Consider the following statements about the COVID-19 Web application

Which of the following is correct?

All of the statements (i) to (iv) are true.

Explanation

The COVID-19 Web application is designed to store articles using a MemoryRepository. The __articles_index attribute of the MemoryRepository provides a key benefit by allowing direct access to articles when responding to requests to retrieve articles by their ID. This means that the application can quickly retrieve specific articles based on their unique ID. The MemoryRepository stores articles in a List using the __articles attribute. This list is maintained in chronological order, which simplifies requests for retrieving articles by date. By organizing the articles in this way, the application can easily retrieve articles based on their publication date. If the application needs to change in the future to generate XML output instead of HTML output in response to HTTP requests, the required change would be confined to the view components defined in the application's Blueprints. This means that the underlying data storage and retrieval mechanisms would not need to be modified. When developing the application further to use a database, only the view components of the application Blueprints would need to be re-written to use the database. This is because the view components are responsible for interacting with the data storage and retrieval mechanisms, while the underlying mechanisms themselves can be updated to use a database without affecting the view components.

Security is an important consideration for Web applications. Match each of the following security terms to their correct definitions.

Authentication - The process of verifying the identity of a user who wishes to access a system.
signed cookie - An artefact that contains a user identity plus the output of a secure hash algorithm.
CSRF - A form of attack in which a malicious user induces another user to perform an action that has value for the malicious user.

Explanation

Security is an important consideration for Web applications. Authentication refers to the process of verifying the identity of a user who wishes to access a system. A signed cookie is an artefact that contains a user identity plus the output of a secure hash algorithm. CSRF, or Cross-Site Request Forgery, is a form of attack in which a malicious user induces another user to perform an action that has value for the malicious user.

Which of the following is not true?

A- A cross-site request forgery attack cannot be induced if the web application uses a GET request to execute actions.

Explanation

The correct statement: A cross-site request forgery attack cannot be induced if the web application uses a GET request to execute actions. To combat cross-site request forgery, a Web application can generate a token that is included in a form and sent to the requesting browser; on posting the form, the browser includes the token. Cross-site request forgery does not rely on guessing user credentials, and an example would be where a hacker gains control of a victim's account. This type of attack depends on cookies being used to identify the user of a request.

Which of the following statements is not true?

C- Unit testing means testing two or more dependent software components as a group.

Explanation

The correct statement: Unit testing means testing two or more dependent software components as a group. Integration testing is a complementary technique to unit testing. The effect of pytest's parametrize decorator is to cause a single test method to execute multiple times with different values for its arguments. Using Flask's test client, it is possible to send HTTP requests to a Flask Web application and to inspect corresponding responses. The Flask API includes support for testing Web applications.

Which of the following statements is not true in relation to Flask.

C- Flask is a well-known and widely used framework that provides reusable classes and functions for developing Web applications. The framework allows for integration with other libraries that are helpful in developing Web applications.

Explanation

The correct statement is: Flask is a well-known and widely used framework that provides reusable classes and functions for developing Web applications. The framework allows for integration with other libraries that are helpful in developing Web applications. Flask application development relies on adhering to conventions, e.g. providing factory methods, storing files in particular directories etc. This simplifies application development. A view method in Flask has access to a number of Flask objects, including request, that provide an abstraction for processing HTTP requests. Developing an application using Flask Blueprints helps with conforming to the principle of Dependency Inversion. The Web Server Gateway Interface (WSGI) provides the interface between a Web server and a Flask application.
← Yum utility installing rpm files without confirmation prompts Man in the middle attack and token injection replay →