CSE445 Final
Which of the following is an empty element in XML? - <image>Photo</ image > - <image></ image > - <image /> - <image source = "Photo.jpeg" />
- <image></ image > - <image /> - <image source = "Photo.jpeg" />
What is an empty element in XML?
- An element without text content between the element tags - An element without a child element
In Forms security, if login is successful, what are the possible solutions to store the user-entered credential? Select all that apply.
- As a cookie on client side. - In a hidden area in the client's web browser.
What are different ways cross site scripting can be used to obtain user data?
- Attack URL with a script - delivery of spam/phishing email to victim - victim clicks url - script in the URL is sent - user input displayed back to user - script runs on client browser
What are key languages used in HTML 5?
- CSS - JavaScript
Security is an umbrella concept that includes:
- Confidentiality - Data integrity - Vulnerability
What clients can be used for consuming (accessing) a WCF services?
- Console Application - ASP .Net Web site - Workflow Foundation Application
Why do we need to invent XML Schema after DTD has been invented?
- DTD is limited to string type of data. - DTD files do not follow XML syntax.
what security features are supported in WCF's SSL protocol? Secure Sockets Layer (SSL) defines communication protocols that can provide...
- Data confidentiality - Data integrity
What state management mechanism allows a business to store client data permanently?
- Database - XML file
What are NOT acceptable practices of using reverse engineering? Select all that apply. - Creating a different version of your own program - Fixing a bug in the program without waiting for a new release of the owner - Creating a new program using existing knowledge - Using the source code for nonprofit purpose
- Fixing a bug in the program without waiting for a new release of the owner - Creating a new program using existing knowledge - Using the source code for nonprofit purpose
Which of the following computing models can be considered to be in thick client architecture?
- HTML 5 - Adobe Flash - Silverlight - Out-of-Browser Computing
What are the main components of ASPX GUI design?
- HTML control - Server control
Where can the credential be possibly saved if the Forms security is used?
- In Web.Config file. - In a user-defined XML file. - In a user-defined database.
What are the main roles of IIS in Web application security control?
- It creates an access token and passes it to ASP .Net or to Windows for security check - It blocks IP address and domain that are not permitted
What is the capacity (expressivity) of XSL as a programming language? Select all that apply. - It has the capacities and features of an ordinary object-oriented programming language - It is able to express conditions using if-then-else constructs. - It is able to express loops. - It is Turing complete and thus is able to express general computing.
- It is able to express conditions using if-then-else constructs. - It is able to express loops. - It is Turing complete and thus is able to express general computing.
What are the problems with the checksum coding in detecting storage error? Select all that apply. - It may not be able to detect the all single errors. - It cost too much for storing the checksum. - It has a low diagnostic resolution. - It is not a separable code.
- It may not be able to detect the all single errors. - It has a low diagnostic resolution.
What are the main problems with the client-side XSL transformation?
- Not all browsers have a built-in XSLT processor. - The XML file has to be modified to reference the XSL file.
What methods are always supported by HTTP/1.1 requests?
- PUT - DELETE
What features does Windows Communication Foundation support?
- Platform-independent communication. - WS-Security and WS-ReliableMessaging.
Global.asax file can be used for storing
- Program source code that can be executed. - Global variables that can be accessed during the application execution.
Which of the following conform with the XML syntax? - JSON - SOAP - XHTML - WSDL - RSS / Atom
- SOAP - XHTML - WSDL - RSS / Atom
What are the potential problems of using client-side scripting?
- Script code is not reusable. - Interpretation is slower than executing compiled code. - Security and proprietary issues.
What are the main issues with the client-side computing?
- Security issue - Proprietary issue
What web computing models support thin client architecture?
- Server-Side computing - Pure HTML Web with GUI
What are the major components of cloud computing?
- Software as a Service - Platform as a Service - Infrastructure as a Service
In what situation should we implement a component as a user control? Select all that apply. - The component uses multiple server controls. - The component is used multiple times. - The component needs to be pre-compiled. - The component must be sent to the client side.
- The component uses multiple server controls. - The component is used multiple times.
What computing model and architecture does Pure HTML Web Implement?
- Thin client architecture - Server-side computing
What is (are) the major dependability feature(s) added into the Windows Communications Foundations?
- WS-Security - Reliable Sessions (WS-R) - Interoperability (WS-I)
What security mechanism(s) does IIS support?
- access control list - IP address restrictions - domain name restrictions - encrypted HTTP connections
What are the challenges for using an application state variable in Global.asax file?
- addressing the problem of simultaneous write on the variable - addressing the performance problem if the lock mechanism is used
What are the new features implemented in Atom?
- allow autoupdate - allow autodiscovery
The Extensible Stylesheet Language Transformations (XSLT) can be used to transform an XML file to...
- an HTML file - another XML file, with the same or a different structure
what are defenses against web manipulation?
- apply a timestamp within the variable - encrypt the information in the cookie or hidden variable - make sure your session IDs are long enough to prevent accidental collision - digitally sign or use a keyed hash function
XML is often used for defining
- data structures - communication protocols
If on select the cookieless attribute = UseUri to support Session State variables, the restrictions associated with this selection are that the
- developers must use relative paths. - browser must remain open to revisit session states.
It is unethical or unlawful to do reversed engineering of proprietary software, unless you
- have the explicit permission - own the code
A server control in ASP .Net application (Select all that apply) - is an object that forms a component in an ASPX page. - must have an extension name .aspx. - is executed at the client side. - can take input and emit an event upon an input.
- is an object that forms a component in an ASPX page. - can take input and emit an event upon an input.
what reliability features does WS-ReliableMessaging specification define/guarantee? What kinds of errors can be handled by WS-ReliableMessaging (WS-RM) in WCF?
- lost messages - duplicated messages - messages received out of order
A mashup can take data from
- multiple data sources. - multiple services and APIs.
What error control codes are separable codes?
- parity check - checksum
What is (are) the problem(s) associated with the standard Windows Forms Security mechanism?
- passwords are stored in clear text - sequential comparisons of user name and password - unmanageable if accessibility needs to be changed frequently
What attributes are called security attributes?
- safety - vulnerability - confidentiality - data integrity
What techniques are used in Data Encryption Standard (DES) to perform encryption and decryption?
- secret key system - multiple rounds of cypher encryption
What is true about a deployed service with the Just-In-Time compilation?
- the source code of the service can be redeployed while the service is being accessed. - It is slower than pre-compiled code for the first request.
What is required for a well-formed XML document?
- unique root element - each element has opening/closing tags - no overlapped tags
By default, the cookies used in the Forms-based Security are protected by...
- using encryption to prevent reading. - using digital signature to prevent modification.
What Web programming models suffer from the problems of potential piracy and reverse engineering of proprietary programs?
-Client-Side Scripting - Out-Of-Browser Computing
What Web services hosting server does not support external access?
.Net Development Server
Which of the following path expression selects all attributes in all the elements "Course" in the entire document?
//Course/@*
XML is
1. a Meta language that can be used to define another language. 2. a standard for data representation
Which of the followings are valid JSON value?
25 "25" -25
In SSL handshake protocol, client and server use _________ to derive a 48 byte master secret?
48 byte pre-master secret
Assume we have five (5) different Web data structures. We choose one structure as the intermediate structure and we translate all other structures to and from this structure. How many converters we need to have?
8
The following line of code in a DTD file defines that the XML instance file must have an element of <!ELEMENT instructor(name,course+,officeHours*,phone | email)>
<course>
Which of the following sequences does not make sense logically or semantically?
<deny users="*"/> <allow users="bob"/>
In what configuration setting will ASP .Net use the security token passed to it by IIS?
<identity impersonate = "false">
In GDI+, two classes are involved: Bitmap and Graphics. What are the relationship between these two classes?
A Graphics object can be created from a Bitmap object.
Why is it normally sufficient to use Get (WebGet) method in implementing a RESTful service?
A RESTful service can access a method that defines the required operation of read and/or write
How is the WS-ReliableMessaging implemented in WCF? How is the lost message handled by WS-Reliable Messaging?
A message is resent if the acknowledgement not received.
Why do you need to create your own machine key in if your ASP .Net application is hosted in a server farm environment?
A server farm does not have a unique machine key
How is the transaction implemented in WCF?
A transaction scope is defined, which allows a rollback if an action in the scope fails.
Web Services return API call results as either XML or JSON. Which of the following statements is NOT true about JSON and XML: A) XML is a platform and language neutral way of representing data while JSON depends on JavaScript runtime environment to process data B) XML is processed as a tree while JSON is processed as an object C) Both XML and JSON support multiple data types D) JSON is more lightweight than XML to process
A) XML is a platform and language neutral way of representing data while JSON depends on JavaScript runtime environment to process data
What type of files does not create a web page, instead, adds an item in an existing web page?
ASCX file (user controls)
explain the types of files that exist in an ASP.Net web site application and what the functions of each type file are.
ASPX files: a web form creating a GUI page for users to interact with. ASCX files: creates a custom control built from an HTML page with server-side script or code behind the page. Web.config file: contains configuration settings to control the applications behavior. Global.asax: contains event handlers to respond the global events. DLL: contains common library functions in the Windows environment C# files: event handlers behind the other pages handling events XHTML files: markup pages for the ASPX pages
Session state variables can be accessed by:
All pages within one session
When ASPX page is requested from a browser, what is sent to the browser?
An XHTML page generated from the ASPX page.
What type of dynamic graphics is NOT supported in GDI+?
Animation
What is the proper order of performing security operations?
Authentication, Authorization, and then Access of resource
How is the authorization applied to a resource (a page) in ASP .Net application?
Authorization information is stored in the Web.config file in the sub directory in which the page resides.
Which of the following is NOT true about DTD and Schema of defining an XML document? A) Schema is XML based and DTD is not B) Both DTD and Schema supports different data types such as int, string C) Schema is extendible while DTD is not D) All of the above
B) Both DTD and Schema supports different data types such as int, string
Which of the following is true about confidentiality of data? A) It's a measure that ensures only authorized users can access data B) It's a measure that ensures data is not tampered during the transmission C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above
B) It's a measure that ensures data is not tampered during the transmission
Which of the following is true about safety of data? A) It's a measure that ensures only authorized users can access data B) ensures non-occurrence of catastrophic consequence on the environment (human life lost, economic impact, etc.) C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above
B) ensures non-occurrence of catastrophic consequence on the environment (human life lost, economic impact, etc.)
______ attack is a browser exploit against SSL/TLS?
Beast
what is an XML namespace? how is a namespace defined? why is it useful?
Binds a prefix name (qualifier) to a schema definition and then uses that prefix whenever required. Declared as an attribute of an element. Used to limit the scope of a name of a DTD or schema to eliminate conflict.
After writing ASP .Net application data into an XML file on the server, what files need to be closed?
Both the XML file and the stream file.
Which of the following is true about vulnerability of data? A) It's a measure that ensures only authorized users can access data B) It's a measure that ensures data is not tampered during the transmission C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data D) All of the above
C) It's a measure that ensures programs that generate data does not have any errors so that attacks can access the data
Which of the following is NOT true about XML? A) XML tags are case-sensitive B) Every well-formed XML document needs to have a root node C) XML elements can't be empty D) Every opening tag must have a closing tag
C) XML elements can't be empty
__________ forces a user to execute unwanted actions on a web application where she is currently authenticated?
CSRF(Cross-Site request forgery)
Google's Protocol Buffers are similar in syntax to...
Class definition of an object-oriented programming language.
How can you prevent Web application deadlock in the case of copying data from one disk file to another disk file?
Close one file before opening the other.
What does Out-Of-Browser computing model mean?
Computing is done on client's machine.
Which of the following is False about SOAP and REST web services? A) SOAP web services are more suitable in applications such as financial application that use complex objects B) REST web services can implement more security protocols as all the web security protocols can be implemented with REST C) SOAP message are XML-based while REST can send messages in XML, JSON, HTML D) WCF is a framework that supports both REST and SOAP web service development
D) WCF is a framework that supports both REST and SOAP web service development
Which of the following is FALSE about SOAP and REST web services: A) SOAP web services are more suitable in applications such as financial applications that use complex objects B) SOAP web services can be implement more security C) SOAP messages are XML based while REST can send messages in XML, JSON, HTML D) WCF is a framework that supports only SOAP web service development while ASP .NET supports both SOAP and REST web service development
D) WCF is a framework that supports only SOAP web service development while ASP .NET supports both SOAP and REST web service development
What type of component in an ASP .Net application does not support just-in-time compilation?
DLL
What XML processing model reads the entire XML document into the memory?
DOM (Document Object Model)
what are DOM, SAX, and XPath models? list their strengths and weaknesses.
DOM: Reads an entire document into memory for random access. Represents a document as a rooted tree of nodes. Problematic if the XML document is large, which takes up a lot of memory. SAX: Used for reading XML contents. Less focused on the structure. Streamed-based. Forward-only and read-only API. XPath: Language for accessing parts of an XML document in a way that a file system accesses its files using a file path. Identifies certain nodes and attributes. No writing capabilities.
What resources are typically used as the sources of Mashup?
Data, services, and applications
In a public key security system, what key should be published if one wants to implement digital signature?
Decryption key
What design pattern in the javax.xml.parsers package allows the entire XML tree to be read into memory?
DocumentBuilderFactory
Which of the following is true about JSON and XML: A) XML is a good candidate when data structures need to be exchanged among web entities B) JSON data is mapped into tree data structure before processing where as XML is mapped into a key-value pair dictionary C) In general, JSON takes more memory while processing compared to XML D) Both b and c E) None of the above
E) None of the above
In a public key cryptography system, what key(s) should be made open (public) if the purpose is for data confidentiality?
Encryption key
What is XHTML (Extensible HTML)?
Extensible HTML that allows using a DTD file to extend the features of HTML.
In order to write data into a file system, we need a class that directly communicates with the file system, which is outside ASP.Net application. what class plays this role?
FileStream class
what .Net FCL classes and methods exist for reading and writing XML files?
Filestream and XML classes
How can the data stored in the ViewState variable of one page be accessed by another page?
First post it back to server and then send it to the other page
What are the correct order of steps that SSL uses in its coding process?
Fragmentation, Compression, Encryption
Where do you use the secure machine key generated for your ASP .Net application?
In the Web.config file, in the element system.web
Where are the cookies typically stored?
In the client's hard drive, in a folder within the browser application.
How does the Windows security mechanism work in Web application security control?
It compares the received credential with the credential saved in Windows's user accounts.
What functions does the Web.config file have?
It keeps all application settings together. It can parameterize an application's behavior.
What mechanisms are typically be used by the browser for storing and sending session ID when revisiting?
It uses a cookie for storing the session ID, and the ID is packed in HTTP payload. It creates a hidden field in the browser for storing the session ID, and the ID is embedded in the URL.
What error control codes are used in the data channel uplink and downlink code standard in 5G wireless network?
LDPC codes
What is the advantage of a sever-side's solution for displaying an XML file in required format?
No special requirement on Web browser
What type of data can be stored in session state variables?
Object type
Why does a service broker need an ontology, instead of a traditional database?
Ontology can better facilitate service match and discovery.
What programming model best supports the thick client in the client-server architecture? If you plan to develop an interactive and graphics-intensive application, e.g., a game, what Web computing model should be used to meet the requirement of such an application?
Out-Of-Browser Computing.
What is the best HTTP method is used to add a piece of data into an existing data container?
POST
What error control codes are used in the control channel code standard in 5G wireless network?
Polar Codes
What mechanism is used in Google search engine for defining data and data structure?
Protocol Buffers
used for the traceability of data - where and how does the data come from?
Provenance
what is quality of service? what are dependability attributes?
QoS is the totality of features and characteristics of a product or service that bears on its ability to meet a stated or implied need. More frequently used from the user's perspective. Dependability captures the system's ability to deliver specified services to the end-users so that they can justifiably rely on and trust the services provided by the system. Dependability attributes are more frequently used by system designers because it includes impairments and means of improvement. Includes 3 aspects of a system: attributes, means, and impairments. Both are used interchangeably.
What are the five key exchange methods?
RSA Fixed DH Ephemeral DH Anonymous DH Fortezza
What XML processing model reads one node into memory at a time?
SAX (Simple API for XML)
In the Java API for XML Processing (JAXP) packages, which class creates the interface for parsers?
SAXParserFactory
How does SOAP-based invocation receive the response value?
SOAP relies on the underlying protocol, such as HTTP, to relate return response message.
______ us a man in the middle attack ?
SSLstrip
in phase 1: server hello message, what do the values of session ID indicate?
Session ID chosen by the server If the client wants to resume an old session, server responds with old session ID If 0, server generates a new session ID
In an ASP .Net Web application, we can place the C# code inside the html file. In this case...
The C# code will not be visible to the users on the client side, because the code is is not sent to the Web browser.
What is the strongest security option in the Forms-based Web security (the most secure mode)?
The clause <identity impersonate ="..." /> does not appear in Web.config file.
What does the following line of code in a DTD file imply? <!ELEMENT instructor(name,course?,officeHours*,phone | email)> - The element "name" is optional. - The element "course" is optional. - The element "course" is required. - The element "phone" is required.
The element "course" is optional.
The <authorization> element in a Web.cong file consists of a list of <allow> and <deny> elements....
The elements must be specifically ordered according to authorization requirement.
Why are encryption and decryption algorithms of matters of national security and are classified?
The government and military of other countries can use the algorithms to encrypt their communication.
Data Encryption Standard (DES) uses a 64-bit double word (8 bytes) for storing the secret key, including 56 function bits and 8 parity check bits. Where are the 8 parity check bits stored?
They are distributed in 8 bytes.
In order to detect all two-bit errors, the hamming distance dm(C) of code C must be at least...
Three
What is the purpose of defining a default namespace in an XML file?
To reduce the use of a namespace qualifier prefixed to the element names
Wireless communication heavily replies on error control codes. What are the primary error control codes used in 4G wireless network?
Turbo Codes
What are the main problems of storing the credentials in Web.config file?
Unmanageable if the number of users is large. Sequential comparisons of passwords.
How do we draw the coffee cup in the given case study?
Use Graphics class's DrawEllipse method.
How does a WSDL/SOAP service normally return a value to the caller?
Use HTTP | Response.
What is the best way to convert a legacy executable file, such as DLL functions, into Web services?
Use the Web service template to create a service and call the library functions in the service code.
If a developer wants the session state works for the current session only, what value should be used for cookiless?
UseUri
what is WS-Specification? what components are included in WS-Specification?
WCF supports multiple security methods at different layers. the security methods includes authentication, authorization, confidentiality, and integrity. the layers in which security mechanisms are deployed include message layer and transport layer.
What type of file allows the application to parameterize its behavior, so that the behavior can be modified without recompiling the source code? What type of file overrides its occurrence in the parent directory?
Web.config
When is a deadlock possible for an ASP .Net application?
When separate files are used for storing store items and in-cart items.
What do you do if you want to use your own file for storing the credentials, instead of using Web.conf?
Write your own code to handle the access control.
What method of XmlTextWriter Class should be called if you want to create an XML node with a child node?
WriteStartElement
What type of file does the following piece of code most likely belong to? <Book> <Title>Introduction to Programming Language</Title> <Author>Yinong Chen</Author> <Year>2006</Year> <ISBN>0-7575-2974-7</ISBN> </Book>
XML instance file
What is XML? what are XML element and attributes?
XML is a universal metalanguage used to define other Web services standards, protocol, interfaces, documents, and data. It is made of plain-text and self-describing. XML elements are used to define the data that are integral to the document. XML attributes are used to define out-of-band data which give additional information.
What .Net class contains the method to obtain the root element of an XML document?
XMLDocument class
what .Net FCL classes and methods exist for validating XML files?
XMLReader and its .Create(...) method can be used to perform validation, supporting both DTD and XSD files
FileStream class uses a stream buffer of bytes to connect to the file system. what XML class/classes can be used to read the stream buffer?
XMLTextReader and XMLDocument
What .Net class contains the method called WriteElementString?
XMLTextWriter class
compare and contrast XML DTD and XML XSD.
XSD is a more powerful alternative to DTD that defines the structure and types of an XML document. XSD is extendable and reusable. DTD is not XML-based which required separate tools to process DTD documents, whereas XSD is XML-based. DTD is limited to only string type, whereas XSD supports basic types and can define other complex types.
The idea behind the Google's BigTable is similar to that of...
a B+ Tree
AJAX control is implemented in the ASP .Net environment as...
a Web control.
what is WS-transaction?
a collection of actions, including information exchange and status modification. It must be treated as a unit or atomic operation for ensuring database integrity. transactions are at application level, consisting of sequences of operations.
An XML document can be best illustrated as...
a rooted tree
Data hash is normally applied in the situation where
a separate digital signature is need.
Mashup is
a service-oriented composition method.
Sandbox is security mechanism in client-side computing. It guards the client machine by not allowing
access to native applications on the client.
how is the Windows-based security implemented in a Web application?
all access to a web application or web service must go through IIS, which assigns every request an access token. the access token enables the Windows OS to perform ACL (access control list) checks on resources targeted by the request.
An application state variable allows you to store an object into the server memory, which can be accessed by...
all sessions in the current application, but no the other applications
using only ________ data values is a good defense against XSS?
alphanumeric
What is the data structure of the stream buffer created when opening a FileStream file?
an array of bytes or plain characters
An image is sent to a web browser in
an html stream
SSL handshake protocol carries out initial ________?
authentication
Web.config file in ASP.Net application is used for...
authentication and authorization
What dependability attribute ensures the readiness of service at time point t?
availability
Which of the followings are valid for representing the expression: 0 < x < 10 in an XML element? Select all that apply. a) 0 < x < 10 b) 0 < x < 10 c) 0 #60; x #60; 10 d) 0 "<" x "<" 10
b) 0 < x < 10 c) 0 #60; x #60; 10
A JSON array consists of an ordered sequence of elements. All these elements...
can have different types.
Data hashing create a value from a given data. The hash value
can uniquely identify a data, but cannot recreate the data.
In phase 4 of SSL handshake, change ________ spec and finish _______?
cipher handshake
________ is a list of cryptographic options supported by the client ordered by preference?
cipher_suites
who sends its certificate if requested, and verification message in phase 3 of SSL handshake protocol?
client
If key exchange between server and client is RSA based then it was generated by the _________? It is then sent to the server and encrypted with __________'s public ______ key?
client server RSA
Web sites based on pure HTML can perform
computation on server side only
Windows security can be used to control user access to a Website. This security mechanism can be best applied to the users of
corporate intranet applications
With _______ some websites sends back up user's input without filtering? _________ allows attackers to inject HTML or Client-side script into the web pages viewed by others?
cross-site scripting(XSS)
In Windows Communication Foundation, the scope of a transaction flow is...
defined using an object of TransactionScope class
A Document Type Definition (DTD) file
defines the syntax of an XML file.
In what circumstance should such an encryption system be used, where the decoding key is public and the encoding key is private?
digital signature is needed
Secure Sockets Layer (SSL) deals with the security issue...
during the communication.
Many encryption and decryption algorithms are of matters of national security and are classified. The main reason is that the exposure of these algorithms can help the enemies to...
encrypt their secret data
DES (Data Encryption Standard) is used for low-level security purpose only, because its...
encryption key is short
What does the method MoveToNextAttribute() in the XMLTextReader class return, if the node has no more attributes?
false
A DLL component that you create...
forms a namespace and you need to explicitly include it in the application.
The main idea of cloud computing is to shift computing from
from desktop to Web
SSL _______ protocol negotiates the protocols to be used for authentication and encryption?
handshake
We can use data hashing to safeguard the passwords by hashing the password before saving it. When validating a user, we
hash the user entered password and compare with the saved hash value.
______ attack is when an attacker sends a heartbeat request to a server?
heart bleed attack
Where are the compilation and debugging options of a Web application typically stored in the Web.config file?
in <system.web>
If an XML file is created in your application, where should the file be stored in the ASP .Net application domain?
in App_Data folder
Where are the credentials saved in the built-in account management (offered by the pages in the "Account" folder) of ASP .Net application?
in a database
The purpose of using CDATA is to allow special characters to appear
in the element's text between the opening tag and closing tag.
how are digital signature and confidentiality implemented in a public key security system?
in the public key security system, anyone who wants to send a confidential document to the receiver uses the public key to encrypt the document digital signature, which encryption is held private, whereas the decryption key is made public. nobody, except the sender, can create the encrypted document, but everyone can decrypt the document.
The attribute of an XML element can be placed
inside the opening tag of an XML element
The traditional .dll library functions can be deployed to a Web server and accessed through
internal calls
A user control
is a component sharable among multiple pages.
An attribute with an element...
is never implicitly qualified by the qualifier of the element
When session states are used, a Web server identifies a revisiting browser through an ID
issued by the server.
what is WS-Reliability? what issues does the WS-Reliability specification address?
it is a SOAP-based specification that fulfills reliable messaging requirements critical to SOC applications of web services.
how is the form-based security implemented in a Web application?
it used the Web.config file to define the detailed security policies. the system.web section can be used to define authentication and authorization to a web application.
cipherSuite = _____________ + ___________
key exchange algorithm + cipherSpec
How is a user control page shared among multiple ASPX pages?
link the reference to the user control page into each ASPX page
The purpose of HTML controls in ASP .Net GUI design is to
map HTML tags to server controls more conveniently.
The WSDL file of a WCF (Windows Communication Foundation) service, compared to standard WSDL file, contains
more types of the elements.
compare and contrast RSS and Atom feeds. what are their similarities and differences? where are they being used?
most non-container elements of RSS are string types, whereas Atom's non-container elements allow more flexibility in associating with different types of data. Atom has automated features like auto-update that automatically adds timestamp when a feed is changed, and autodiscovery is for clients who know the URI of a web page to find the location of that page's associated Atom feed automatically. Used for describing/representing feed data and are used in the input/output of RESTful services.
A connection is created with each _______?
mouse click
Pretty Good Privacy (PGP) encryption/decryption uses...
multi-steps of hashing, compression, symmetric-key, and a public-key system.
Negation of session ID, Key exchange algorithm, mac algorithm, etc happens in which phase of SSL handshake protocol?
phase 1
XML files are stored in a Web server's file system in the form of
plain text files
Web ______ intercepts the HTTP/HTTPS traffic, let the user verify the content or change them?
proxy
What web computing technology is obsolete?
pure HTML with server support
The probability that a system has survived in the time interval [0, t] is the system's...
reliability
An HTML element is processed at server side, if the element contains an attribute:
runat="server"
What is the most sensible use of a remote data encryption/decryption service? We use it for
securing data be stored in disk.
What dependability functions are implemented in WCF?
security and reliability
Policy-based software development model suggests to
separate data from program code, so that data can be modified without modifying the program. / decouple data from program
Who sends its certificate and key exchange message in phase two of SSL handshake protocol?
server
every connection is associated with one ______? connections of the same session share the same __________ state? ______ may include multiple connections between the same client and server?
session
What state management method is explicitly used for supporting SSL connection? ______ defines a set of cryptographic security parameters, which can be shared among multiple connections?
session state
how are the special markup characters presented in XML files? what are CDATA and PCDATA? what are their differences? what is the difference between entity reference and CDATA?
special markup characters are presented as an entity reference or a character reference to differentiate them. CDATA is data that appears between a pair of special tags "<![CDATA[" and "]]>" PCDATA is any data that are not in CDATA tags. *PCDATA will be checked for syntax errors by XML parsers, while CDATA will not be checked.*
Cookies can be used for
storing any information on the client side. supporting Session state to identify revisiting client. supporting Forms security to store client's credential.
What type of data can a cookie directly store?
string
What namespace inherits and merges all names from other namespaces into the current schema?
targetNamespace
In Windows-based security system, the access control list is stored in...
the Windows operating system.
What would happen if the same namespace qualifier is declared in the root and in a child element?
the inner declaration will override the outer one.
In order to tolerate (or correct) one bit error, the hamming distance of code C must be at least...
three
SSL/TLS, SSL VPN are ______ layer protocols?
transport
XSS exploits the ________ for a particular site, where XCSRF(Cross-site request forgery) exploits the __________ in a user's browser?
trust a user has trust that a site has
Cross-site scripting (XSS) is a type of attacks, in which the attackers
use script programs as input data.
Why do we need a user control at all? what function of a user control cannot be replaced by a server control?
user controls can be shared by multiple ASPX pages, its sharable and reusable.
Defensive strategy against SQL injection, XSS, etc is to test your ______ of find vulnerability, or set up a ______ between the web server and outside world?
web site proxy