A5 Client side attacks 3 High Performance Websites Security Questions 20 pts

A5: “Client side” attacks.

3 High-Performance Websites & Security Questions [20 pts] Each question is worth 2 points. Q1: In Public Key Encryption, when used for “privacy,” who generates the private and public keys? The sender or the receiver of the cipher text? A1: The Receiver Q2: What is a “message digest” and where is it used? A2: A Message digest is 1) the number produced by applying a cryptographic hash function to a message and 2) it is used in digital signatures [underlined the two words REQUIRED in the answer] and in HTTPS / secure transactions. Q3: Why is the use of CSS sprites beneficial to the overall performance of a web page? A3: Using image sprites reduces the number of HTTP requests and saves in the number of open / close socket, operations with high overhead. Q4: Why is it better to use GET instead of POST in AJAX requests? A4: It is better to use GET instead of POST since GET sends the headers and the data together, while POST sends the header and the data separately, resulting on higher overhead. Q5: List one role of a Certificate Authority (CA). A5: Any one of these: a) Guarantees that the organization is legitimate b) Verifies the identity of an entity (client / server / e-mail address) c) Issues digital certificates d) Signs certificates with the CA’s private key Q6: Where should you put style sheets and why to optimize performance? A6: At the top, because some versions of Internet Explorer block rendering of the page until all style sheets have been examined. Q7: Where should you put scripts and why to optimize performance? A7: At the bottom, because scripts block everything from rendering below them in the page Q8: Should you “inline” JavaScript code or use external files and why to optimize performance?

4 A8: Use external JavaScript files because they are cached Q9: Should you scale images at the server or not scale images, and why? A9: No, because scaling images should be performed at the client, to allow one of the rules of “responsive” design Q10: What are the “best” two rules that minimize the transfer of information between server and browser? A10: compression and minification (of scripts and CSS) HTML5 Questions [10 pts] Each question is worth 2 points. Q1: Between the <canvas> and <svg> elements of HTML5, which one is best suited for web applications with large rendering areas, such as Google Maps? A1: SVG Q2: Which of the following capabilities have included in HTML5? A2: [ X ] canvas [ X ] video and audio [ ] local SQL database [ X ] geolocation [ X ] CSS 2D/3D transformations [ ] video plugin [ ] flash plugin [ ] ALL OF THE ABOVE Q3: Why have FRAMES been removed from HTML5?