COMP23412 Practice Paper

Find more resources at: [Link]/jTanG0506

1. Which component is typically, the most reusable?

Model
View
Controller
All of the above
2. The code which manages data persistence would be in which component?
Model
View
Controller
All of the above
3. Which of the following is the best description for the Controller in MVC?
It represents the application data domain
It separates the data from the business logic from the display
Respond to user interactions with the view
Represents the user interface which the end user interacts with
4. Which of the following is an advantage of MVC?
Decreased complexity - new developers have a pattern to follow
Easier to debug due to the event-driven nature of the UI code
Similar derivations exist, like MVVM, so you learn them by learning MVC
Faster development process
5. When users are involved in complex tasks, which of following demands can be significant?
Short-term memory
Shortcuts
Objects that appears on the screen
All of the above
6. Which of the following option is not considered by the interface design?
The design of interfaces between software components
The design of interfaces between the software and end users
The design of interface between two computers
All of the above
7. Which of the following is a golden rule for interface design?
Place the user in control
Reduce the user’s memory load
Make the interface consistent
All of the above
 8. Which of the following is not a design principle that allows the user to maintain control?
Provide for flexible interaction
Allow user interaction to be interrupt-able and undo-able
Show technical internals from the casual user
Design for direct interaction with objects that appear on the screen
9. The process in which users prove their identity is known as:
Authentication
Authorisation
Identification
Recognition
10. A website which allows users to enter any text, and then stores it and later displays it to other users, is
potentially vulnerable to what kind of attack?
Two-factor authentication
Cross-site request forgery
Cross-site scripting
Man-in-the-middle

11. Which type of attack is where the end user to forced to execute unwanted actions on a web application
which they are currently authenticated?
Two-factor authentication
Cross-site request forgery
Cross-site scripting
Man-in-the-middle
12. The process of using two independent factors of identify a user is known as
Two-factor authentication
Cross-site request forgery
Cross-site scripting
Man-in-the-middle
13. Which process happens first?
Authentication
Authorisation
They can be done at the same time
The two processes are not connected, so it doesn’t matter
14. What are the advantages of using a one time password?
It is easily generated on demand
It cannot be shared
It is unique for every access
It uses polynomial based algorithms which means that it is hard to deduce

Page 2
15. Which of the following is not a best practice for unit tests?
Clean up - tests should tear down before the next test it run
Repeatable - tests should obtain the same result every time
Self-validating - tests should be fully automated
None of the above
16. In which integration test method, do we test all components at once?
Fully-inclusive testing
Combinatorial testing
Big bang testing
Polynomial testing
17. In terms of incremental approach, which of the following is false?
Two different methods of incremental approach include bottom-up and top-down
Testing is done by joining two or more modules that are logically related, and repeated until
all modules are joined and tested together.
Fault localisation is more difficult than the method in which we test all components at once
None of the above

18. What is an object that has a fully working implementation but takes some shortcut which makes them
not suitable for production known as?
A test double
A dummy
A mock
A fake
19. Which of the following is not a major objective of acceptance testing?
Confirming that the system meets the agreed upon criteria
Identify and resolve discrepancies, if there is any
Determine the readiness of the system for cut-over to live operations
Making sure that the critical module is bug free
20. The user must assign the criteria the software must meet to be deemed acceptance, which stage is this
included in?
Software Requirements Specification
Project Plan
Use Cases
None of the above
21. Which tests are done to ensure that existing features are not affected by new changes?
Recursive testing
Unit testing
White-box testing
Regression testing

Page 3
22. What are the types of integration testing?
Big Bang Testing
Bottom Up Testing
Top Down Testing
All of the above
23. Which of these is not a benefit of TDD?
Documents your code better than documentation
Decreases the chance of regressions
Encourages design for testability
Makes legacy code much easier to maintain
24. Which of the following protocol is used by RESTful web services as a medium of communication between
client and server?
SSH
FTP
SSL
None of the above

25. In a REST architecture, which of the following is true?

The REST server provides access to resources and presents the resources
The REST client provides access to the resources
The REST client accesses and presents the resources
None of the above

26. Which of the following is true about URI in RESTful web services?
Each resource in REST architecture is identified by its URI
The purpose of the URI is so that the REST client can perform DNS lookup
The URI’s purpose is to give the 400 HTTP status code for a Bad Request
None of the above
27. Which of the following is a common API security hack?
Cross-site Request Forgery
Denial of Service
SQL Injection
All of the above
28. Which of the following is false about the REST architecture style?
REST is naturally stateless
REST uses HTTP and basic CRUD operations
The REST server can only return JSON or XML
All of the above

Page 4
29. Which of the following are idempotent?
GET
PUT
DELETE
All of the above
30. Which feature can be used to state that resources need to re-fetched?
HATEOAS
Idempotent actions, such as GET
HTTP Cache-Control headers
The URI
31. Which of the following is not a best practice when designing RESTful web services?
URI should be descriptive and easily understood
Pass the secure tag in the header if you are to pass sensitive data through the URL
Every input on the server should be validated
For any session, the user should be authenticated
32. Which of the following statements are false?
GET is a read only operation which fetches some information
POST can only be used to creating new resources
POST is idempotent but PUT is not-idempotent
DELETE is used to delete any resource on the server

Page 5