Zend PHP5 Certification Mock Exam Sample Questions — 2
This is the second part of the explanation exam questions to test Zend PHP5 with the correct (imho) answers and useful links on manuals.
If you have additional minds please use comments.
61. Given the two values below, which of the following possiblities will print 10 foos20 bars? (Choose 1 answer)
<?php
$var1 = "10 foos";
$var2 = "20 bars";
print ???????;
?>
- None of the above
- implode(««, array($var1,$var2));
- $var1 . $var2
- $var1 + $var2
- All of the above
http://php.net/manual/en/language.operators.string.php, http://ru.php.net/manual/en/function.implode.php
62. Given the string, which of the following will extract the TLD (top level domain) of „.net“ from the string? (Choose 1 answer)
$var = „john@php.net“;
- strstr($var, strpos($var, „.“));
- substr($var, strpos($var, „@“));
- substr($var, strstr($var, „.“));
- substr($var, strpos($var, „.“) + 1);
- substr($var, strpos($var, „.“));
http://ru.php.net/manual/en/function.substr.php, http://ru.php.net/manual/en/function.strpos.php
63. When comparing two strings, which of the following is acceptable? (Choose 4 answers)
- $a === $b;
- strcasecmp($a, $b);
- strcmp($a, $b);
- $a == $b;
- str_compare($a,$b);
http://ru.php.net/manual/en/function.strcasecmp.php, http://ru.php.net/manual/en/function.strcmp.php and str_compare does not exist.
64. A fingerprint of a string can be determined using which of the following? (Choose 1 answer)
- md5()
- hash()
- fingerprint()
- None of the above
http://ru.php.net/manual/en/function.md5.php
65. Which of the following is the best way to split a string on the „-=-“ pattern? (Choose 1 answer)
- They all are equally proper methods
- str_split($string, strpos($string, „-=-“))
- preg_split(„-=-“, $string);
- explode(„-=-“ $string);
http://ru.php.net/manual/en/function.str-split.php, http://ru.php.net/manual/en/function.preg-split.php, http://ru.php.net/manual/en/function.explode.php — but where is comma?
66. What is the output of the following code? (Choose 1 answer)
<?php
$string = "14302";
$string[$string[2]] = "4";
print $string;
?>
- 14304
- 14342
- 44302
- 14402
- Array
67. Which of the following comparisons will evaluate to true? (Choose 3 answers)
- 't' == t
- 1 === „1time“
- „top“ == 0
- „top“ === 0
- 1 == „1time“
http://www.php.net/manual/en/language.types.type-juggling.php
68. Which function is best suited for removing markup tags from a string? (Choose 1 answer)
- strip_markup
- strip_tags
- str_replace
- preg_replace
- preg_strip
http://php.net/manual/en/function.strip-tags.php
69. Identify the best approach to compare to variables in a binary-safe fashion (Choose 1 answer)
- Both strcmp() and $a === $b
- $a == $b
- $a === $b
- str_compare()
- strstr()
http://ru2.php.net/manual/en/function.strcmp.php, http://php.net/manual/en/language.operators.comparison.php
70. Consider the following script, what could be placed in place of ?????? to output the string: I have 5 apples and 10 oranges? (Choose 2 answers)
<?php
$oranges = 10;
$apples = 5;
$string = "I have %d apples and %d oranges";
???????
?>
- str_format($string, $apples, $oranges);
- print($string, $apples, $oranges);
- printf($string, $apples, $oranges);
- print sprintf($apples, $oranges);
- sprintf($string, $oranges, $apples);
http://ru.php.net/manual/en/function.sprintf.php
71. Consider the following script, In this script, do the two var_dump() calls produce the same string? Why or Why Not? (Choose 1 answer)
<?php
$string = "<b>I like 'PHP' & I think it is \"cool\"</b>";
var_dump(htmlentities($string, ENT_QUOTES));
var_dump(print htmlspecialchars($string));
?>
- No, the htmlentities() call will translate quotes while the htmlspecialchars() call will not
- No, htmlentites() translates < and > symbols to their HTML entity equivalents while htmlspecialchars() only does quotes
- No, the htmlentites() call won't translate quotes to HTML entities while the htmlspecialchars() call will
- Yes, htmlspecialchars() and htmlentities() with the ENT_QUOTES constants produce the same result
http://ru.php.net/manual/en/function.htmlentities.php, http://ru.php.net/manual/en/function.htmlspecialchars.php
72. Consider the following String, which of the following functions would best parse the string above by the tab (\t) and newline (\n) characters? (Choose 1 answer)
$string = „John\tMark\nTed\tLarry“;
- strsplit($string, „\t\n“);
- strtok($string, „\t\n“);
- strstr($string, „\t\n“);
- explode(„\t\n“, $string);
- All of the above
http://ru.php.net/manual/en/function.strtok.php
73. Which functions would be needed to translate the following string: ‘I love PHP 5’ to the following ‘5 PHP EVOL I’? (Choose 2 answers)
- mirror()
- strtoupper()
- toupper()
- str_reverse()
- strrev()
http://ru.php.net/manual/en/function.strtoupper.php, http://ru.php.net/manual/en/function.strrev.php
74. What is the best approach for converting this string, Into this array? (Choose 1 answer)
$string = „a=10&b[]=20&c=30&d=40+50“;
array(4) {
["a"]=>string(2) „10“
["b"]=>array(1) {
[0]=>string(2) „20“
}
["c"]=>string(2) „30“
["d"]=>string(5) „40 50“
}
- Write a parser completely by hand, it's the only way to make sure it's 100% accurate
- Use the parse_str() function to translate it to an array()
- Pass the variable to another PHP script via an HTTP GET request and return the array as a serialized variable
- Just call unserialize() to translate it to an array()
- Write a string parser using strtok() and unserialize() to convert it to an array
http://ru.php.net/manual/en/function.parse-str.php
75. Which string does the following PCRE regular expression match? (Choose 2 answers)
$regex = „/^([a-z]{5})[1-5]+([a-z]+)/“;
- None of the above
- Hello34262343goodbye
- frank12345abc
- hello34212343goodbye
- abcdefghi12345abc
http://en.wikipedia.org/wiki/Regular_expression
76. Which PCRE regular expression will match the string ‘PhP5-rocks’? (Choose 1 answer)
- /^[hp1-5]*\- .*/i
- /[hp1-5]*\- .?/
- /[hp][1-5]*\- .*/
- /[PhP]{3}[1-5]{2,3}\- .*$/
- /[a-z1-5\-]*/
http://www.phpro.org/tutorials/Introduction-to-PHP-Regex.html#8
77. If regular expressions must be used, in general which type of regular expression functions available to PHP is preferred for performance reasons? (Choose 1 answer)
- strtok() using regular expressions
- preg_* regular expression functions
- parse_str() using regular expressions
- strregex* regular expression functions
- ereg* regular expression functions
http://ru.php.net/manual/en/function.ereg.php: preg_match(), which uses a Perl-compatible regular expression syntax, is often a faster alternative to ereg().
78. To destroy one variable within a PHP session you should use which method in PHP 5? (Choose 1 answer)
- Unset the variable in $HTTP_SESSION_VARS
- Use the session_destroy() function
- Use the session_unset() function
- unset the variable in $_SESSION using unset()
- Any of the above are acceptable in PHP 5
http://docs.php.net/manual/ru/session.examples.basic.php: Example #2 Unregistering a variable with $_SESSION and register_globals disabled.
79. If you would like to store your session in the database, you would do which of the following? (Choose 1 answer)
- It requires a custom PHP extension to change the session handler
- Implement the session_set_save_handler() function
- Create functions for each session handling step and use session_set_save_handler() to override PHP's internal settings
- Configure the session.save_handler INI directive to your session class
http://ru.php.net/manual/en/function.session-set-save-handler.php: This is most useful when a storage method other than those supplied by PHP sessions is preferred. i.e. Storing the session data in a local database.
80. To destroy a PHP session completely, one must which of the following? (Choose 2 answers)
- Regenerate the session ID using session_regenerate_id()
- If cookies are used, destroy it
- Use session_demolish() to completely destroy the session
- Change the session name using session_name()
- Destroy the session data using session_destroy()
http://ru.php.net/manual/en/function.session-destroy.php, and delete the session cookie
81. If you would like to change the session ID generation function, which of the following is the best approach for PHP 5? (Choose 1 answer)
- Set the session.hash_function INI configuration directive
- Use the session_set_id_generator() function
- Set the session id by force using the session_id() function
- Use the session_regenerate_id() function
- Implement a custom session handler
http://ru2.php.net/manual/en/function.session-id.php
82. Consider the following HTML fragement, which of the following name attributes should be used to capture all of the data from the user in PHP? (Choose 1 answer)
<select name=»?????» multiple>
<option value=»1">Item #1</option>
<!— … more options … —>
</select>
- myselectbox=array()
- myselectbox[]
- myselectbox['multiple']
- myselectbox{'multiple'}
- myselectbox
http://onlamp.com/pub/a/php/2004/08/26/PHPformhandling.html
83. When uploading a file using HTTP, which variable can be used to locate the file on PHP's local filesystem? (Choose 1 answer)
- None of the above
- $_FILES['fieldname']['tmp_name']
- $_FILES['fieldname']
- $_FILES['fieldname'][0]['filename']
- $_FILES['fieldname']['filename']
http://www.php.net/manual/en/features.file-upload.post-method.php:$_FILES['userfile']['tmp_name'] – the temporary filename of the file in which the uploaded file was stored on the server.
84. To force a user to redirect to a new URL from within a PHP 5 script, which of the following should be used? (Choose 1 answer)
- Send a HTTP «Location:» header
- Use the HTML <redirect> Tag
- Send a HTTP «Forward:» header
- Use the redirect() function
http://php.net/manual/en/function.header.php, respectively with Location response-header field.
85. Setting a cookie on the client in PHP 5 can be best accomplished by: (Choose 1 answer)
- Use the add_cookie() function
- Use the setcookie() function
- Use the the apache_send_header() function
- Setting a variable in the $_COOKIE superglobal
http://ru.php.net/manual/en/function.setcookie.php
86. How does one create a cookie which will exist only until the browser session is terminated? (Choose 1 answer)
- You cannot create cookies that expire when the browser session is terminated
- Setting the expiration time for a cookie to a time in the distant future
- Do not provide a cookie expiration time
- Enable Cookie Security
- Set a cookie without a domain
http://php.net/manual/en/function.setcookie.php: if expire set to 0, or omitted, the cookie will expire at the end of the session (when the browser closes).
87. Setting a HTTP cookie on the client which is not URL-encoded is done how in PHP 5? (Choose 1 answer)
- Use the setrawcookie() function
- Set the cookies.urlencode INI directive to false
- Use urldecode() on the return value of setcookie()
- Setting the $no_encode parameter of setcookie() to a boolean 'true'
- All cookies must be URL encoded
http://ru.php.net/manual/en/function.setrawcookie.php: setrawcookie() is exactly the same as setcookie() except that the cookie value will not be automatically urlencoded when sent to the browser.
88. During an HTTP authentication, how does one determine the username and password provided by the browser? (Choose 1 answer)
- Parse the HTTP headers manually using http_get_headers()
- Use the get_http_username() and get_http_password() functions
- Use the $_SERVER['HTTP_USER'] and $_SERVER['HTTP_PASSWORD'] variables
- Use the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables
- Parse the $_SERVER['REQUEST_URI'] variable
http://php.net/manual/en/features.http-auth.php
89. Consider the following function, what conditional should replace the ????? above? (Choose 1 answer)
<?php
function redirect($url) {
// Check to make sure we haven't already sent
// the header:
if(???????) {
header("Location: $url");
}
}
?>
- !in_array(«Location: $url», headers_list())
- !header_exists(«Location: $url»)
- !header_location($url)
- $_SERVER['HTTP_LOCATION'] != $url
http://ru.php.net/manual/en/function.headers-list.php, also header_exists is not exists.
90. One can ensure that headers can always be sent from a PHP script by doing what? (Choose 1 answer)
- Enable header buffering in PHP 5
- Set the header.force INI directive to true
- Enable output buffering in PHP 5
- There is no way to ensure that headers can always be set, they must always be checked
- None of the above
http://php.net/manual/en/function.ob-start.php: while output buffering is active no output is sent from the script (other than headers), instead the output is stored in an internal buffer.
91. When is it acceptable to store sensitive information in an HTTP cookie? (Choose 1 answer)
- Only under extremely controlled situations
- When the cookie is sent over a secure HTTP request
- When it is encrypted
- It is always acceptable
http://php.net/manual/en/function.setcookie.php — the value of the cookie is stored on the clients computer; do not store sensitive information.
92. Removing undesired markup tags from input can best be done using which function? (Choose 1 answer)
- strip_tags()
- tidy_strip_html()
- str_replace()
- strip_html()
http://ru2.php.net/manual/en/function.strip-tags.php — strip HTML and PHP tags from a string.
93. When using a function such as strip_tags, are markup-based attacks still possible? (Choose 1 answer)
- No, HTML does not pose any security risks
- Yes, even a <p> HTML tag is a security risk
- Yes, attributes of allowed tags are ignored
- No, strip_tags will prevent any markup-based attack
http://ru2.php.net/manual/en/function.strip-tags.php — This function does not modify any attributes on the tags that you allow using allowable_tags, including the style and onmouseover attributes that a mischievous user may abuse when posting text that will be shown to other users.
94. Consider the following PHP string representing an SQL statement. Which of the following values for $username or $password would change the behavior of this query when executed? (Choose 1 answer)
$query = «UPDATE users SET password='$password' WHERE username='$username'»;
- None of the above
- $username = «foobar\' WHERE username='admin'»;
- $password = «foobar' WHERE username='admin' —:»;
- $password = «\»foobar\» WHERE username=\»admin\»";
http://php.net/manual/en/security.database.sql-injection.php — It is common technique to force the SQL parser to ignore the rest of the query written by the developer with — which is the comment sign in SQL.
95. SQL Injections can be best prevented using which of the following database technologies? (Choose 1 answer)
- All of the above
- Prepared Statements
- Persistent Connections
- Unbuffered Queries
- Query escaping
http://php.net/manual/en/pdo.prepared-statements.php — If an application exclusively uses prepared statements, the developer can be sure that no SQL injection will occur (however, if other portions of the query are being built up with unescaped input, SQL injection is still possible).
96. Where should indirectly executed PHP scripts (i.e. include files) be stored in the file system? (Choose 1 answer)
- Outside of the Document Root
- In the document root
- Anywhere you want
- In the database
http://phpsec.org/projects/guide/3.html: Remember that everything within document root has a URL associated with it. For example, if document root is /usr/local/apache/htdocs, then a file located at /usr/local/apache/htdocs/inc/db.inc has a URL such as http://example.org/inc/db.inc.
97. When executing system commands from PHP, what should one do to keep applications secure? (Choose 3 answers)
- Remove all quote characters from variables used in a shell execution
- Avoid using shell commands when PHP equivlents are available
- Hard code all shell commands
- Escape all shell arguments
- Escape all shell commands executed
http://ru.php.net/manual/en/function.exec.php: When allowing user-supplied data to be passed to this function, use escapeshellarg() or escapeshellcmd() to ensure that users cannot trick the system into executing arbitrary commands.
98. Why is it important from a security perspective to never display PHP error messages directly to the end user, yet always log them? (Choose 2 answers)
- Error messages will contain sensitive session information
- Error messages can contain cross site scripting attacks
- Security risks involved in logging are handled by PHP
- Error messages give the perception of insecurity to the user
- Error messages can contain data useful to a potential attacker
http://www.w3schools.com/php/php_error.asp
99. The MVC pattern in Web development involves which of the following components? (Choose 4 answers)
- View
- Controller
- Validation
- Model
- Front Controller
http://en.wikipedia.org/wiki/Model–view–controller
100. Which of the following aspects of the MVC pattern is used in conjunction with the database? (Choose 1 answer)
- Model
- Schema
- Validation
- Controller
- View
http://en.wikipedia.org/wiki/Model–view–controller: the 'model' in MVC is both the data and the business/domain logic needed to manipulate the data in the application.
101. What are the primary benefits of object oriented programming? (Choose 3 answers)
- Maintainability
- Execution Speed
- Encapsulation
- Code Reuse
http://en.wikipedia.org/wiki/Object-oriented_programming#cite_ref-realisticcodereuse_23-0: OOP was developed to increase the reusability and maintainability of source code.[24], and of course Encapsulation.
102. What constitutes a View in the MVC pattern for PHP 5, in the following list? (Choose 2 answers)
- Iterators
- PDO
- Classes
- PHP
- Smarty
http://en.wikipedia.org/wiki/Model–view–controller#Concepts: The view renders the model into a form suitable for interaction, typically a user interface element.
103. Which of the following extensions are no longer part of PHP 5 and have been moved to PECL? (Choose 2 answers)
- tidy
- mysql
- w32api
- curl
- dio
http://ru.php.net/manual/en/intro.w32api.php & http://ru.php.net/manual/en/intro.dio.php: This extension has been moved to the » PECL repository and is no longer bundled with PHP as of PHP 5.1.0.
104. Which of the following functions were added to PHP 5 for dealing with arrays? (Choose 2 answers)
- array_intersect_key()
- array_unshift()
- array_diff_key()
- array_merge()
- array_slice()
http://ru.php.net/manual/en/function.array-intersect-key.php & http://ru.php.net/manual/en/function.array-diff-key.php: (PHP 5 >= 5.1.0)
105. Consider the following script. This code has changed behavior in PHP 5. Identify the output of this script as it would have been in PHP 4, as well as the new behavior in PHP 5. (Choose 2 answers)
<?php
function func(&$arraykey) {
return $arraykey; // function returns by value!
}
$array = array('a', 'b', 'c');
foreach (array_keys($array) as $key) {
$y = &func($array[$key]);
$z[] =& $y;
}
var_dump($z);
?>
- array('a', 'a', 'b')
- array('a', 'b', 'c')
- array('c', 'b', 'a')
- array('c', 'c', 'c')
- array('b', 'b', 'b')
http://www.php.net/manual/en/language.references.return.php & http://php.net/manual/en/functions.returning-values.php
106. Consider the following code block. This code block's behavior has changed between PHP 4 and PHP 5. Why? (Choose 1 answer)
<?php
function &myFunction() {
$string = "MyString";
var_dump($string);
return ($undefined);
}
for($i = 0; $i < 10; $i++) {
$retval = myFunction();
}
?>
- None of the above
- This could would cause an automatic segmentation fault in PHP 4
- This code would throw a syntax error in PHP 4
- Returning an undefined variable by reference in PHP 4 would cause eventual memory corruption
- You could not return undefined variables by reference in PHP 4
http://php.net/manual/en/function.return.php: You should never use parentheses around your return variable when returning by reference, as this will not work.
107. When migrating the following code from PHP 4 to PHP 5, what should be changed? (Choose 2 answers)
<?php
class MyClass {
function MyClass($param) {
/* Do something with $param */
$this->_doSomething($param);
}
// Private method to MyClass
function _doSomething($param) {
/* Do something with $param */
}
}
class AnotherClass extends MyClass {
var $param = "foo";
function AnotherClass() {
parent::MyClass($this->param);
}
}
?>
- Access modifiers should be added to methods
- The Constructors for the objects should both be renamed to __construct
- The use of the parent keyword has changed to 'super'
- Constructors must have the same parameter lists
http://php.net/manual/en/language.oop5.decon.php: For backwards compatibility, if PHP 5 cannot find a __construct() function for a given class, it will search for the old-style constructor function, by the name of the class. Effectively, it means that the only case that would have compatibility issues is if the class had a method named __construct() which was used for different semantics. And http://devzone.zend.com/article/1714#Heading4 about Access modifiers in PHP 5.
108. Assuming every method call below returns an instance of an object, how can the following be re-written in PHP 5? (Choose 1 answer)
<?php
$a = new MyClass();
$b = $a->getInstance();
$c = $b->doSomething();
?>
- $c = ((MyClass)$a->getInstance()) ->doSomething();
- This cannot be re-written in PHP 5
- $c = $a->getInstance() ->doSomething();
- $c = (MyClass)$a->getInstance();
- $c = (new MyClass()) ->getInstance() ->doSomething();
What the link?
109. How can the following code be re-written from PHP 4 to PHP 5? (Choose 1 answer)
<?php
if(get_class($myObj) == "MyClass") {
// Do something
}
?>
- if(get_class($myObj) === «MyObject)
- if(strtolower(get_class($myObj)) == «MyClass»)
- if($myObj implements MyClass)
- if($myObj instanceof Object)
- if($myObj instanceof MyClass)
http://php.net/manual/en/internals2.opcodes.instanceof.php
110. Is this code valid only in PHP 4, in PHP 5, or both? (Choose 1 answer)
<?php
function myfunction(&$myvalue = null) {
/* ... */
}
?>
- Both
- PHP 5
- PHP 4
http://php.net/manual/en/functions.arguments.php: As of PHP 5, default values may be passed by reference.
No comments:
Post a Comment