Final Fall 2017Computer Science 571 2nd Exam Prof. , December 7, 2017, 6:00pm – 7:20pm
Name: Student ID Number:
1. This is a closed book exam.
2. Please answer all questions on the test
Copyright By PowCoder代写 加微信 powcoder
Cookies and Privacy Questions [10 pts]
Each question is worth 2 points.
Q1: Mention two ways to Opt Out of cookies. A1:
Any two of:
a) Select “do not track” in browser
b) Download opt-out cookies
c) Use cookie management tools in browser
d) View current cookies and delete what you do not need
e) Check account preferences on registration sites
f) Use browser add-ons
Q2: Cookies include a domain, path, a name/value pair and an expiration date. There are two other fields that may be included in a cookie. What are they and describe them briefly?
Secure – only send over SSL, when the request is HTTPS
HttpOnly – Only send over HTTP request, not accessible to JavaScript
Q3: Define 3rd party cookie?
Third party cookies are cookies that belong to domains different from the one shown in the address bar.
Q4: Define Cross Site Scripting (XSS).
A web security violation that enables attackers to inject client-side scripts into web pages
Q5: Define Cross Site Request Forgery (CSRF).
A type of malicious exploit of whereby unauthorized commands are transmitted from an authenticated user
Web Security Questions [10 pts]
Each question is worth 2 points.
Q1: What is a recent technique to construct highly secure passwords?
A1: create long passphrases using Diceware, based on rolling a dice and looking up 7,000+ words
Q2: What functionality do PGP and S/MIME provide? A2: Encryption and signing of e-mail messages
Q3: What is the main functionality of TOR?
A3: TOR is a network that provides an anonymous path between a client
(browser) and a server (web site)
Q4: Why are browser plugins inherently insecure?
A4: Because they bypass the browser sandbox, and can execute arbitrary
malicious code
Q5: Is it possible to send a virus in a cookie? A5: YES [ ] No [X]
an attack that forces an end user to execute unwanted actions on a web application in
which they’re currently authenticated.
Hi-Performance Web Questions [10 pts]
Each question is worth 2 points.
Q1. What percentage of the end-user response time is spent in the front-end? 80-90%
Q2. List 2 ways that reduce the number of HTTP requests?
Answer any two oF these:
Combine scripts
Combine Style Sheets
Use image maps
Use CSS Sprites
Q3. What 5 types of files should be GZIP-ed (i.e. compressed)?
HTML, CSS, JavaScript, JSON, XML
Q4. What 2 types of files should not be GZIP-ed?
Images and PDF
Q5. Where should CSS and scripts be placed in a HTML file?
CSS at top, scripts at bottom
HTML5 Questions [10 pts] Each question is worth 2 points.
Q1: The use of the
A1: Any 2 of header, footer, section, article, nav, aside
Q2: Which of the following capabilities are included in HTML5?
[ ] drag file in browser
[ ] interactive canvas gradient
[ ] editable content [ ] geolocation
[ ] drag and drop
[ ] storage
[X] ALL OF THE ABOVE
[You must choose the correct choice or choices. There is no partial credit]
Q3: What is the purpose of the different “profiles” included in the H. 264 video standard?
A3: each profile defines a set of “optional features” that trade complexity for file size. Q4: What is the meaning of the “preload” video attribute?
A4: specifies that the video will be loaded at page load and ready to run when pressing “play”.
Q5: If you were asked to make sure that your video files could be viewed on the large majority of browsers, what two video “containers” would you select?
A5: MPEG4 and WebM
JavaScript and Ajax Questions [10 pts]
Below is the HTML source code that produces the web page above. There are 4 links. When the user cursor is placed over each link, a pop-up widget is displayed viewing the contents of the Web page being hyperlinked.
$(function() {
var hits = 0;
$(“#updateMessage”).click(function() {
$(“#counter”).html(“Number of clicks = ” + ++hits);