PLP Exam 3
[Sebesta11-12] As an extension of the module-as-type approach to data abstraction, many languages now provide a class construct for object-oriented programming. To first approximation, classes can be thought of as module types that have been augmented with a(n) _____ mechanism.
inheritance
[C++OOP] When the body of a member function is defined inside a class declaration, it is said to be ___
inline
[Sebesta12Quiz] Non-static classes that are nested directly in another class are called _______.
inner classes
[Sebesta12Quiz] A language that is object oriented must provide support for this ____ key language features? Which one of the following choices is NOT correct?
interface
[XSS] Consider Cross-site scripting (XSS).There is no single, standardized classification of cross-site scripting flaws, but most experts distinguish between at least two primary flavors of Cross-site scripting (XSS) flaws: _________. Which one of the following choices is NOT correct?
java-based and code-based
[C++OOP] Each object of a class has its own copy of the class's ____
member variables
[Sebesta12Quiz] The entire collection of methods of an object is called the _____ of the object.
message protocol or message interface
[Sebesta12Quiz] The subprograms that define the operations on objects of a class are called _______.
methods
[Cadelli&Wegner1985] According to the authors, conventional typed languages, such as Pascal, are based on the idea that functions and procedures, and hence their operands, have a unique type. Such languages are said to be ____, in the sense that every value and variable can be interpreted to be of one and only one type.
monomorphic
[Cadelli&Wegner1985] According to the authors: There are also two major kinds of ad-hoc polymorphism. In ____ the same variable name is used to denote different functions, and the context is used to decide which function is denoted by a particular instance of the name.
overloading
[Sebesta12Quiz] In which of the following language supporting multiple inheritance requires just one additional array access and one extra addition operation for each dynamically bound method call, at least with some machine architectures?
C++
[closure] This programming language _____ enables defining function objects by overloading "operator( )" and also supports closures.
C++
[XSS] Consider Cross-site scripting (XSS). Which one of the following choices is NOT correct?
Cross-site scripting attacks use known vulnerabilities in web-based applications only from the client-side browsers.
[closure] Which mathematical subject was utilized for the evaluation of expressions in closures?
Lambda Calculus
[Cadelli&Wegner1985] According to the authors. A language is object-oriented if and only if it satisfies the following requirements. Which one of the following selections is NOT correct?
Objects provide a capacity of encapsulation, message-passing, and information-hiding
[Sebesta12] What key feature of object oriented programming is dynamic dispatch an example of?
Polymorphism
[Cadelli&Wegner1985] According to the authors, The following example is an example of an untyped universe. Which one of the following choices is NOT an example of an untyped universe?
Primitive data types in Java
[closure] The _______ environment binds the non-local names to the corresponding variables in the lexical environment at the time the closure is created.
Referencing
[Sebesta10] As discussed in the class on the implementation of subprogram (call and return).One of the Caller Prologue Actions is to _____. Which one of the statements is NOT correct?
Restore the execution status of the current program unit
[SQLinject] Consider the following statement concerning various methods of analysis for SQL Injection. SQL Injection refers to a type of attack which attempts to acquire unauthorized access to the database after injecting code and investigating the _______.
SQL Query
[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities. ________ exploits a vulnerability in the database layer of an application. When user input is incorrectly filtered, any SQL statements can be executed by the application.
SQL injection
[SQLinject] Consider SQL Injection. Which one of the following choices is NOT correct?
SQL injection attack has been a major threat of inversion of control.
[Sebesta10] As discussed in the class on the implementation of subprogram (call and return).One of the Epilogue Actions of the Called subprogram is to _____. Which one of the statements is NOT correct?
Save the execution status of the called
[Sebesta10] As discussed in the class on the implementation of subprogram (call and return).Which one of the statements is NOT correct?
The Activation record format and size are dynamic
[SQLinject] True/False. Consider the following statement concerning dynamic analysis of SQL Injection attack. Dynamic analysis cannot detect all vulnerability in the source code due to the fact that it doesn't have the access to cover the whole source code.
True
[SQLinject] True/False. Consider the following statement concerning static analysis of SQL Injection attack.The false positive rate in the static analysis is high, which it makes the results not in that precise of Dynamic analysis.
True
[Sebesta09] Consider Type Checking of Parameter. Which one of the following statements is NOT correct?
Type Checking is not considered important for reliability.
[SQLinject] Consider the following statement concerning SQL Injection attack. The attack could be possible after a different query is injected rather than a plain text, wherein a(n) _____ keyword was inserted before a query.
UNION
[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities. In _______ attack, vulnerabilities in the browser itself or in the browser plugins are exploited (rather than vulnerabilities in other websites, as is the case with XSS attacks).
Universal XSS
[Sebesta11-12] ____ is the process by which a compiler automatically converts a value of one type into a value of another type when that second type is required by the surrounding context.
coercion
[C++OOP] This is a special function that is called whenever a new object is created and initialized with another object's data.
copy constructor
[C++OOP] When objects contain pointers, it is a good idea to create an explicit ________ function.
copy constructor
[C++OOP] When a constructor function accepts no arguments, or does not have to accept arguments because of default arguments, it is called a(n): ____
default constructor
[Sebesta12Quiz] In C++, what operator is used to explicitly deallocate heap-dynamic objects?
delete
[C++OOP] This is automatically called when an object is destroyed.
destructor function
[Sebesta12] The ____ attached to the name of the setter method means that its variable is assignable.
equal sign (=)
[Sebesta12Quiz] All Java objects are ____.
explicit heap dynamic
[Cadelli&Wegner1985] According to the authors, ____ polymorphism is obtained when a function works, or appears to work, on several different types (which may not exhibit a common structure) and may behave in unrelated ways for each type.
ad-hoc
[SQLinject] Consider the following statement concerning SQL Injection attack and Static analysis. As the accurate identification of the vulnerabilities in the web applications with the help of a static analysis process is similar to the issue of halting, this technique shows a limitation of generating a higher ________ rate.
false positive
[SQLinject] Consider the following statement concerning SQL Injection attack and Static analysis.________ results are those paths which are detected as a vulnerable path; however, they are not vulnerable.
false positive
[Sebesta12Quiz] What keyword in Java ensures a class cannot be derived from to make inherited classes?
final
[Cadelli&Wegner1985] According to the authors, universally polymorphic functions will normally work on an infinite number of types (all the types having a given common structure), while _____ polymorphic function will only work on a finite set of different and potentially unrelated types.
ad-hoc
[Sebesta11-12] Overloaded subprograms provide a particular kind of polymorphism called ___ polymorphism.
ad-hoc
[OOP&Java] To declare a constant MAX_LENGTH as a member of the class, you write ______.
final static double MAX_LENGTH = 99.98;
[OOP&Java] Before Java 5.0, when you _____ a method, both parameters and return type must match exactly. In Java 5.0, it introduces a new facility called covariant return type. You can _____ a method with the same signature but returns a subclass of the object returned.
override
[Cadelli&Wegner1985] According to the authors, ____ polymorphism is obtained when a function works uniformly on a range of types: these types normally exhibit some common structure.
parametric
[Cadelli&Wegner1985] According to the authors, _____ polymorphism is so called because the uniformity of type structure is normally achieved by type parameters, but uniformity can be achieved in different ways, and this more general concept is called universal polymorphism.
parametric
[Cadelli&Wegner1985] According to the authors. Value sharing is a special case of _____ polymorphism. The fact that an object having many types is uniformly represented for all types is characteristic of _____ polymorphism.
parametric
[Cadelli&Wegner1985] According to the authors._____ polymorphism is the purest form of polymorphism: the same object or function can be used uniformly in different type contexts without changes, coercions or any kind of run-time tests or special encodings of representations.
parametric
[Cadelli&Wegner1985] According to the authors: In _____ polymorphism, a polymorphic function has an implicit or explicit type parameter, which determines the type of the argument for each application of that function.
parametric
[Cadelli&Wegner1985] According to the authors: The functions that exhibit ______ polymorphism are also called generic functions.
parametric
[Sebesta11-12] ____ polymorphism is provided by a subprogram that takes generic parameters that are used in type expressions that describe the types of the parameters of the subprogram.
parametric
[Sebesta12Quiz] A class from which the new class is derived is its _____.
parent class or superclass
[Sebesta11-12] Languages that support object-oriented programming usually support ____ polymorphism.
subtype
[Sebesta12Quiz] Unlike Smalltalk and most other languages that support object-oriented programming, a C++ class can also be stand-alone, without a(n) ______.
superclass
[SQLinject] Consider the following statement concerning SQL Injection attack and various methods of analysis. The _________ algorithms are further categorized into the Regression and Classification algorithms. Some of the examples of such algorithms are Bayesian Network, Decision Tree Induction, K-nearest neighbors, Neural Network and Support Vector Machine.
supervised-learning
[OOP&Java] Inheritance means ______.
that a class can extend another class
[OOP&Java] Polymorphism means _____.
that a variable of supertype can refer to a subtype object
[OOP&Java] Encapsulation means ______.
that data fields should be declared private
[C++OOP] The constructor function always has the same name as ____
the class
[OOP&Java] When invoking a method with an object argument, _____ is passed.
the reference of the object
[Sebesta09-10] Labels are ___ values in most programming languages as it cannot be passed as a parameter.
third-class
[Sebesta09-10] ___ value cannot be passed as a parameter.
third-class
[Sebesta11-12] In Java, for generic class<T>, T is the ___ variable.
type
[Cadelli&Wegner1985] According to the authors, parametric and inclusion polymorphism are classified as the two major subcategories of ____ polymorphism, which is contrasted with nonuniversal polymorphism.
universal
[Cadelli&Wegner1985] According to the authors. As is implicit in the choice of names, _____ polymorphism is considered true polymorphism.
universal
[SQLinject] Consider the following statement concerning SQL Injection attack and various methods of analysis._________ is based on information theory and Bayesian principles. In this type of algorithm, the machine attempts to detect the hidden structure in the unlabeled data. It makes no use of the output data or the prior labelled data. These algorithms are categorized into various categories like k-Means Clustering and Hierarchical Clustering Techniques.
unsupervised-learning
[Cadelli&Wegner1985] According to the authors, "____" actually means that there is only one type.
untyped
[OOP&Java] Given the declaration Circle x = new Circle( ), which of the following statement is most accurate?
x contains a reference to a Circle object.
[Sebesta10] As discussed in the class. Consider the following code segment and the call sequence with Dynamic Scoping. In sub3 when it is called, x=u+v+w will be executed. Which one of the following choices is NOT correct?
x is the one of sub2
[C++OOP] Consider the following code. Which one of the following statements is NOT correct? class Point { private: double y; double z; public: double x; };
z is available to code that is written outside the class.
[Sebesta11-12] A(n) ___ is a view or representation of an entity that includes only the most significant attributes.
abstraction
[Sebesta10] As discussed in the class on the implementation of blocks. Which one of the following statements is NOT correct?
A nested block may use its parent's ARI for deep access.
[OOP&Java] Object-oriented programming allows you to derive new classes from existing classes. This is called _____.
inheritance
[C++OOP] When you redefine the way a standard operator works when it is used with class objects, you have ______ the operator.
overloaded
[C++OOP] If you do not furnish one of these, an automatic memberwise copy will be performed when one object is assigned to another object.
overloaded assignment operator
[C++OOP] This directive is used to create an "include guard," which allows a program to be conditionally compiled. This prevents a header file from accidentally being included more than once.
#ifndef
[Sebesta09] Consider the following code segment. The function big calls sub1 which calls sub2 which uses x. The value of x is ___ with Static scoping.
3
[OOP&Java] _____ is a construct that defines objects of the same type.
A class
[OOP&Java] ____ is invoked to create an object.
A constructor
[closure] Which of the following programming languages do not use closures?
Algol
[OOP&Java] ________ represents an entity in the real world that can be distinctly identified.
An object
[closure] Which one of the following choices is not a "closure-like" construct? Select the best answer.
Arrays (C++)
[Cadelli&Wegner1985]According to the authors, which one of the following examples is the most concrete example of an untyped universe?
Bit strings in computer memory
[SQLinject] Consider the following statement concerning SQL Injection attack. A(n) ______ attack is a technique wherein the attacker poses some queries to a database and derives the answers. Thereafter, the attacker plans the next course of action depending on the answers which were generated by the database. This was seen to be a difficult SQLi attack since the attacker does not have any prior knowledge regarding the database or the answers which would be generated.
Blind SQLi
[Sebesta12] What is not a key feature of object-oriented programming?
Closures
[XSS] Consider Cross-site scripting (XSS) and its preventive measures. Many web applications rely on session cookies for authentication between individual HTTP requests, and because client-side scripts generally have access to these cookies, simple XSS exploits can steal these cookies. To mitigate this particular threat (though not the XSS problem in general), many web applications tie session cookies to the IP address of the user who originally logged in, then only permit that IP to use that cookie. This is an example of __________.
Cookie security
[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities. _______ takes advantage of third-party clients susceptible to XSS or Open Redirect attacks. (In contrast, normal phishing attempts can be easy to spot, because the malicious page's URL will usually be off by a couple of letters from that of the real site.) The difference is that an attacker could use the real website instead by corrupting the site with a malicious login pop-up dialogue box.
Covert Redirection
[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities. ________ exploits "zone" concepts in certain browsers and usually executes code with a greater privilege.
Cross-Zone scripting
[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities. ________ is almost the opposite of XSS, in that rather than exploiting the user's trust in a site, the attacker (and his malicious page) exploits the site's trust in the client software, submitting requests that the site believes represent conscious and intentional actions of authenticated users.
Cross-site request forgery
[SQLinject] Consider the following statement concerning SQL Injection attack and various methods of analysis. In this stage of _____ in Generic Algorithms, the off-springs which are generated in the genetic algorithm are based on 2 genetic operators. The crossover takes place after combining 2 chromosomes for producing a new solution which shows better traits.
Crossover and Mutation
[XSS] Consider Cross-site scripting (XSS). Prevention strategies for _______ XSS attacks include very similar measures to traditional XSS prevention strategies but implemented in JavaScript code and contained in web pages (i.e. input validation and escaping). Some JavaScript frameworks have built-in countermeasures against this and other types of attack — for example AngularJS.
DOM-based
[XSS] Consider Cross-site scripting (XSS).In ________ XSS attack, the malicious data does not touch the web server. Rather, it is being reflected by the JavaScript code, fully on the client side. An example of a DOM-based XSS vulnerability is the bug found in 2011 in a number of jQuery plugins.
DOM-based
[XSS] Consider Cross-site scripting (XSS).Some sources of non-persistent XSS vulnerabilities further divide these two groups into traditional (caused by server-side code flaws) and _____ (in client-side code flaws).
DOM-based
[Sebesta09] Consider Parameters with Referencing Environment. One complication with parameters that are subprograms appears only with languages that allow nested subprograms. The issue is what referencing environment for executing the passed subprogram should be used. One option is ____.Which one of the following statements is NOT correct?
Deep binding which is most natural way for interactive languages.
[XSS] Consider Cross-site scripting (XSS) and its preventive measures. Functionality that blocks all scripting and external inclusions by default and then allows the user to enable it on a per-domain basis is more effective. This has been possible for a long time in Internet Explorer (since version 4) by setting up its so called "Security Zones", and in Opera (since version 9) using its "Site Specific Preferences". This is an example of __________.
Disabling scripts
[XSS] Consider Cross-site scripting (XSS) and its preventive measures. One problem with ______ is that many users do not understand it, and do not know how to properly secure their browsers. Another drawback is that many sites do not work without client-side scripting, forcing users to disable protection for that site and opening their systems to vulnerabilities. This is an example of __________.
Disabling scripts
[XSS] Consider Cross-site scripting (XSS) and its preventive measures. While Web 2.0 and Ajax developers require the use of JavaScript, some web applications are written to allow operation without the need for any client-side scripts. This allows users, if they choose, to disable scripting in their browsers before using the application. In this way, even potentially malicious client-side scripts could be inserted unescaped on a page, and users would not be susceptible to XSS attacks. This is an example of __________.
Disabling scripts
[Sebesta10] As discussed in the class on the implementation of subprogram (call and return). Consider Nested Subprogram. Which one of the following statements is NOT correct?
Dynamic semantic rules provide the shallow access.
[Sebesta09] Consider Parameter Passing Methods of Major Languages. Which one of the following statements is NOT correct?
Java provides all parameters and Object parameters which are passed by reference.
[Sebesta10] As discussed in the class on the implementation of subprogram (call and return).Local variables can be accessed by their offset from the beginning of the activation record, whose address is in the _____. This offset is called the local_offset. The local_offset of a local variable can be determined by the compiler at compile time.
Environment Pointer
[SQLinject] Consider the following statement concerning SQL Injection attack. In the case of a(n) _________, the operator adds an invalid input value in the query, which can trigger errors in the database. In this process, the database is forced to carry out some activities which lead to errors.
Error based SQLi
[SQLinject] Consider the following statement concerning various SQL Injection attacks. Which one of the following choices is NOT one of SQL Injection attacks?
Event based SQLi
[closure] Closures are techniques for implementing lexically scoped binding in languages with _____.
First-class functions
[SQLinject] Consider the following statement concerning SQL Injection attack and various methods of analysis. In this stage of _____ in Generic Algorithms, it is described as the determination of the effectiveness of the chromosomes in addressing the problems. A higher value indicates that the chromosome is very close in resolving the issue.
Fitness function
[XSS] Consider Cross-site scripting (XSS) and its related vulnerabilities. ______ can be used to create cross-site scripting conditions due to escaping problems on HTTP protocol level (in addition to enabling attacks such as HTTP response splitting).
HTTP-header injection
[C++OOP] Class declarations are usually stored here.
In their own header files
[Sebesta12Quiz] What is a primary purpose for the use of nested classes?
Information hiding
[Sebesta12Quiz] ____ offers a solution to both the modification problem posed by abstract data type reuse and the program organization problem.
Inheritance
[Sebesta10] As discussed in the class on the implementation of subprogram (call and return).Some non-C-based static-scoped languages use stack-dynamic local variables and allow subprograms to be nested. Which one of the following programming languages does NOT allow nested subprogram?
Java
[Sebesta12Quiz] C# includes both classes and structs, with the classes being very similar to _______ classes and the structs being somewhat less powerful stack-dynamic constructs.
Java
[Cadelli&Wegner1985] According to the authors, Languages in which all expressions are type-consistent are called ____ languages.
Strongly typed
[SQLinject] Consider the following statement concerning SQL Injection attack and various methods of analysis. In this stage of _____ in Generic Algorithms, the fittest chromosome is selected which can reproduce based on the specific selection process. The chromosome is selected based on its fitness value and is carried over in the subsequent generation.
Selection
[XSS] Consider Cross-site scripting (XSS) and its preventive measures. As long as trusted nonces only appear on trustworthy scripts, the browser will not run programs from untrusted authors. Some large application providers report having successfully deployed nonce-based policies. This is an example of __________.
Selectively disabling scripts with Content-Security-Policy (CSP)
[Sebesta12Quiz] For which language the concept of an object is truly universal?
Smalltalk
[Sebesta12Quiz] The integrated use of windows, mouse-pointing devices, and pop-up and pull-down menus, all of which first appeared in ______, dominate contemporary software systems.
Smalltalk
[Sebesta12Quiz] What was the first language to offer complete support for object- oriented programming?
Smalltalk
[Sebesta12Quiz] ______ is essentially typeless, meaning that all code is effectively generic.
Smalltalk
[SQLinject] Consider the following statement concerning SQL Injection attack and analysis methods. ______ analysis is a process which investigates the source code of the web application for determining the vulnerabilities.
Static
[Cadelli&Wegner1985]According to the authors, ____ allows type inconsistencies to be discovered at compile time and guarantees that executed programs are type-consistent.
Statically typed
[Cadelli&Wegner1985] According to the authors, If a language is ____ its compiler can guarantee that the programs it accepts will execute without type errors.
Strongly typed
[closure] Which of the following statements is NOT CORRECT about closure?
The concept of closure was subsequently adopted and widely used in 1990's, especially with Java, to become widespread.
[SQLinject] Consider the following statement concerning SQL Injection attack and dynamic analysis. Which of the following choice is NOT correct?
The dynamic analysis process shows a higher false-positive rate.
[Sebesta10] As discussed in the class on the implementation of subprogram (call and return).Activation Record is ____.
The format or layout of the non-code part of an executing subprogram
[SQLinject] Consider the following statement concerning SQL Injection attack and hybrid analysis. Which of the following choice is NOT correct?
The hybrid analysis shows a higher false-positive rate, as it combines the dynamic analysis tool.
[Sebesta10] As discussed in the class on the implementation of subprogram (call and return) and variable reference with static scoping. Which one of the following statements is NOT correct?
The nesting_depth is the absolute depth of nesting level of a variable.
[Cadelli&Wegner1985] According to the authors: Consider the following example. 3+4 3+4.0 3.0+4 3.0+4.0 Here, the ad-hoc polymorphism of + can be explained in one of the following ways. Which one of the following is NOT correct?
The operator + has three overloaded meanings: one for integers, one for reals, and one for mixed argument types.
[Sebesta09] Consider the following code segment. The function big calls sub1 which calls sub2 which uses x. With Static scoping, which one of the following statements is CORRECT?
The reference to x in sub2 is big's x.
[Sebesta09] Consider the following code segment. The function big calls sub1 which calls sub2 which uses x. With Dynamic scoping, which one of the following choices is CORRECT?
The reference to x in sub2 is sub1's x.
[OOP&Java] A Java exception is an instance of ________.
Throwable
[SQLinject] Consider the following statement concerning SQL Injection attack and Static analysis. Static analysis with its technique has one limitation as it can be used for a specific language or framework.
True
[Sebesta10] As discussed in the class. Consider the Parameters that are Subprogram Names (and for Referencing Environment).Which one of the following statements is NOT correct?
With Shallow Access, it is to place local references in parent's ARI's
[XSS] Consider Cross-site scripting (XSS).Which one of the following choices is NOT correct?
XSS risk is now almost disappeared today as the majority of the recent servers and browsers can detect and prevent the attacks.
[XSS] Consider Cross-site scripting (XSS). Which one of the following choices is NOT correct?
XSS vulnerabilities have been reported and exploited since the 2010s.
[Sebesta10] As discussed in the class on the implementation of subprogram (call and return).The collection of dynamic links in the stack at a given time is called the dynamic chain, or ____.
call chain
[closure] Some C libraries support ____ which is sometimes implemented by providing two values when registering this with the library: a function pointer and a separate void* pointer to arbitrary data of the user's choice.
callback
[OOP&Java] An object is an instance of a ________.
class
[OOP&Java] The keyword _____ is required to declare a class.
class
[Sebesta12Quiz] In C++, classes are defined as extensions of C's record structures—structs. This form of this structure (for the instance variables of class) is called a ____.
class instance record
[C++OOP] When a member function is defined outside of the class declaration, the function name must be qualified with the ____
class name, followed by the scope resolution operator
[Sebesta12Quiz] The abstract data types in object-oriented languages, following the lead of SIMULA 67, are usually called _____.
classes
[Sebesta11-12] ___ is a subprogram and the referencing environment where it was defined.
closure
[Cadelli&Wegner1985] According to the authors: There are also two major kinds of ad-hoc polymorphism. A(n) _____ is instead a semantic operation which is needed to convert an argument to the type expected by a function, in a situation which would otherwise result in a type error.
coercion
[Sebesta09-10] As Subroutines display most variation. They are ___ values in all functional programming languages and most scripting languages. They are also ___ values in C# and, with some restrictions, in several other imperative languages, including Fortran, Modula-2 and -3, Ada 95, C, and C++.
first-class
[Sebesta11-12] In C#, a(n) ____ subroutine is an instance of a delegate type.
first-class
[Sebesta10] As discussed in the class. Consider the following code segment and the figure for how the passing parameters are being done. Function header: void sub(int a, int b, int c, int d)Function call in main: sub(w, x, y, z) Which one of the following choices is NOT correct?
for z by value-result
[C++OOP] This type of function is not a member of a class, but it has access to the private members of the class.
friend
[Cadelli&Wegner1985] According to the authors: a(n) ____ function is one which can work for arguments of many types, generally doing the same kind of work independently of the argument type. If we consider a(n) _____ function as a single value, it has many functional types and is therefore polymorphic. Select the best answer.
generic
[Sebesta11-12] In Java 5.0, it supports for ____ types and methods to Java. The name of a(n) ___ class in Java 5.0 is specified by a name followed by one or more type variables delimited by pointed brackets.
generic
[Sebesta11-12] Parametrically polymorphic subprograms are often called _____ subprograms.
generic
[Sebesta11-12] _____ polymorphism is also called explicit parametric polymorphism.
generic
[SQLinject] Consider the following statement concerning SQL Injection attack and analysis. A(n) ______ algorithm refers to a search heuristic tool which can stimulate a natural selection process.
genetic
[Cadelli&Wegner1985] According to the authors, Strachey introduces a new form of polymorphism called _____ polymorphism, to model subtypes and inheritance, which is to model object-oriented programming.
inclusion
[Cadelli&Wegner1985] According to the authors. Subtyping is an instance of ____ polymorphism.
inclusion
[XSS] Consider Cross-site scripting (XSS). The ______ XSS vulnerability is by far the most basic type of web vulnerability. These holes show up when the data provided by a web client, most commonly in HTTP query parameters (e.g. HTML form submission), is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the content.
non-persistent
[XSS] Consider Cross-site scripting (XSS).______ XSS vulnerabilities in one web site could allow malicious sites to attack to all the users visiting this web site while logged in.
non-persistent
[Sebesta12Quiz] The concept of ______ had its roots in SIMULA 67 but was not fully developed until the evolution of Smalltalk resulted in Smalltalk 80?
object-oriented programming
[C++OOP] A class may have this many default constructor(s).
only one
[C++OOP] When you overload an operator, you cannot change the number of _____ taken by the operator.
operands
[C++OOP] To overload the + operator, you would write a function named: ____
operator +
[XSS] Consider Cross-site scripting (XSS). A classic example of _____ XSS vulnerabilities is with online message boards where users are allowed to post HTML formatted messages for other users to read.
persistent
[XSS] Consider Cross-site scripting (XSS). A(n) _______ XSS vulnerability coupled with a computer worm allowed execution of arbitrary code and listing of filesystem contents via a QuickTime movie on MySpace.
persistent
[XSS] Consider Cross-site scripting (XSS). The ______ XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping.
persistent
[XSS] Consider Cross-site scripting (XSS).Suppose there is a dating website where members scan the profiles of other members to see if they look interesting. For privacy reasons, this site hides everybody's real name and email. An attacker joins the site and wants to figure out the real names of the people on the site. To do so, the attacker writes a script designed to run from other users' browsers when they visit the attacker's profile. The script then sends a quick message to the attacker's own server, which collects this information. This is an example of _____ XSS attack.
persistent
[XSS] Consider Cross-site scripting (XSS)._______ XSS flaws is also called "stored" XSS flaws.
persistent
[Cadelli&Wegner1985] According to the authors, ____ types are types whose operations are applicable to values of more than one type.
polymorphic
[Sebesta11-12] In Java (versus C++), generic parameters must be classes—they cannot be ____ types.
primitive
[C++OOP] If you do not declare an access specification, the default for members of a class is ____
private
[C++OOP] This type of member function may be called from a statement outside the class.
public
[C++OOP] C++ requires that a copy constructor's parameter be a(n) ____
reference object
[XSS] Consider Cross-site scripting (XSS). A(n) _______ XSS attack is typically delivered via email or a neutral web site. The bait is an innocent-looking URL, pointing to a trusted site but containing the Cross-site scripting (XSS) vector. If the trusted site is vulnerable to the vector, clicking the link can cause the victim's browser to execute the injected script.
reflected
[Cadelli&Wegner1985] According to the authors: In terms of implementation a universally polymorphic function will execute the ____ code for arguments of any admissible type, while an ad-hoc polymorphic function may execute ____ code for each type of argument.
same, different
[C++OOP] If a local variable and a global variable have the same name within the same program, the ____ resolution operator must be used.
scope
[Sebesta09-10] ___ value can be passed as a parameter, but not returned from a subroutine or assigned into a variable.
second-class
[XSS] Consider Cross-site scripting (XSS)._______ is a form of XSS vulnerability that relies on social engineering in order to trick the victim into executing malicious JavaScript code in their browser. Although it is technically not a true XSS vulnerability due to the fact it relies on socially engineering a user into executing code rather than a flaw in the affected website allowing an attacker to do so, it still poses the same risks as a regular XSS vulnerability if properly executed.
self-XSS
[C++OOP] C++ allows you to redefine the way ____________ work when used with class objects.
standard operators
[C++OOP] If a member variable is declared ______, all objects of that class have access to that variable.
static
[C++OOP] This type of member variable may be accessed before any objects of the class have been created.
static