final, CSE 445 Final Review (Second Half of Semester), 445 Final Exam Review

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Consider the piece of code given below: PPT (1) What type of file in an ASPX application does the piece code most likely belong to? (2) What is a potential issue (problem) that this page has? (3) To solve the problem if you change Session_Start() to Application_Start(), how does this change address the problem?

(1) Global file (2) incorrect counting (3) the problem becomes worse

You are given the piece of code below: PPT Answer the following questions. (1) Will this piece of code create an in-memory tree to store the entire contents of the XML file "Course.xml"? (2) What line of code reads a new node into the memory? (3) What does the method "reader.MoveToNextAttribute()" at line 7 return, if the node has no more attribute?

(1) No (2) Line 3 (3) false

what reliability features does WS-RM specification define?

- At-Least-Once delivery, At-Most-Once delivery, and Exactly-Once delivery - Guaranteed message ordering for delivery

Why do we need to invent XML schema after DTD has been invented? Select all that apply

- DTD files do not follow XML syntax - DTD is limited to string type of data

what security features are supported in WCF's SSL protocol? Secure Sockets Layer (SSL) defines communication protocols that can provide...

- Data confidentiality - Data integrity

Global.asax file can be user for storing (Select all that apply)

- Global variables that can be access during the application execution. - Program source code that can be executed.

Which of the following computing models can be considered to be in thick client architecture? Select all that apply.

- HTML 5 - Adobe Flash - Silverlight

What are the main roles of IIS in Web application security control? Select all that apply.

- It creates an access token and passes it to ASP .Net or to Windows for security check - It blocks IP address and domain that are not permitted

What are the main problems with the client side XSL transformation? Select all that apply

- Not all browsers have a built-in XSLT processor. - The XML file has to be modified to reference the XSL file.

What methods are always supported by HTTP/1.1 requests? Select all that apply.

- PUT - DELETE

Which of the followings conform with the XML syntax? Select all that apply.

- SOAP - XHTML - WSDL

What are the main issues with the client-side computing? Select all that apply.

- Security issue - Proprietary issue

What web computing models support thin client architecture? Select all that apply.

- Server-Side computing - Pure HTML Web with GUI

What computing model and architecture does Pure HTML Web Implement? Select all that apply.

- Thin client architecture - Server-side computing

what is (are) the major dependability feature(s) added into the Windows Communications Foundations?

- WS-Security - Reliable Sessions (WS-R) - Interoperability (WS-I)

what security mechanism(s) does IIS support?

- access control list - IP address restrictions - domain name restrictions - encrypted HTTP connections

what are the new features implemented in Atom? Select all that apply.

- allow autoupdate - allow autodiscovery

The Extensible Stylesheet Language XSL is used for defining the transformation of an XML file to (Select all that apply)

- an HTML file - another XML file, with the same or a different structure

which of the followings belong(s) to security attributes? select all that apply.

- confidentiality - vulnerability - safety

XML is often used for defining

- data structures - communication protocols

If on select the cookieless attribute = UseUri to support Session State variables, the restrictions associated with this selection are that the

- developers must use relative paths. - browser must remain open to revisit session states.

It is unethical or unlawful to do reversed engineering of proprietary software, unless you (Select all that apply)

- have the explicit permission - own the code

what reliability features does WS-ReliableMessaging specification define? What kinds of errors can be handled by WS-ReliableMessaging (WS-RM) in WCF? Check all that apply.

- lost messages - duplicated messages - messages received out of order

what error control codes are separable codes?

- parity check - checksum

what is (are) the problem(s) associated with the standard Windows Forms Security mechanism?

- passwords are stored in clear text - sequential comparisons of user name and password - unmanageable if accessibility needs to be changed frequently

what is required for a well-formed XML document?

- unique root element - each element has opening/closing tags - no overlapped tags

Which of the following path expression selects all attributes in all the elements "Course" in the entire document?

//Course/@*

Answer the following three (3) questions. (1) What type of file in an ASPX application does the piece code most likely belong to? (2) What is a potential issue (problem) that this page has? (3) To solve the problem, if you change Session_Start() to Application_start(), how does this change address the problem?

1. global file 2. incorrect counting 3. the problem becomes worse

(1) Will this piece of code create an in-memory tree to store the entire contents of the XML file "Course.xml"? (2) What line of code (see the numbers right to the code) reads a new node into the memory? (3) What does the method "reader.MoveToNextAttribute()" at line 7 return, if the node has no more attribute?

1. no 2. line 3 3. false

Which of the followings are valid JSON value? Select all that apply.

25 "25" -25

SSL handshake protocol establishes a ______ byte pre-master secret?

48

master secret is a _______ byte secret shared between the client and the server?

48

With SSL, client and server use _________ to derive a 48 byte master secret?

48 byte pre-master secret

Assume we have five (5) different Web data structures. We choose one structure as the intermediate structure and we translate all other structures to an from this structure. How many converters we need to have?

8

Assume we have five (5) different Web data structures. We choose one structure as the intermediate structure and we translate all other structures to and from this structure. How many converters we need to have?

8

The following line of code in a DTD file defines that the XML instance file must have an element of <!ELEMENT instructor(name,course+,officeHours*,phone | email)>

<course>

which of the following sequences does not make sense logically or semantically?

<deny users="*"/> <allow users="bob"/>

In what configuration setting will ASP .Net use the security token passed to it by IIS?

<identity impersonate = "false">

Which of the following is an empty element in XML?

<image></ image > <image /> <image source = "Photo.jpeg" />

Web Services return API call results as either XML or JSON. Which of the following statements is NOT true about JSON and XML: A) XML is a platform and language neutral way of representing data while JSON depends on JavaScript runtime environment to process data B) XML is processed as a tree while JSON is processed as an object C) Both XML and JSON support multiple data types D) JSON is more lightweight than XML to process

A

Why is it normally sufficient to use Get (WebGet) method in implementing a RESTful service?

A RESTful service can access a method that defines the required operation of read and/or write

How is the WS-ReliableMessaging implemented in WCF?

A message is resent if the acknowledgement not received

How is the WS-ReliableMessaging implemented in WCF? How is the lost message handled by WS-Reliable Messaging?

A message is resent if the acknowledgement not received.

Which of the following statements is NOT true about JSON and XML? A) XML is a platform language neutral way of representing data while JSON depends on JavaScript runtime environment to process data B) XML is processed as a tree while JSON is processed as an object C) Both XML and JSON support multiple data types D) JSON is more light weight than XML to process

A or D

Why do you need to create your own machine key in if your ASP .Net application is hosted in a server farm environment?

A server farm does not have a unique machine key

How is the transaction implemented in WCF?

A transaction scope is defined, which allows a rollback if an action in the scope fails.

what type of files does not create a web page, instead, adds an item in an existing web page?

ASCX file (user controls)

explain the types of files that exist in an ASP.Net web site application and what the functions of each type file are.

ASPX files: a web form creating a GUI page for users to interact with. ASCX files: creates a custom control built from an HTML page with server-side script or code behind the page. Web.config file: contains configuration settings to control the applications behavior. Global.asax: contains event handlers to respond the global events. DLL: contains common library functions in the Windows environment C# files: event handlers behind the other pages handling events XHTML files: markup pages for the ASPX pages

Session state variables can be accessed by:

All pages within one session

When ASPX page is requested from a browser, what is sent to the browser?

An XHTML page generated from the ASPX page.

When an ASPX page is accessed from a browser, what is sent to the browser?

An XHTML page generated from the ASPX page.

What is an empty element in XML? Select all that apply.

An element without text content between the element tags An element without a child element

What are different ways cross site scripting can be used to obtain user data?

Attack URL with a script delivery of spam/phishing email to victim victim clicks url script in the URL is sent user input displayed back to user script runs on client browser

What is the proper order of performing security operations?

Authentication, Authorization, and then Access of resource

How is the authorization applied to a resource (a page) in ASP .Net application?

Authorization information is stored in the Web.config file in the sub directory in which the page resides.

Which of the following is NOT true about DTD and Schema of defining an XML document? A) Schema is XML based and DTD is not B) Both DTD and Schema supports different data types such as int, string C) Schema is extendible while DTD is not D) All of the above

B

Which of the following is true about confidentiality of data? A) It's a measure that ensures only authorized users can access data B) It's a measure that ensures data is not tampered during the transmission C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above

B

Which of the following is true about integrity of data? A) It's a measure that ensures only authorized users can access data B) It's a measure that ensures data is not tampered during the transmission C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above

B

Which of the following is true about safety of data? A) It's a measure that ensures only authorized users can access data B) ensures non-occurrence of catastrophic consequence on the environment (human life lost, economic impact, etc.) C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above

B

______ attack is a browser exploit against SSL/TLS?

Beast

After writing ASP .Net application data into an XML file on the server, what files need to be closed?

Both the XML file and the stream file.

Which of the following is NOT true about XML? A) XML tags are case-sensitive B) Every well-formed XML document needs to have a root node C) XML elements can't be empty D) Every opening tag must have a closing tag

C

Which of the following is true about vulnerability of data? A) It's a measure that ensures only authorized users can access data B) It's a measure that ensures data is not tampered during the transmission C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above

C

what are CDATA and PCDATA in an XML document?

CDATA will not be checked for syntax errors by XML parsers, while PCDATA will be checked for syntax errors

__________ forces a user to execute unwanted actions on a web application where she is currently authenticated?

CSRF(Cross-Site request forgery)

What are key languages used in html 5? Select all that apply.

CSS JavaScript

in the System.Web.Caching namespace, what class is used for defining a parameters type in a method of another class?

CacheDependency class

Google's Protocol Buffers are similar in syntax to

Class definition of an object-oriented programming language.

Google's Protocol Buffers are similar in syntax to...

Class definition of an object-oriented programming language.

What Web programming models suffer from the problems of potential piracy and reverse engineering of proprietary programs? Select all that apply.

Client-Side Scripting Out-Of-Browser Computing

How can you prevent Web application deadlock in the case of copying data from one disk file to another disk file?

Close one file before opening the other.

What does Out-Of-Browser computing model mean?

Computing is done on client's machine.

What does the Out-Of-Browser computing model mean?

Computing is done on client's machine.

Security is an umbrella concept that includes (Select all that apply):

Confidentiality Data integrity Vulnerability

What are CDATA and PCDATA in an XML document? A) CDATA contains nonprintable characters only, while PCDATA contains printable characters only B) PCDATA contains nonprintable characters only, while CDATA contains printable characters only C) CDATA contains digits only, while PCDATA contains letters only D) PCDATA will be checked for syntax errors by XML parsers, while CDATA will not be checked

D

Which of the following is FALSE about SOAP and REST web services: A) SOAP web services are more suitable in applications such as financial applications that use complex objects B) SOAP web services can be implement more security C) SOAP messages are XML based while REST can send messages in XML, JSON, HTML D) WCF is a framework that supports only SOAP web service development while ASP .NET supports both SOAP and REST web service development

D

Which of the following is False about SOAP and REST web services? A) SOAP web services are more suitable in applications such as financial application that use complex objects B) REST web services can implement more security protocols as all the web security protocols can be implemented with REST C) SOAP message are XML-based while REST can send messages in XML, JSON, HTML D) WCF is a framework that supports both REST and SOAP web service development

D)

What type of component in an ASP .Net application does not support just-in-time compilation?

DLL

What XML processing model reads the entire XML document into the memory?

DOM (Document Object Model)

what XML processing model reads the entire XML document into the memory?

DOM (Document Object Model)

what are DOM, SAX, and XPath models? list their strengths and weaknesses. what .Net FCL classes and methods exist for reading and writing XML files?

DOM: reads an entire document into memory for random access. Its a problem if the XML document is large, which takes up a lot of memory. It represents a document as a rooted tree of nodes. SAX: simply used for reading XML contents and is less focused on the structure. Its streamed based and has a forward-only and read-only API to XML documents. You can read line by line until you find what you're looking for. XPath: a language for accessing parts of an XML document in a way that a file system accesses its files using a path. We can identify certain nodes within a document as well as attributes. You can not write in XPath. filestream and XML classes

why do we need to invent XML Schema after DTD has been invented?

DTD does not follow XML syntax

Why do we need to invent XML Schema after DTD has been invented? Select all that apply.

DTD is limited to string type of data. DTD files do not follow XML syntax.

What attributes are security attributes? Select all that apply.

Data integrity Safety

What state management mechanism allows a business to store client data permanently? Select all that apply.

Database XML file

In a public key cryptography system, what key(s) should be made open (public) if the purpose is for digital signature?

Decryption key

What design pattern in the javax.xml.parsers package allows the entire XML tree to be read into memory?

DocumentBuilderFactory

Which of the following is true about JSON and XML: A) XML is a good candidate when data structures need to be exchanged among web entities B) JSON data is mapped into tree data structure before processing where as XML is mapped into a key-value pair dictionary C) In general, JSON takes more memory while processing compared to XML D) Both b and c E) None of the above

E

How do we use a user control after it is created?

Edit the ASPX source to link the user control into the ASPX page.

In a public key cryptography system, what key(s) should be made open (public) if the purpose is for data confidentiality?

Encryption key

in order to write data into a file system, we need a class that directly communicates with the file system, which is outside ASP.Net application. what class plays this role?

FileStream class

What are the main components of ASPX GUI design? Select all that apply.

HTML control Server control

Where can the credential be possibly saved if the Forms security is used? Select all that apply.

In Web.Config file. In a user-defined XML file. In a user-defined database.

Where do you use the secure machine key generated for your ASP .Net application?

In the Web.config file, in the element system.web

Where are the cookies typically stored?

In the client's hard drive, in a folder within the browser application.

How does the Windows security mechanism work in Web application security control?

It compares the received credential with the credential saved in Windows's user accounts.

What is the capacity (expressivity) of XSL as a programming language? Select all that apply.

It is able to express conditions using if-then-else constructs. It is able to express loops. It is Turing complete and thus is able to express general computing.

What is XHTML?

It is extensible HTML that allows using a DTD file to extend the features of HTML.

What is XHTML (Extensible HTML)?

It is the HTML with a type definition file.

What functions does the Web.config file have? Select all that apply.

It keeps all application settings together. It can parameterize an application's behavior.

What mechanisms are typically be used by the browser for storing and sending session ID when revisiting? Select all that apply.

It uses a cookie for storing the session ID, and the ID is packed in HTTP payload. It creates a hidden field in the browser for storing the session ID, and the ID is embedded in the URL.

Which language does not conform to XML?

JSON

What are the problems with the client-side's transformation from XML to HTML? Select all that apply.

Need to modify the XML file. Rely on browser to have an XSLT processor.

What reliability features can WS-Reliable Messaging specification guarantee? Select all that apply.

No lost messages No duplicated messages No messages received out of order

What is the advantage of a server-side's solution for displaying an XML file in required format?

No special requirement on Web browser

What is the advantage of a sever-side's solution for displaying an XML file in required format?

No special requirement on Web browser

What are the main problems with the client side XSL transformation? Select all that apply.

Not all browsers have a built-in XSLT processor. The XML file has to be modified to reference the XSL file.

What type of data can be stored in session state variables?

Object type

What programming model best supports the thick client in the client-server architecture?

Out-Of-Browser Computing.

If you plan to develop an interactive and graphics-intensive application, e.g., a game, what Web computing model should be used to meet the requirement of such an application?

Out-of-Browser Computing

What are CDATA and PCDATA in an XML document?

PCDATA will be checked for syntax errors by XML parsers, while CDATA will not be checked.

What is the best HTTP method is used to add a piece of data into an existing data container?

POST

Global.asax file can be used for storing (Select all that apply)

Program source code that can be executed. Global variables that can be accessed during the application execution.

What mechanism is used in Google search engine for defining data and data structure?

Protocol Buffers

used for the traceability of data - where and how does the data come from?

Provenance

what is quality of service and what are dependability attributes?

QoS is the totality of features and characteristics of a product or service that bears on its ability to meet a stated or implied need. More frequently used from the user's perspective. Dependability attributes are more frequently used by system designers because dependability also includes the concepts of impairments that impact the dependability attributes and the means that improve the dependability attributes. Both used interchangeably.

What are the five key exchange methods?

RSA Fixed DH Ephemeral DH Anonymous DH Fortezza

What XML processing model reads one node into memory at a time?

SAX (Simple API for XML)

In the Java API for XML Processing (JAXP) packages, which class creates the interface for parsers?

SAXParserFactory

How does SOAP-based invocation receive the response value?

SOAP relies on the underlying protocol, such as HTTP, to relate return response message.

How does a SOAP-based invocation receive the response value?

SOAP relies on the underlying protocol, such as HTTP, to relate return response message.

_____ transport layer protocol provides server authentication, encryption, integrity, verification, compression?

SSH

______ can be used for tunneling, forwarding arbitrary TCP ports and X11 connections?

SSH

_______ provides secure encrypted communication between two untrusted hosts over an insecure network?

SSH

_______ replaces rlogin,telnet and rsh?

SSH(Secure hash)

______ us a man in the middle attack ?

SSLstrip

What are the potential problems of using client-side scripting? Select all that apply.

Script code is not reusable. Interpretation is slower than executing compiled code. Security and proprietary issues.

in phase 1: server hello message, what do the values of session ID indicate?

Session ID chosen by the server If the client wants to resume an old session, server responds with old session ID If 0, server generates a new session ID

What are the major components of cloud computing? Select all that apply.

Software as a Service Platform as a Service Infrastructure as a Service

SSH is built on top of _______ protocol?

TCP

what are some characteristics of telnet?

TCP port 23 can make interactive raw tcp sessions

what are some characteristics of rlogin?

TCP port 513 only to unix host BSD package includes rcp and rsh

In an ASP .Net Web application, we can place the C# code inside the html file. In this case

The C# code will not be visible to the users on the client side, because the code is is not sent to the Web browser

In an ASP .Net Web application, we can place the C# code inside the html file. In this case...

The C# code will not be visible to the users on the client side, because the code is is not sent to the Web browser.

What is the strongest security option in the Forms-based Web security (the most secure mode)?

The clause <identity impersonate ="..." /> does not appear in Web.config file.

The <authorization> element in a Web.cong file consists of a list of <allow> and <deny> elements....

The elements must be specifically ordered according to authorization requirement.

In an open key cryptography system, to ensure the data confidentiality, which key should be opened to the public?

The encryption key

Why are encryption and decryption algorithms of matters of national security and are classified?

The government and military of other countries can use the algorithms to encrypt their communication.

What is the requirement of a well-formed XML Document

There is a unique root element Each element is quoted between an opening tag and a closing tag There are no overlapped tags

Data Encryption Standard (DES) uses a 64-bit double word (8 bytes) for storing the secret key, including 56 function bits and 8 parity check bits. Where are the 8 parity check bits stored?

They are distributed in 8 bytes.

In order to detect all two-bit errors, the hamming distance dm(C) of code C must be at least...

Three

What is the purpose of defining a default namespace in an XML file?

To reduce the use of a namespace qualifier prefixed to the element names

Wireless communication heavily replies on error control codes. What are the primary error control codes used in 4G wireless network?

Turbo Codes

What are the main problems of storing the credentials in Web.config file?

Unmanageable if the number of users is large. Sequential comparisons of passwords.

How does a WSDL/SOAP service normally return a value to the caller?

Use HTTP | Response.

How do we create an AJAX component in ASP .Net Web application?

Use Web Controls.

What is the best way to convert a legacy executable file, such as DLL functions, into Web services?

Use the Web service template to create a service and call the library functions in the service code.

If a developer wants the session state works for the current session only, what value should be used for cookiless?

UseUri

How are AJAX features implemented in ASP .Net applications?

Using Web control

what is WS-* Specification? what components are included in WS-* Specification?

WCF supports multiple security methods at different layers. the security methods includes authentication, authorization, confidentiality, and integrity. the layers in which security mechanisms are deployed include message layer and transport layer.

what type of file allows the application to parameterize its behavior, so that the behavior can be modified without recompiling the source code?

Web.config

what type of file overrides its occurrence in the parent directory?

Web.config

When is a deadlock possible for an ASP .Net application?

When separate files are used for storing store items and in-cart items.

What do you do if you want to use your own file for storing the credentials, instead of using Web.conf?

Write your own code to handle the access control.

What method of XmlTextWriter Class should be called if you want to create an XML node with a child node?

WriteStartElement

What standard do Atom and RSS conform with?

XML

What type of file does the following piece of code most likely belong to? <Book> <Title>Introduction to Programming Language</Title> <Author>Yinong Chen</Author> <Year>2006</Year> <ISBN>0-7575-2974-7</ISBN> </Book>

XML instance file

what type of file does the following piece of code most likely belong to? Code: <Book> <Title>name of book</Title> <Author>name of author</Author> <Year>year</Year> <ISBN>1234</ISBN> </Book>

XML instance file

what is XML? what are XML element and attributes?

XML is a universal metalanguage used to define other Web services standards, protocol, interfaces, documents, and data. It is made of plain-text and self-describing. XML elements are used to define the data that are integral to the document. XML attributes are used to define out-of-band data which give additional information.

what .Net class contains the method to obtain the root element of an XML document?

XMLDocument class

what .Net class contains the method called WriteElementString?

XMLTextWriter class

compare and contrast XML DTD and XML XSD. what .Net FCL classes and methods exist for validating XML files?

XSD is a more powerful alternative to DTD that defines the structure and types of an XML document. DTD is not XML-based which required separate tools to process DTD documents, whereas XSD is XML-based. XSD is extendable and reusable. DTD is limited to only string type, whereas XSD supports basic types and can define other complex types. XMLReader and its .Create(...) method can be used to perform validation, supporting both DTD and XSD files

The idea behind the Google's BigTable is similar to that of

a B+ Tree

The idea behind the Google's BigTable is similar to that of...

a B+ Tree

AJAX control is implemented in the ASP .Net environment as...

a Web control.

what is WS-transaction?

a collection of actions, including information exchange and status modification. It must be treated as a unit or atomic operation for ensuring database integrity. transactions are at application level, consisting of sequences of operations.

what is an XML namespace? why is it useful? how is a namespace defined?

a namespace is declared as an attribute of an element. it binds a prefix name (qualifier) to a schema definition and then uses that prefix whenever required. Its used to limit the scope of a name of a DTD or schema to eliminate conflict.

an XML document can be best illustrated as...

a rooted tree

Sandbox is security mechanism in client-side computing. It guards the client machine by not allowing

access to native applications on the client.

what are the challenges for using an application state variable in Global.asax file?

addressing the problem of simultaneous write on the variable addressing the performance problem if the lock mechanism is used

how is the Windows-based security implemented in a Web application?

all access to a web application or web service must go through IIS, which assigns every request an access token. the access token enables the Windows OS to perform ACL (access control list) checks on resources targeted by the request.

what are security problems of rlogin?

all information including password is transmitted unencrypted .rhosts file is misused can allow access to a machine with spoofed source IP

an application state variable allows you to store an object into the server memory, which can be accessed by...

all sessions in the current application, but no the other applications

using only ________ data values is a good defense against XSS?

alphanumeric

What is the data structure of the stream buffer created when opening a FileStream file?

an array of bytes or plain characters

the Extensible Stylesheet Language Transformations (XSLT) can be used to transform an XML file to...

another XML file, with the same or a different structure an HTML file

PGP, GPG Kerberos are _____ layer protocols?

application

SSH is a ____ layer protocol?

application

ssh provides security at ______ layer?

application

what is wrong with using application state variables for caching purposes? select all that apply.

application state variables do not have automated caching management support. application state variables are not thread safe.

what are defenses against web manipulation?

apply a timestamp within the variable encrypt the information in the cookie or hidden variable make sure your session IDs are long enough to prevent accidental collision digitally sign or use a keyed hash function

SSL handshake protocol carries out initial ________?

authentication

Web.config file in ASP.Net application is used for...

authentication and authorization

What the proper order of performing security operations?

authentication, authorization, and then access of resource

What dependability attribute ensures the readiness of service at time point t?

availability

FileStream class uses a stream buffer of bytes to connect to the file system. what XML class/classes can be used to read the stream buffer?

both XMLTextReader and XMLDocument

If one selects the cookieless attribute = UseUri to support Session State variables, the restrictions associated with this selection are that the...

browser must remain open to revisit session states. developers must use relative paths.

where are cached objects saved in Web.config?

can be in cache, memory, and disk

A JSON array consists of an ordered sequence of elements. All these elements

can have different types.

A JSON array consists of an ordered sequence of elements. All these elements...

can have different types.

In phase 4 of SSL handshake, change ________ spec and finish _______?

cipher handshake

________ is a list of cryptographic options supported by the client ordered by preference?

cipher_suites

who sends its certificate if requested, and verification message in phase 3 of SSL handshake protocol?

client

If key exchange between server and client is RSA based then it was generated by the _________? It is then sent to the server and encrypted with __________'s public ______ key?

client server RSA

Web sites based on pure HTML can perform

computation on server side only

reliability ensures...

continuity of service in [0,t]

Reliability R(t) is a probability related to the...

continuity of service in time period [0, t].

Windows security can be used to control user access to a Website. This security mechanism can be best applied to the users of

corporate intranet applications

Windows security can be used to control user access to a Website. This security mechanism can be best applied to the users of...

corporate intranet applications

Which of the following terms is NOT defined in the W3C namespace "http://www.w3.org/2001/XMLSchema"?

course

_________ allows attackers to inject HTML or Client-side script into the web pages viewed by others?

cross site scripting(XSS)

With _______ some websites sends back up user's input without filtering?

cross-site scripting(XSS)

Policy-based computing suggests to decouple...

data from program.

In a public key security system, what key should be published if one wants to implement digital signature?

decryption key

in Windows Communication Foundation, the scope of a transaction flow is...

defined using an object of TransactionScope class

A Document Type Definition (DTD) file

defines the syntax of an XML file.

in what circumstance should such an encryption system be used, where the decoding key is public and the encoding key is private?

digital signature is needed

Secure Sockets Layer (SSL) deals with the security issue...

during the communication.

Many encryption and decryption algorithms are of matters of national security and are classified. The main reason is that the exposure of these algorithms can help the enemies to...

encrypt their secret data

DES (Data Encryption Standard) is used for low-level security purpose only, because its...

encryption key is short

A DLL component that you create...

forms a namespace and you need to explicitly include it in the application.

SSL _______ protocol negotiates the protocols to be used for authentication and encryption?

handshake

______ attack is when an attacker sends a heartbeat request to a server?

heart bleed attack

In phase 1: client hello message, what do the values of the session id indicate?

if 0, the client wants to create a session or the session ID of an old session.

Where are the compilation and debugging options of a Web application typically stored in the Web.config file?

in <system.web>

If an XML file is created in your application, where should the file be stored in the ASP .Net application domain?

in App_Data folder

where can we program the animations in a Windows phone app?

in XAMIL file

Where are the credentials saved in the built-in account management (offered by the pages in the "Account" folder) of ASP .Net application?

in a database

The purpose of using CDATA is to allow special characters to appear

in the element's text between the opening tag and closing tag.

The purpose of using CDATA is to allow special characters to appear...

in the element's text between the opening tag and closing tag.

how are digital signature and confidentiality implemented in a public key security system?

in the public key security system, anyone who wants to send a confidential document to the receiver uses the public key to encrypt the document digital signature, which encryption is held private, whereas the decryption key is made public. nobody, except the sender, can create the encrypted document, but everyone can decrypt the document.

where are RSS and Atom feeds currently used? Select all that apply.

input and output RESTful services

The attribute of an XML element can be placed

inside the opening tag of an XML element

Where can an attribute be placed in an XML document?

inside the opening tag of an element

where can attributes be placed in an XML document?

inside the opening tag of an element

The traditional .dll library functions can be deployed to a Web server and accessed through

internal calls

A user control

is a component sharable among multiple pages.

A user control...

is a component sharable among multiple pages.

an attribute with an element...

is never implicitly qualified by the qualifier of the element

a Document Type Definition file...

is used to define the structure of an XML file

When session states are used, a Web server identifies a revisiting browser through an ID

issued by the server.

what does the fragment caching do in ASP.Net?

it caches a part of the XHTML page defined by a user control

what does the output caching do in ASP.Net?

it caches the entire XHTML page

what is WS-Reliability? what issues the WS-Reliability specification address?

it is a SOAP-based specification that fulfills reliable messaging requirements critical to SOC applications of web services.

how is the form-based security implemented in a Web application?

it used the Web.config file to define the detailed security policies. the system.web section can be used to define authentication and authorization to a web application.

cipherSuite = _____________ + ___________

key exchange algorithm + cipherSpec

how is a user control page shared among multiple ASPX pages?

link the reference to the user control page into each ASPX page

The purpose of HTML controls in ASP .Net GUI design is to

map HTML tags to server controls more conveniently.

compare and contrast RSS and Atom feeds. what are their similarities and differences. where are they being used?

most noncontainer elements of RSS are string types, whereas Atom's noncontainer elements allow more flexibility in associating with different types of data. Atom has automated features like autoupdate that automatically adds timestamp when a feed is changed, and autodiscovery is for clients who know the URI of a web page to find the location of that page's associated Atom feed automatically. both are used for describing/representing feed data and are used in RESTful services.

A connection is created with each _______?

mouse click

Pretty Good Privacy (PGP) encryption/decryption uses...

multi-steps of hashing, compression, symmetric-key, and a public-key system.

A mashup can take data from (Select all that apply)

multiple data sources. multiple services and APIs.

An XML document has a tree structure. It

must have a unique root

An XML document has a tree structure. It...

must have a unique root

IPSec VPN, OSPF and BGP are _______ layer protocols?

network

what type of data is a session state variable designed to store?

objects defined by a class

if you plan to implement a thick-client architecture, what is the best technology to use?

out-of-browser computing

It is unethical or unlawful to do reversed engineering of proprietary software, unless you (Select all that apply)...

own the code. have the explicit permission.

______ proxy is a java based proxy for assessing web application vulnerability?

paros

Negation of session ID, Key exchange algorithm, mac algorithm, etc happens in which phase of SSL handshake protocol?

phase 1

XML files are stored in a Web server's file system in the form of

plain text files

XML files are stored in a Web server's file system in the form of...

plain text files

Web ______ intercepts the HTTP/HTTPS traffic, let the user verify the content or change them?

proxy

what web pages perform the computations on the server side? select all that apply.

pure HTML form

what web computing technology is obsolete?

pure HTML with server support

The probability that a system has survived in the time interval [0, t] is the system's...

reliability

The probability that a system has survived in the time interval [0,t] is the system's

reliability

An HTML element is processed at server side, if the element contains an attribute:

runat="server"

what attributes are called security attributes?

safety, vulnerability, confidentiality, data integrity

What techniques are used in Data Encryption Standard (DES) to perform encryption and decrption. Select all that apply.

secret key system multiple rounds of cypher encryption

What is the most sensible use of a remote data encryption/decryption service? We use it for

securing data be stored in disk.

What is the most sensible use of a remote data encryption/decryption service? We use it for...

securing data be stored in disk.

what dependability functions are implemented in WCF?

security and reliability

Policy-based software development model suggests to

separate data from program code, so that data can be modified without modifying the program.

Who sends its certificate and key exchange message in phase two of SSL handshake protocol?

server

session identifier is an arbitrary byte sequence chosen by the _________?

server

______ defines a set of cryptographic security parameters, which can be shared among multiple connections?

session

connections of the same session share the same __________ state?

session

every connection is associated with one ______?

session

______ may include multiple connections between the same client and server?

sessions

how are the special markup characters presented in XML files? what are CDATA and PCDATA? what are their differences? what is the difference between entity reference and CDATA?

special markup characters are presented as an entity reference or a character reference to differentiate them. CDATA is data that appears between a pair of special tags "<![CDATA[" and "]]>" PCDATA is any data that are not in CDATA tags. They are used to handle the appearances of reserved characters.

_____ can transfer files using sftp or tcp?

ssh

What type of data can a cookie directly store?

string

what types of data can cookies store?

string data

What namespace inherits and merges all names from other namespaces into the current schema?

targetNamespace

what are security problems with telnet?

telnet daemons does not encrypt any data no authentication or anti-MITM attack

In Windows-based security system, the access control list is stored in...

the Windows operating system.

what does the following line of code in a DTD file mean? Code: <!ELEMENT instructor(name, course+, officeHours*, phone | email)

the XML instance file must have an element <course>

what data does the Output Caching technique cache?

the entire web page generated from the ASPX page

What would happen if the same namespace qualifier is declared in the root and in a child element?

the inner declaration will override the outer one.

what is the dependability of a system?

the system's ability to deliver specified services to the end users so that they can justifiably rely on and trust the services provided by the system. it includes 3 aspects of a system: attributes, means, and impairments.

in order to tolerate (or correct) one bit error, the hamming distance of code C must be at least...

three

what is the purpose of defining a default namespace in an XML file?

to reduce the number of namespace qualifiers prefixed to the element names

SSL/TLS, SSL VPN are ______ layer protocols?

transport

XSS exploits the ________ for a particular site, where XCSRF(Cross-site request forgery) exploits the __________ in a user's browser?

trust a user has trust that a site has

what methods can be used for storing the session ID in the client browser?

use cookies to store the session ID. put the session ID in the URL as part of the address.

how do you add a DLL class into your web site application?

use the "add reference" option in Visual Studio to include the class

why do we need a user control at all? what function of a user control cannot be replaced by a server control?

user controls can be shared by multiple ASPX pages, its sharable and reusable.

By default, the cookies used in the Forms-based Security are protected by (Select all that apply)...

using encryption to prevent reading. using digital signature to prevent modification.

Defensive strategy against SQL injection, XSS, etc is to test your ______ of find vulnerability, or set up a ______ between the web server and outside world?

web site proxy

What does paros proxy include?

web traffic recorder web spider hash calculator scanner for testing common web application attacks

when do you use the add() method in the Cache class? select all that apply.

when we want to add a dependency object into an existing cache object.

what is the scope of a session state variable?

within all pages in the session


Set pelajaran terkait

fundamental skills-fundamentals of nursing

View Set

International Business 3450 Chapter 3 Quiz

View Set

Exam 2 Chapter Ending Quizzes 5-8

View Set

Pharmacology HESI Practice Questions

View Set