Исатаев Владимир: Вопросики из селф сертификации

Итак почти все вопросы из Самопроверочного теста по Зенд Сертификации. (Написал по русски чтоб не палитсо)...

ЗЫ Сорри что табы в коде съехали, трудно эдитить в этом TinyMCE in WP...

When connecting to a database using PDO, what must be done to ensure that database credentials are not compromised if the connection were to fail?
Answer...

wrap the PDO DSN in a try/catch block to catch any connection exception

Use constants in the PDO DSN

Place the login credentials in the php.ini file

Disable E_STRICT and E_NOTICE error reporting levels

Consider the following code snippet:

    $query = "SELECT first,
last,
phone
FROM contacts
WHERE first LIKE 'John%'";

    

    $statement = mysqli_prepare($link, $query);
mysqli_execute($statement);

    

    /* ???? */

    

    while(($result = mysqli_stmt_fetch($statement)))
{
print "Name: $first $last\n";
print "Phone: $phone\n\n";
}
?>

Assuming this code snippet is part of a larger correct application, what must be done in place of the ???? above for the correct output to be displayed?
Answer...

None of the above

mysqli_fetch_columns($first, $last, $phone);

mysqli_stmt_bind_result($statement, $first, $last, $phone);

A while loop, fetching the row and assigning $first, $last, and $phone the proper value

What three special methods can be used to perform special logic in the event a particular accessed method or member variable is not found?
Answers: (choose 3)

__get($variable)

__call($method, $params)

__get($method)

__set($variable, $value)

__call($method)

In PHP 5, the ________ method is automatically called when the object is created, while the _______ method is automatically called when the object is destroyed.
Answer...

__construct(), __destruct()

<Class Name>, __destroy()

<Class Name>, ~<Class Name>

__startup(), __shutdown()

__construct(), __destroy()

When using a function such as strip_tags, are markup-based attacks still possible?
Answer...

No, HTML does not pose any security risks

Yes, even a <p> HTML tag is a security risk

Yes, attributes of allowed tags are ignored

No, strip_tags will prevent any markup-based attack

_______ can be used to add additional functionality to a stream, such as implementation of a specific protocol on top of a normal PHP stream implementation.
Answer...

Buffered

Buckets

Wrappers

Filters

When embedding PHP into XML documents, what must you ensure is true in order for things to function properly?
Answer...

Disabling of the short_tags PHP.ini directive

Enabling the asp_tags PHP.ini directive

That you have XPath support enabled in PHP 5

That your XML documents are well-formed

None of the above, PHP can be embedded in XML in all cases.

What is the best way to iterate and modify every element of an array using PHP 5?

Answer...

You cannot modify an array during iteration

for($i = 0; $i < count($array); $i++) { /* ... */ }

foreach($array as $key => &$val) { /* ... */ }

foreach($array as $key => $val) { /* ... */ }

while(list($key, $val) = each($array)) { /* ... */

What is the output of the following?



$a = 20;


function myfunction($b) {
$a = 30;


global $a, $c;
return $c = ($b + $a);
}


print myfunction(40) + $c;


?>

Answer...

Syntax Error

Consider the following PHP 4 code:

if($obj1 === $obj2) {
/* Do something */
}
?>

What, if any, potential compatibility problems will this conditional have in PHP 5?
Answer...

This code is undefined in PHP 4

None of the above

$obj1 and $obj2 must have the same property values in PHP 5

$obj1 and $obj2 must be the same instance in PHP 5

There are no compatibility issues

Consider the following PHP code segment, which attempts to execute a PDO query:

try {
$dbh->exec($sql);
} catch (PDOException $e) {
// display warning message

$info = $e->errorInfo;
}
?>

In the event of a PDOException, $info is set with the contents of the $errorInfo property of the exception. Which of the following are accurate descriptions of the contents?

Answers: (choose 3)

$info[1] is the database-specific error code

$info[2] is the database-specific error message

$info[1] is the unified error code

$info[0] is the unified error code

$info[0] Is the Database-specific error message

The Decorator pattern is used to...
Answer...

Change the behavior of a class without modifying the original class

Used in XSLT transformations in OO design

Used to map HTML structures to objects

A type of View in an MVC pattern

What is the output of the following?

function a($number)
{
return (b($number) * $number);
}



function b(&amp;amp;amp;$number)
{
++$number;
}
echo a(5);
?>

Answer...

To ensure that a given object has a particular set of methods, you must provide a method list in the form of an ________ and then attach it as part of your class using the ________ keyword.
Answer...

array, interface

interface, implements

interface, extends

instance, implements

access-list, instance

What is the output of the following code?

function oranges(&amp;amp;amp;$oranges = 17)

{

$oranges .= 1;

}

$apples = 5;

oranges($apples);

echo $apples++;

Answer...

How can the following code be re-written from PHP 4 to PHP 5?



if(get_class($myObj) == "MyClass") {
// Do something
}


?>

Answers: (choose 1)

if(get_class($myObj) === "MyObject)

if(strtolower(get_class($myObj)) == "MyClass")

if($myObj implements MyClass)

if($myObj instanceof Object)

if($myObj instanceof MyClass)

What is the best approach for converting this string:
$string = "a=10&b[]=20&c=30&d=40+50";

Into this array?





array(4) {
["a"]=>
string(2) "10"
["b"]=>
array(1) {
[0]=>
string(2) "20"
}

["c"]=>
string(2) "30"
["d"]=>
string(5) "40 50"
}

Answer...

Write a parser completely by hand, it's the only way to make sure it's 100% accurate

Use the parse_str() function to translate it to an array()

Pass the variable to another PHP script via an HTTP GET request and return the array as a serialized variable

Just call unserialize() to translate it to an array()

Write a string parser using strtok() and unserialize() to convert it to an array

Consider the following code snippet:

$query = "INSERT INTO mytable
(myinteger, mydouble, myblob, myvarchar)
VALUES (?, ?, ?, ?)";



$statement = mysqli_prepare($link, $query);



if(!$statement)
{
die(mysqli_error($link));
}



/* The variables being bound to by MySQLi
don't need to exist prior to binding */

mysqli_bind_param($statement, "idbs",
$myinteger, $mydouble, $myblob, $myvarchar);



/* ???????????? */



/* execute the query, using the variables as defined. */



if(!mysqli_execute($statement))
{
die(mysqli_error($link));
}



?>

Assuming this snippet is a smaller part of a correctly written script, what actions must occur in place of the ????? in the above code snippet to insert a row with the following values: 10, 20.2, foo, string ?
Answer...

A transaction must be begun and the variables must be assigned

Each value must be assigned prior to calling mysqli_bind_param(), and thus nothing should be done

Use mysqli_bind_value() to assign each of the values

Assign $myinteger, $mydouble, $myblob, $myvarchar the proper values

The following could be better represented as what?



if($a == 10) {


} elseif ($a == 20) {


} elseif ($a == 30) {


}


?>

Answer...

A switch statement without break statements

A foreach statement

A while statement

A switch statement

Multiple if statements

When implementing a permissions system for your Web site, what should always be done with regards to the session?

Answer...

None of the above

You should not implement permission systems using sessions

Sessions should be cleared of all data and re-populated

The session key should be regenerated

The session should be destroyed

What XML technology is used when you mix two different document types in a single XML document?

Answer...

Validators

Transformations

Namespaces

!!!!!!!!!!!!!!!!!!!!!!
The _________ context variable allows you to define a callback for the stream that will notify your script of certain events during the course of the transaction.
[ tyep our answer ]

Which of the following functions is used to determine if a given stream is blocking or not?
Answer...

stream_get_blocking

stream_get_meta_data

stream_is_blocking

stream_get_blocking_mode

The following is a common XML structure used in service oriented architectures, what does it represent?

Answer...

None of the above

A fragment of a complete SOAP request

XML-RPC

REST

SOAP

!!!!!!!!!
One can determine if it is possible to send HTTP headers from within your PHP script using which of the following functions?
Answer...

apache_headers_enabled()

is_headers_enabled()

is_headers_sent()

headers_sent()

headers_enabled()

Which of the following are not valid ways to embed a variable into a string?

Answers: (choose 2)

$a = "Value: $value->getValue()";

$a = "Value: {$value}";

$a = 'Value: $value';

$a = "Value: $value";

$a = "Value: {$value['val']}";

Which of the following is not a valid PDO DSN?
Answer...

All of the above are valid

mysql:unix_socket=/tmp/mysql.sock;dbname=testdb

oci:dbname=//localhost:1521/mydb

mysql:host=localhost;port=3307;dbname=testdb

sqlite2:/opt/databases/mydb.sq2

!!!!!!!!!!!!
What is the output of the following code?



class MyException extends Exception {}
class AnotherException extends MyException {}


class Foo {
public function something() {
throw new AnotherException();
}

public function somethingElse() {
throw new MyException();
}
}


$a = new Foo();


try {
try {
$a->something();
} catch(AnotherException $e) {
$a->somethingElse();

} catch(MyException $e) {
print "Caught Exception";
}
} catch(Exception $e) {

print "Didn't catch the Exception!";
}


?>

Answer...

"Caught Exception" followed by "Didn't catch the Exception!"

A fatal error for an uncaught exception

"Didn't catch the Exception!"

"Didn't catch the Exception!" followed by a fatal error

"Caught Exception"

!!!!
The $_REQUEST super global contains what?

Answers: (choose 3)

Data received from the session

Data received from Cookies

Data received from the server environment

Data received from HTTP POST

Data received from HTTP GET

111
What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?
Answer...

None of the above

Never trust any data from the user

Enable built-in security features such as magic_quotes_gpc and safe_mode

Always filter all incoming data

Use PHP 5's tainted mode

Removing undesired markup tags from input can best be done using which function?
Answer...

strip_tags()

tidy_strip_html()

str_replace()

strip_html()

??????
Setting a cookie on the client in PHP 5 can be best accomplished by:
Answer...

Use the add_cookie() function

Use the setcookie() function

Use the the apache_send_header() function

Setting a variable in the $_COOKIE superglobal

!!!!!!!!
The ______ function is used to add up the values of every entry within an array

!!!!!!
What is the primary difference between a method declared as static and a normal method?
Answer...

Static methods can only be called using the :: syntax and never from an instance

Static methods do not provide a reference to $this

Static methods cannot be called from within class instances

Static methods don't have access to the self keyword

There is no functional difference between a static and non-static method

Using flock() to lock a stream is only assured to work under what circumstances?
Answer...

When running in a Linux environment local filesystem

When accessing the stream of the local filesystem

When running in a Windows environment and accessing a share

When accessing a bi-directional stream

When accessing a read-only stream

What does the following PHP script accomplish?

$dom = new DomDocument();
$dom->load('test.xml');

$body = $dom->documentElement->getElementsByTagName('body')->item(0);

echo $body->getAttributeNode('background')->value. "\n";
?>

Answer...

Displays the content of every <body> node

Displays the "background" attribute for the first node in the XML document named "body"

Displays the content of every node that has a "background" node

Displays the "background" attribute of every node named "body"

!!!
Consider the following code:

session_start();



if(!empty($_REQUEST['id'])
&amp;amp;amp;&amp;amp;amp; !empty($_REQUEST['quantity'])) {

$id = scrub_id($_REQUEST['id']);
$quantity = scrub_quantity($_REQUEST['quantity'])

$_SESSION['cart'][] = array('id' => $id,
'quantity' => $quantity)
}



/* .... */



?>

What potential security hole would this code snippet produce?

Answer...

Cross-Site Scripting Attack

There is no security hole in this code

Code Injection

SQL Injection

Cross-Site Request Forgery

The following code block produces which output array?



$a = array(1 => "A", "B", "C");
$a[1] = "A"; $a[] = "B"; $a[] = "C";


print_r($a);


?>

Answer...

A => 1, B => 2, C => 3, B => 4, C => 5

A => 1, B => 2, C => 3

1 => A, 2 => B, 3 => C

0 => A, 1 => B, 2 => C

1 => A, 2 => B, 3 => C, 4 => B, 5 => C

When working with a database, which of the following can be used to mitigate the possibility of exposing your database credientials to a malicious user?

Answers: (choose 3)

Moving all database credentials into a single file

Moving all database credentials outside of the document root

Restricting access to files not designed to be executed independently

Setting creditial information as system environment variables

Using PHP constants instead of variables to store credentials

When checking to see if two variables contain the same instance of an object, which of the following comparisons should be used?
Answer...

if($obj1->equals($obj2) && ($obj1 instanceof $obj2))

if($obj1->equals($obj2))

if($obj1 === $obj2)

if($obj1 instanceof $obj2)

if($obj1 == $obj2)

The following PHP script is an example of which design pattern?



interface HashAlgorithm {
public function hash($value);
}


class MyClass {


private $value;


public function __construct($value) {
$this->value = $value;
}


public function hash(HashAlgorithm $a) {
return $a->hash($this->value);
}
}


class MD5Hash implements HashAlgorithm {
public function hash($value) {
return md5($hash);
}
}

$obj = new MyClass("John");
$obj->hash(new MD5Hash());


?>

Answer...

Controller

Strategy

Abstract Factory

Factory

Command Chain

!!!
What is the output of the following script?



class ClassOne {
protected $a = 10;


public function changeValue($b) {
$this->a = $b;
}
}


class ClassTwo extends ClassOne {


protected $b = 10;


public function changeValue($b) {
$this->b = 10;
parent::changeValue($this->a + $this->b);
}



public function displayValues() {
print "a: {$this->a}, b: {$this->b}\n";
}
}


$obj = new ClassTwo();


$obj->changeValue(20);
$obj->changeValue(10);


$obj->displayValues();


?>

Answer...

a: 30, b: 30

a: 30, b: 20

a: 30, b: 10

a: 20, b: 20

a: 10, b: 10

!
Which of the following php.ini directives should be disabled to improve the outward security of your application?

Answers: (choose 4)

safe_mode

magic_quotes_gpc

register_globals

display_errors

allow_url_fopen

Identify the best approach to compare to variables in a binary-safe fashion
Answer...

Both strcmp() and $a === $b

$a == $b

$a === $b

str_compare()

strstr()

!!!!
What is the primary benefit of a SAX-based XML parser compared to DOM?

Answer...

All of the above

Faster then DOM methods

Requires less memory then DOM

Easier to develop parsers

!!!
When opening a file in writing mode using the FTP handler, what must be done so that the file will still be written to the server in the event it previously exists?

Answer...

Provide a context for fopen() using stream_context_create()

You must delete the file first before uploading a new file

Configure this behavior in the php.ini file using the ftp.overwrite directive

Open the file using the 'w+' mode

How can you modify the copy of an object during a clone operation?
Answer...

Put the logic in the object's constructor to alter the values

Implment your own function to do object copying

Implement the object's __clone() method

Implement __get() and __set() methods with the correct logic

Implement the __copy() method with the correct logic

!!!!!!
In PHP 5's object model, a class can have multiple ______ but only a single direct
________.
Answer...

None of the above

interfaces, child

children, interface

interfaces, parent

parents, interface

The following code snippet displays what for the resultant array?



$a = array(1 => 0, 3 => 2, 4 => 6);
$b = array(3 => 1, 4 => 3, 6 => 4);


print_r(array_intersect($a, $b));
?>

Answer...

1 => 0

1 => 3, 3 => 1, 4 => 3

3 => 1, 3=> 2, 4 => 3, 4=> 6

1 => 0, 3 => 2, 4 => 6

An empty Array

A fingerprint of a string can be determined using which of the following?

Answer...

md5()

hash()

fingerprint()

None of the above

What is the output of the following code block?



$a = "The quick brown fox jumped over the lazy dog.";


$b = array_map("strtoupper", explode(" ", $a));


foreach($b as $value) {
print "$value ";
}


?>

Answer...

THE QUICK BROWN FOX JUMPED OVER THE LAZY DOG.

A PHP Error

The quick brown fox jumped over the lazy dog.

Array Array Array Array Array Array Array Array Array

the quick brown fox jumped over the lazy dog.

Given the following XML document in a SimpleXML object:


PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">




XML Example




Moved to &amp;amp;amp;lt;http://www.example.org/.&amp;amp;amp;gt;

Select the proper statement below which will display the HREF attribute of the anchor tag.

Answer...

$sxe->body->p[0]->a[1]['href']

$sxe->body->p->a->href

$sxe->body->p->a['href']

$sxe['body']['p'][0]['a']['href']

$sxe->body->p[1]->a['href']

To force a user to redirect to a new URL from within a PHP 5 script, which of the following should be used?
Answer...

Send a HTTP "Location:" header

Use the HTML <redirect> Tag

Send a HTTP "Forward:" header

Use the redirect() function

When running PHP in a shared host environment, what is the major security concern when it comes to session data?
Answer...

Sessions on shared hosts are easily hijacked by outside malicious users

All of the above

You cannot use a custom data store in shared hosts

Session data stored in the file system can be read by other scripts on the same shared host

Users outside the shared host can access any site which created a session for them

The __________ error level, which must be explicitally enabled in PHP 5, will warn you of deprecated functionality that will be removed in a future PHP version.

Consider the following script:

$dom = new DOMDOcument();
$dom->load("myxmlfile.xml");



foreach($dom->documentElement->childNodes as $child)
{

if(($child->nodeType == XML_ELEMENT_NODE) &amp;amp;amp;&amp;amp;amp;
$child->nodeName == "item")

{
foreach($child->childNodes as $item)
{

if(($item->nodeType == XML_ELEMENT_NODE) &amp;amp;amp;&amp;amp;amp;
($item->nodeName == "title"))

{
print "$item->firstChild->data\n";
}
}
}
}
?>

Assuming the referenced XML document exists and matches the parsing logic, what should be displayed when this script is executed?
Answer...

None of the above

The XML of each 'title' node

The XML of each 'item' node

"Title" for every title node in the document

The contents of every 'title' node which exists under an 'item' node

What are the primary benefits of object oriented programming?
Answers: (choose 3)

Maintainability

Execution Speed

Encapsulation

Code Reuse

Which statement will return the third parameter passed to a function?
Answer...

$argv[3];

$argv[2];

func_get_args(3); ?

func_get_arg(2);

func_get_arg(3);

Исатаев Владимир

пятница, 14 ноября 2008 г.

Вопросики из селф сертификации

1 комментарий:

Архив блога

пятница, 14 ноября 2008 г.

Вопросики из селф сертификации

1 комментарий:

пятница, 14 ноября 2008 г.