PLP Final Review

Ace your homework & exams now with Quizwiz!

[Sebesta11-12] As an extension of the module-as-type approach to data abstraction, many languages now provide a class construct for object-oriented programming. To first approximation, classes can be thought of as module types that have been augmented with a(n) _____ mechanism.

inheritance

[OOP&Java] Which one of the following selections is a correct Java keyword?

instanceof

[Sebesta12Quiz] A language that is object oriented must provide support for this ____ key language features? Which one of the following choices is NOT correct?

interface

There is no single, standardized classification of cross-site scripting flaws, but most experts distinguish between at least two primary flavors of Cross-site scripting (XSS) flaws: _________. Which one of the following choices is NOT correct?

java-based and code-based

[JVM&GC] Major collection is much slower because it involves all _____

live objects

[Sebesta12Quiz] The entire collection of methods of an object is called the _____ of the object.

message protocol or message interface

[Sebesta12Quiz] The calls to methods are sometimes called ______.

messages

[Sebesta12Quiz] The subprograms that define the operations on objects of a class are called _______.

methods

This programming language _____ enables defining function objects by overloading "operator( )" and also supports closures.

C++

[Sebesta12Quiz] C# uses the syntax of _____ for defining classes.

C++

[Sebesta12Quiz] Which of the following was the first widely used object-oriented programming language and is still one of the most popular programming languages?

C++

In this stage of _____ in Generic Algorithms, the off-springs which are generated in the genetic algorithm are based on 2 genetic operators. The crossover takes place after combining 2 chromosomes for producing a new solution which shows better traits.

Crossover and Mutation

[closure] Which mathematical subject was utilized for the evaluation of expressions in closures?

Lambda Calculus

[Sebesta06] For length option(s) of string data type, some languages (e.g., C and C++), it is ___. In these languages, a special character is used to indicate the end of a string's characters, rather than maintaining the length.

Limited Dynamic Length

[JVM&GC] The JRockit JVM uses _____ model for performing garbage collection.

Mark and Sweep

[C++OOP] The constructor function's return type is ____

None of these

[JVM&GC] ____ is used to store long surviving objects.

Old generation

[JVM&GC] Compaction is performed during garbage collection while all Java threads are:

Paused

[Sebesta12] What key feature of object oriented programming is dynamic dispatch an example of?

Polymorphism

[Sebesta06] ___ data types are not defined in terms of other data types

Primitive

[Sebesta12Quiz] What type of functions must be included in an abstract class in C++?

Pure virtual functions

[closure] The _______ environment binds the non-local names to the corresponding variables in the lexical environment at the time the closure is created.

Referencing

SQL Injection refers to a type of attack which attempts to acquire unauthorized access to the database after injecting code and investigating the _______.

SQL Query

________ exploits a vulnerability in the database layer of an application. When user input is incorrectly filtered, any SQL statements can be executed by the application.

SQL injection

[SQLinject] Consider SQL Injection. Which one of the following choices is NOT correct?

SQL injection attack has been a major threat of inversion of control.

The attack could be possible after a different query is injected rather than a plain text, wherein a(n) _____ keyword was inserted before a query.

UNION

In _______ attack, vulnerabilities in the browser itself or in the browser plugins are exploited (rather than vulnerabilities in other websites, as is the case with XSS attacks).

Universal XSS

[Sebesta11-12] In Java, restrictions can be specified on the range of classes that can be passed to the generic method as generic parameters. Such restrictions are called ____.

bound

[C++OOP] It is a good idea to make a copy constructor's parameters ____ by specifying the ____ keyword in the parameter list.

constant, const

[OOP&Java] ____ is invoked to create an object.

constructor

[C++OOP] A _____ is a member function that is automatically called when a class object is _______.

constructor, created

[C++OOP] A class is a(n) ______ that is defined by the programmer.

data type

[C++OOP] In a procedural program, you typically have _____ stored in a collection of variables, and a set of _____ that perform operations on the data.

data, functions

[C++OOP] When a constructor function accepts no arguments, or does not have to accept arguments because of default arguments, it is called a(n): ____

default constructor

[C++OOP] Assuming that Rectangle is a class name, the statement ____.Rectangle *BoxPtr;

defines a Rectangle pointer variable called BoxPtr

[Sebesta12Quiz] In C++, what operator is used to explicitly deallocate heap-dynamic objects?

delete

[C++OOP] This is automatically called when an object is destroyed.

destructor function

Security on the web depends on a variety of mechanisms, including an underlying concept of trust known as the same-origin policy. Once a site is granted for permission on a web browser, the content from any URL with the same ____________ (three attributes for permission) will share these permissions. Which one of the following choices is NOT correct for the three items required for the same-origin policy?

digital signature

[C++OOP] Members of a class object are accessed with the ____

dot operator.

[Sebesta06] In general, ___ binding allows greater flexibility but at the expense of readability, efficiency, and reliability.

dynamic

[Sebesta06] Scalar variables can be separated into four categories by considering their lifetimes. Which is not one of them?

dynamic

[Sebesta12] The ____ attached to the name of the setter method means that its variable is assignable.

equal sign (=)

[JVM&GC] Which event is called major garbage collection?

eventual collection of the old generation

[Sebesta12Quiz] All Java objects are ____.

explicit heap dynamic

[Sebesta11-12] All subprograms are process ____(s) because they provide a way for a program to specify a process, without providing the details of how it performs its task (at least in the calling program).

abstraction

[Sebesta11-12] The evolution of data ____ began in 1960 with the first version of COBOL, which included the record data structure. The C-based languages have structs, which are also records.

abstraction

As the accurate identification of the vulnerabilities in the web applications with the help of a static analysis process is similar to the issue of halting, this technique shows a limitation of generating a higher ________ rate.

false positive

________ results are those paths which are detected as a vulnerable path; however, they are not vulnerable.

false positive

[Sebesta12Quiz] What keyword in Java ensures a class cannot be derived from to make inherited classes?

final

[Sebesta11-12] Overloaded subprograms provide a particular kind of polymorphism called ___ polymorphism.

ad-hoc

[JVM&GC] Young Generation of the heap is where _____

all new objects are allocated and aged

[Sebesta11-12] In Java, if a generic method has two or more restrictions on its generic type, they are added to the extends-clause, separated by _____.

ampersand

[Sebesta06] A(n) _____ array is an unordered collection of data elements that are indexed by an equal number of values called keys

associative

[C++OOP] In OOP terminology, an object's member variables are often called its _____, and its member functions are sometimes referred to as its behaviors, or ____________.

attributes, methods

[OOP&Java] To declare a constant MAX_LENGTH as a member of the class, you write ______.

final static double MAX_LENGTH = 99.98;

[Sebesta06] With this binding, array subscript ranges are statically bound and storage allocation is static (before run-time). The advantage is efficiency (for no dynamic allocation).

static

[Sebesta06] Binding can be ___.

static or dynamic

[C++OOP] Objects in an array are accessed with ____, just like any other data type in an array.

subscripts

[Sebesta11-12] Languages that support object-oriented programming usually support ____ polymorphism.

subtype

[Sebesta11-12] ____ polymorphism is fundamental to object-oriented languages, in which classes are said to inherit the methods of their parent classes.

subtype

[Sebesta11-12] ____ polymorphism means that a variable of type T can access any object of type T or any type derived from T.

subtype

The _________ algorithms are further categorized into the Regression and Classification algorithms. Some of the examples of such algorithms are Bayesian Network, Decision Tree Induction, K-nearest neighbors, Neural Network and Support Vector Machine.

supervised-learning

[OOP&Java] Inheritance means ______.

that a class can extend another class

[OOP&Java] Polymorphism means _____.

that a variable of supertype can refer to a subtype object

[C++OOP] The constructor function always has the same name as ____

the class

[OOP&Java] When invoking a method with an object argument, _____ is passed.

the reference of the object

[Sebesta09-10] ___ value cannot be passed as a parameter.

third-class

[C++OOP] This is a special built-in pointer that is available to a class's member functions.

this pointer

[JVM&GC] Small objects are allocated in TLAs. TLA is ____

thread local areas

[Sebesta11-12] In Java, for generic class<T>, T is the ___ variable.

type

_________ is based on information theory and Bayesian principles. In this type of algorithm, the machine attempts to detect the hidden structure in the unlabeled data. It makes no use of the output data or the prior labelled data. These algorithms are categorized into various categories like k-Means Clustering and Hierarchical Clustering Techniques.

unsupervised-learning

[Sebesta12Quiz] In C++, the storage structure for the list (of dynamically bound methods of a class instance) is often called a ______.

virtual method table

[Sebesta11-12] Java 5.0 supports ____ types which can be used for any collection type of any class components.

wildcard

[C++OOP] A good reason for overloading an operator is to enable it to:

work in its usual way, but with programmer-defined data types

[OOP&Java] Given the declaration Circle x = new Circle( ), which of the following statement is most accurate?

x contains a reference to a Circle object.

[JVM&GC] The heap is broken up into small parts or generations, they are _____

Young Generation, Old or Tenured Generation, and Permanent Generation

[Sebesta12Quiz] In C++, how many constructors are required to be defined explicitly in a class definition?

Zero

[Sebesta11-12] A(n) ___ is a view or representation of an entity that includes only the most significant attributes.

abstraction

[OOP&Java] Object-oriented programming allows you to derive new classes from existing classes. This is called _____.

inheritance

[C++OOP] When you redefine the way a standard operator works when it is used with class objects, you have ______ the operator.

overloaded

[Sebesta06] Arrays can be ___, as in C++ arrays whose definition includes the static specifier.

static

Consdier the following JavaScript program (as we discussed in the class).What value of x is displayed in function sub1, with (1) static scoping and (2) dynamic scoping? // var x; function sub1( ) { document.write("x = " + x + "<br />"); } function sub2( ) { var x; x = 10; sub1( ); } x = 5; sub2( );

(1) 5, (2) 10

[Sebesta06] To store a fixed number of decimal digits, in coded form (BCD), it uses ___ bits for a decimal digit.

4

[OOP&Java] _____ is a construct that defines objects of the same type.

A class

[Sebesta06] Static scoping is a central feature of ___ and some of its descendants.

ALGOL 60

[Sebesta12Quiz] What is NOT true about abstract classes and abstract methods?

Abstract classes must define their declared methods

[closure] Which of the following programming languages do not use closures?

Algol

[Sebesta06] ___ are two or more variables bound to the same storage address.

Alias

[Sebesta06] A(n) ___ is a homogeneous aggregate of data elements in which an individual element is identified by its position in the aggregate, relative to the first element.

Array

[closure] Which one of the following choices is not a "closure-like" construct? Select the best answer.

Arrays (C++)

[OOP&Java] Which of the following statement is false?

At least one constructor must always be defined explicitly.

Which one of the following choices is NOT correct?

Cross-site scripting attacks use known vulnerabilities in web-based applications only from the client-side browsers.

[Sebesta06] ___ is the association of attributes with program entities.

Binding

A(n) ______ attack is a technique wherein the attacker poses some queries to a database and derives the answers. Thereafter, the attacker plans the next course of action depending on the answers which were generated by the database. This was seen to be a difficult SQLi attack since the attacker does not have any prior knowledge regarding the database or the answers which would be generated.

Blind SQLi

The _______ attack is categorized into different types like the Boolean-Based or Time-Based SQLi attacks.

Blind SQLi

[Sebesta12Quiz] In Java, what is the process of implicitly coercing a primitive value into object context called?

Boxing

[JVM&GC] To reduce fragmentation, JVM does _____

Compaction

Many web applications rely on session cookies for authentication between individual HTTP requests, and because client-side scripts generally have access to these cookies, simple XSS exploits can steal these cookies. To mitigate this particular threat (though not the XSS problem in general), many web applications tie session cookies to the IP address of the user who originally logged in, then only permit that IP to use that cookie.

Cookie security

________ exploits "zone" concepts in certain browsers and usually executes code with a greater privilege.

Cross-Zone scripting

In ________ XSS attack, the malicious data does not touch the web server. Rather, it is being reflected by the JavaScript code, fully on the client side. An example of a DOM-based XSS vulnerability is the bug found in 2011 in a number of jQuery plugins.

DOM-based

Prevention strategies for _______ XSS attacks include very similar measures to traditional XSS prevention strategies but implemented in JavaScript code and contained in web pages (i.e. input validation and escaping). Some JavaScript frameworks have built-in countermeasures against this and other types of attack — for example AngularJS.

DOM-based

Some sources of non-persistent XSS vulnerabilities further divide these two groups into traditional (caused by server-side code flaws) and _____ (in client-side code flaws).

DOM-based

[Sebesta06] A(n) ___ defines a collection of data objects and a set of predefined operations on those objects

Data type

[Sebesta06] A(n) ___ is the collection of the attributes of a variable

Descriptor

Functionality that blocks all scripting and external inclusions by default and then allows the user to enable it on a per-domain basis is more effective. This has been possible for a long time in Internet Explorer (since version 4) by setting up its so called "Security Zones", and in Opera (since version 9) using its "Site Specific Preferences".

Disabling scripts

One problem with ______ is that many users do not understand it, and do not know how to properly secure their browsers. Another drawback is that many sites do not work without client-side scripting, forcing users to disable protection for that site and opening their systems to vulnerabilities.

Disabling scripts

The most significant problem with blocking all scripts on all websites by default is substantial reduction in functionality and responsiveness (client-side scripting can be much faster than server-side scripting because it does not need to connect to a remote server and the page or frame does not need to be reloaded).

Disabling scripts

While Web 2.0 and Ajax developers require the use of JavaScript, some web applications are written to allow operation without the need for any client-side scripts. This allows users, if they choose, to disable scripting in their browsers before using the application. In this way, even potentially malicious client-side scripts could be inserted unescaped on a page, and users would not be susceptible to XSS attacks.

Disabling scripts

[Sebesta06] For length option(s) of string data type, some languages (e.g., Perl, JavaScript), it is ___.

Dynamic Length (no maximum)

In the case of a(n) _________, the operator adds an invalid input value in the query, which can trigger errors in the database. In this process, the database is forced to carry out some activities which lead to errors.

Error based SQLi

Which one of the following choices is NOT one of SQL Injection attacks?

Event based SQLi

[JVM&GC] ____ compaction is used near the top of the heap where ____ compaction is used near the bottom of the heap.

External, Internal

[closure] Closures are techniques for implementing lexically scoped binding in languages with _____.

First-class functions

In this stage of _____ in Generic Algorithms, it is described as the determination of the effectiveness of the chromosomes in addressing the problems. A higher value indicates that the chromosome is very close in resolving the issue.

Fitness function

______ can be used to create cross-site scripting conditions due to escaping problems on HTTP protocol level (in addition to enabling attacks such as HTTP response splitting).

HTTP-header injection

[C++OOP] The process of object-oriented analysis can be viewed as the following steps: ____

Identify objects, then define objects' attributes, behaviors, and relationships

[C++OOP] Class declarations are usually stored here.

In their own header files

[JVM&GC] Memory management is the process of ___.Which one of the following chices is NOT correct?

Increase RAM Size

[Sebesta06] Array ___ is a mapping from indices to elements.

Indexing

[Sebesta12Quiz] ____ offers a solution to both the modification problem posed by abstract data type reuse and the program organization problem.

Inheritance

The _____ step in Generic Algorithms is the encoding or representation of chromosomes in the genetic algorithm which is carried out with the help of a binary format. The population used in the genetic algorithm is regarded as a set of likely solutions which can be used for resolving the issue.

Initial population

[Sebesta12Quiz] _____ operate only on the objects of the class.

Instance methods

[Sebesta12Quiz] What structures in Java provide partial support for multiple inheritance?

Interfaces

[Sebesta12Quiz] C# includes both classes and structs, with the classes being very similar to _______ classes and the structs being somewhat less powerful stack-dynamic constructs.

Java

As long as trusted nonces only appear on trustworthy scripts, the browser will not run programs from untrusted authors. Some large application providers report having successfully deployed nonce-based policies.

Selectively disabling scripts with Content-Security-Policy (CSP)

This ________ preventive measure allows HTML documents to opt in to disabling some scripts while leaving others enabled. The browser checks each script against a policy before deciding whether to run it. As long as the policy only allows trustworthy scripts and disallows dynamic code loading, the browser will not run programs from untrusted authors regardless of the HTML document's structure. This shifts the security burden to policy authors. Several studies have cast doubt on the efficacy of host whitelist based policies.

Selectively disabling scripts with Content-Security-Policy (CSP)

[Sebesta12Quiz] The integrated use of windows, mouse-pointing devices, and pop-up and pull-down menus, all of which first appeared in ______, dominate contemporary software systems.

Smalltalk

[Sebesta12Quiz] What was the first language to offer complete support for object- oriented programming?

Smalltalk

[Sebesta12Quiz] Which language adopts none of the appearance of the imperative languages and its purity of purpose is reflected in its simple elegance and uniformity of design?

Smalltalk

[Sebesta12Quiz] ______ is essentially typeless, meaning that all code is effectively generic.

Smalltalk

______ analysis is a process which investigates the source code of the web application for determining the vulnerabilities.

Static

[Sebesta06] For length option(s) of string data type, some languages (e.g., COBOL, Java's String class), it is ___.

Static Length

[closure] Which of the following statements is NOT CORRECT about closure?

The concept of closure was subsequently adopted and widely used in 1990's, especially with Java, to become widespread.

Which of the following choice is NOT correct?

The dynamic analysis process shows a higher false-positive rate.

Which of the following choice is NOT correct?

The hybrid analysis shows a higher false-positive rate, as it combines the dynamic analysis tool.

[OOP&Java] A Java exception is an instance of ________.

Throwable

Dynamic analysis could be run through the implementation of the program, where it detects the real vulnerability in source code without false positive results.

True

Hybrid analysis proposed as a combination between both; static and dynamic analysis. However, Hybrid analysis inherits the limitation from both approaches.

True

Static analysis have the advantage to cover all source code, and the ability to detect all vulnerabilities among the source code.

True

[JVM&GC] When is the garbage collected in JVM?

When the heap becomes full

Which one of the following choices is NOT correct?

XSS vulnerabilities have been reported and exploited since the 2010s.

[OOP&Java] Which one of the following statements regarding the "super" keyword is incorrect?

You can use super.super.p to invoke a method in superclass's parent class.

[closure] Some C libraries support ____ which is sometimes implemented by providing two values when registering this with the library: a function pointer and a separate void* pointer to arbitrary data of the user's choice.

callback

[OOP&Java] An object is an instance of a ________.

class

[Sebesta12Quiz] In C++, classes are defined as extensions of C's record structures—structs. This form of this structure (for the instance variables of class) is called a ____.

class instance record

[C++OOP] When a member function is defined outside of the class declaration, the function name must be qualified with the ____

class name, followed by the scope resolution operator

[Sebesta11-12] ___ is a subprogram and the referencing environment where it was defined.

closure

Cross-site scripting attacks are a case of ______.

code injection

[Sebesta09-10] ___ subroutines in a language with nested scopes introduce an additional level of complexity: they raise the possibility that a reference to a subroutine may outlive the execution of the scope in which that routine was declared.

first-class

[Sebesta06] Arrays can be ___, as with Java's objects.

fixed heap dynamic

[Sebesta06] With this binding, storage binding is dynamic but fixed after allocation (i.e., binding is done when requested and storage is allocated from heap, not stack).

fixed heap-dynamic

[Sebesta06] With this binding, array subscript ranges are statically bound, but the storage allocation is done at declaration time. The advantage is space-efficiency.

fixed stack-dynamic

[Sebesta11-12] Parametrically polymorphic subprograms are often called _____ subprograms.

generic

[Sebesta11-12] _____ polymorphism is usually, though not always, implemented by creating multiple copies of the polymorphic code, one specialized for each needed concrete type.

generic

[JVM&GC] Java objects reside in the area called ____.

heap

[JVM&GC] There are three components of the JVM that are focused on when tuning performance. They are ____

heap, garbage collector, JIT compiler

________ happens when the attacker injects something that is seemingly safe but is rewritten and modified by the browser while parsing the markup. This makes it extremely hard to detect or sanitize within the website's application logic. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters on parameters to CSS font-family.

mutated-XSS

[C++OOP] Assume that myCar is an instance of the Car class, and that the Car class has a member function named accelerate. Which of the following is a valid call to the accelerate member function?

myCar.accelerate( );

The ______ XSS vulnerability is by far the most basic type of web vulnerability. These holes show up when the data provided by a web client, most commonly in HTTP query parameters (e.g. HTML form submission), is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the content.

non-persistent

[C++OOP] The destructor function's return type is: ____

nothing. Destructors have no return type.

[JVM&GC] ____ is a part of heap reserved for allocation of new objects.

nursery

[OOP&Java] ________ represents an entity in the real world that can be distinctly identified.

object

[Sebesta11-12] To implement a(n) ___ in C++, an object of a class that overrides operator ( ) can be called as if it were a function.

object closure

[Sebesta12Quiz] The concept of ______ had its roots in SIMULA 67 but was not fully developed until the evolution of Smalltalk resulted in Smalltalk 80?

object-oriented programming

[Sebesta06] In several languages that support object-oriented programming, records are supported with ___.

objects

[JVM&GC] This generation is used to store long surviving objects.

old generation

[C++OOP] A class may have this many default constructor(s).

only one

[C++OOP] When you overload an operator, you cannot change the number of _____ taken by the operator.

operands

[C++OOP] To overload the + operator, you would write a function named: ____

operator +

[C++OOP] A(n) _____ operator can work with programmer-defined data types.

overloaded

Suppose there is a dating website where members scan the profiles of other members to see if they look interesting. For privacy reasons, this site hides everybody's real name and email. An attacker joins the site and wants to figure out the real names of the people on the site. To do so, the attacker writes a script designed to run from other users' browsers when they visit the attacker's profile. The script then sends a quick message to the attacker's own server, which collects this information.

persistent

The ______ XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping.

persistent

________ XSS vulnerabilities can be more significant than other types because an attacker's malicious script is rendered automatically, without the need to individually target victims or lure them to a third-party website.

persistent

[C++OOP] If you do not declare an access specification, the default for members of a class is ____

private

[C++OOP] Examples of access specifiers are the keywords: ____

private and public

[Sebesta06] A(n) ____ is a possibly heterogeneous aggregate of data elements in which the individual elements are identified by names.

record

[C++OOP] C++ requires that a copy constructor's parameter be a(n) ____

reference object

[Sebesta06] The ___ environment of a statement is the collection of all of the variables that are visible to that statement.

referencing

Non-persistent XSS flaws is also called _______.

reflected

[JVM&GC] The two main goals of tuning a java application are _____

responsiveness and throughput

[Sebesta09-10] ___ value can be passed as a parameter, but not returned from a subroutine or assigned into a variable.

second-class

[Sebesta12Quiz] If a new class is a subclass of a single parent class, then the derivation process is called ______. If a class has more than one parent class, the process is called ________.

single inheritance; multiple inheritance

[Sebesta06] With this binding, array subscript ranges are dynamically bound and the storage allocation is dynamic (done at run-time). The advantage is flexibility as the size of an array need not be known until the array is to be used.

stack-dynamic

[C++OOP] C++ allows you to redefine the way ____________ work when used with class objects.

standard operators


Related study sets

MGMT Ch.6 Quiz Org. Structure& Design

View Set

Clinical Interview Quiz Questions

View Set

Business Income or Loss (Tax course)

View Set

PSYC 260 Chapter 12: Stereotypes and Discrimination

View Set

Java - I/O (Input/Output), Binary, RAF, Object Serialization - Code / Coding Examples

View Set

Exam 3 Test Bank: Mgmt. of pts. w/ musculoskeletal disorders

View Set