I NEED HELP WITH THESES QUESTIONS! PLEASE HELP!!! 31. Where should you validate?

ID: 3665659 • Letter: I

Question

I NEED HELP WITH THESES QUESTIONS! PLEASE HELP!!!

31. Where should you validate?

a. In your JS but not your PHP

b. In your PHP but not your JS

c. In your JS and in your PHP

d. In your SQL but not in your JS or in your PHP

e. In your SQL and in your JS but not in your PHP

f. In your SQL and in your PHP but not in your JS

32. Suppose data is stored on the client side using one of the following methods. For which of these

methods is the data automatically copied to the server as an http header?

a. Local storage

b. Cookies

c. Associative arrays

d. Web SQL Database

e. indexedDB Database

33. What is the main benefit of having stateless servers in basic http?

a. The users will be aware if the server is located on the internet or on an intranet

b. All inputs and outputs are automatically encrypted

c. Server replication is relatively easy

d. Statelessness eliminates the risk of losing your cookies

e. When http was invented, nobody had yet discovered how to create a stateful server

34. What is the main problem with having stateless servers in basic http?

a. It is difficult to keep track of which requests belong to the same user

b. It is completely impossible to replicate data across multiple servers

c. The users can tell whether the server is located on the internet or on the intranet

d. It is not possible to send data to a database from a stateless server

e. Usability is very low in a stateless environment

35. What is the purpose of a foreign key in a database table?

a. Foreign key constraints uniquely identify each row in the table

b. Foreign key constraints improve the usability of the data

c. Foreign key constraints help ensure that rows don’t reference non-existent values in other database tables

d. Foreign key constraints indicate which users are “primary” administrators of the database, to help improve security

e. Foreign key constraints store the password that your PHP uses to access the database

36. Which of these is NOT a good way of validating data—in other words, which of these methods is

most likely to allow invalid data of some sort to sneak through and cause harm?

a. A user entered some strings, which your code validates with regular expressions

b. A user uploaded a file, which your code checks to see if it’s actually an image file

c. Your web page displays an advertisement, which it incorporates from another server using <script src=”http://www.anotherserver.com/something/something”></script>

d. Your server reads a string from another server, which your code verifies that it can parse

as XML

e. Your server reads some strings from your own database, which your code escapes with

html special chars before sending to the browser

37. When is the most absolutely essential important time to validate (or escape) a piece of data?

a. Just before your code accepts that data from the user

b. Just after your code accepts that data from the user

c. Just before your code uses that data

d. Just after your code uses that data

38. For which of the following reasons, or all of them, is it important to validate even the data that

your code reads from your own database?

a. It’s possible that some member of your company intentionally slipped bad data into the

database

b. It’s possible that some other web page has a security hole that inadvertently allows bad

data to slip into the database

c. It’s possible that some portions of the database were purchased from another

organization and therefore might still contain old, unvalidated data

d. All of the above

e. None of the above

39. Which strings never need to be validated?

a. Strings received from users

b. Strings received in your PHP through AJAX transmissions from your own web page

c. Strings received in your PHP from other servers

d. Strings that are hardcoded in your PHP

40. When you store usernames and passwords in a database, why is it most important for you to

hash all of the passwords with salt?

a. Hashing a password with salt improves its usability by making it more readable

b. Hashing a password with salt improves its performance by making it shorter

c. Hashing a password with salt improves its performance by eliminating redundant

characters

d. Hashing a password with salt improves its security by making it harder for an adversary

who steals the database to figure out the password

e. Hashing a password with salt improves its security by ensuring that users only select

passwords that are hard to guess

41. Suppose that you implement a login form. What role does the SESSION play in your code?

a. Usually, after the user logs in, your code will store the user’s identifier in the session (for

example, a user id number, or perhaps the user’s username)

b. Usually, before the user logs in, your code will store the user’s password in the session

c. Usually, just after the user logs out, your code will show the contents of the user’s

session on the screen

d. Usually, just before the user logs out, your code will store the contents of the user’s

session in the database

42. Which of the following are risks of using a 3rd party login system, rather than implementing your

own? For example, what are the potential downsides of using Google’s login for your site?

a. The 3rd party could hypothetically pretend to be one of the users and get into your site

as a result (e.g., Google could hack your site)

b. Dependence on the 3rd party could lead to reduced usability (e.g., due to user confusion

about “why am I on Google’s site all of a sudden?”)

c. Both of the above

d. Neither of the above

43. Which of the following are potential downsides of using OSU’s ONID authentication service for

controlling access to your site?

a. OSU could hypothetically pretend to be one of the users and get into your site

b. OSU only allows sites hosted on OSU domains to authenticate users with ONID (unless if

you establish a separate agreement with the OSU administrators)

c. Both of the above

d. Neither of the above

44. Suppose that you wanted to do a file upload, and you didn’t want the user to see that ugly

<input type=”file”> widget. What could you do instead? (Note: We didn’t cover this in class; look it up on the web.)

a. You could use an ActiveX library, which is supported in pretty much all browsers and

provides a lot more control over the appearance of file upload widgets

b. You could use a Java applet, which is supported in pretty much all browsers and

provides a lot more control over the appearance of file upload widgets

c. You could use a client-side PHP script, which is supported in pretty much all browsers

and provides a lot more control over the appearance of file upload widgets

d. You could use a jQuery UI library, which is supported in pretty much all browsers and

provides a lot more control over the appearance of file upload widgets

e. None of the above: the basic <input type=”file”> widget is your only choice

45. Which of the following is the best explanation of what learnability means?

a. How easy it is for people to remember how to use your web site

b. How easy it is for people to figure out how to use your web site

c. How easy it is for people to explain how to use your web site

d. The number of actions required to use your web site

e. The number of icons displayed by your web site

f. The overall aesthetics of your web site

46. What is a good way to improve the memorability of your site?

a. Make sure that all text on the site is bold and in a very large font

b. Move functionality around on the screen, on a regular basis, to keep it “fresh”

c. Change the rules of the site (e.g., when users need to authenticate), to keep it “fresh”

d. Use colored icons with memorable shapes to make it easy to find functionality

e. Provide a “welcome” splash screen that displays a detailed tutorial video

f. Use http tags to cache the content of the site on the user’s computer

47. What is a good way to improve the overall usability of your site?

a. Include as many features as possible

b. Change the rules of the site (e.g., when users need to authenticate), to keep it “fresh”

c. Put up a splash screen to impress the users as they arrive

d. Avoid using <main> and <nav> tags, which can confuse search engines

e. Perform all long operations synchronously

f. Perform all long operations asynchronously

48. Under what conditions would you want to AVOID using paper prototyping?

a. When you do not own a copy of PhotoShop or similar image-editing software

b. When your site is extremely important, and any usability problem could be costly

c. When your site isn’t going to have a user interface; for example, maybe it is a search

engine that indexes the web and only returns search results in JSON format

d. All of the above

e. None of the above

49. Which of the following is the best explanation of what accessibility is?

a. Accessibility means that a site is usable to the largest population practically possible

b. Accessibility means that the site shows no text: all information is provided via mp3 files

c. Accessibility means eliminating all requirements for authentication

d. Accessibility means that the website cannot have any JavaScript

e. Accessibility means that the site is, aesthetically speaking, awesome

f. Accessibility means ensuring that the site is always online, all day every day

50. Which of the following is NOT a good way to choose mutually harmonious colors?

a. Use just black and white, plus a third color for emphasis

b. Use three colors equally spaced but near each other (analogic)

c. Use two colors opposite from one another on the color wheel (complementary colors)

d. Use three or four colors spaced equally around the color wheel (triads and tetrads)

e. Use every primary and complementary color (universal)

Explanation / Answer