пятница, 14 ноября 2008 г.

Вопросики из селф сертификации

Итак почти все вопросы из Самопроверочного теста по Зенд Сертификации. (Написал по русски чтоб не палитсо)...




ЗЫ Сорри что табы в коде съехали, трудно эдитить в этом TinyMCE in WP...

When connecting to a database using PDO, what must be done to ensure that database credentials are not compromised if the connection were to fail?
Answer...


  • wrap the PDO DSN in a try/catch block to catch any connection exception

  • Use constants in the PDO DSN

  • Place the login credentials in the php.ini file

  • Disable E_STRICT and E_NOTICE error reporting levels



Consider the following code snippet:

    $query = "SELECT first,
last,
phone
FROM contacts
WHERE first LIKE 'John%'";

$statement = mysqli_prepare($link, $query);
mysqli_execute($statement);

/* ???? */

while(($result = mysqli_stmt_fetch($statement)))
{
print "Name: $first $last\n";
print "Phone: $phone\n\n";
}
?>

Assuming this code snippet is part of a larger correct application, what must be done in place of the ???? above for the correct output to be displayed?
Answer...


  • None of the above

  • mysqli_fetch_columns($first, $last, $phone);

  • mysqli_stmt_bind_result($statement, $first, $last, $phone);

  • A while loop, fetching the row and assigning $first, $last, and $phone the proper value


What three special methods can be used to perform special logic in the event a particular accessed method or member variable is not found?
Answers: (choose 3)


  • __get($variable)

  • __call($method, $params)

  • __get($method)

  • __set($variable, $value)

  • __call($method)



In PHP 5, the ________ method is automatically called when the object is created, while the _______ method is automatically called when the object is destroyed.
Answer...


  • __construct(), __destruct()

  • <Class Name>, __destroy()

  • <Class Name>, ~<Class Name>

  • __startup(), __shutdown()

  • __construct(), __destroy()



When using a function such as strip_tags, are markup-based attacks still possible?
Answer...


  • No, HTML does not pose any security risks

  • Yes, even a <p> HTML tag is a security risk

  • Yes, attributes of allowed tags are ignored

  • No, strip_tags will prevent any markup-based attack



_______ can be used to add additional functionality to a stream, such as implementation of a specific protocol on top of a normal PHP stream implementation.
Answer...


  • Buffered

  • Buckets

  • Wrappers

  • Filters



When embedding PHP into XML documents, what must you ensure is true in order for things to function properly?
Answer...


  • Disabling of the short_tags PHP.ini directive

  • Enabling the asp_tags PHP.ini directive

  • That you have XPath support enabled in PHP 5

  • That your XML documents are well-formed

  • None of the above, PHP can be embedded in XML in all cases.



What is the best way to iterate and modify every element of an array using PHP 5?

Answer...


  • You cannot modify an array during iteration

  • for($i = 0; $i < count($array); $i++) { /* ... */ }

  • foreach($array as $key => &$val) { /* ... */ }

  • foreach($array as $key => $val) { /* ... */ }

  • while(list($key, $val) = each($array)) { /* ... */



What is the output of the following?

$a = 20;

function myfunction($b) {
$a = 30;

global $a, $c;
return $c = ($b + $a);
}

print myfunction(40) + $c;

?>


Answer...


  • 120

  • Syntax Error

  • 60

  • 70



Consider the following PHP 4 code:

if($obj1 === $obj2) {
/* Do something */
} ?>

What, if any, potential compatibility problems will this conditional have in PHP 5?
Answer...


  • This code is undefined in PHP 4

  • None of the above

  • $obj1 and $obj2 must have the same property values in PHP 5

  • $obj1 and $obj2 must be the same instance in PHP 5

  • There are no compatibility issues



Consider the following PHP code segment, which attempts to execute a PDO query:
try {
$dbh->exec($sql);
} catch (PDOException $e) {
// display warning message
$info = $e->errorInfo;
}
?>

In the event of a PDOException, $info is set with the contents of the $errorInfo property of the exception. Which of the following are accurate descriptions of the contents?

Answers: (choose 3)


  • $info[1] is the database-specific error code

  • $info[2] is the database-specific error message

  • $info[1] is the unified error code

  • $info[0] is the unified error code

  • $info[0] Is the Database-specific error message



The Decorator pattern is used to...
Answer...


  • Change the behavior of a class without modifying the original class

  • Used in XSLT transformations in OO design

  • Used to map HTML structures to objects

  • A type of View in an MVC pattern



What is the output of the following?
function a($number)
{
return (b($number) * $number);
}

function b(&amp;amp;amp;$number)
{
++$number;
}
echo a(5);
?>


Answer...


  • 0

  • 36

  • 6

  • 30

  • 5



To ensure that a given object has a particular set of methods, you must provide a method list in the form of an ________ and then attach it as part of your class using the ________ keyword.
Answer...


  • array, interface

  • interface, implements

  • interface, extends

  • instance, implements

  • access-list, instance



What is the output of the following code?
function oranges(&amp;amp;amp;$oranges = 17)
{
$oranges .= 1;
}
$apples = 5;
oranges($apples);
echo $apples++;

Answer...


  • 16

  • 51

  • 15

  • 6

  • 5



How can the following code be re-written from PHP 4 to PHP 5?

if(get_class($myObj) == "MyClass") {
// Do something
}

?>


Answers: (choose 1)


  • if(get_class($myObj) === "MyObject)

  • if(strtolower(get_class($myObj)) == "MyClass")

  • if($myObj implements MyClass)

  • if($myObj instanceof Object)

  • if($myObj instanceof MyClass)



What is the best approach for converting this string:
$string = "a=10&b[]=20&c=30&d=40+50";

Into this array?


array(4) {
["a"]=>
string(2) "10"
["b"]=>
array(1) {
[0]=>
string(2) "20"
}
["c"]=>
string(2) "30"
["d"]=>
string(5) "40 50"
}


Answer...


  • Write a parser completely by hand, it's the only way to make sure it's 100% accurate

  • Use the parse_str() function to translate it to an array()

  • Pass the variable to another PHP script via an HTTP GET request and return the array as a serialized variable

  • Just call unserialize() to translate it to an array()

  • Write a string parser using strtok() and unserialize() to convert it to an array



Consider the following code snippet:
$query = "INSERT INTO mytable
(myinteger, mydouble, myblob, myvarchar)
VALUES (?, ?, ?, ?)";

$statement = mysqli_prepare($link, $query);

if(!$statement)
{
die(mysqli_error($link));
}

/* The variables being bound to by MySQLi
don't need to exist prior to binding */
mysqli_bind_param($statement, "idbs",
$myinteger, $mydouble, $myblob, $myvarchar);

/* ???????????? */

/* execute the query, using the variables as defined. */

if(!mysqli_execute($statement))
{
die(mysqli_error($link));
}

?>

Assuming this snippet is a smaller part of a correctly written script, what actions must occur in place of the ????? in the above code snippet to insert a row with the following values: 10, 20.2, foo, string ?
Answer...


  • A transaction must be begun and the variables must be assigned

  • Each value must be assigned prior to calling mysqli_bind_param(), and thus nothing should be done

  • Use mysqli_bind_value() to assign each of the values

  • Assign $myinteger, $mydouble, $myblob, $myvarchar the proper values


The following could be better represented as what?

if($a == 10) {

} elseif ($a == 20) {

} elseif ($a == 30) {

}

?>


Answer...


  • A switch statement without break statements

  • A foreach statement

  • A while statement

  • A switch statement

  • Multiple if statements



When implementing a permissions system for your Web site, what should always be done with regards to the session?

Answer...


  • None of the above

  • You should not implement permission systems using sessions

  • Sessions should be cleared of all data and re-populated

  • The session key should be regenerated

  • The session should be destroyed



What XML technology is used when you mix two different document types in a single XML document?

Answer...


  • Validators

  • DTD

  • Transformations

  • Namespaces


!!!!!!!!!!!!!!!!!!!!!!
The _________ context variable allows you to define a callback for the stream that will notify your script of certain events during the course of the transaction.
[ tyep our answer ]



Which of the following functions is used to determine if a given stream is blocking or not?
Answer...


  • stream_get_blocking

  • stream_get_meta_data

  • stream_is_blocking

  • stream_get_blocking_mode



The following is a common XML structure used in service oriented architectures, what does it represent?


myMethod


HI!


Answer...


  • None of the above

  • A fragment of a complete SOAP request

  • XML-RPC

  • REST

  • SOAP


!!!!!!!!!
One can determine if it is possible to send HTTP headers from within your PHP script using which of the following functions?
Answer...


  • apache_headers_enabled()

  • is_headers_enabled()

  • is_headers_sent()

  • headers_sent()

  • headers_enabled()



Which of the following are not valid ways to embed a variable into a string?

Answers: (choose 2)


  • $a = "Value: $value->getValue()";

  • $a = "Value: {$value}";

  • $a = 'Value: $value';

  • $a = "Value: $value";

  • $a = "Value: {$value['val']}";



Which of the following is not a valid PDO DSN?
Answer...


  • All of the above are valid

  • mysql:unix_socket=/tmp/mysql.sock;dbname=testdb

  • oci:dbname=//localhost:1521/mydb

  • mysql:host=localhost;port=3307;dbname=testdb

  • sqlite2:/opt/databases/mydb.sq2


!!!!!!!!!!!!
What is the output of the following code?

class MyException extends Exception {}
class AnotherException extends MyException {}

class Foo {
public function something() {
throw new AnotherException();
}
public function somethingElse() {
throw new MyException();
}
}

$a = new Foo();

try {
try {
$a->something();
} catch(AnotherException $e) {
$a->somethingElse();
} catch(MyException $e) {
print "Caught Exception";
}
} catch(Exception $e) {
print "Didn't catch the Exception!";
}

?>


Answer...


  • "Caught Exception" followed by "Didn't catch the Exception!"

  • A fatal error for an uncaught exception

  • "Didn't catch the Exception!"

  • "Didn't catch the Exception!" followed by a fatal error

  • "Caught Exception"


!!!!
The $_REQUEST super global contains what?

Answers: (choose 3)


  • Data received from the session

  • Data received from Cookies

  • Data received from the server environment

  • Data received from HTTP POST

  • Data received from HTTP GET


111
What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?
Answer...


  • None of the above

  • Never trust any data from the user

  • Enable built-in security features such as magic_quotes_gpc and safe_mode

  • Always filter all incoming data

  • Use PHP 5's tainted mode



Removing undesired markup tags from input can best be done using which function?
Answer...


  • strip_tags()

  • tidy_strip_html()

  • str_replace()

  • strip_html()


??????
Setting a cookie on the client in PHP 5 can be best accomplished by:
Answer...


  • Use the add_cookie() function

  • Use the setcookie() function

  • Use the the apache_send_header() function

  • Setting a variable in the $_COOKIE superglobal


!!!!!!!!
The ______ function is used to add up the values of every entry within an array

!!!!!!
What is the primary difference between a method declared as static and a normal method?
Answer...


  • Static methods can only be called using the :: syntax and never from an instance

  • Static methods do not provide a reference to $this

  • Static methods cannot be called from within class instances

  • Static methods don't have access to the self keyword

  • There is no functional difference between a static and non-static method



Using flock() to lock a stream is only assured to work under what circumstances?
Answer...


  • When running in a Linux environment local filesystem

  • When accessing the stream of the local filesystem

  • When running in a Windows environment and accessing a share

  • When accessing a bi-directional stream

  • When accessing a read-only stream



What does the following PHP script accomplish?
$dom = new DomDocument();
$dom->load('test.xml');
$body = $dom->documentElement->getElementsByTagName('body')->item(0);
echo $body->getAttributeNode('background')->value. "\n";
?>


Answer...


  • Displays the content of every <body> node

  • Displays the "background" attribute for the first node in the XML document named "body"

  • Displays the content of every node that has a "background" node

  • Displays the "background" attribute of every node named "body"


!!!
Consider the following code:
session_start();

if(!empty($_REQUEST['id'])
&amp;amp;amp;&amp;amp;amp; !empty($_REQUEST['quantity'])) {
$id = scrub_id($_REQUEST['id']);
$quantity = scrub_quantity($_REQUEST['quantity'])
$_SESSION['cart'][] = array('id' => $id,
'quantity' => $quantity)
}

/* .... */

?>

What potential security hole would this code snippet produce?

Answer...


  • Cross-Site Scripting Attack

  • There is no security hole in this code

  • Code Injection

  • SQL Injection

  • Cross-Site Request Forgery



The following code block produces which output array?

$a = array(1 => "A", "B", "C");
$a[1] = "A"; $a[] = "B"; $a[] = "C";

print_r($a);

?>


Answer...


  • A => 1, B => 2, C => 3, B => 4, C => 5

  • A => 1, B => 2, C => 3

  • 1 => A, 2 => B, 3 => C

  • 0 => A, 1 => B, 2 => C

  • 1 => A, 2 => B, 3 => C, 4 => B, 5 => C



When working with a database, which of the following can be used to mitigate the possibility of exposing your database credientials to a malicious user?

Answers: (choose 3)


  • Moving all database credentials into a single file

  • Moving all database credentials outside of the document root

  • Restricting access to files not designed to be executed independently

  • Setting creditial information as system environment variables

  • Using PHP constants instead of variables to store credentials



When checking to see if two variables contain the same instance of an object, which of the following comparisons should be used?
Answer...


  • if($obj1->equals($obj2) && ($obj1 instanceof $obj2))

  • if($obj1->equals($obj2))

  • if($obj1 === $obj2)

  • if($obj1 instanceof $obj2)

  • if($obj1 == $obj2)



The following PHP script is an example of which design pattern?

interface HashAlgorithm {
public function hash($value);
}

class MyClass {

private $value;

public function __construct($value) {
$this->value = $value;
}

public function hash(HashAlgorithm $a) {
return $a->hash($this->value);
}
}

class MD5Hash implements HashAlgorithm {
public function hash($value) {
return md5($hash);
}
}
$obj = new MyClass("John");
$obj->hash(new MD5Hash());

?>


Answer...


  • Controller

  • Strategy

  • Abstract Factory

  • Factory

  • Command Chain


!!!
What is the output of the following script?


class ClassOne {
protected $a = 10;

public function changeValue($b) {
$this->a = $b;
}
}

class ClassTwo extends ClassOne {

protected $b = 10;

public function changeValue($b) {
$this->b = 10;
parent::changeValue($this->a + $this->b);
}

public function displayValues() {
print "a: {$this->a}, b: {$this->b}\n";
}
}

$obj = new ClassTwo();

$obj->changeValue(20);
$obj->changeValue(10);

$obj->displayValues();

?>


Answer...


  • a: 30, b: 30

  • a: 30, b: 20

  • a: 30, b: 10

  • a: 20, b: 20

  • a: 10, b: 10


!
Which of the following php.ini directives should be disabled to improve the outward security of your application?

Answers: (choose 4)


  • safe_mode

  • magic_quotes_gpc

  • register_globals

  • display_errors

  • allow_url_fopen


Identify the best approach to compare to variables in a binary-safe fashion
Answer...


  • Both strcmp() and $a === $b

  • $a == $b

  • $a === $b

  • str_compare()

  • strstr()


!!!!
What is the primary benefit of a SAX-based XML parser compared to DOM?

Answer...


  • All of the above

  • Faster then DOM methods

  • Requires less memory then DOM

  • Easier to develop parsers


!!!
When opening a file in writing mode using the FTP handler, what must be done so that the file will still be written to the server in the event it previously exists?

Answer...


  • Provide a context for fopen() using stream_context_create()

  • You must delete the file first before uploading a new file

  • Configure this behavior in the php.ini file using the ftp.overwrite directive

  • Open the file using the 'w+' mode



How can you modify the copy of an object during a clone operation?
Answer...


  • Put the logic in the object's constructor to alter the values

  • Implment your own function to do object copying

  • Implement the object's __clone() method

  • Implement __get() and __set() methods with the correct logic

  • Implement the __copy() method with the correct logic


!!!!!!
In PHP 5's object model, a class can have multiple ______ but only a single direct
________.
Answer...


  • None of the above

  • interfaces, child

  • children, interface

  • interfaces, parent

  • parents, interface



The following code snippet displays what for the resultant array?

$a = array(1 => 0, 3 => 2, 4 => 6);
$b = array(3 => 1, 4 => 3, 6 => 4);

print_r(array_intersect($a, $b));
?>


Answer...


  • 1 => 0

  • 1 => 3, 3 => 1, 4 => 3

  • 3 => 1, 3=> 2, 4 => 3, 4=> 6

  • 1 => 0, 3 => 2, 4 => 6

  • An empty Array


A fingerprint of a string can be determined using which of the following?

Answer...


  • md5()

  • hash()

  • fingerprint()

  • None of the above



What is the output of the following code block?

$a = "The quick brown fox jumped over the lazy dog.";

$b = array_map("strtoupper", explode(" ", $a));

foreach($b as $value) {
print "$value ";
}

?>


Answer...


  • THE QUICK BROWN FOX JUMPED OVER THE LAZY DOG.

  • A PHP Error

  • The quick brown fox jumped over the lazy dog.

  • Array Array Array Array Array Array Array Array Array

  • the quick brown fox jumped over the lazy dog.



Given the following XML document in a SimpleXML object:


PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


XML Example


Moved to &amp;amp;amp;lt;http://www.example.org/.&amp;amp;amp;gt;



Select the proper statement below which will display the HREF attribute of the anchor tag.

Answer...


  • $sxe->body->p[0]->a[1]['href']

  • $sxe->body->p->a->href

  • $sxe->body->p->a['href']

  • $sxe['body']['p'][0]['a']['href']

  • $sxe->body->p[1]->a['href']



To force a user to redirect to a new URL from within a PHP 5 script, which of the following should be used?
Answer...


  • Send a HTTP "Location:" header

  • Use the HTML <redirect> Tag

  • Send a HTTP "Forward:" header

  • Use the redirect() function



When running PHP in a shared host environment, what is the major security concern when it comes to session data?
Answer...


  • Sessions on shared hosts are easily hijacked by outside malicious users

  • All of the above

  • You cannot use a custom data store in shared hosts

  • Session data stored in the file system can be read by other scripts on the same shared host

  • Users outside the shared host can access any site which created a session for them



The __________ error level, which must be explicitally enabled in PHP 5, will warn you of deprecated functionality that will be removed in a future PHP version.


Consider the following script:
$dom = new DOMDOcument();
$dom->load("myxmlfile.xml");

foreach($dom->documentElement->childNodes as $child)
{
if(($child->nodeType == XML_ELEMENT_NODE) &amp;amp;amp;&amp;amp;amp;
$child->nodeName == "item")
{
foreach($child->childNodes as $item)
{
if(($item->nodeType == XML_ELEMENT_NODE) &amp;amp;amp;&amp;amp;amp;
($item->nodeName == "title"))
{
print "$item->firstChild->data\n";
}
}
}
}
?>

Assuming the referenced XML document exists and matches the parsing logic, what should be displayed when this script is executed?
Answer...


  • None of the above

  • The XML of each 'title' node

  • The XML of each 'item' node

  • "Title" for every title node in the document

  • The contents of every 'title' node which exists under an 'item' node



What are the primary benefits of object oriented programming?
Answers: (choose 3)


  • Maintainability

  • Execution Speed

  • Encapsulation

  • Code Reuse



Which statement will return the third parameter passed to a function?
Answer...


  • $argv[3];

  • $argv[2];

  • func_get_args(3); ?

  • func_get_arg(2);

  • func_get_arg(3);

1 комментарий: