cs 4337 - final

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

[Sebesta11-12] As an extension of the module-as-type approach to data abstraction, many languages now provide a class construct for object-oriented programming. To first approximation, classes can be thought of as module types that have been augmented with a(n) _____ mechanism.

inheritance

[Sebesta12Quiz] Non-static classes that are nested directly in another class are called _______.

inner classes

[OOP&Java] Which one of the following selections is a correct Java keyword?

instanceof

[Sebesta12Quiz] A language that is object oriented must provide support for this ____ key language features? Which one of the following choices is NOT correct?

interface

[XSS] Consider Cross-site scripting (XSS). There is no single, standardized classification of cross-site scripting flaws, but most experts distinguish between at least two primary flavors of Cross-site scripting (XSS) flaws: _________.Which one of the following choices is NOT correct?

java-based and code-based

[Sebesta12Quiz] The entire collection of methods of an object is called the _____ of the object.

message protocol or message interface

[Sebesta12Quiz] The calls to methods are sometimes called ______.

messages

[Sebesta12Quiz] The subprograms that define the operations on objects of a class are called _______.

methods

[Sebesta12Quiz] C# uses the syntax of _____ for defining classes.

C++

[Sebesta12Quiz] In which of the following language supporting multiple inheritance requires just one additional array access and one extra addition operation for each dynamically bound method call, at least with some machine architectures?

C++

[closure] This programming language _____ enables defining function objects by overloading "operator( )" and also supports closures.

C++

[XSS] Consider Cross-site scripting (XSS). Which one of the following choices is NOT correct?

Cross-site scripting attacks use known vulnerabilities in web-based applications only from the client-side browsers.

[Sebesta09] Consider Parameter Passing Methods of Major Languages. Which one of the following statements is NOT correct?

Java provides all parameters and Object parameters which are passed by reference.

[closure] Which mathematical subject was utilized for the evaluation of expressions in closures?

Lambda Calculus

[C++OOP] The constructor function's return type is ____

None of these

[Cadelli&Wegner1985] According to the authors. A language is object-oriented if and only if it satisfies the following requirements. Which one of the following selections is NOT correct?

Objects provide a capacity of encapsulation, message-passing, and information-hiding

[Cadelli&Wegner1985] According to the authors. Select the best choice for matching. Question Correct Match

Overloading B. integer constants may have both type integer and real. Operators such as + are applicable to both integer and real arguments. Coercion D. an integer value can be used where a real is expected, and vice versa. Subtyping A. elements of a subrange type also belong to superrange types. Value sharing C. null pointer in C/C++ is a constant which is shared by all the pointer types.

[Cadelli&Wegner1985] According to the authors, The following example is an example of an untyped universe. Which one of the following choices is NOT an example of an untyped universe?

Primitive data types in Java

[closure] The _______ environment binds the non-local names to the corresponding variables in the lexical environment at the time the closure is created.

Referencing

[Sebesta10] As discussed in the class on the implementation of subprogram (call and return). One of the Caller Prologue Actions is to _____.Which one of the statements is NOT correct?

Restore the execution status of the current program unit

[SQLinject] Consider the following statement concerning various methods of analysis for SQL Injection.SQL Injection refers to a type of attack which attempts to acquire unauthorized access to the database after injecting code and investigating the _______.

SQL Query

[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities.________ exploits a vulnerability in the database layer of an application. When user input is incorrectly filtered, any SQL statements can be executed by the application.

SQL injection

[SQLinject] Consider SQL Injection. Which one of the following choices is NOT correct?

SQL injection attack has been a major threat of inversion of control.

[Sebesta10] As discussed in the class on the implementation of subprogram (call and return). One of the Epilogue Actions of the Called subprogram is to _____.Which one of the statements is NOT correct?

Save the execution status of the called

[Sebesta10] As discussed in the class on the implementation of subprogram (call and return).Which one of the statements is NOT correct?

The Activation record format and size are dynamic

[SQLinject] Consider the following statement concerning SQL Injection attack and Static analysis.Static analysis with its technique has one limitation as it can be used for a specific language or framework.

True

[SQLinject] True/False. Consider the following statement concerning dynamic analysis of SQL Injection attack.Dynamic analysis cannot detect all vulnerability in the source code due to the fact that it doesn't have the access to cover the whole source code.

True

[SQLinject] True/False. Consider the following statement concerning dynamic analysis of SQL Injection attack.Dynamic analysis could be run through the implementation of the program, where it detects the real vulnerability in source code without false positive results.

True

[SQLinject] True/False. Consider the following statement concerning dynamic analysis of SQL Injection attack.Hybrid analysis proposed as a combination between both; static and dynamic analysis. However, Hybrid analysis inherits the limitation from both approaches.

True

[SQLinject] True/False. Consider the following statement concerning static analysis of SQL Injection attack.The false positive rate in the static analysis is high, which it makes the results not in that precise of Dynamic analysis.

True

[Sebesta09] Consider Type Checking of Parameter.Which one of the following statements is NOT correct?

Type Checking is not considered important for reliability.

[SQLinject] Consider the following statement concerning SQL Injection attack.The attack could be possible after a different query is injected rather than a plain text, wherein a(n) _____ keyword was inserted before a query.

UNION

[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities.In _______ attack, vulnerabilities in the browser itself or in the browser plugins are exploited (rather than vulnerabilities in other websites, as is the case with XSS attacks).

Universal XSS

[C++OOP] This is a special function that is called whenever a new object is created and initialized with another object's data.

copy constructor

[C++OOP] In a procedural program, you typically have _____ stored in a collection of variables, and a set of _____ that perform operations on the data.

data, functions

[XSS] Consider Cross-site scripting (XSS). Security on the web depends on a variety of mechanisms, including an underlying concept of trust known as the same-origin policy. Once a site is granted for permission on a web browser, the content from any URL with the same ____________ (three attributes for permission) will share these permissions. Which one of the following choices is NOT correct for the three items required for the same-origin policy?

digital signature

[C++OOP] Members of a class object are accessed with the ____

dot operator.

[Sebesta12Quiz] The third characteristic (after abstract data types and inheritance) of object oriented programming languages is a kind of polymorphism provided by the dynamic binding of messages to method definitions. This is sometimes called ______.

dynamic dispatch

[Cadelli&Wegner1985] According to the authors, ____ polymorphism is obtained when a function works, or appears to work, on several different types (which may not exhibit a common structure) and may behave in unrelated ways for each type.

ad-hoc

[SQLinject] Consider the following statement concerning SQL Injection attack and Static analysis.________ results are those paths which are detected as a vulnerable path; however, they are not vulnerable.

false positive

[Sebesta12Quiz] What keyword in Java ensures a class cannot be derived from to make inherited classes?

final

[Cadelli&Wegner1985] According to the authors, universally polymorphic functions will normally work on an infinite number of types (all the types having a given common structure), while _____ polymorphic function will only work on a finite set of different and potentially unrelated types.

ad-hoc

[OOP&Java] To declare a constant MAX_LENGTH as a member of the class, you write ______.

final static double MAX_LENGTH = 99.98;

[Cadelli&Wegner1985] According to the authors: There are also two major kinds of ad-hoc polymorphism. In ____ the same variable name is used to denote different functions, and the context is used to decide which function is denoted by a particular instance of the name.

overloading

[OOP&Java] Before Java 5.0, when you _____ a method, both parameters and return type must match exactly. In Java 5.0, it introduces a new facility called covariant return type. You can _____ a method with the same signature but returns a subclass of the object returned.

override

[Cadelli&Wegner1985] According to the authors, ____ polymorphism is obtained when a function works uniformly on a range of types: these types normally exhibit some common structure.

parametric

[Cadelli&Wegner1985] According to the authors, _____ polymorphism is so called because the uniformity of type structure is normally achieved by type parameters, but uniformity can be achieved in different ways, and this more general concept is called universal polymorphism.

parametric

[Cadelli&Wegner1985] According to the authors. Value sharing is a special case of _____ polymorphism. The fact that an object having many types is uniformly represented for all types is characteristic of _____ polymorphism.

parametric

[Cadelli&Wegner1985] According to the authors. _____ polymorphism is the purest form of polymorphism: the same object or function can be used uniformly in different type contexts without changes, coercions or any kind of run-time tests or special encodings of representations.

parametric

[Cadelli&Wegner1985] According to the authors: In _____ polymorphism, a polymorphic function has an implicit or explicit type parameter, which determines the type of the argument for each application of that function.

parametric

[Cadelli&Wegner1985] According to the authors: The functions that exhibit ______ polymorphism are also called generic functions.

parametric

[Sebesta11-12] ____ polymorphism is provided by a subprogram that takes generic parameters that are used in type expressions that describe the types of the parameters of the subprogram.

parametric

[Sebesta12Quiz] A class from which the new class is derived is its _____.

parent class or superclass

[C++OOP] A C++ class is similar to one of these.

structure

[C++OOP] Objects in an array are accessed with ____, just like any other data type in an array.

subscripts

[Sebesta11-12] ____ polymorphism is fundamental to object-oriented languages, in which classes are said to inherit the methods of their parent classes.

subtype

[Sebesta11-12] ____ polymorphism means that a variable of type T can access any object of type T or any type derived from T.

subtype

[Sebesta12Quiz] Unlike Smalltalk and most other languages that support object-oriented programming, a C++ class can also be stand-alone, without a(n) ______.

superclass

[SQLinject] Consider the following statement concerning SQL Injection attack and various methods of analysis.The ________ algorithms work as follows: They make use of a dataset, known as the training dataset, wherein every individual component is labelled. This model determines the relationship between the label and data and uses this information for classifying novel data which has not been noted before. This novel dataset is known as a test dataset

supervised-learning

[OOP&Java] Inheritance means ______.

that a class can extend another class

[OOP&Java] Polymorphism means _____.

that a variable of supertype can refer to a subtype object

[C++OOP] The constructor function always has the same name as ____

the class

[Sebesta09-10] Labels are ___ values in most programming languages as it cannot be passed as a parameter.

third-class

[Sebesta09-10] ___ value cannot be passed as a parameter.

third-class

[C++OOP] This is a special built-in pointer that is available to a class's member functions.

this pointer

[Cadelli&Wegner1985] According to the authors, parametric and inclusion polymorphism are classified as the two major subcategories of ____ polymorphism, which is contrasted with nonuniversal polymorphism.

universal

[Cadelli&Wegner1985] According to the authors. As is implicit in the choice of names, _____ polymorphism is considered true polymorphism.

universal

[SQLinject] Consider the following statement concerning SQL Injection attack and various methods of analysis._________ is based on information theory and Bayesian principles. In this type of algorithm, the machine attempts to detect the hidden structure in the unlabeled data. It makes no use of the output data or the prior labelled data. These algorithms are categorized into various categories like k-Means Clustering and Hierarchical Clustering Techniques.

unsupervised-learning

[Cadelli&Wegner1985] According to the authors, "____" actually means that there is only one type.

untyped

[Sebesta12Quiz] In C++, the storage structure for the list (of dynamically bound methods of a class instance) is often called a ______.

virtual method table

[C++OOP] A good reason for overloading an operator is to enable it to:

work in its usual way, but with programmer-defined data types

[OOP&Java] Given the declaration Circle x = new Circle( ), which of the following statement is most accurate?

x contains a reference to a Circle object.

[Sebesta10] As discussed in the class. Consider the following code segment and the call sequence with Dynamic Scoping. In sub3 when it is called, x=u+v+w will be executed. Which one of the following choices is NOT correct? https://i.imgur.com/laQ9UTh.png

x is the one of sub2

[Sebesta10] As discussed in the class. Consider the following code segment and the call sequence with Dynamic Scoping. In sub3 when it is called, x=u+v+w will be executed. Which one of the following choices is NOT correct? https://i.imgur.com/rl6npTx.png

x is the one of sub2

[Cadelli&Wegner1985] According to the authors, Languages in which all expressions are type-consistent are called ____ languages.

Strongly typed

[Sebesta12Quiz] A class that includes at least one abstract method is called _____.

abstract class

[Sebesta11-12] A(n) ___ is a view or representation of an entity that includes only the most significant attributes.

abstraction

[Sebesta10] As discussed in the class on the implementation of blocks.Which one of the following statements is NOT correct?

A nested block may use its parent's ARI for deep access.

[OOP&Java] Object-oriented programming allows you to derive new classes from existing classes. This is called _____.

inheritance

[C++OOP] This type of member variable may be accessed before any objects of the class have been created.

static

[C++OOP] This directive is used to create an "include guard," which allows a program to be conditionally compiled. This prevents a header file from accidentally being included more than once.

#ifndef

[Sebesta09] Consider the following code segment. The function big calls sub1 which calls sub2 which uses x. The value of x is ___ with Static scoping. https://i.imgur.com/fYCe7Ii.png

3

[Sebesta09] Consider the following code segment. The function big calls sub1 which calls sub2 which uses x.With Dynamic scoping, the value of x is ____. https://i.imgur.com/uT63BXl.png

7

[OOP&Java] _____ is a construct that defines objects of the same type.

A class

[OOP&Java] ____ is invoked to create an object.

A constructor

[Sebesta12Quiz] What is NOT true about abstract classes and abstract methods?

Abstract classes must define their declared methods

[closure] Which of the following programming languages do not use closures?

Algol

[OOP&Java] ________ represents an entity in the real world that can be distinctly identified.

An object

[closure] Which one of the following choices is not a "closure-like" construct? Select the best answer.

Arrays (C++)

[OOP&Java] Which of the following statement is false?

At least one constructor must always be defined explicitly.

[Cadelli&Wegner1985] According to the authors, which one of the following examples is the most concrete example of an untyped universe?

Bit strings in computer memory

[SQLinject] Consider the following statement concerning SQL Injection attack.A(n) ______ attack is a technique wherein the attacker poses some queries to a database and derives the answers. Thereafter, the attacker plans the next course of action depending on the answers which were generated by the database. This was seen to be a difficult SQLi attack since the attacker does not have any prior knowledge regarding the database or the answers which would be generated.

Blind SQLi

[SQLinject] Consider the following statement concerning SQL Injection attack.The _______ attack is categorized into different types like the Boolean-Based or Time-Based SQLi attacks.

Blind SQLi

[Sebesta12Quiz] In Java, what is the process of implicitly coercing a primitive value into object context called?

Boxing

[Sebesta12] In the C++ definition of an inherited class, the name of the inherited class has the name of the base class attached with what symbol?

Colon

[SQLinject] Consider SQL Injection. Which one of the following choices is NOT correct?The web application developers strive to prevent these SQL injections by using one of the common source code analysis types. Which one of the following choices is NOT correct for one of the common source code analysis types?

Compiler analysis

[XSS] Consider Cross-site scripting (XSS) and its preventive measures.________ could be used as the primary defense mechanism to stop XSS attacks. Most web applications that do not need to accept rich data can use escaping to largely eliminate the risk of XSS attacks in a fairly straightforward manner.

Contextual output encoding/escaping of string input

[XSS] Consider Cross-site scripting (XSS) and its preventive measures.Many web applications rely on session cookies for authentication between individual HTTP requests, and because client-side scripts generally have access to these cookies, simple XSS exploits can steal these cookies. To mitigate this particular threat (though not the XSS problem in general), many web applications tie session cookies to the IP address of the user who originally logged in, then only permit that IP to use that cookie.This is an example of __________.

Cookie security

[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities._______ takes advantage of third-party clients susceptible to XSS or Open Redirect attacks. (In contrast, normal phishing attempts can be easy to spot, because the malicious page's URL will usually be off by a couple of letters from that of the real site.) The difference is that an attacker could use the real website instead by corrupting the site with a malicious login pop-up dialogue box.

Covert Redirection

[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities.________ exploits "zone" concepts in certain browsers and usually executes code with a greater privilege.

Cross-Zone scripting

[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities.________ is almost the opposite of XSS, in that rather than exploiting the user's trust in a site, the attacker (and his malicious page) exploits the site's trust in the client software, submitting requests that the site believes represent conscious and intentional actions of authenticated users.

Cross-site request forgery

[SQLinject] Consider the following statement concerning SQL Injection attack and various methods of analysis.In this stage of _____ in Generic Algorithms, the off-springs which are generated in the genetic algorithm are based on 2 genetic operators. The crossover takes place after combining 2 chromosomes for producing a new solution which shows better traits.

Crossover and Mutation

[XSS] Consider Cross-site scripting (XSS). In ________ XSS attack, the malicious data does not touch the web server. Rather, it is being reflected by the JavaScript code, fully on the client side. An example of a DOM-based XSS vulnerability is the bug found in 2011 in a number of jQuery plugins.

DOM-based

[XSS] Consider Cross-site scripting (XSS). Some sources of non-persistent XSS vulnerabilities further divide these two groups into traditional (caused by server-side code flaws) and _____ (in client-side code flaws).

DOM-based

[Sebesta09] Consider Parameters with Referencing Environment.One complication with parameters that are subprograms appears only with languages that allow nested subprograms. The issue is what referencing environment for executing the passed subprogram should be used. One option is ____.Which one of the following statements is NOT correct?

Deep binding which is most natural way for interactive languages.

[XSS] Consider Cross-site scripting (XSS) and its preventive measures.Functionality that blocks all scripting and external inclusions by default and then allows the user to enable it on a per-domain basis is more effective. This has been possible for a long time in Internet Explorer (since version 4) by setting up its so called "Security Zones", and in Opera (since version 9) using its "Site Specific Preferences". This is an example of __________.

Disabling scripts

[XSS] Consider Cross-site scripting (XSS) and its preventive measures.One problem with ______ is that many users do not understand it, and do not know how to properly secure their browsers. Another drawback is that many sites do not work without client-side scripting, forcing users to disable protection for that site and opening their systems to vulnerabilities.This is an example of __________.

Disabling scripts

[XSS] Consider Cross-site scripting (XSS) and its preventive measures.The most significant problem with blocking all scripts on all websites by default is substantial reduction in functionality and responsiveness (client-side scripting can be much faster than server-side scripting because it does not need to connect to a remote server and the page or frame does not need to be reloaded).This is an example of __________.

Disabling scripts

[XSS] Consider Cross-site scripting (XSS) and its preventive measures.While Web 2.0 and Ajax developers require the use of JavaScript, some web applications are written to allow operation without the need for any client-side scripts. This allows users, if they choose, to disable scripting in their browsers before using the application. In this way, even potentially malicious client-side scripts could be inserted unescaped on a page, and users would not be susceptible to XSS attacks. This is an example of __________.

Disabling scripts

[Sebesta10] As discussed in the class on the implementation of subprogram (call and return).Consider Nested Subprogram. Which one of the following statements is NOT correct?

Dynamic semantic rules provide the shallow access.

[Sebesta10] As discussed in the class on the implementation of subprogram (call and return). Local variables can be accessed by their offset from the beginning of the activation record, whose address is in the _____. This offset is called the local_offset. The local_offset of a local variable can be determined by the compiler at compile time.

Environment Pointer

[SQLinject] Consider the following statement concerning SQL Injection attack.In the case of a(n) _________, the operator adds an invalid input value in the query, which can trigger errors in the database. In this process, the database is forced to carry out some activities which lead to errors.

Error based SQLi

[SQLinject] Consider the following statement concerning various SQL Injection attacks.Which one of the following choices is NOT one of SQL Injection attacks?

Event based SQLi

[closure] Closures are techniques for implementing lexically scoped binding in languages with _____.

First-class functions

[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities.______ can be used to create cross-site scripting conditions due to escaping problems on HTTP protocol level (in addition to enabling attacks such as HTTP response splitting).

HTTP-header injection

[C++OOP] What is the output of the following program? #include <iostream> using namespace std; class TestClass { public: TestClass(int x) { cout << x << endl; } TestClass() { cout << "Hello!" << endl; } }; int main() { TestClass test; return 0; }

Hello!

[C++OOP] The process of object-oriented analysis can be viewed as the following steps: ____

Identify objects, then define objects' attributes, behaviors, and relationships

[C++OOP] Class declarations are usually stored here.

In their own header files

[Sebesta12Quiz] ____ offers a solution to both the modification problem posed by abstract data type reuse and the program organization problem.

Inheritance

[SQLinject] Consider the following statement concerning SQL Injection attack and various methods of analysis.The _____ step in Generic Algorithms is the encoding or representation of chromosomes in the genetic algorithm which is carried out with the help of a binary format. The population used in the genetic algorithm is regarded as a set of likely solutions which can be used for resolving the issue.

Initial population

[Sebesta12Quiz] _____ operate only on the objects of the class.

Instance methods

[Sebesta10] As discussed in the class on the implementation of subprogram (call and return). Some non-C-based static-scoped languages use stack-dynamic local variables and allow subprograms to be nested. Which one of the following programming languages does NOT allow nested subprogram?

Java

[Sebesta12Quiz] C# includes both classes and structs, with the classes being very similar to _______ classes and the structs being somewhat less powerful stack-dynamic constructs.

Java

[XSS] Consider Cross-site scripting (XSS) and its preventive measures.As long as trusted nonces only appear on trustworthy scripts, the browser will not run programs from untrusted authors. Some large application providers report having successfully deployed nonce-based policies.This is an example of __________.

Selectively disabling scripts with Content-Security-Policy (CSP)

[XSS] Consider Cross-site scripting (XSS) and its preventive measures.This ________ preventive measure allows HTML documents to opt in to disabling some scripts while leaving others enabled. The browser checks each script against a policy before deciding whether to run it. As long as the policy only allows trustworthy scripts and disallows dynamic code loading, the browser will not run programs from untrusted authors regardless of the HTML document's structure. This shifts the security burden to policy authors. Several studies have cast doubt on the efficacy of host whitelist based policies.This is an example of __________.

Selectively disabling scripts with Content-Security-Policy (CSP)

[Sebesta12Quiz] The integrated use of windows, mouse-pointing devices, and pop-up and pull-down menus, all of which first appeared in ______, dominate contemporary software systems.

Smalltalk

[Sebesta12Quiz] What was the first language to offer complete support for object- oriented programming?

Smalltalk

[Cadelli&Wegner1985] According to the authors, ____ allows type inconsistencies to be discovered at compile time and guarantees that executed programs are type-consistent.

Statically typed

[Cadelli&Wegner1985] According to the authors, If a language is ____ its compiler can guarantee that the programs it accepts will execute without type errors.

Strongly typed

[closure] Which of the following statements is NOT CORRECT about closure?

The concept of closure was subsequently adopted and widely used in 1990's, especially with Java, to become widespread.

[SQLinject] Consider the following statement concerning SQL Injection attack and dynamic analysis.Which of the following choice is NOT correct?

The dynamic analysis process shows a higher false-positive rate.

[Sebesta10] As discussed in the class on the implementation of subprogram (call and return).Activation Record is ____.

The format or layout of the non-code part of an executing subprogram

[SQLinject] Consider the following statement concerning SQL Injection attack and hybrid analysis.Which of the following choice is NOT correct?

The hybrid analysis shows a higher false-positive rate, as it combines the dynamic analysis tool.

[Sebesta10] As discussed in the class on the implementation of subprogram (call and return) and variable reference with static scoping.Which one of the following statements is NOT correct?

The nesting_depth is the absolute depth of nesting level of a variable.

[Cadelli&Wegner1985] According to the authors: Consider the following example. 3+4 3+4.0 3.0+4 3.0+4.0 Here, the ad-hoc polymorphism of + can be explained in one of the following ways. Which one of the following is NOT correct?

The operator + has three overloaded meanings: one for integers, one for reals, and one for mixed argument types.

[Sebesta09] Consider the following code segment. The function big calls sub1 which calls sub2 which uses x.With Static scoping, which one of the following statements is CORRECT? https://i.imgur.com/0LdkEnW.png

The reference to x in sub2 is big's x.

[Sebesta09] Consider the following code segment. The function big calls sub1 which calls sub2 which uses x.With Static scoping, which one of the following statements is CORRECT? https://i.imgur.com/zlZojYw.png

The reference to x in sub2 is big's x.

[Sebesta09] Consider the following code segment. The function big calls sub1 which calls sub2 which uses x.With Dynamic scoping, which one of the following choices is CORRECT? https://i.imgur.com/ZTAFZOb.png

The reference to x in sub2 is sub1's x.

[Sebesta10] As discussed in the class. Consider the Parameters that are Subprogram Names (and for Referencing Environment).Which one of the following statements is NOT correct?

With Shallow Access, it is to place local references in parent's ARI's

[XSS] Consider Cross-site scripting (XSS). Which one of the following choices is NOT correct?

XSS risk is now almost disappeared today as the majority of the recent servers and browsers can detect and prevent the attacks.

[OOP&Java] Which one of the following statements regarding the "super" keyword is incorrect?

You can use super.super.p to invoke a method in superclass's parent class.

[Sebesta10] As discussed in the class on the implementation of subprogram (call and return). The collection of dynamic links in the stack at a given time is called the dynamic chain, or ____.

call chain

[closure] Some C libraries support ____ which is sometimes implemented by providing two values when registering this with the library: a function pointer and a separate void* pointer to arbitrary data of the user's choice.

callback

[OOP&Java] An object is an instance of a ________.

class

[OOP&Java] The keyword _____ is required to declare a class.

class

[Sebesta12Quiz] The abstract data types in object-oriented languages, following the lead of SIMULA 67, are usually called _____.

classes

[Sebesta11-12] ___ is a subprogram and the referencing environment where it was defined.

closure

[XSS] Consider Cross-site scripting (XSS). Cross-site scripting attacks are a case of ______.

code injection

[Cadelli&Wegner1985] According to the authors: There are also two major kinds of ad-hoc polymorphism. A(n) _____ is instead a semantic operation which is needed to convert an argument to the type expected by a function, in a situation which would otherwise result in a type error.

coercion

[Sebesta09-10] As Subroutines display most variation. They are ___ values in all functional programming languages and most scripting languages. They are also ___ values in C# and, with some restrictions, in several other imperative languages, including Fortran, Modula-2 and -3, Ada 95, C, and C++.

first-class

[Sebesta11-12] In C#, a(n) ____ subroutine is an instance of a delegate type.

first-class

[Sebesta10] As discussed in the class. Consider the following code segment and the figure for how the passing parameters are being done.Function header: void sub(int a, int b, int c, int d)Function call in main: sub(w, x, y, z) Which one of the following choices is NOT correct? https://i.imgur.com/jLuA7hd.png

for z by value-result

[Cadelli&Wegner1985] According to the authors: a(n) ____ function is one which can work for arguments of many types, generally doing the same kind of work independently of the argument type. If we consider a(n) _____ function as a single value, it has many functional types and is therefore polymorphic. Select the best answer.

generic

[Sebesta11-12] In Java 5.0, it supports for ____ types and methods to Java. The name of a(n) ___ class in Java 5.0 is specified by a name followed by one or more type variables delimited by pointed brackets.

generic

[Sebesta11-12] Parametrically polymorphic subprograms are often called _____ subprograms.

generic

[Sebesta11-12] _____ polymorphism is also called explicit parametric polymorphism.

generic

[Sebesta11-12] _____ polymorphism is usually, though not always, implemented by creating multiple copies of the polymorphic code, one specialized for each needed concrete type.

generic

[Cadelli&Wegner1985] According to the authors. Subtyping is an instance of ____ polymorphism.

inclusion

[Cadelli&Wegner1985] According to the authors, conventional typed languages, such as Pascal, are based on the idea that functions and procedures, and hence their operands, have a unique type. Such languages are said to be ____, in the sense that every value and variable can be interpreted to be of one and only one type.

monomorphic

[XSS] Consider Cross-site scripting (XSS). ________ happens when the attacker injects something that is seemingly safe but is rewritten and modified by the browser while parsing the markup. This makes it extremely hard to detect or sanitize within the website's application logic. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters on parameters to CSS font-family.

mutated-XSS

[C++OOP] Assume that myCar is an instance of the Car class, and that the Car class has a member function named accelerate. Which of the following is a valid call to the accelerate member function?

myCar.accelerate( );

[Sebesta12Quiz] The class in which the new class is nested is called the _______.

nesting class

[C++OOP] The destructor function's return type is: ____

nothing. Destructors have no return type.

[Sebesta11-12] In OOPL, we can encapsulate our subroutine as a method of a simple object, and let the object's fields hold context for the method. An object that plays the role of a function and its referencing environment may variously be called ___.

object closure

[Sebesta] Function object or functor is another name for ____ time to time.

object closure

[C++OOP] When a class contains an instance of another class, it is known as _____

object composition

[Sebesta12Quiz] The concept of ______ had its roots in SIMULA 67 but was not fully developed until the evolution of Smalltalk resulted in Smalltalk 80?

object-oriented programming

[C++OOP] When you overload an operator, you cannot change the number of _____ taken by the operator.

operands

[C++OOP] A(n) _____ operator can work with programmer-defined data types.

overloaded

[XSS] Consider Cross-site scripting (XSS). A classic example of _____ XSS vulnerabilities is with online message boards where users are allowed to post HTML formatted messages for other users to read.

persistent

[XSS] Consider Cross-site scripting (XSS). A(n) _______ XSS vulnerability coupled with a computer worm allowed execution of arbitrary code and listing of filesystem contents via a QuickTime movie on MySpace.

persistent

[XSS] Consider Cross-site scripting (XSS). The ______ XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping.

persistent

[XSS] Consider Cross-site scripting (XSS). _______ XSS flaws is also called "stored" XSS flaws.

persistent

[XSS] Consider Cross-site scripting (XSS). ________ XSS vulnerabilities can be more significant than other types because an attacker's malicious script is rendered automatically, without the need to individually target victims or lure them to a third-party website.

persistent

[C++OOP] If you do not declare an access specification, the default for members of a class is ____

private

[C++OOP] This type of member function may be called only from a function that is a member of the same class.

private

[C++OOP] This is used to protect important data.

private access specifier

[C++OOP] This type of member function may be called from a statement outside the class

public

[XSS] Consider Cross-site scripting (XSS). A(n) _______ XSS attack is typically delivered via email or a neutral web site. The bait is an innocent-looking URL, pointing to a trusted site but containing the Cross-site scripting (XSS) vector. If the trusted site is vulnerable to the vector, clicking the link can cause the victim's browser to execute the injected script.

reflected

[XSS] Consider Cross-site scripting (XSS). Non-persistent XSS flaws is also called _______.

reflected

[Cadelli&Wegner1985] According to the authors: In terms of implementation a universally polymorphic function will execute the ____ code for arguments of any admissible type, while an ad-hoc polymorphic function may execute ____ code for each type of argument.

same, different

[Sebesta12Quiz] If a new class is a subclass of a single parent class, then the derivation process is called ______. If a class has more than one parent class, the process is called ________.

single inheritance; multiple inheritance

[C++OOP] A reason to overload the _____ is to write classes that have array-like behaviors.

square brackets [ ] operator


Kaugnay na mga set ng pag-aaral

Short stories test -combined set (final)

View Set

Group Health and Blanket Insurance

View Set

Ch 33 Obstetrics and Neonatal Care

View Set

bio102 ch 14- principles of evolution, fill in the blank

View Set

AMERICAN HISTORY SINCE 1877 CHAPTER 17

View Set

Sometimes, Always, Never Geometry

View Set

Lean Six Sigma Green Belt Training - Lean Metrics

View Set