Course Material

Exam 2021-08-16

Here is the exam from 2021-08-16.

Start by reading through all questions.

Max score is 30 points.

  • For grade 3, 40% of max score (12 points) is required.
  • For grade 4, 60% of max score (18 points) is required.
  • For grade 5, 80% of max score (24 points) is required.

You are not allowed to use anything else except:

  • The computer you sit at to only answer the questions on this exam.
  • A dictionary to translate to/from English from/to your native language.

Write your answers in either English or Swedish. If you write your answers in Swedish, make sure to not introduce any translation confusement. Write proper sentences (spelling, upper/lower case characters, punctuation, etc.). Answers that do not do this good enough/are vague/are not understandable cannot receive full score on the questions.

Answers that are more or less copies of sample answers given to you or copies of text found somewhere else will be rewarded 0 points. Use your own words to answer the questions.

Good luck!

Question 1 (1p)

Question

On one server, the HTTP request one should send when one wants to delete the account with id 123 is:

GET /accounts/delete/123

Is this a good or bad way to do it? If good, justify why. If bad, explain why and suggest a better way to do it.

Note: This question is about HTTP, and not about websites, and you don't need to worry about security.

Question 2 (1p)

Question

To update a resource on a server, one should according to the HTTP specification send a PUT request. However, websites usually use another method. Why do websites not use the PUT method to update a resource, which method do they use instead, and why do they use that one?

Question 3 (1p)

Question

Write the HTTP status code for the following reason phrases:

  • Bad Request
  • OK
  • Internal Server Error

You'll get:

  • 0.33 points for each correct answer.
  • -0.33 points for each incorrect answer.
  • 0 points for each blank answer.
  • 1 point for all correct answers.
  • Minimum is 0 points on the question.

Question 4 (1p)

Question

What is the name of the HTTP header used to indicate which format the body of the request is written in?

What is the name of the HTTP header used to indicate which format the body of the response should preferably be written in?

You'll get:

  • 0.5 points for each correct answer.
  • -0.5 points for each incorrect answer.
  • 0 points for each blank answer.
  • 1 point for all correct answers.
  • Minimum is 0 points on the question.

(small spelling mistakes are acceptable but might give point reduction)

Question 5 (1p)

Question

Place the lines of code below in such order that they form a valid HTML5 document (only place one line of code in each box).

  • <head>
  • <h1>Welcome!</h1>
  • </body>
  • <title>Welcome!</title>
  • <!DOCTYPE html>
  • </html>
  • </head>
  • <html>
  • <body>

Note: All must be correct to get points on this question.

Question 6 (2p)

Question

Which of the following tags do not exist in HTML?

  • h1
  • table
  • language
  • tr
  • column
  • h6

You'll get:

  • 1 point for each correct checked answer.
  • -1 point for each incorrect checked answer.
  • 0 points for each unchecked answer.
  • Minimum is 0 points on the question.

Question 7 (2p)

Question

Which of the following statements about HTML attributes are false?

  • The id attribute can be used on any element.
  • The button element has an attribute called value.
  • The class attribute can be used on any element.
  • The lang attribute can be used on any element.
  • An element can have the id attribute and the class attribute set at the same time.
  • Different elements can have the same value in their id attributes.

You'll get:

  • 1 point for each correct checked answer.
  • -1 point for each incorrect checked answer.
  • 0 points for each unchecked answer.
  • Minimum is 0 points on the question.

Question 8 (1p)

Question

The form below can be used on a website that, when receiving the request, searches other websites for products matching the search string, and lists the price for those products, so the user easily can find the cheapest one on the searched websites.

<form action="" method="XXX">
   Search: <input type="text" name="query">
   <input type="submit" value="Search!">
</form>

Which method should be used when submitting the HTML form above (i.e. what should XXX in the HTML code above be)? Justify your answer.

Question 9 (1p)

Question

Explain what a declaration is in CSS, give an example of one and explain how that one works.

Question 10 (1p)

Question

Explain what a media query can be used for in CSS.

Question 11 (1p)

Question

Here is some CSS code:

p.span b#i{
  background-color: black;
}

Write HTML code that contains a match for the CSS selector in the code above.

Note: You only need to write the HTML code found in the <body> element (including the <body> element), you do not need to write the HTML code for an entire HTML document.

Question 12 (1p)

Question

On a website with user accounts, before any user has started to use it, the developer adds some code that, if a user's password is longer than 20 characters, only makes use of the first 20 characters in the password, and ignores the rest. The programmer is reasoning that passwords consisting of 20 characters are long enough to be considered secure anyway, and the database will now use less space.

Does the developer's reasoning make sense? Does it seem to be a good implemented website? Justify your answer.

Question 13 (2p)

Question

Are there any benefits using HTTPS on a website that only contains static HTML files, so users can only fetch content, and never send any content to the website?

Question 14 (2p)

Question

Here is an HTML form on a website one can use to login on that website:

<form method="post" action="/login">
    Username: <input type="text"     name="username">
    Password: <input type="password" name="password">
              <input type="submit"   value="Sign in!">
</form>

Here is the code on the server handling the HTTP request sent when the form is submitted:

app.post('/login', function(request, response){
  const username = request.body.username
  const password = request.body.password
  // Query to be sent to the database to check if password and username are correct.
  const query = 'SELECT id FROM members WHERE username = "'+username+'" AND password = "'+password+'"'
  // Query sent to database, the id of the user is retrieved, etc.
  // ...
})

As your answer, write a username and a password you can use to login as the member having the password abc123, no matter which username that member has (this can be used to see if a member/which member that has that password).

Be explicit about what you enter as username and what you enter as password.

Note: As you can see in the code, passwords are stored as plain text in the database.

Question 15 (2p)

Question

Explain what a session is, give two examples of what they can be used for and explain how they work/can be implemented.

Question 16 (2p)

Question

Website A contains a cross site request forgery vulnerability. Explain what they need to do to fix the vulnerability. Don't mention any library/framework; give a general description of how they can fix the vulnerability (mention details).

Question 17 (2p)

Question

Explain what a foreign key constraints is, give an example of a web application that would use a foreign key constraint, and give an example of what could go wrong if the web application wouldn't have used a foreign key constraint.

Question 18 (1p)

Question

This is a question about GDPR. The scenario is that you are the owner of a website, and you want to collect the IP addresses of your visitors, so you can see how many unique visitors you have. Which of the statements below are true for you to comply with GDPR?

  • It's OK for me to collect the IP addresses of my visitors without informing them about it.
  • It's OK for me to collect the IP addresses of my visitors as long as I inform them about it in advance.
  • I have to ask the visitors if I may collect their IP addresses, and I may only collect the IP addresses from the visitors that say yes. If they later regret their decision and say no I have to delete their IP addresses.
  • I can start collecting the IP addresses of my visitors and then ask my visitors if I may collect their IP addresses, but I have to delete the IP addresses from the visitors that say no.
  • I have to ask the visitors if I may collect their IP addresses, and I may only collect the IP addresses from the visitors that say yes. If some visitors later regret their decision and say no I don't have to delete their IP addresses, because I had their permission to collect them when I collected them.

You'll get:

  • 1 point for each correct checked answer.
  • -1 point for each incorrect checked answer.
  • 0 points for each unchecked answer.
  • Minimum is 0 points on the question.

Question 19 (1p)

Question

Implement the JavaScript function getSums(numbers_1, numbers_2), that receives two arrays with numbers (both arrays contains the same number of numbers) as argument and returns a new array that contains the pairwise sum of the numbers in the array.

Sample usage:

getSums([1, 2], [3, 4]) // --> [4, 6]
getSums([5, 5, 5], [7, 2, 3]) // --> [12, 7, 8]

Question 20 (2p)

Question

In JavaScript, a human with name and an age (in years) can be represented as an object like this:

const human = {name: "Alice", age: 10}

Implement the function containsAdult(humans), which receives an array with human objects and returns true if any human in the array is 18 years or older, otherwise false.

Question 21 (2p)

Question

In JavaScript, implement the synchronous function duplicateString(string), which receives a string as argument and returns a string containing that string twice, e.g. duplicateString('ab')abab.

Then implement the synchronous function duplicateStringTwice(string), which receives a string as argument and returns a string containing that string four times, e.g. duplicateStringTwice('ab')abababab. The only allowed operation to use in the implementation of duplicateStringTwice(string) is function calls to duplicateString(string).

Then implement asynchronous versions of these two functions using callback functions instead of return values. The asynchronous version of duplicateStringTwice may only be implemented using the asynchronous version of duplicateString, no other operations are allowed.