\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{Lilava} \pdfinfo{ /Title (security.pdf) /Creator (Cheatography) /Author (Lilava) /Subject (Security Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{A35280} \definecolor{LightBackground}{HTML}{F9F4F7} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Security Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{Lilava} via \textcolor{DarkBackground}{\uline{cheatography.com/64138/cs/16334/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}Lilava \\ \uline{cheatography.com/lilava} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Not Yet Published.\\ Updated 18th July, 2018.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{3} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{cookie}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{When a browser requests an image identified by an img tag, it never sends a Cookie header. \newline % Row Count 2 (+ 2) A. TRUE \newline % Row Count 3 (+ 1) B. FALSE% Row Count 4 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{cookie}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{How can you determine whether a PHP script has already sent cookies to the client? \newline % Row Count 2 (+ 2) A. Use \$\_COOKIE \newline % Row Count 3 (+ 1) B. Use the getcookie() function \newline % Row Count 4 (+ 1) C. Use the headers\_sent() function \newline % Row Count 5 (+ 1) D. Use JavaScript to send a second HTTP request% Row Count 6 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Filtering}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which of the following filtering techniques prevents all cross-site scripting (XSS) \newline % Row Count 2 (+ 2) vulnerabilities? \newline % Row Count 3 (+ 1) A. Strip all occurrences of the string \<script . \newline % Row Count 5 (+ 2) B. Strip all occurrences of the string javascript . \newline % Row Count 7 (+ 2) C. Enable magic\_quotes\_gpc . \newline % Row Count 8 (+ 1) D. None of the above.% Row Count 9 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: D} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{ERRORS}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{How should you track errors on your production website? \newline % Row Count 2 (+ 2) A. Enabling display\_errors \newline % Row Count 3 (+ 1) B. Enabling log\_errors \newline % Row Count 4 (+ 1) C. Having a site-wide exception handler \newline % Row Count 5 (+ 1) D. Setting error\_reporting to E\_ALL \& \textasciitilde{}E\_NOTICE% Row Count 7 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{tmp\_name}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{What is the name of the key for the element in \$\_FILES{[}'name'{]} that contains the provisional name of the uploaded file?% Row Count 3 (+ 3) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: tmp\_name} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{SPL}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which SPL class implements fixed-size storage?% Row Count 1 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer : SplFixedArray} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{uploads}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which of the following is NOT a requirement for file uploads to work? \newline % Row Count 2 (+ 2) A. The PHP directive file\_uploads must be set to On \newline % Row Count 4 (+ 2) B. The form's method attribute must be set to "post" \newline % Row Count 6 (+ 2) C. The form must include a hidden input element with the name set to "MAX\_FILE\_SIZE" \newline % Row Count 8 (+ 2) D. The form's enctype attribute must be set to "multipart/form-data"% Row Count 10 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{type of uploaded}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{What information can be used to reliably determine the type of an uploaded file? \newline % Row Count 2 (+ 2) A. MIME type \newline % Row Count 3 (+ 1) B. File name extension \newline % Row Count 4 (+ 1) C. Contents of the file% Row Count 5 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{static binding}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Late static binding is used in PHP to: \newline % Row Count 1 (+ 1) A. Load dynamic libraries and extensions at runtime \newline % Row Count 3 (+ 2) B. Use caller class information provided in a static method call \newline % Row Count 5 (+ 2) C. Resolve undefined class names by automatically including needed files \newline % Row Count 7 (+ 2) D. Find the proper method to call according to the call arguments% Row Count 9 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Transactions}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Transactions are used to... \newline % Row Count 1 (+ 1) A. guarantee high performance \newline % Row Count 2 (+ 1) B. secure data consistency \newline % Row Count 3 (+ 1) C. secure access to the database \newline % Row Count 4 (+ 1) D. reduce the database server overhead \newline % Row Count 5 (+ 1) E. reduce code size in PHP% Row Count 6 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{SOAPServer}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which of the following can be registered as entry points with a SoapServer instance (choose 2): \newline % Row Count 2 (+ 2) A. A single function \newline % Row Count 3 (+ 1) B. A single method from a class \newline % Row Count 4 (+ 1) C. All methods from a class \newline % Row Count 5 (+ 1) D. All classes defined in a script% Row Count 6 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer : A,C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{One common security risk is exposing error messages directly in the browser. Which PHP configuration directive can be disabled to prevent this? \newline % Row Count 3 (+ 3) A. html\_display \newline % Row Count 4 (+ 1) B. error\_reporting \newline % Row Count 5 (+ 1) C. display\_errors \newline % Row Count 6 (+ 1) D. error\_log \newline % Row Count 7 (+ 1) E. ignore\_repeated\_errors% Row Count 8 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer : C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{SOAPServer}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which of the following statements about SOAP is NOT true? \newline % Row Count 2 (+ 2) A. SOAP is also a request-/response-based protocol. \newline % Row Count 4 (+ 2) B. SOAP can be transported using SMTP, HTTP and other protocols. \newline % Row Count 6 (+ 2) C. SOAP requires developers to use WSDL. \newline % Row Count 7 (+ 1) D. SOAP traffic via HTTP can be encrypted and compressed just like other HTTP requests.% Row Count 9 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer : C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{SOAPServer}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which of the following statements about SOAP is NOT true? \newline % Row Count 2 (+ 2) A. SOAP is also a request-/response-based protocol. \newline % Row Count 4 (+ 2) B. SOAP can be transported using SMTP, HTTP and other protocols. \newline % Row Count 6 (+ 2) C. SOAP requires developers to use WSDL. \newline % Row Count 7 (+ 1) D. SOAP traffic via HTTP can be encrypted and compressed just like other HTTP requests.% Row Count 9 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer : C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{SOAPServer}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which of the following statements about SOAP is NOT true? \newline % Row Count 2 (+ 2) A. SOAP is also a request-/response-based protocol. \newline % Row Count 4 (+ 2) B. SOAP can be transported using SMTP, HTTP and other protocols. \newline % Row Count 6 (+ 2) C. SOAP requires developers to use WSDL. \newline % Row Count 7 (+ 1) D. SOAP traffic via HTTP can be encrypted and compressed just like other HTTP requests.% Row Count 9 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer : C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Sessions}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{When tracking upload progress with sessions, the values of 2 INI settings are needed to determine the key in \$\_SESSION of the upload progress data. What are the INI settings? \newline % Row Count 4 (+ 4) A. \seqsplit{session.upload\_progress.file} \newline % Row Count 5 (+ 1) B. \seqsplit{session.upload\_progress.key} \newline % Row Count 6 (+ 1) C. \seqsplit{session.upload\_progress.prefix} \newline % Row Count 7 (+ 1) \seqsplit{D.session.upload\_progress.freq} \newline % Row Count 8 (+ 1) E. \seqsplit{session.upload\_progress.name}% Row Count 9 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: C, E} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{opcode cache}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{What will an opcode cache ALWAYS automatically improve? \newline % Row Count 2 (+ 2) A. Running time of a loop in a PHP script \newline % Row Count 3 (+ 1) B. Efficiency of HTML markup generated by a PHP script \newline % Row Count 5 (+ 2) C. Execution speed of a PHP script \newline % Row Count 6 (+ 1) D. Memory footprint of a PHP script \newline % Row Count 7 (+ 1) E. None of the above% Row Count 8 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: E} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{opcode cache}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{What will an opcode cache ALWAYS automatically improve? \newline % Row Count 2 (+ 2) A. Running time of a loop in a PHP script \newline % Row Count 3 (+ 1) B. Efficiency of HTML markup generated by a PHP script \newline % Row Count 5 (+ 2) C. Execution speed of a PHP script \newline % Row Count 6 (+ 1) D. Memory footprint of a PHP script \newline % Row Count 7 (+ 1) E. None of the above% Row Count 8 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: E} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{cashe}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{What is cached by an opcode cache? \newline % Row Count 1 (+ 1) A. Compiled PHP code \newline % Row Count 2 (+ 1) B. Native PHP extensions \newline % Row Count 3 (+ 1) C. Data sent to the client \newline % Row Count 4 (+ 1) D. Data received from the database% Row Count 5 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: A} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{interface}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which of the following statements is correct? \newline % Row Count 1 (+ 1) A. Interfaces can extend only one interface \newline % Row Count 2 (+ 1) B. Interfaces can extend more than one interface \newline % Row Count 3 (+ 1) C. Interfaces can inherit a method from different interfaces \newline % Row Count 5 (+ 2) D. Interfaces can redeclare inherited methods% Row Count 6 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{status code}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which class of HTTP status codes is used for redirections? \newline % Row Count 2 (+ 2) A. 2XX \newline % Row Count 3 (+ 1) B. 3XX \newline % Row Count 4 (+ 1) C. 4XX \newline % Row Count 5 (+ 1) D. 5XX% Row Count 6 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Mime type}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which MIME type is always sent by a client if a JPEG file is uploaded via HTTP? \newline % Row Count 2 (+ 2) A. image/jpeg \newline % Row Count 3 (+ 1) B. image/jpg \newline % Row Count 4 (+ 1) C. image/pjpeg \newline % Row Count 5 (+ 1) D. Depends on the client system% Row Count 6 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: D} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which class of HTTP status codes is used for server error conditions? \newline % Row Count 2 (+ 2) A. 2XX \newline % Row Count 3 (+ 1) B. 3XX \newline % Row Count 4 (+ 1) C. 4XX \newline % Row Count 5 (+ 1) D. 5XX% Row Count 6 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: D} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Your public web application needs to provide access to binary files for registered users only. How would you achieve this? \newline % Row Count 3 (+ 3) A. Host the files on a public external file sharing service. \newline % Row Count 5 (+ 2) B. Redirect to the file which resides in the server's document root \newline % Row Count 7 (+ 2) C. Use PHP to send the file to the client, using the header() function to set appropriate HTTP headers \newline % Row Count 10 (+ 3) D. PHP is used for service HTML content, not binary content% Row Count 12 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer : C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{In a shared hosting environment, session data can be read by PHP scripts written by any user. How can you prevent this? (Choose 2) \newline % Row Count 3 (+ 3) A. Store session data in a different location with session.save\_path . \newline % Row Count 5 (+ 2) B. Store session data in a database. \newline % Row Count 6 (+ 1) C. Enable safe\_mode . \newline % Row Count 7 (+ 1) D. Set session.name to something unique.% Row Count 8 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: A, B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which of the following are NOT acceptable ways to create a secure password hash in PHP? (Choose 2) \newline % Row Count 2 (+ 2) A. md5() \newline % Row Count 3 (+ 1) B. hash\_pbkdf2() \newline % Row Count 4 (+ 1) C. password\_hash() \newline % Row Count 5 (+ 1) D. crypt() \newline % Row Count 6 (+ 1) E. openssl\_digest()% Row Count 7 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: A, E} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Is the following code vulnerable to SQL injection (\$msqli is an instance of the MySqli class)? \newline % Row Count 2 (+ 2) \$age= \$mysqli-\textgreater{}real\_escape\_string(\$\_GET{[}'age'{]}); \newline % Row Count 4 (+ 2) \$name = \$mysqli-\textgreater{}real\_escape\_string(\$\_GET{[}'name'{]}; \newline % Row Count 6 (+ 2) \$query = "SELECT * FROM 'table' WHERE name LIKE '\$name' AND age = \$age" ; \newline % Row Count 8 (+ 2) \$results= \$mysqli-\textgreater{} query(\$query); \newline % Row Count 9 (+ 1) A.No, the code is fully protected from SQL injection \newline % Row Count 11 (+ 2) B. Yes, Because the \$name variable is improperly escaped \newline % Row Count 13 (+ 2) C. Yes, because the \$name variable and the \$age variable is improperly escaped \newline % Row Count 15 (+ 2) D. Yes, because the \$age variable is improperly escaped \newline % Row Count 17 (+ 2) E. Yes , because you cannot prevent SQL injection when using MySqli% Row Count 19 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: D} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{You work for a shared hosting provider, and your supervisor asks you to disable user scripts to dynamically load PHP extensions using the dl() function. How can you do this? (choose 2) \newline % Row Count 4 (+ 4) A. Set enable\_dl to Off in the servers php.ini configuration file \newline % Row Count 6 (+ 2) B. Add dl to the current value of disable\_functions in the servers php.ini configuration file \newline % Row Count 9 (+ 3) C. Add dl to the current value of disable\_classes in the servers php.ini configuration file \newline % Row Count 11 (+ 2) D. Write a custom function called dl(), save it under the name prepend,inc and then set the auto\_prepend\_file directive to prepend.inc in php.ini% Row Count 15 (+ 4) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: A, B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which of the following can NOT be used to send a cookie from within a PHP application? \newline % Row Count 2 (+ 2) A. header() \newline % Row Count 3 (+ 1) B. \$\_COOKIE \newline % Row Count 4 (+ 1) C. setcookie() \newline % Row Count 5 (+ 1) D. setrawcookie()% Row Count 6 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{When using password\_hash() with the PASSWORD\_DEFAULT algorithm constant, which of the following is true? (Choose 2) \newline % Row Count 3 (+ 3) A. The algorithm that is used for hashing passwords can change when PHP is upgraded. \newline % Row Count 5 (+ 2) B. The salt option should always be set to a longer value to account for future algorithm requirements. \newline % Row Count 8 (+ 3) C. The string length of the returned hash can change over time. \newline % Row Count 10 (+ 2) D. The hash algorithm that's used will always be compatible with crypt() .% Row Count 12 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: A, C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{What types of HTTP authentication are supported by PHP? (Choose 2) \newline % Row Count 2 (+ 2) A. Basic \newline % Row Count 3 (+ 1) B. Advanced \newline % Row Count 4 (+ 1) C. Strict \newline % Row Count 5 (+ 1) D. Digest \newline % Row Count 6 (+ 1) E. Realm% Row Count 7 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: A, D} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{What is the name of the header used to require HTTP authentication? \newline % Row Count 2 (+ 2) A. Authorization-Required \newline % Row Count 3 (+ 1) B. WWW-Authenticate \newline % Row Count 4 (+ 1) C. HTTP-Authenticate \newline % Row Count 5 (+ 1) D. Authentication-Required \newline % Row Count 6 (+ 1) E. HTTP-Auth% Row Count 7 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which of the following does NOT help to protect against session hijacking and fixation attacks? \newline % Row Count 2 (+ 2) A. Use SSL and set the \$secure cookie parameter to true . \newline % Row Count 4 (+ 2) B. Set the \seqsplit{session.use\_only\_cookies} php.ini parameter to 1 . \newline % Row Count 6 (+ 2) C. Set the session.cookie\_lifetime php.ini parameter to 0 . \newline % Row Count 8 (+ 2) D. Protect against XSS vulnerabilities in the application. \newline % Row Count 10 (+ 2) E. Rotate the session id on successful login and logout using \seqsplit{session\_regenerate\_id()}% Row Count 12 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: C} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{What can prevent PHP from being able to open a file on the hard drive (Choose 2)? \newline % Row Count 2 (+ 2) A. File system permissions \newline % Row Count 3 (+ 1) B. File is outside of open\_basedir \newline % Row Count 4 (+ 1) C. File is inside the /tmp directory. \newline % Row Count 5 (+ 1) D. PHP is running in CGI mode.% Row Count 6 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer : A , B} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Security}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Which options do you have in PHP to set the expiry date of a session? \newline % Row Count 2 (+ 2) A. Set the session.duration directive in php.ini \newline % Row Count 4 (+ 2) B. Set session cookie expiry date locally via \seqsplit{session\_set\_cookie\_params()} \newline % Row Count 6 (+ 2) C. Set session expiry date locally via session\_cache\_expire() \newline % Row Count 8 (+ 2) D. None of the above% Row Count 9 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{5.377cm}}{Answer: D} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}