6.

Database Programming Techniques

====

--- Web Fundamentals ---

1. Which of the following is a valid uniform resource locator?
a) http://www.acm.org/sigmod
b) www.google.com
c) www.ann.in
d) http:/www.acm.org/sigmod/
Answer: a
Explanation: A uniform resource locator (URL) is a globally unique name for each
document that can be accessed on the Web.

2. http://www.google.com/search?q=silberschatz
In the above URL which one is the argument which is used for processing of the URL?
a) google
b) google.com
c) search
d) q=silberschatz
Answer: d
Explanation: Argument is always placed after ? symbol.

3. HTTP defines two ways in which values entered by a user at the browser can be
sent to the Web server. The _____ method encodes the values as part of the URL.
a) Post
b) Get
c) Read
d) Argument
Answer: b
Explanation: For example, if the Google search page used a form with an input
parameter
named q with the get method, and the user typed in the string “silberschatz” and
submitted the form, the browser would request the following URL from the Web
server: http://www.google.com/search?q=silberschatz.

4. A __________ is a program running on the server machine, which accepts requests

from a Web browser and sends back results in the form of HTML documents.
a) HTML
b) HTTP
c) Web Server
d) Web browser
Answer: c
Explanation: The browser and Web server communicate via HTTP. Web servers provide
powerful features, beyond the simple transfer of documents.

5. The application program typically communicates with a database server, through

___________ or other protocols, in order to get or store data.
a) JDBC
b) ODBC
c) All of the mentioned
d) None of the mentioned
Answer: c
Explanation: The common gateway interface (CGI) standard defines how the Web server
communicates with application programs.

6. This extra information is usually maintained in the form of a _________ at the

client.
a) Cookie
b) History
c) Remainder
d) None of the mentioned
Answer: a
Explanation: A cookie is simply a small piece of text containing identifying
information and with an associated name.

7. Which of the following is not true about HTML ?

a) <meta>…</meta>
b) <meta…./>
c) <metadata>…</metadata>
d) <metadata name=”” />
Answer: b
Explanation: Meta data is the data about data which is included in the meta data
tag.

8. Html code contains:

a) Tags
b) Attributes
c) Elements
d) All of the mentioned
Answer: d
Explanation: <> are tags,size is a attribute.

9. Html document must always be saved with:

a) .html
b) .htm
c) .doc
d) Both .html & .htm
Answer: d
Explanation: .doc is used only for the word document format.

10. How many levels of headings are in html:

a) 2
b) 7
c) 6
d) 4
Answer: c
Explanation: The heading levels are h1,h2,h3,h4,h5,h6.

--- Servlets and JSP ---

1. The Java __________ specification defines an application programming interface
for communication between the Web server and the application program.
a) Servlet
b) Server
c) Program
d) Randomize
Answer: a
Explanation: Servlets are commonly used to generate dynamic responses to HTTP
requests.

2. The doGet() method in the example extracts values of the parameter’s type and
number by using __________
a) request.getParameter()
b) request.setParameter()
c) responce.getParameter()
d) responce.getAttribute()
Answer: a
Explanation: These methods uses these values to run a query against a database.
3. How many JDBC driver types does Sun define?
a) One
b) Two
c) Three
d) Four
Answer: d
Explanation: JBDB.DriverManager.getConnection() is used to get the connection to
the database.

4. Which JDBC driver Type(s) can be used in either applet or servlet code?
a) Both Type 1 and Type 2
b) Both Type 1 and Type 3
c) Both Type 3 and Type 4
d) Type 4 only
Answer: c
Explanation: In a Type 3 driver, a three-tier approach is used to accessing
databases. The JDBC clients use standard network sockets to communicate with an
middleware application server. In a Type 4 driver, a pure Java-based driver that
communicates directly with vendor’s database through socket connection.

5. What MySQL property is used to create a surrogate key in MySQL?

a) UNIQUE
b) SEQUENCE
c) AUTO_INCREMENT
d) None of the mentioned
Answer: c
Explanation: A surrogate key in a database is a unique identifier for either an
entity in the modeled world or an object in the database.

6. A JSP is transformed into a(n):

a) Java applet
b) Java servlet
c) Either 1 or 2 above
d) Neither 1 nor 2 above
Answer: b
Explanation: Servlets are commonly used to generate dynamic responses to HTTP
requests.

7. Which JDBC driver Type(s) is(are) the JDBC-ODBC bridge?

a) Type 1
b) Type 2
c) Type 3
d) Type 4
Answer: a
Explanation: In a Type 1 driver, a JDBC bridge is used to access ODBC drivers
installed on each client machine.

8. What programming language(s) or scripting language(s) does Java Server Pages

(JSP) support?
a) VBScript only
b) Jscript only
c) Java only
d) All of the mentioned
Answer: c
Explanation: JSP primarily uses Java for certain codes.

9. What is bytecode?
a) Machine-specific code
b) Java code
c) Machine-independent code
d) None of the mentioned
Answer: c
Explanation: Java bytecode is the form of instructions that the Java virtual
machine executes. Each bytecode opcode is one byte in length, although some require
parameters, resulting in some multi-byte instructions.

10. Where is metadata stored in MySQL?

a) In the MySQL database metadata
b) In the MySQL database metasql
c) In the MySQL database mysql
d) None of the mentioned
Answer: c
Explanation: Metadata contains data about other data which is given in the <meta>…
</meta> tags.

--- Application Architectures ---

1. Which of the following is true for Seeheim model?
a) Presentation is abstracted from dialogue and Application
b) Presentation and Dialogue is abstracted from Application
c) Presentation and Application is abstracted from Dialogue
d) None of the mentioned
Answer: a
Explanation: Presentation is abstracted from dialogue and application.

2. Which of the unit operation is used in Model view controller?

a) Is a Decomposition
b) Part Whole Decomposition
c) All of the mentioned
d) None of the mentioned
Answer: b
Explanation: Part whole decomposition is applied to MVC.

3. Memory address refers to the successive memory words and the machine is called
as _______________
a) word addressable
b) byte addressable
c) bit addressable
d) Terra byte addressable
Answer: a
Explanation: Part whole decomposition is applied to MVC.

4. Which layer deals which deals with user interaction is called _____________
layer.
a) Business logic
b) Presentation
c) User interaction
d) Data access
Answer: b
Explanation: The single application may have several different versions of this
layer, corresponding to distinct kinds of interfaces such as Web browsers, and user
interfaces of mobile phones, which have much smaller screens.

5. The _____________ layer, which provides a high-level view of data and actions on
data.
a) Business logic
b) Presentation
c) User interaction
d) Data access
Answer: a
Explanation: The single application may have several different versions of this
layer, corresponding to distinct kinds of interfaces such as Web browsers, and user
interfaces of mobile phones, which have much smaller screens.

6. The ______________ layer, which provides the interface between the business-
logic layer and the underlying database.
a) Business logic
b) Presentation
c) User interaction
d) Data access
Answer: d
Explanation: Many applications use an object-oriented language to code the
business-logic layer, and use an object-oriented model of data, while the
underlying database is a relational database.

7. The _____________ system is widely used for mapping from Java objects to
relations.
a) Hibernate
b) Object oriented
c) Objective
d) None of the mentioned
Answer: a
Explanation: In Hibernate, the mapping from each Java class to one or more
relations is specified in a mapping file.

8. Which among the following are the functions that any system with a user
interface must provide?
a) Presentation
b) Dialogue
c) All of the mentioned
d) None of the mentioned
Answer: a
Explanation: Presentation and Application are the functions that any system with a
user interface must provide.

9. Which of the following is the main task accomplished by the user?

a) Compose a document
b) Create a spread sheet
c) Send mail
d) All of the mentioned
Answer: d
Explanation: All of the mentioned are the main task accomplished by the user.

10. What are the portability concerns founded in Seeheim model?

a) Replacing the presentation toolkit
b) Replacing the application toolkit
c) Replacing the dialogue toolkit
d) Replacing the presentation & application toolkit
Answer: d
Explanation: The portability concerns founded in Seeheim model are- Replacing the
presentation toolkit and Replacing the application toolkit.

--- Rapid Application Development ---

1. Which schema object instructs Oracle to connect to a remotely access an object
of a database?
a) Sequence
b) Remote link
c) Database link
d) Data link
Answer: d
Explanation: A database link (DBlink) is a definition of how to establish a
connection from one Oracle database to another.

2. DML changes are

a) Insert
b) Update
c) Create
d) Both Insert and Update
Answer: d
Explanation: Create is a DDL operation.

3. Which of the following object types below cannot be replicated?

a) Data
b) Trigger
c) View
d) Sequence
Answer: d
Explanation: Sequence is a series of items which is like a unique index.

4. How to force a log switch?

a) By using ALTER SYSTEM LOG
b) By using ALTER SYSTEM SWITCH LOGFILE
c) By using ALTER SYSTEM SWITCH LOGS
d) By using ALTER SYS LOGFILES
Answer: b
Explanation: ALTER SYSTEM ARCHIVE LOG CURRENT is the best practice for production
backup scripts with RMAN.

5. In the following query, which expression is evaluated first?

SELECT id_number, (quantity - 100 / 0.15 - 35 * 20) FROM inventory
a) 100 / 0.15
b) quantity – 100
c) 35*20
d) 0.15-35
Answer: a
Explanation: According to the precedence of expression as in BODMAS the expression
evaluated.

6. The ORDER BY clause can only be used in

a) SELECT queries
b) INSERT queries
c) GROUP BY queries
d) HAVING queries
Answer: a
Explanation: SELECT column_name,column_name
FROM table_name
ORDER BY column_name,column_name ASC|DESC;.

7. Which of the following rule below are categories of an index?

a) Column and Functional
b) Multiple Column and functional
c) Column, Multiple Column and functional
d) None of the mentioned
Answer: a
Explanation: The CREATE INDEX statement is used to create indexes in tables.

8. What is the purpose of SMON background process?

a) Performs crash recovery when a failed instance starts up again
b) Performs recovery when a user process fails
c) Writes redo log entries to disk
d) None of the mentioned
Answer: a
Explanation: SMON (System MONitor) is an Oracle background process created when you
start a database instance.

9. Which of the following queries are legal?

a) SELECT deptno, count(deptno) FROM emp GROUP BY ename;
b) SELECT deptno, count(deptno), job FROM emp GROUP BY deptno;
c) SELECT deptno, avg(sal) FROM emp;
d) SELECT deptno, avg(sal) FROM emp GROUP BY deptno;
Answer: d
Explanation: For aggregate functions group by clause is necessary.

10. Which of the following queries displays the sum of all employee salaries for
those employees not making commission, for each job, including only those sums
greater than 2500?
a) select job, sum(sal) from emp where sum(sal) > 2500 and comm is null;
b) select job, sum(sal) from emp where comm is null group by job having sum(sal) >
2500;
c) select job, sum(sal) from emp where sum(sal) > 2500 and comm is null group by
job;
d) select job, sum(sal) from emp group by job having sum(sal) > 2500 and comm is
not null;
Answer: b
Explanation: For aggregate functions group by clause is necessary.

--- Application Performance ---

1. The indirect change of the values of a variable in one module by another module
is called
a) Internal change
b) Inter-module change
c) Side effect
d) Side-module update
Answer: c
Explanation: The module of the search tree and the flow is directed by its values.

2. Which of the following data structure is not linear data structure?

a) Arrays
b) Linked lists
c) Arrays & Linked lists
d) None of the mentioned
Answer: d
Explanation: Both array and linked lists are in data structure concepts.

3. Which of the following data structure is linear data structure?

a) Trees
b) Graphs
c) Arrays
d) None of the mentioned
Answer: c
Explanation: Tree and graphs are not linear.
4. Which of the following criterion is NOT written using the proper syntax?
a) “Haris”
b) <500
c) NO VALUE
d) Between #1/1/2000# and #12/31/2000#
Answer: c
Explanation: NO VALUE cannot be specified.

5. The operation of processing each element in the list is known as

a) Sorting
b) Merging
c) Inserting
d) Traversal
Answer: d
Explanation: There are several types of traversals.

6. Finding the location of the element with a given value is:

a) Traversal
b) Search
c) Sort
d) None of the mentioned
Answer: b
Explanation: Search is performed by traversing through the tree.

7. Arrays are best data structures

a) For relatively permanent collections of data
b) For the size of the structure and the data in the structure are constantly
changing
c) All of the mentioned
d) None of the mentioned
Answer: a
Explanation: The operator tree has a tree like format where the evaluation starts
from root of the tree.

8. Linked lists are best suited

a) For relatively permanent collections of data
b) For the size of the structure and the data in the structure are constantly
changing
c) All of the mentioned
d) None of the mentioned
Answer: b
Explanation: A linked list is a data structure consisting of a group of nodes which
together represent a sequence.

9. Each array declaration need not give, implicitly or explicitly, the information
about
a) The name of array
b) The data type of array
c) The first data from the set to be stored
d) The index set of the array
Answer: c
Explanation: The operator tree has a tree like format where the evaluation starts
from root of the tree.

10. The elements of an array are stored successively in memory cells because
a) By this way computer can keep track only the address of the first element and
the addresses of other elements can be calculated
b) The architecture of computer memory does not allow arrays to store other than
serially
c) All of the mentioned
d) None of the mentioned
Answer: a
Explanation: Memory is always allotted in order.

--- Application Security ---

1. In _________________ attacks, the attacker manages to get an application to
execute an SQL query created by the attacker.
a) SQL injection
b) SQL
c) Direct
d) Application
Answer: a
Explanation: Application security has to deal with several security threats and
issues beyond those handled by SQL authorization.

2. A Web site that allows users to enter text, such as a comment or a name, and
then stores it and later display it to other users, is potentially vulnerable to a
kind of attack called a ___________________ attack.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
Answer: c
Explanation: In such an attack, a malicious user enters code written in a client-
side scripting language such as JavaScript or Flash instead of entering a valid
name or comment.

3. _________ is an attack which forces an end user to execute unwanted actions on a

web application in which he/she is currently authenticated.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
Answer: b
Explanation: Cross-site request forgery, also known as a one-click attack or
session riding and abbreviated as CSRF or XSRF.

4. Many applications use _________________ where two independent factors are used
to identify a user.
a) Two-factor authentication
b) Cross-site request forgery
c) Cross-site scripting
d) Cross-site scoring scripting
Answer: a
Explanation: The two factors should not share a common vulnerability.

5. Even with two-factor authentication, users may still be vulnerable

to_____________attacks.
a) Radiant
b) Cross attack
c) scripting
d) Man-in-the-middle
Answer: d
Explanation: In such attacks, a user attempting to connect to the application is
diverted to a fake Web site, which accepts the password from the user, and uses it
immediately to authenticate to the original application.
6. A single ______________ further allows the user to be authenticated once, and
multiple applications can then verify the user’s identity through an authentication
service without requiring reauthentication.
a) OpenID
b) Sign-on system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
Answer: b
Explanation: Once the user logged in at one site, he does not have to enter his
user name and password at other sites that use the same single sign-on service.

7. The ___________________ is a standard for exchanging authentication and

authorization information between different security domains, to provide cross-
organization single sign-on.
a) OpenID
b) Sign-on system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
Answer: c
Explanation: The user’s password and other authentication factors are never
revealed to the application, and the user need not register explicitly with the
application.

8. The __________ standard is an alternative for single sign-on across

organizations, and has seen increasing acceptance in recent years.
a) OpenID
b) Single-site system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
Answer: a
Explanation: The user’s password and other authentication factors are never
revealed to the application, and the user need not register explicitly with the
application.

9. _______________ allows a system administrator to associate a function with a

relation; the function returns a predicate that must be added to any query that
uses the relation.
a) OpenID
b) Single-site system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)
Answer: d
Explanation: Some database systems provide mechanisms for fine-grained
authorization.

10. VPD provides authorization at the level of specific tuples, or rows, of a

relation, and is therefore said to be a _____________ mechanism.
a) Row-level authorization
b) Column-level authentication
c) Row-type authentication
d) Authorization security
Answer: a
Explanation: Oracle Virtual Private Database (VPD) allows a system administrator to
associate a function with a relation.

--- Encryption and Its Applications ---

1. ___________ is widely used today for protecting data in transit in a variety of
applications such as data transfer on the Internet, and on cellular phone networks.
a) Encryption
b) Data mining
c) Internet Security
d) Architectural security
Answer: a
Explanation: Encryption is also used to carry out other tasks, such as
authentication.

2. In a database where the encryption is applied the data is cannot be handled by

the unauthorised user without
a) Encryption key
b) Decryption key
c) Primary key
d) Authorised key
Answer: b
Explanation: Even if the message is intercepted by an enemy, the enemy, not knowing
the key, will not be able to decrypt and understand the message.

3. Which of the following is not a property of good encryption technique?

a) Relatively simple for authorized users to encrypt and decrypt data
b) Decryption key is extremely difficult for an intruder to determine
c) Encryption depends on a parameter of the algorithm called the encryption key
d) None of the mentioned
Answer: d
Explanation: Here a, b and c are the properties have to be present in a good design
of an encryption technique.

4. In which of the following encryption key is used to encrypt and decrypt the
data?
a) Public key
b) Private key
c) Symmetric key
d) Asymmetric key
Answer: c
Explanation: In public-key (also known as asymmetric-key) encryption techniques,
there are two different keys, the public key and the private key, used to encrypt
and decrypt the data.

5. Encryption of small values, such as identifiers or names, is made complicated by

the possibility of __________
a) Dictionary attacks
b) Database attacks
c) Minor attacks
d) Random attacks
Answer: a
Explanation: This happens when particularly if the encryption key is publicly
available.

6. Which one of the following uses a 128bit round key to encrypt the data using XOR
and use it in reverse to decrypt it?
a) Round key algorithm
b) Public key algorithm
c) Advanced Encryption Standard
d) Asymmetric key algorithm
Answer: c
Explanation: The standard is based on the Rijndael algorithm.

7. Which of the following requires no password travel across the internet?

a) Readable system
b) Manipulation system
c) Challenge–response system
d) Response system
Answer: c
Explanation: The database system sends a challenge string to the user. The user
encrypts the challenge string using a secret password as encryption key and then
returns the result. The database system can verify the authenticity of the user by
decrypting the string with the same secret password and checking the result with
the original challenge string.

8. Assymmetric Encryption: Why can a message encrypted with the Public Key only be
decrypted with the receiver’s appropriate Private Key?
a) Not true, the message can also be decrypted with the Public Key
b) A so called “one way function with back door” is applied for the encryption
c) The Public Key contains a special function which is used to encrypt the message
and which can only be reversed by the appropriate Private Key
d) The encrypted message contains the function for decryption which identifies the
Private Key
Answer: b
Explanation: An one-way function is a function which a computer can calculate
quickly, but whose reversal would last months or years. An one-way function with
back door can be reversed with the help of a couple of additional information (the
back door), but scarcely without this information. The information for the back
door is contained in the private Key.

9. Which is the largest disadvantage of symmetric Encryption?

a) More complex and therefore more time-consuming calculations
b) Problem of the secure transmission of the Secret Key
c) Less secure encryption function
d) Isn’t used any more
Answer: b
Explanation: As there is only one key in the symmetrical encryption, this must be
known by both sender and recipient and this key is sufficient to decrypt the secret
message. Therefore it must be exchanged between sender and receiver in such a
manner that an unauthorized person can in no case take possession of it.

10. Which is the principle of the encryption using a key?

a) The key indicates which function is used for encryption. Thereby it is more
difficult to decrypt an intercepted message as the function is unknown
b) The key contains the secret function for encryption including parameters. Only a
password can activate the key
c) All functions are public, only the key is secret. It contains the parameters
used for the encryption resp. decryption
d) The key prevents the user of having to reinstall the software at each change in
technology or in the functions for encryption
Answer: b
Explanation: The encoding of a message is calculated by an algorithm. If always the
same algorithm would be used, it would be easy to crack intercepted messages.
However, it isn’t possible to invent a new algorithm whenever the old one was
cracked, therefore the possibility to parameterize algorithms is needed and this is
the assignment of the key.