[Zend PHP5 Cerification] Mock exam 1

NOTE : The answers That I am NOT sure are marked with "*"

Useful website: http://zend-php.appspot.com/

1. What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?

A. None of the above

B. Never trust any data from the user

C. Enable built-in security features such as magic_quotes_gpc and safe_mode

D. Always filter all incoming data

E. Use PHP 5's tainted mode

Answer: D

2. In PHP5 you can use the ____ operator to ensure that can object is of a particular type. You can also use ____ in the function declaration.

A. instanceof, is_a

B. instanceof, type-hinting

C. type, instanceof

D. ===, type-hinting

E. ===, is_a

Answer: B (Here it refer to "function declaration", so use "type-hinting")

3. What is the difference between the include and require language constructs?

A. Require constructs can't be used with URL filenames.

B. Include constructs cause a fatal error if the file doesn't exist

C. There is no difference other than the name

D. Include constructs are processed at run time; require constructs are processed at compile time

E. Require constructs cause a fatal error if the file can't be read

Answer: E

4. What is the best way to iterate and modify every element of an array using PHP 5?

A. You cannot modify an array during iteration

B. for($i = 0; $i < count($array); $i++) { /* ... */ }

C. foreach($array as $key => &$val) { /* ... */ }

D. foreach($array as $key => $val) { /* ... */ }

E. while(list($key, $val) = each($array)) { /* ... */

Answer: C

5. What is wrong with the following code?

<?php

function duplicate($obj){

    $newObj = $obj;

    return $newObj;

}

$a = new MyClass();

$a_copy = duplicate($a);

$a->setValue(10);

$a_copy->setValue(20);

?>

A. You must use return &$newObj instead

B. There is nothing wrong with this code

C. duplicate() must accept its parameter by reference

D. You must use the clone operator to make a copy of an object

E. duplicate() must return a reference

Answer: D

6. In an application which will be under high load, SQLite could be useful for what sort of tasks?

A. As your primary database

B. SQL shouldn't be used in a high load environment

C. SQLite should only be used for in-memory databases in this environment

D. Session Management

E. Read-only databases

Answer: C

7. What is the output of the following PHP code?

<?php

define('FOO', 10);

$array = array(

        10=>FOO,

        "FOO"=>20

);

print $array[$array[FOO]] * $array["FOO"];

?>

A. FOO

B. 100

C. 200

D. 20

E. 10

Answer: C

8. when executing system commands from PHP, what should one do to keep applications secure? (choose 3)

A. Remove all quote characters from variables used in a shell execution

B. Avoid using shell commands when PHP equivlents are available

C. Hard code all shell commands

D. Escape all shell arguments

E. Escape all shell commands executed

Answer: BCD

9. Which of the following functions were added to PHP 5 for dealing with arrays? (choose 2)

A. array_intersect_key()

B. array_unshift()

C. array_diff_key()

D. array_merge()

E. array_slice()

Answer: AC

10. When working with a database, which of the following can be used to mitigate the possibility of exposing your database credientials to a malicious user? (choose 3)

A. Moving all database credentials into a single file

B. Moving all database credentials outside of the document root

C. Restricting access to files not designed to be executed independently

D. Setting creditial information as system environment variables

E. Using PHP constants instead of variables to store credentials 

Answer: BCD

11. Which function is best suited for removing markup tags from a string?

A. strip_markup

B. strip_tags

C. str_replace

D. preg_replace

E. preg_strip

Answer: B

12. Which of the following comparisons will evaluate to true? (choose 3)

A. 't' == t

B. 1 === '1time'

C. "top" == 0

D. "top" === 0

E. 1 == "1time"

Answer: CE (I'm not sure whether to choose A or not, but B and D are wrong)

13. The ____ context variable allows you to define a callback for the stream that will notify your script of certain events during the course of the transation.

Answer: $params['notification']

14. The ____keyword is used to indicate an incomplete class or method, which must be further extended and / or implement in order to be used.

A. final

B. protected

C. incomplete

D. abstract

E. implements

Answer: D

15. The ____ function is used to add up the values of every entry within an array

Answer: array_sum

16. When implementing a permissions system for you web site, what should always be done with regards to the session?

A. none of the above

B. you should not implement permission systems using sessions

C. session should be cleared of all data and re-populated

D. the session key should be regenerated

E. the session should be destroyed

Answer: D

17. What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?

A. None of the above

B. Never trust any data from the user

C. Enable built-in security features such as magic_quotes_gpc and safe_mode

D. Always filter all incoming data

E. Use PHP 5's tainted mode

Answer: D

18. In PHP 5 you can use the ____ operator to ensure that an object is of a particular type. You can also use ____ in the function declaration.

A. instanceof, is_a

B. instanceof, type-hinting

C. type, instanceof

D. ===, type-hinting

E. ===, is_a

Answer: B

19. What is the output of this code snippet?

<?php print_r(array('0.001'=>'b', '0.1'=>c'));?>

A. An empty array

B. 0.001=>'b', .1=>c

C. 0=>'c'

D. '0.001'=>'b', '0.1'=>c'

E. A Syntax Error

Answer: C

20. Using flock() to lock a stream is only assured to work under what circumstances?

A. When running in a Linux environment local filesystem

B. When accessing the stream of the local filesystem

C. When running in a Windows environment and accessing a share

D. When accessing a bi-directional stream

E. When accessing a read-only stream

Answer: A

21. Given the following array:

$array = array(

1, 1, 2, 3, 4, 4, 5, 6, 6, 6, 6, 3, 2, 2, 2

);

The fastest way to determine the total number a particular value appears in the array is to use which function?

A. array_total_values

B. array_count_values

C. A foreach loop

D. count

E. a for loop

Answer: B

22. Given the following XML document in a SimpleXML object:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE html

PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<title>XML Example</title>

</head>

<body>

<p>

Move to &lt;<a

href="http://example.org/">http://www.example.org/</a>&gt;

<br />

</p>

</body>

</html>

Select the proper statement below which will display the HREF attribute of the anchor tag.

A. $sxe->body->p[0]->a[1]['href']

B. $sxe->body->p->a->href

C. $sxe->body->p->a['href']

D. $sxe['body']['p'][0]['a']['href']

E. $sxe->body->p[1]->a['href']

Answer: C

23. What is the output of the following code?

<?php

funciton beReference(&$variable = 5)

{

    echo ++$variable;

}

byReference();

?>

A. No output or error. Variables can not be optional and passed by reference.

B. 5

C. 6

Answer: C

24. When attempting to prevent a cross-site scripting attack, which of the following is most important?

A. Not writing Javascript on the fly using PHP

B. Filtering Output used in form data

C. Filterign Output used in database transacitons

D. Writing careful Javascript

E. Filtering all input

Answer: E

25. The ____ interface implements a useful design pattern which allows you to overload an instance of an object so it can be accessed like an array.

Answer: iterator

26. Consider the following String:

    $string = "John\tMark\nTed\tLarry";

 Which of the following functions would best parse the string above by teh tab (\t) and newline (\n) characters?

 A. strsplit($string, "\t\n");

 B. strtok($string, "\t\n");

 C. strstr($string, "\t\n");

 D. explode("\t\n", $string);

 E. All of the above

 Answer: B

27. What is the output of the following function?

<?php

function &find_variable(&$one, &$two, &$three)

{

    if($one > 10 && $one < 20) return $one;

    if($two > 10 && $two < 20) return $two;

    if($three > 10 && $three < 20) return $three;

}

$one = 2; 

$two = 20; 

$three = 15;

$var = &find_variable($one, $two, $three);

$var++;

print "1: $one, 2: $two, 3: $three";

?>

A. 1:2, 2:20, 3:15

B. 1:3, 2:21, 3:16

C. 1:2, 2:21, 3:15

D. 1:3, 2:20, 3:15

E. 1:2, 2:20, 3:16

Answer: E

28. If regular expressions must be used, in general which type of regular expression funcitons available to PHP is preferred for performance reasons?

A. strtok() using regular expressions

B. preg_* regular expression funtions

C. parse_str() using regular expressions

D. strregex* regular expression functions

E. ereg* regular expression functions

Answer: B

29. What is the best way to ensure that a user-defined funciton is always passed an object as its single parameter?

A. function myfunction(stdClass $a)

B. function myfunciton($a = stdClass)

C. Use is_object() within the function

D. There is no way to ensure the parameter will be an object

E. function myfunction(Object $a)

Answer: A

30. What is the output of the following code?

<?php

class MyException extends Exception{}

class AnotherException extends MyException{}

class Foo

{

    public function something()

    {

        throw new AnotherException();

    }

    public function somethingElse()

    {

        throw new MyException();

    }

}

$a = new Foo();

try

{

    try

    {

        $a->something();

    }

    catch(AnotherException $e)

    {

        $a->somethingElse();

    }

    catch(MyException $e)

    {

        print "Caught Exception";

    }

}

catch(Exception $e)

{

    print "No exception";

}

?>

A. "Caught Exception" followed by "Didn't catch the Exception!"

B. A fatal error for an uncaught exception

C. "Didn't catch the Exception!"

D. "Didn't catch the Exception!" followed by a fatal error

E. "Caught Exception"

Answer: C

31. PHP 5 supports which of the following XMl parsing methods? (choose 4)

A. SAX

B. FastDOM

C. DOM

D. XPath

E. XML to Object mapping

Answer: ACDE

32. What variable reference would go in the spots indcated by ???? in the code segment below?

<?php

$msg = "The Quick Brown Foxed Jumped Over the Lazy Dog";

$state = true;

$retval = "";

for($i = 0; (isset(????)); $i++)

{

    if($state)

    {

        $retval .= strtolower(????);

    }

    else

    {

        $retval .= strtoupper(????);

    }

    $state = !$state;

}

print $retval;

?>

A. $msg{$i};

B. ord($msg);

C. chr($msg);

D. substr($msg, $i ,2);

Answer: A

33. Which of the following functions are used with the internal array pointer to accomplish an action? (choose 4)

A. key

B. forward

C. prev

D. current

E. next

Answer: ACDE

34. Which of the following functions are part of PHP's internal Iterator interface? (choose 5)

A. rewind()

B. valid()

C. next()

D. key()

E. current()

Answer: ABCDE

35. The ____ method can be used from a SimpleXML node to return an iterator containing a list of all of the current node's subnodes.

Answer: children

36. The method used to create a new node to be added into an XML document using DOM is the ____ method

Answer: createElement

37. Determining the User-Agent reported by the client making the PHP 5 request can be determined by doing what?

A. Use the $_SERVER['USER_AGENT'] variable

B. Use the $_SERVER['HTTP_USER_AGENT'] variable

C. Using the function http_get_user_agen()

D. None of the above

Answer: B

38. What are the values of $a in $obj_one and $obj_two when this script is executed?

<?php

class myClass

{

    private $a;

    public function __construct()

    {

        $this->a = 10;

    }

    public function printValue()

    {

        print "The value is: {$this->a}\n";

    }

    public function changeValue($val, $obj = null)

    {

        if(is_null($obj))

        {

            $this->a = $val;

        }else

        {

            $obj->a = $val;

        }

    }

    public function getValue()

    {

        return $this->a;

    }

}

$obj_one = new myClass();

$obj_two = new myClass();

$obj_one->changeValue(20, $obj_two);

$obj_two->changeValue($obj_two->getValue(), $obj_one);

$obj_two->printValue();

$obj_one->printValue();

?>

A. 10, 20

B. You cannot modify private member variable of a different class

C. 20, 20

D. 10, 10

E. 20, 10

Answer: C

39. What is the difference between the include and require language constructs?

A. Require constructs can't be used with URL filenames

B. Include constructs cause a fatal error if the file doesn't exist

C. There is no difference other than the name

D. Include constructs are processed at run time; Require constructs are precessed at compile time

E. Require constructs cause a fatal error if the file can't be read

Answer: E

40. Which of the following SQL statements will improve SQLite write performance? (choose 2)

A. PRAGMA locking_mode = "Row";

B. PRAGMA count_change = Off;

C. PRAGMA default_synchronous = Off;

D. PRAGMA default_synchornous = On;

E. PRAGMA locking_mode = "Table";

Answer: BC

41. What is wrong with the following code?

<?php

function duplicate($obj)

{

    $newObj = $obj;

    return $newObj;

}

$a = new MyClass();

$a_copy = duplicate($a);

$a->setValue(10);

$a_copy->setValue(20);

?>

A. You must use return &$newObj instead

B. There is nothing wrong with this code

C. duplicate() must accept its parameter by reference

D. You must use the clone operator to make a copy of an object

E. duplicate() must return a reference

Answer: D

42. How can you modify the copy of an object during a clone operation?

A. Put the logic in the object's constructor to alter the values

B. Implement your own function to do object copying

C. Implement the object's __clone() method

D. Implement __get() and __set() methods with the correct logic

E. Implement the __copy() method with the correct logic

Answer: C

43. Which function would you use to add an element to the beginning of an array?

A. array_shift()

B. array_push()

C. $array[0] = "value";

D. array_unshift();

E. array_pop();

Answer: D

44. Consider the following PHP code segment, which attempts to execute a PDO query:

<?php

try

{

    $dbh->exec($sql);

}

catch(PDOException $e)

{

    //display warning message

    $info = $e->errorInfo;

}

?>

In the event of a PDOException, $info is set with the contents of the $errorInfo property of the exception. Which of the following are accurate description of the contents?

A. $info[1] is the database-specific error code

B. $info[2] is the database-specific error message

C. $info[1] is the unified error code

D. $info[0] is the unified error code

E. $info[0] is the Database-specific error message

Answer: ABD

45. What is the primary benefit of a SAX-based XML parser compared to DOM?

A. All of the above

B. Faster than DOM methods

C. Requires less memory than DOM

D. Easier to develop parsers

Answer: C

46. Event-based XML parsing is an example of which parsing model?

A. SAX

B. DOM

C. XML Object Mapping

D. XPath

E. XQuery

Answer: A

47. What is the output of the following code?

<?php

    function functionSplit()

    {

        $pre = 1;

?>

<?php

    echo $pre;

}

functionSplit();

?>

A. Error;function declarations can not be split over multiple PHP segments.

B. Nothing

C. 1

D. 2

Answer: C

48. The ____ construct is particularly useful to assign your own variable names to values within an array.

A. array_get_variables

B. current

C. each

D. import_variables

E. list

Answer: E

49. When opening a file in writing mode using the FTP handler, what must be done so that the file will still be written to the server in the event it previously exists?

A. Provide a context for fopen() using stream_context_create()

B. You must delete the file first before uploading a new file 

C. Configure this behavior in the php.ini file using the ftp.overwrite derective

D. Open the file using the 'w+' mode

Answer: D *

50. The ____ function is used to modify the amount of time PHP will wait for a stream before timing out during reading or writing.

Answer: stream_set_timeout

51. When uploading a file using HTTP, which variable can be used to locate the file on PHP's local filesystem?

A. None of the above

B. $_FILES['fieldname']['tmp_name']

C. $_FILES['fieldname']

D. $_FILES['fieldname'][0]['filename']

E. $_FILES['fieldname']['filename']

Answer: B

52. When writing portable database code using PDO, what is the PDO::ATTR_CASE attribute useful for?

A. None of the above

B. Ensuring that all columns are of a particular case when fetched

C. Adjusting the case of a query before it is processed for compatibility reasons

D. Controls the switch logic of how queries are processed

E. Allows you to adjust the memory cache (or "case") for increased performance

Answer: B

53. Which of the following is the best way to split a string on the "-=-" pattern?

A. They all are equally proper methods

B. str_split($string, strpos($string, "-=-"))

C. preg_split("-=-", $string)

D. explode("-=-", $string);

Answer: D

<?php

var_dump(preg_split("-=-", "aaaa-=-bbbb"));

//the output:array(2) { [0]=>  string(5) "aaaa-" [1]=>  string(5) "-bbbb" } 

?>

54. Which of the following are valid PHP variables?

A. @$foo

B. &$variable

C. ${0x0}

D. $variable

E. $0x0

Answer: ABCD

55.  Consider the following PHP 4 code:

<?php

if($obj1 === $obj2)

{

    /* Do something */

}

?>

What, if any, potential compatibility problems will this conditional have in PHP 5?

A. This code is undefined in PHP 4

B. None of the above

C. $obj1 and $obj2 must have the same property values in PHP 5

D. $obj1 and $obj2 must be the same instance in PHP5

E. There are no compatibility issues

Answer: D * (Or B ?)

56. Which of the following functions allow you to introspect the call stack during execution of a PHP script?

A. get_backtrace()

B. get_function_stack()

C. debug_backtrace()

D. debug_print_backtrace()

E. print_backtrace()

Answer: CD

57. What XML technology is used when you mix two different document types in a single XML document?

A. Validators

B. DTD

C. Transformations

D. Namespaces

Answer: B

58. The $_REQUEST super global contains what?

A. Data received from the session

B. Data receirved from Cookies

C. Data received from the server environment

D. Data received from HTTP POST

E. Data received from HTTP GET

Answer: BDE

59. Which functions would be needed to translate the following string:

I love PHP 5

to the following?

5 PHP EVOL I

(choose 2)

A. mirror()

B. strtoupper()

C. toupper()

D. str_reverse()

E. strrev()

Answer: BE

60. To destroy one variable within a PHP session you should use which method in PHP 5?

A. Unset the variable in $HTTP_SESSION_VARS

B. Use the session_destroy() function

C. Use the session_unset() function 

D. unset the variable in $_SESSION using unset()

E. Any of the above are acceptable in PHP 5

Answer: D

61. Is this code valid only in PHP 4, in PHP 5, or both?

<?php

    function myfunction(&$myvalue = null)

    {

        /* ... */

    }

?>

A. Both

B. PHP 5

C. PHP 4

Answer: B

62. The ____ pattern is extremely useful for creating objects which watch the state of other objects and respond to those changes.

Answer: Observer

63. In databased that do not support the AUTO_INCREMENT modifier, you must use a ____ instead to auto-generate a numeric incrementing key

Answer: LAST_INSERT_ID

64. 

<?php

$array = array(

            "a"=>"John",

            "b"=>"Coggeshall",

            "c"=>array(

                "d"=>"John",

                "e"=>"Smith"

            )

        );

function something($array)

{

    extract($array);

    return $c['e'];

}

print something($array);

?>

A. Smith

B. A PHP Warning

C. Coggeshall

D. NULL

E. Array

Answer: A

65. What does the following function do, when passwd two integer values for $p and $q?

<?php

function magic($p, $q)

{

    return ($q == 0) ? $p : magic($q, $p % $q);

}

?>

A. Loops infinitely

B. Switches the values of $p and $q

C. Determines if they are both even or odd

D. Determines the greatest common divisor between them

E. Calculates the modulus between the two

Answer: E

66. When running PHP in a shared host environment, what is the major security concern when it comes to session data?

A. Sessions on shared hosts are easily hijacked by outside malicious users

B. All of the above

C. You cannot use a custom data sotre in shared hosts

D. Session data stored in the file system can be read by other scripts on the same shared host

E. Users outside the shared host can access any site which created a session for them

Answer: D

67. Which of teh following functions will sort an array in ascending order by value, while preserving key associations?

A. asort()

B. usort()

C. krsort()

D. ksort()

E. sort()

Answer: A

68. When executing system commands from PHP, what should one do to keep applications secure? (choose 3)

A. Remove all quote characters from variables used in a shell execution

B. Avoid using shell commands when PHP equivlents are available

C. Hard code all shell commands

D. Escape all shell arguments

E. Escape all shell commands executed

Answer: BCD

69. Which of the following functions will trim leading and/or trailing white space from a string? (choose 3)

A. ltrim()

B. rtrim()

C. wtrim()

D. trim()

E. str_replace()

Answer: ABD

70. Which of the following is not a valid fopen() access mode:

A. b

B. x

C. a

D. w

E. r+

Answer: A

It may be any of the following: 

'r'   Open for reading only; place the file pointer at the beginning of the file.

'r+' Open for reading and writing; place the file pointer at the beginning of the file.

'w' Open for writing only; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.

'w+' Open for reading and writing; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.

'a' Open for writing only; place the file pointer at the end of the file. If the file does not exist, attempt to create it.

'a+' Open for reading and writing; place the file pointer at the end of the file. If the file does not exist, attempt to create it.

'x' Create and open for writing only; place the file pointer at the beginning of the file. If the file already exists, the fopen() call will fail by returning FALSE and generating an error of level E_WARNING. If the file does not exist, attempt to create it. This is equivalent to specifying O_EXCL|O_CREAT flags for the underlying open(2) system call.

'x+' Create and open for reading and writing; place the file pointer at the beginning of the file. If the file already exists, the fopen() call will fail by returning FALSE and generating an error of level E_WARNING. If the file does not exist, attempt to create it. This is equivalent to specifying O_EXCL|O_CREAT flags for the underlying open(2) system call. 

71. You can determine if you can seek an arbitrary stream in PHP with the ____ function?

Answer: stream_get_meta_data

72. 

<?php

session_start();

if(!empty($_REQUEST['id']) && !empty($_REQUEST['quantity']))

{

    $id = scrub_id($_REQUEST['id']);

    $quantity = scrub_quantity($_REQUEST['quantity']);

    $_SESSION['cart'][] = array('id'=>$id, 'quantity'=>$quantity);

}

/* ... */

?>

What potential security hole would this code snippet produce?

A. Cross-Site Scripting Attack

B. There is no security hole in this code

C. Code Injection

D. SQL Injection

E. Cross-Site Request Forgery

Answer: E

73. What is the primary difference between a method declared as static and a normal method?

A. Static methods can only be called using the :: syntax and never from an instance

B. Static methods do not provide a reference to $this

C. Static methods cannot be called from within class instances

D. Static methods don't have access to the self keyword

E. There is no functional difference between a static and non-static method

Answer: A * (Or B?)

74. When is it acceptable to store sensitive information in an HTTP cookie?

A. Only under extremely controlled situations

B. When the cookie is sent over a secure HTTP request

C. When it is encrypted

D. It is always acceptable

Answer: B

75. which of the following are not true about streams? (choose 2)

A. they are always seekable

B. when used properly they significantly reduce memory consumption

C. they can be applied to any data source

D. they are alwyas bi-directional

E. they can be filtered

Answer: AC (I'm not sure about C or D is correct)

76. Which php.ini directive should be disabled to prevent the execution of a remote PHP script via an include or require construct?

A. You cannot disable remote PHP script execution

B. curl.enabled

C. allow_remote_url

D. allow_url_fopen

E. allow_require

Answer: D

77. The ____ error level, which must be explicitally enabled in PHP 5, will warn you of deprecated functionality that will be removed in a future PHP version.

Answer: E_DEPRECATED

78. Which of the following operations must occur prior to any output being sent to the client (assume output buffering is disabled) (choose 3)

A. Modifying Session Data

B. Processing GET or POST data

C. Manipulating Cookie data

D. Starting a Session

E. Sending HTTP Headers

Answer: ABD * (Not sure A or C is right, be sure with BD)

79. The following code snippet displays what for the resultant array?

<?php

$a = array(1=>0, 3=>2, 4=>6);

$b = array(3=>1, 4=>3, 6=>4);

print_r(array_intersect($a, $b));

?>

A. 1=>0

B. 1=>3, 3=>1, 4=>3

C. 3=>1, 3=>2, 4=>3, 4=>5

D. 1=>0, 3=>2, 4=>6

E. An empty Array

Answer: E

80. Which of the following functions is used to determine if a given stream is blocking or not?

A. stream_get_blocking

B. stream_get_meta_data

C. stream_is_blocking

D. stream_get_blocking_mode

Answer: B