on select the cookieless attribute = UseUri to support Session State variables, the restrictions associated with this selection are that the
- developers must use relative paths. - browser must remain open to revisit session states.
It is unethical or unlawful to do reversed engineering of proprietary software, unless you (Select all that apply)
- have the explicit permission - own the code
what reliability features does WS-ReliableMessaging specification define? What kinds of errors can be handled by WS-ReliableMessaging (WS-RM) in WCF? Check all that apply.
- lost messages - duplicated messages - messages received out of order
what error control codes are separable codes?
- parity check - checksum
what is (are) the problem(s) associated with the standard Windows Forms Security mechanism?
- passwords are stored in clear text - sequential comparisons of user name and password - unmanageable if accessibility needs to be changed frequently
what is required for a well-formed XML document?
- unique root element - each element has opening/closing tags - no overlapped tags
Which of the following path expression selects all attributes in all the elements "Course" in the entire document?
//Course/@*
Answer the following three (3) questions. (1) What type of file in an ASPX application does the piece code most likely belong to? (2) What is a potential issue (problem) that this page has? (3) To solve the problem, if you change Session_Start() to Application_start(), how does this change address the problem?
1. global file 2. incorrect counting 3. the problem becomes worse
(1) Will this piece of code create an in-memory tree to store the entire contents of the XML file "Course.xml"? (2) What line of code (see the numbers right to the code) reads a new node into the memory? (3) What does the method "reader.MoveToNextAttribute()" at line 7 return, if the node has no more attribute?
1. no 2. line 3 3. false
Which of the followings are valid JSON value? Select all that apply.
25 "25" -25
SSL handshake protocol establishes a ______ byte pre-master secret?
48
master secret is a _______ byte secret shared between the client and the server?
48
With SSL, client and server use _________ to derive a 48 byte master secret?
48 byte pre-master secret
Assume we have five (5) different Web data structures. We choose one structure as the intermediate structure and we translate all other structures to an from this structure. How many converters we need to have?
8
Assume we have five (5) different Web data structures. We choose one structure as the intermediate structure and we translate all other structures to and from this structure. How many converters we need to have?
8
The following line of code in a DTD file defines that the XML instance file must have an element of <!ELEMENT instructor(name,course+,officeHours*,phone | email)>
<course>
which of the following sequences does not make sense logically or semantically?
<deny users="*"/> <allow users="bob"/>
In what configuration setting will ASP .Net use the security token passed to it by IIS?
<identity impersonate = "false">
Which of the following is an empty element in XML?
<image></ image > <image /> <image source = "Photo.jpeg" />
Web Services return API call results as either XML or JSON. Which of the following statements is NOT true about JSON and XML: A) XML is a platform and language neutral way of representing data while JSON depends on JavaScript runtime environment to process data B) XML is processed as a tree while JSON is processed as an object C) Both XML and JSON support multiple data types D) JSON is more lightweight than XML to process
A
Why is it normally sufficient to use Get (WebGet) method in implementing a RESTful service?
A RESTful service can access a method that defines the required operation of read and/or write
How is the WS-ReliableMessaging implemented in WCF?
A message is resent if the acknowledgement not received
How is the WS-ReliableMessaging implemented in WCF? How is the lost message handled by WS-Reliable Messaging?
A message is resent if the acknowledgement not received.
Which of the following statements is NOT true about JSON and XML? A) XML is a platform language neutral way of representing data while JSON depends on JavaScript runtime environment to process data B) XML is processed as a tree while JSON is processed as an object C) Both XML and JSON support multiple data types D) JSON is more light weight than XML to process
A or D
Why do you need to create your own machine key in if your ASP .Net application is hosted in a server farm environment?
A server farm does not have a unique machine key
How is the transaction implemented in WCF?
A transaction scope is defined, which allows a rollback if an action in the scope fails.
what type of files does not create a web page, instead, adds an item in an existing web page?
ASCX file (user controls)
explain the types of files that exist in an ASP.Net web site application and what the functions of each type file are.
ASPX files: a web form creating a GUI page for users to interact with. ASCX files: creates a custom control built from an HTML page with server-side script or code behind the page. Web.config file: contains configuration settings to control the applications behavior. Global.asax: contains event handlers to respond the global events. DLL: contains common library functions in the Windows environment C# files: event handlers behind the other pages handling events XHTML files: markup pages for the ASPX pages
Session state variables can be accessed by:
All pages within one session
When ASPX page is requested from a browser, what is sent to the browser?
An XHTML page generated from the ASPX page.
When an ASPX page is accessed from a browser, what is sent to the browser?
An XHTML page generated from the ASPX page.
What is an empty element in XML? Select all that apply.
An element without text content between the element tags An element without a child element
What are different ways cross site scripting can be used to obtain user data?
Attack URL with a script delivery of spam/phishing email to victim victim clicks url script in the URL is sent user input displayed back to user script runs on client browser
What is the proper order of performing security operations?
Authentication, Authorization, and then Access of resource
How is the authorization applied to a resource (a page) in ASP .Net application?
Authorization information is stored in the Web.config file in the sub directory in which the page resides.
Which of the following is NOT true about DTD and Schema of defining an XML document? A) Schema is XML based and DTD is not B) Both DTD and Schema supports different data types such as int, string C) Schema is extendible while DTD is not D) All of the above
B
Which of the following is true about confidentiality of data? A) It's a measure that ensures only authorized users can access data B) It's a measure that ensures data is not tampered during the transmission C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above
B
Which of the following is true about integrity of data? A) It's a measure that ensures only authorized users can access data B) It's a measure that ensures data is not tampered during the transmission C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above
B
Which of the following is true about safety of data? A) It's a measure that ensures only authorized users can access data B) ensures non-occurrence of catastrophic consequence on the environment (human life lost, economic impact, etc.) C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above
B
______ attack is a browser exploit against SSL/TLS?
Beast
After writing ASP .Net application data into an XML file on the server, what files need to be closed?
Both the XML file and the stream file.
Which of the following is NOT true about XML? A) XML tags are case-sensitive B) Every well-formed XML document needs to have a root node C) XML elements can't be empty D) Every opening tag must have a closing tag
C
Which of the following is true about vulnerability of data? A) It's a measure that ensures only authorized users can access data B) It's a measure that ensures data is not tampered during the transmission C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above
C
what are CDATA and PCDATA in an XML document?
CDATA will not be checked for syntax errors by XML parsers, while PCDATA will be checked for syntax errors
__________ forces a user to execute unwanted actions on a web application where she is currently authenticated?
CSRF(Cross-Site request forgery)
What are key languages used in html 5? Select all that apply.
CSS JavaScript
in the System.Web.Caching namespace, what class is used for defining a parameters type in a method of another class?
CacheDependency class
Google's Protocol Buffers are similar in syntax to
Class definition of an object-oriented programming language.
Google's Protocol Buffers are similar in syntax to...
Class definition of an object-oriented programming language.
What Web programming models suffer from the problems of potential piracy and reverse engineering of proprietary programs? Select all that apply.
Client-Side Scripting Out-Of-Browser Computing
How can you prevent Web application deadlock in the case of copying data from one disk file to another disk file?
Close one file before opening the other.
What does Out-Of-Browser computing model mean?
Computing is done on client's machine.
What does the Out-Of-Browser computing model mean?
Computing is done on client's machine.
Security is an umbrella concept that includes (Select all that apply):
Confidentiality Data integrity Vulnerability
What are CDATA and PCDATA in an XML document? A) CDATA contains nonprintable characters only, while PCDATA contains printable characters only B) PCDATA contains nonprintable characters only, while CDATA contains printable characters only C) CDATA contains digits only, while PCDATA contains letters only D) PCDATA will be checked for syntax errors by XML parsers, while CDATA will not be checked
D
Which of the following is FALSE about SOAP and REST web services: A) SOAP web services are more suitable in applications such as financial applications that use complex objects B) SOAP web services can be implement more security C) SOAP messages are XML based while REST can send messages in XML, JSON, HTML D) WCF is a framework that supports only SOAP web service development while ASP .NET supports both SOAP and REST web service development
D
Which of the following is False about SOAP and REST web services? A) SOAP web services are more suitable in applications such as financial application that use complex objects B) REST web services can implement more security protocols as all the web security protocols can be implemented with REST C) SOAP message are XML-based while REST can send messages in XML, JSON, HTML D) WCF is a framework that supports both REST and SOAP web service development
D)
What type of component in an ASP .Net application does not support just-in-time compilation?
DLL
What XML processing model reads the entire XML document into the memory?
DOM (Document Object Model)
what XML processing model reads the entire XML document into the memory?
DOM (Document Object Model)
what are DOM, SAX, and XPath models? list their strengths and weaknesses. what .Net FCL classes and methods exist for reading and writing XML files?
DOM: reads an entire document into memory for random access. Its a problem if the XML document is large, which takes up a lot of memory. It represents a document as a rooted tree of nodes. SAX: simply used for reading XML contents and is less focused on the structure. Its streamed based and has a forward-only and read-only API to XML documents. You can read line by line until you find what you're looking for. XPath: a language for accessing parts of an XML document in a way that a file system accesses its files using a path. We can identify certain nodes within a document as well as attributes. You can not write in XPath. filestream and XML classes
why do we need to invent XML Schema after DTD has been invented?
DTD does not follow XML syntax
Why do we need to invent XML Schema after DTD has been invented? Select all that apply.
DTD is limited to string type of data. DTD files do not follow XML syntax.
What attributes are security attributes? Select all that apply.
Data integrity Safety
What state management mechanism allows a business to store client data permanently? Select all that apply.
Database XML file
In a public key cryptography system, what key(s) should be made open (public) if the purpose is for digital signature?
Decryption key
What design pattern in the javax.xml.parsers package allows the entire XML tree to be read into memory?
DocumentBuilderFactory
Which of the following is true about JSON and XML: A) XML is a good candidate when data structures need to be exchanged among web entities B) JSON data is mapped into tree data structure before processing where as XML is mapped into a key-value pair dictionary C) In general, JSON takes more memory while processing compared to XML D) Both b and c E) None of the above
E
How do we use a user control after it is created?
Edit the ASPX source to link the user control into the ASPX page.
In a public key cryptography system, what key(s) should be made open (public) if the purpose is for data confidentiality?
Encryption key
in order to write data into a file system, we need a class that directly communicates with the file system, which is outside ASP.Net application. what class plays this role?
FileStream class
What are the main components of ASPX GUI design? Select all that apply.
HTML control Server control
Where can the credential be possibly saved if the Forms security is used? Select all that apply.
In Web.Config file. In a user-defined XML file. In a user-defined database.
Where do you use the secure machine key generated for your ASP .Net application?
In the Web.config file, in the element system.web
Where are the cookies typically stored?
In the client's hard drive, in a folder within the browser application.
How does the Windows security mechanism work in Web application security control?
It compares the received credential with the credential saved in Windows's user accounts.
What is the capacity (expressivity) of XSL as a programming language? Select all that apply.
It is able to express conditions using if-then-else constructs. It is able to express loops. It is Turing complete and thus is able to express general computing.
What is XHTML?
It is extensible HTML that allows using a DTD file to extend the features of HTML.
What is XHTML (Extensible HTML)?
It is the HTML with a type definition file.
What functions does the Web.config file have? Select all that apply.
It keeps all application settings together. It can parameterize an application's behavior.
What mechanisms are typically be used by the browser for storing and sending session ID when revisiting? Select all that apply.
It uses a cookie for storing the session ID, and the ID is packed in HTTP payload. It creates a hidden field in the browser for storing the session ID, and the ID is embedded in the URL.
Which language does not conform to XML?
JSON
What are the problems with the client-side's transformation from XML to HTML? Select all that apply.
Need to modify the XML file. Rely on browser to have an XSLT processor.
What reliability features can WS-Reliable Messaging specification guarantee? Select all that apply.
No lost messages No duplicated messages No messages received out of order
What is the advantage of a server-side's solution for displaying an XML file in required format?
No special requirement on Web browser
What is the advantage of a sever-side's solution for displaying an XML file in required format?
No special requirement on Web browser
What are the main problems with the client side XSL transformation? Select all that apply.
Not all browsers have a built-in XSLT processor. The XML file has to be modified to reference the XSL file.
What type of data can be stored in session state variables?
Object type
What programming model best supports the thick client in the client-server architecture?
Out-Of-Browser Computing.
If you plan to develop an interactive and graphics-intensive application, e.g., a game, what Web computing model should be used to meet the requirement of such an application?
Out-of-Browser Computing
What are CDATA and PCDATA in an XML document?
PCDATA will be checked for syntax errors by XML parsers, while CDATA will not be checked.
What is the best HTTP method is used to add a piece of data into an existing data container?
POST
Global.asax file can be used for storing (Select all that apply)
Program source code that can be executed. Global variables that can be accessed during the application execution.
What mechanism is used in Google search engine for defining data and data structure?
Protocol Buffers
used for the traceability of data - where and how does the data come from?
Provenance
what is quality of service and what are dependability attributes?
QoS is the totality of features and characteristics of a product or service that bears on its ability to meet a stated or implied need. More frequently used from the user's perspective. Dependability attributes are more frequently used by system designers because dependability also includes the concepts of impairments that impact the dependability attributes and the means that improve the dependability attributes. Both used interchangeably.
What are the five key exchange methods?
RSA Fixed DH Ephemeral DH Anonymous DH Fortezza
What XML processing model reads one node into memory at a time?
SAX (Simple API for XML)
In the Java API for XML Processing (JAXP) packages, which class creates the interface for parsers?
SAXParserFactory
How does SOAP-based invocation receive the response value?
SOAP relies on the underlying protocol, such as HTTP, to relate return response message.
How does a SOAP-based invocation receive the response value?
SOAP relies on the underlying protocol, such as HTTP, to relate return response message.
_____ transport layer protocol provides server authentication, encryption, integrity, verification, compression?
SSH
______ can be used for tunneling, forwarding arbitrary TCP ports and X11 connections?
SSH
_______ provides secure encrypted communication between two untrusted hosts over an insecure network?
SSH
_______ replaces rlogin,telnet and rsh?
SSH(Secure hash)
______ us a man in the middle attack ?
SSLstrip
What are the potential problems of using client-side scripting? Select all that apply.
Script code is not reusable. Interpretation is slower than executing compiled code. Security and proprietary issues.
in phase 1: server hello message, what do the values of session ID indicate?
Session ID chosen by the server If the client wants to resume an old session, server responds with old session ID If 0, server generates a new session ID
What are the major components of cloud computing? Select all that apply.
Software as a Service Platform as a Service Infrastructure as a Service
SSH is built on top of _______ protocol?
TCP
what are some characteristics of telnet?
TCP port 23 can make interactive raw tcp sessions
what are some characteristics of rlogin?
TCP port 513 only to unix host BSD package includes rcp and rsh
In an ASP .Net Web application, we can place the C# code inside the html file. In this case
The C# code will not be visible to the users on the client side, because the code is is not sent to the Web browser
In an ASP .Net Web application, we can place the C# code inside the html file. In this case...
The C# code will not be visible to the users on the client side, because the code is is not sent to the Web browser.
What is the strongest security option in the Forms-based Web security (the most secure mode)?
The clause <identity impersonate ="..." /> does not appear in Web.config file.
The <authorization> element in a Web.cong file consists of a list of <allow> and <deny> elements....
The elements must be specifically ordered according to authorization requirement.
In an open key cryptography system, to ensure the data confidentiality, which key should be opened to the public?
The encryption key
Why are encryption and decryption algorithms of matters of national security and are classified?
The government and military of other countries can use the algorithms to encrypt their communication.
What is the requirement of a well-formed XML Document
There is a unique root element Each element is quoted between an opening tag and a closing tag There are no overlapped tags
Data Encryption Standard (DES) uses a 64-bit double word (8 bytes) for storing the secret key, including 56 function bits and 8 parity check bits. Where are the 8 parity check bits stored?
They are distributed in 8 bytes.
In order to detect all two-bit errors, the hamming distance dm(C) of code C must be at least...
Three
What is the purpose of defining a default namespace in an XML file?
To reduce the use of a namespace qualifier prefixed to the element names
Wireless communication heavily replies on error control codes. What are the primary error control codes used in 4G wireless network?
Turbo Codes
What are the main problems of storing the credentials in Web.config file?
Unmanageable if the number of users is large. Sequential comparisons of passwords.
How does a WSDL/SOAP service normally return a value to the caller?
Use HTTP | Response.
How do we create an AJAX component in ASP .Net Web application?
Use Web Controls.
What is the best way to convert a legacy executable file, such as DLL functions, into Web services?
Use the Web service template to create a service and call the library functions in the service code.
If a developer wants the session state works for the current session only, what value should be used for cookiless?
UseUri
How are AJAX features implemented in ASP .Net applications?
Using Web control
what is WS-* Specification? what components are included in WS-* Specification?
WCF supports multiple security methods at different layers. the security methods includes authentication, authorization, confidentiality, and integrity. the layers in which security mechanisms are deployed include message layer and transport layer.
what type of file allows the application to parameterize its behavior, so that the behavior can be modified without recompiling the source code?
Web.config
what type of file overrides its occurrence in the parent directory?
Web.config
When is a deadlock possible for an ASP .Net application?
When separate files are used for storing store items and in-cart items.
What do you do if you want to use your own file for storing the credentials, instead of using Web.conf?
Write your own code to handle the access control.
What method of XmlTextWriter Class should be called if you want to create an XML node with a child node?
WriteStartElement
What standard do Atom and RSS conform with?
XML
What type of file does the following piece of code most likely belong to? <Book> <Title>Introduction to Programming Language</Title> <Author>Yinong Chen</Author> <Year>2006</Year> <ISBN>0-7575-2974-7</ISBN> </Book>
XML instance file
what type of file does the following piece of code most likely belong to? Code: <Book> <Title>name of book</Title> <Author>name of author</Author> <Year>year</Year> <ISBN>1234</ISBN> </Book>
XML instance file
what is XML? what are XML element and attributes?
XML is a universal metalanguage used to define other Web services standards, protocol, interfaces, documents, and data. It is made of plain-text and self-describing. XML elements are used to define the data that are integral to the document. XML attributes are used to define out-of-band data which give additional information.
what .Net class contains the method to obtain the root element of an XML document?
XMLDocument class
what .Net class contains the method called WriteElementString?
XMLTextWriter class
compare and contrast XML DTD and XML XSD. what .Net FCL classes and methods exist for validating XML files?
XSD is a more powerful alternative to DTD that defines the structure and types of an XML document. DTD is not XML-based which required separate tools to process DTD documents, whereas XSD is XML-based. XSD is extendable and reusable. DTD is limited to only string type, whereas XSD supports basic types and can define other complex types. XMLReader and its .Create(...) method can be used to perform validation, supporting both DTD and XSD files
The idea behind the Google's BigTable is similar to that of
a B+ Tree
The idea behind the Google's BigTable is similar to that of...
a B+ Tree
AJAX control is implemented in the ASP .Net environment as...
a Web control.
what is WS-transaction?
a collection of actions, including information exchange and status modification. It must be treated as a unit or atomic operation for ensuring database integrity. transactions are at application level, consisting of sequences of operations.
what is an XML namespace? why is it useful? how is a namespace defined?
a namespace is declared as an attribute of an element. it binds a prefix name (qualifier) to a schema definition and then uses that prefix whenever required. Its used to limit the scope of a name of a DTD or schema to eliminate conflict.
an XML document can be best illustrated as...
a rooted tree
Sandbox is security mechanism in client-side computing. It guards the client machine by not allowing
access to native applications on the client.
what are the challenges for using an application state variable in Global.asax file?
addressing the problem of simultaneous write on the variable addressing the performance problem if the lock mechanism is used
how is the Windows-based security implemented in a Web application?
all access to a web application or web service must go through IIS, which assigns every request an access token. the access token enables the Windows OS to perform ACL (access control list) checks on resources targeted by the request.
what are security problems of rlogin?
all information including password is transmitted unencrypted .rhosts file is misused can allow access to a machine with spoofed source IP
an application state variable allows you to store an object into the server memory, which can be accessed by...
all sessions in the current application, but no the other applications
using only ________ data values is a good defense against XSS?
alphanumeric
What is the data structure of the stream buffer created when opening a FileStream file?
an array of bytes or plain characters
the Extensible Stylesheet Language Transformations (XSLT) can be used to transform an XML file to...
another XML file, with the same or a different structure an HTML file
PGP, GPG Kerberos are _____ layer protocols?
application
SSH is a ____ layer protocol?
application
ssh provides security at ______ layer?
application
what is wrong with using application state variables for caching purposes? select all that apply.
application state variables do not have automated caching management support. application state variables are not thread safe.
what are defenses against web manipulation?
apply a timestamp within the variable encrypt the information in the cookie or hidden variable make sure your session IDs are long enough to prevent accidental collision digitally sign or use a keyed hash function
SSL handshake protocol carries out initial ________?
authentication
Web.config file in ASP.Net application is used for...
authentication and authorization
What the proper order of performing security operations?
authentication, authorization, and then access of resource
What dependability attribute ensures the readiness of service at time point t?
availability
FileStream class uses a stream buffer of bytes to connect to the file system. what XML class/classes can be used to read the stream buffer?
both XMLTextReader and XMLDocument
If one selects the cookieless attribute = UseUri to support Session State variables, the restrictions associated with this selection are that the...
browser must remain open to revisit session states. developers must use relative paths.
where are cached objects saved in Web.config?
can be in cache, memory, and disk
A JSON array consists of an ordered sequence of elements. All these elements
can have different types.
A JSON array consists of an ordered sequence of elements. All these elements...
can have different types.
In phase 4 of SSL handshake, change ________ spec and finish _______?
cipher handshake
________ is a list of cryptographic options supported by the client ordered by preference?
cipher_suites
who sends its certificate if requested, and verification message in phase 3 of SSL handshake protocol?
client
If key exchange between server and client is RSA based then it was generated by the _________? It is then sent to the server and encrypted with __________'s public ______ key?
client server RSA
Web sites based on pure HTML can perform
computation on server side only
reliability ensures...
continuity of service in [0,t]
Reliability R(t) is a probability related to the...
continuity of service in time period [0, t].
Windows security can be used to control user access to a Website. This security mechanism can be best applied to the users of
corporate intranet applications
Windows security can be used to control user access to a Website. This security mechanism can be best applied to the users of...
corporate intranet applications
Which of the following terms is NOT defined in the W3C namespace "http://www.w3.org/2001/XMLSchema"?
course
_________ allows attackers to inject HTML or Client-side script into the web pages viewed by others?
cross site scripting(XSS)
With _______ some websites sends back up user's input without filtering?
cross-site scripting(XSS)
Policy-based computing suggests to decouple...
data from program.
In a public key security system, what key should be published if one wants to implement digital signature?
decryption key
in Windows Communication Foundation, the scope of a transaction flow is...
defined using an object of TransactionScope class
A Document Type Definition (DTD) file
defines the syntax of an XML file.
in what circumstance should such an encryption system be used, where the decoding key is public and the encoding key is private?
digital signature is needed
Secure Sockets Layer (SSL) deals with the security issue...
during the communication.
Many encryption and decryption algorithms are of matters of national security and are classified. The main reason is that the exposure of these algorithms can help the enemies to...
encrypt their secret data
DES (Data Encryption Standard) is used for low-level security purpose only, because its...
encryption key is short
A DLL component that you create...
forms a namespace and you need to explicitly include it in the application.
SSL _______ protocol negotiates the protocols to be used for authentication and encryption?
handshake
______ attack is when an attacker sends a heartbeat request to a server?
heart bleed attack
In phase 1: client hello message, what do the values of the session id indicate?
if 0, the client wants to create a session or the session ID of an old session.
Where are the compilation and debugging options of a Web application typically stored in the Web.config file?
in <system.web>
If an XML file is created in your application, where should the file be stored in the ASP .Net application domain?
in App_Data folder
where can we program the animations in a Windows phone app?
in XAMIL file
Where are the credentials saved in the built-in account management (offered by the pages in the "Account" folder) of ASP .Net application?
in a database
The purpose of using CDATA is to allow special characters to appear
in the element's text between the opening tag and closing tag.
The purpose of using CDATA is to allow special characters to appear...
in the element's text between the opening tag and closing tag.
how are digital signature and confidentiality implemented in a public key security system?
in the public key security system, anyone who wants to send a confidential document to the receiver uses the public key to encrypt the document digital signature, which encryption is held private, whereas the decryption key is made public. nobody, except the sender, can create the encrypted document, but everyone can decrypt the document.
where are RSS and Atom feeds currently used? Select all that apply.
input and output RESTful services
The attribute of an XML element can be placed
inside the opening tag of an XML element
Where can an attribute be placed in an XML document?
inside the opening tag of an element
where can attributes be placed in an XML document?
inside the opening tag of an element
The traditional .dll library functions can be deployed to a Web server and accessed through
internal calls
A user control
is a component sharable among multiple pages.
A user control...
is a component sharable among multiple pages.
an attribute with an element...
is never implicitly qualified by the qualifier of the element
a Document Type Definition file...
is used to define the structure of an XML file
When session states are used, a Web server identifies a revisiting browser through an ID
issued by the server.
what does the fragment caching do in ASP.Net?
it caches a part of the XHTML page defined by a user control
what does the output caching do in ASP.Net?
it caches the entire XHTML page
what is WS-Reliability? what issues the WS-Reliability specification address?
it is a SOAP-based specification that fulfills reliable messaging requirements critical to SOC applications of web services.
how is the form-based security implemented in a Web application?
it used the Web.config file to define the detailed security policies. the system.web section can be used to define authentication and authorization to a web application.
cipherSuite = _____________ + ___________
key exchange algorithm + cipherSpec
how is a user control page shared among multiple ASPX pages?
link the reference to the user control page into each ASPX page
The purpose of HTML controls in ASP .Net GUI design is to
map HTML tags to server controls more conveniently.
compare and contrast RSS and Atom feeds. what are their similarities and differences. where are they being used?
most noncontainer elements of RSS are string types, whereas Atom's noncontainer elements allow more flexibility in associating with different types of data. Atom has automated features like autoupdate that automatically adds timestamp when a feed is changed, and autodiscovery is for clients who know the URI of a web page to find the location of that page's associated Atom feed automatically. both are used for describing/representing feed data and are used in RESTful services.
A connection is created with each _______?
mouse click
Pretty Good Privacy (PGP) encryption/decryption uses...
multi-steps of hashing, compression, symmetric-key, and a public-key system.
A mashup can take data from (Select all that apply)
multiple data sources. multiple services and APIs.
An XML document has a tree structure. It
must have a unique root
An XML document has a tree structure. It...
must have a unique root
IPSec VPN, OSPF and BGP are _______ layer protocols?
network
what type of data is a session state variable designed to store?
objects defined by a class
if you plan to implement a thick-client architecture, what is the best technology to use?
out-of-browser computing
It is unethical or unlawful to do reversed engineering of proprietary software, unless you (Select all that apply)...
own the code. have the explicit permission.
______ proxy is a java based proxy for assessing web application vulnerability?
paros
Negation of session ID, Key exchange algorithm, mac algorithm, etc happens in which phase of SSL handshake protocol?
phase 1
XML files are stored in a Web server's file system in the form of
plain text files
XML files are stored in a Web server's file system in the form of...
plain text files
Web ______ intercepts the HTTP/HTTPS traffic, let the user verify the content or change them?
proxy
what web pages perform the computations on the server side? select all that apply.
pure HTML form
what web computing technology is obsolete?
pure HTML with server support
The probability that a system has survived in the time interval [0, t] is the system's...
reliability
The probability that a system has survived in the time interval [0,t] is the system's
reliability
An HTML element is processed at server side, if the element contains an attribute:
runat="server"
what attributes are called security attributes?
safety, vulnerability, confidentiality, data integrity
What techniques are used in Data Encryption Standard (DES) to perform encryption and decrption. Select all that apply.
secret key system multiple rounds of cypher encryption
What is the most sensible use of a remote data encryption/decryption service? We use it for
securing data be stored in disk.
What is the most sensible use of a remote data encryption/decryption service? We use it for...
securing data be stored in disk.
what dependability functions are implemented in WCF?
security and reliability
Policy-based software development model suggests to
separate data from program code, so that data can be modified without modifying the program.
Who sends its certificate and key exchange message in phase two of SSL handshake protocol?
server
session identifier is an arbitrary byte sequence chosen by the _________?
server
______ defines a set of cryptographic security parameters, which can be shared among multiple connections?
session
connections of the same session share the same __________ state?
session
every connection is associated with one ______?
session
______ may include multiple connections between the same client and server?
sessions
how are the special markup characters presented in XML files? what are CDATA and PCDATA? what are their differences? what is the difference between entity reference and CDATA?
special markup characters are presented as an entity reference or a character reference to differentiate them. CDATA is data that appears between a pair of special tags "<![CDATA[" and "]]>" PCDATA is any data that are not in CDATA tags. They are used to handle the appearances of reserved characters.
_____ can transfer files using sftp or tcp?
ssh
What type of data can a cookie directly store?
string
what types of data can cookies store?
string data
What namespace inherits and merges all names from other namespaces into the current schema?
targetNamespace
what are security problems with telnet?
telnet daemons does not encrypt any data no authentication or anti-MITM attack
In Windows-based security system, the access control list is stored in...
the Windows operating system.
what does the following line of code in a DTD file mean? Code: <!ELEMENT instructor(name, course+, officeHours*, phone | email)
the XML instance file must have an element <course>
what data does the Output Caching technique cache?
the entire web page generated from the ASPX page
What would happen if the same namespace qualifier is declared in the root and in a child element?
the inner declaration will override the outer one.
what is the dependability of a system?
the system's ability to deliver specified services to the end users so that they can justifiably rely on and trust the services provided by the system. it includes 3 aspects of a system: attributes, means, and impairments.
in order to tolerate (or correct) one bit error, the hamming distance of code C must be at least...
three
what is the purpose of defining a default namespace in an XML file?
to reduce the number of namespace qualifiers prefixed to the element names
SSL/TLS, SSL VPN are ______ layer protocols?
transport
XSS exploits the ________ for a particular site, where XCSRF(Cross-site request forgery) exploits the __________ in a user's browser?
trust a user has trust that a site has
what methods can be used for storing the session ID in the client browser?
use cookies to store the session ID. put the session ID in the URL as part of the address.
how do you add a DLL class into your web site application?
use the "add reference" option in Visual Studio to include the class
why do we need a user control at all? what function of a user control cannot be replaced by a server control?
user controls can be shared by multiple ASPX pages, its sharable and reusable.
By default, the cookies used in the Forms-based Security are protected by (Select all that apply)...
using encryption to prevent reading. using digital signature to prevent modification.
Defensive strategy against SQL injection, XSS, etc is to test your ______ of find vulnerability, or set up a ______ between the web server and outside world?
web site proxy
What does paros proxy include?
web traffic recorder web spider hash calculator scanner for testing common web application attacks
when do you use the add() method in the Cache class? select all that apply.
when we want to add a dependency object into an existing cache object.
what is the scope of a session state variable?
within all pages in the session
