PHP

Question: What is the output of the following code?<?php
class MyException extends Exception {}
class AnotherException extends MyException {}

class Foo {
  public function something() {
    throw new AnotherException();
  }
  public function somethingElse() {
    throw new MyException();
  }
}

$a = new Foo();

try {
  try {
    $a->something();	
  } catch(AnotherException $e) {
    $a->somethingElse();	
  } catch(MyException $e) {
    print "Caught Exception";
  }
} catch(Exception $e) {
  print "Didn't catch the Exception!";
}

?>
A"Caught Exception" followed by "Didn't catch the Exception!"

BA fatal error for an uncaught exception

C"Didn't catch the Exception!"

D"Didn't catch the Exception!" followed by a fatal error

E"Caught Exception"

Note: Not available

Report

Question: Which two internal PHP interfaces provide functionality which allow you to treat an object like an array?
A
iteration

B
arrayaccess

C
objectarray

D
iterator

E
array

Note: Not available
1. Report
Question: Which php.ini directive should be disabled to prevent the execution of a remote PHP script via an include or require construct?
A
You cannot disable remote PHP script execution

B
curl.enabled

C
allow_remote_url

D
allow_url_fopen

E
allow_require

Note: Not available
1. Report
Question: When attempting to prevent a cross-site scripting attack, which of the following is most important?
A
Not writing Javascript on the fly using PHP

B
Filtering Output used in form data

C
Filtering Output used in database transactions

D
Writing careful Javascript

E
Filtering all input

Note: Not available
1. Report
Question: Which of the following php.ini directives should be disabled to improve the outward security of your application?
A
safe_mode

B
magic_quotes_gpc

C
register_globals

D
display_errors

E
allow_url_fopen

Note: Not available
1. Report
Question: Which of the following list of potential data sources should be considered trusted?
A
None

B
$_ENV

C
$_GET

D
$_COOKIE

E
$_SERVER

Note: Not available
1. Report
Question: What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?
A
None

B
Never trust any data from the user

C
Enable built-in security features such as magic_quotes_gpc and safe_mode

D
Always filter all incoming data

E
Use PHP 5's tainted mode

Note: Not available
1. Report
Question: Consider the following code:

<?php
session_start();

if(!empty($_REQUEST['id'])
&& !empty($_REQUEST['quantity'])) {
$id = scrub_id($_REQUEST['id']);
$quantity = scrub_quantity($_REQUEST['quantity'])
$_SESSION['cart'][] = array('id' => $id,
'quantity' => $quantity)
}

/* .... */

?>
What potential security hole would this code snippet produce?
A
Cross-Site Scripting Attack

B
There is no security hole in this code

C
Code Injection

D
SQL Injection

E
Cross-Site Request Forgery Choose 1 answer

Note: Not available
1. Report
Question: What is the best measure one can take to prevent a cross-site request forgery?
A
Disallow requests from outside hosts

B
Add a secret token to all form submissions

C
Turn off allow_url_fopen in php.ini

D
Filter all output

E
Filter all input

Note: Not available
1. Report
Question: Consider the following code:

<?php
header("Location: {$_GET['url']}");
?>
Which of the following values of $_GET['url'] would cause session fixation?
A
Session Fixation is not possible with this code snippet

B
http://www.zend.com/?PHPSESSID=123

C
PHPSESSID%611243

D
Set-Cookie%3A+PHPSESSID%611234

E
http%3A%2F%2Fwww.zend.com%2F%0D%0ASet-Cookie%3A+PHPSESSID%611234

Note: Not available
1. Report

First Prev 74 75 76 77 78 Next Last

Question: Which two internal PHP interfaces provide functionality which allow you to treat an object like an array?

Question: Which php.ini directive should be disabled to prevent the execution of a remote PHP script via an include or require construct?

Question: When attempting to prevent a cross-site scripting attack, which of the following is most important?

Question: Which of the following `php.ini` directives should be disabled to improve the outward security of your application?

Question: Which of the following list of potential data sources should be considered trusted?

Question: What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?

Question: What is the best measure one can take to prevent a cross-site request forgery?

Question: Consider the following code:

<?php
header("Location: {$_GET['url']}");
?>
Which of the following values of $_GET['url'] would cause session fixation?

Question: Which two internal PHP interfaces provide functionality which allow you to treat an object like an array?

Question: Which php.ini directive should be disabled to prevent the execution of a remote PHP script via an include or require construct?

Question: When attempting to prevent a cross-site scripting attack, which of the following is most important?

Question: Which of the following php.ini directives should be disabled to improve the outward security of your application?

Question: Which of the following list of potential data sources should be considered trusted?

Question: What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?

Question: What is the best measure one can take to prevent a cross-site request forgery?

Question: Consider the following code:<?phpheader("Location: {$_GET['url']}");?> Which of the following values of $_GET['url'] would cause session fixation?

Question: Which of the following `php.ini` directives should be disabled to improve the outward security of your application?

Question: Consider the following code:

<?php
header("Location: {$_GET['url']}");
?>
Which of the following values of $_GET['url'] would cause session fixation?