React Components Quiz

Questions and Answers

What is a key characteristic of React components?

They must be defined in a separate file.

They cannot hold internal state.

They do not accept props.

They are modular and reusable. (correct)

What does the useState hook enable in a React application?

It simplifies the process of adding props to components.

It handles external API interactions automatically.

It eliminates the need for component reusability.

It allows the app to maintain internal state. (correct)

When using JSX in a React project, what is required for multi-line expressions?

Parens ( ) to wrap the JSX. (correct)

Square brackets for array syntax.

No special syntax is needed.

Curly braces to wrap the expressions.

How does the useContext hook benefit a React application?

It allows sharing of state without prop drilling.

In JSX, how are variables embedded within HTML-like syntax?

With curly braces surrounding the variable.

What is the main purpose of Infrastructure-as-a-Service (IaaS)?

To offer servers in the cloud where the user manages scaling.

Which of the following correctly describes 'Cloud Native' applications?

Software designed specifically for deployment on modern cloud platforms.

What is the primary function of auto scaling in a cloud environment?

Adjust the quantity of resources based on application load.

In the context of cloud computing, what does Disaster-Recovery (DR) focus on?

Spreading data centers geographically to mitigate risks.

What does 'Infrastructure as Code (IAC)' primarily involve?

Using code to provision and manage hardware and software resources.

What is the primary purpose of input validation in cybersecurity?

To prevent nefarious users from exploiting vulnerabilities

Which attack type involves overwhelming a system with traffic from multiple sources?

DDOS attack

What does the Saga pattern specifically manage in microservices architecture?

Data consistency across distributed transactions

Which of the following is NOT a type of attack mentioned in the content?

Compression Attack

Which access control method assigns users to roles instead of granting access directly?

Role-based Access Control (RBAC)

What does the term 'Buffer Overflow' refer to in cybersecurity?

Overwriting the allocated memory space in stack or heap

Which pattern is characterized by providing a simplified interface to a complex system?

Facade Pattern

What type of information is classified under Protected Health Information (PHI)?

Medical records and insurance details

Which pattern allows for a single point of entry into a system?

API Gateway

What technique is similar to 'fail fast' in system design?

Circuit Breaker

Study Notes

Course Information

• Course name: CSE-2102
• Instructor: Jonathan Clark
• Exam review for final exam

Project Grades

• Project grades posted by end of week.
• Focus: major components (pets list, adoption, approval, users, roles)
• Milestone 7: no work after Milestone 7 results in a zero.
• Some individuals may get higher or lower scores than team members.
• SET surveys

Exam Dates & Deadlines

• Extra Credit options - Due Wednesday, December 4th (graded by December 8th)
• Honors Conversion - Due Friday, December 6th (graded by December 10th)
• Final Exam - Monday, December 9th, 1:00 pm, ITE-C80

Exam Goals

• Covers material not covered in the midterm.
• Exception: Covers Databases (module 5) and concepts spanning the entire year.
• Goal: success in the exam is attainable with good effort on the group project and attentiveness in class.

Exam Logistics

• 40 multiple choice questions; approximately 90 minutes.
• Some questions are the "select all that apply" type.
• Study materials: lecture slides, labs, homeworks, group project code.
• Practice exam recommended (in HCT), but this is not an exhaustive review.
• Bring valid ID.
• Arrive 10-15 minutes early.
• Spread out in the exam room, keep at least one seat between each student.

Module 5: Databases

• Group project work

Python & SQLite

• The provided code shows how to import and use sqlite3 in Python for a database query.
• Implies sqlite3 is an import module for Python databases.

SQL

• SQL (Structure Query Language) for creating, reading, updating, and deleting data in a database.
• Describes SQL functions for these tasks.

Module 7A: Containers

• Lab 8: Dockerize a simple Python flask app.
• Requirements.txt, pip freeze, Dockerfile, build/run commands, cleanup commands
• HW3: Different base images, exposing different ports

Hypervisor

• Type 1 ("Bare Metal/Native") Hypervisor.
• Type 2 ("Embedded/Hosted") Hypervisor
• Guest OS, Virtual Machine(VM), Hypervisor, Host OS (diagram depicts the layers).

Containers (continued)

• Virtual Machines virtualize hardware; a hypervisor manages virtual machines running on a host machine.
• Containers virtualize operating systems and use less resources (no hypervisor)
• Containers package the operating system, code, dependencies.
• Docker is used to build, test, and deploy containerized applications.
• Summary of containers vs virtual machines (VMs).

Docker Images

• Docker images are layered with the base image at the bottom, built by layer sequentially.
• Dockerfile instructions for image building
• Describes how the layers are built and the implications of changes (no caching if upper layers changed).
• Conceptual summary of docker images and layers

Layered Docker images (continued)

• Layered format of docker images: start with a base image and build on top.
• Organizing changes in upper layers increases efficiency.
• Solves software dependency issues.
• Portable across clouds.
• Simplifies DevOps.

Dockerfile

• Dockerfile—text file (no file extension) containing instructions to build a docker image.
• Describes different Dockerfile commands: FROM, WORKDIR, COPY, ADD, RUN, ENTRYPOINT, CMD.
• Detailed descriptions of each command within Docker.

Docker Commands

• docker build: builds the image.
• docker run: starts the container (with port mapping options (-p)).
• docker stop: stops the container.
• docker rm: deletes the container.
• docker images: lists all images.
• docker ps: lists running docker containers.
• docker exec: executes a command in a running container.

Docker Cleanup

• docker stop: stops a container.
• docker container prune: removes all stopped containers.
• docker image prune: removes all unused images and their associated containers.
• docker rm: deletes a container.
• docker image rm: removes a specific image.
• docker system prune: removes all unused containers, networks, images (both dangling and unused), and optionally volumes.

Module 7B: Auth

• Modules about authentication topics

Terms: Identity, Authentication, Authorization

• Key concepts of authentication and authorization.
• Identity: Who are you?
• Authentication: Proof of identity (Are you who you say you are?).
• Authorization: Rights, privileges (What are you allowed to do?).

Multi-factor Authentication (MFA)

• Something you know, and something you have (2FA or more).
• Adaptive Authentication: adjusts authentication rigor based on the risk level.

Identity Provider (IdP)

• Stores and manages digital identities.

Single Sign-On (SSO)

• One login to access disparate resources/apps.

JSON Web Token (JWT)

• Compact and secure way to exchange information, in JSON format, base64 encoded, not encrypted.
• Claims (statements of truth).
• Digitally signed (ensuring integrity).
• Verification address.

OpenID Connect (OIDC) Flow Types

• Client Credentials Flow, Implicit Flow, Authorization Code Flow, PKCE.

Tokens

• Identity Token: info about the authenticated user.
• Access Token: for the server to protect resources.
• Refresh Token: how clients obtain new identity and access tokens when they expire.

Module 8: Frontend, React

• Lab 9: npm commands, package.json, build/run locally
• Lab 10: React components, calling async functions
• Group project work

File Types for web pages

• HTML (HyperText Markup Language): structures the page (paragraphs, tables, etc).
• CSS (Cascading Style Sheets): styles the page (text size, borders, animations, etc).
• JS (JavaScript): provides dynamic functionality (show/hide, fetch data, etc)

Document Object Model (DOM)

• API/interface for interacting with web pages
• Independent of programming language.
• Properties and methods are used for modifications.
• Window and Document represent webpage components (for interactions).

Multi-Page Applications (MPAs) vs. Single-Page Applications (SPAs)

• MPAs: Each link loads new page from the server; blank page temporarily displayed when loading.
• SPAs: Content dynamically updates on page without reloading; Javascript changes DOM as needed.

Async/Await

• Async keyword = function returns promise
• Await keyword = pauses execution until promise is resolved and returns a result.
• Use the .then() syntax as well (alternative to await).

Axios or Fetch?

• Axios has better backward compatibility and is usually easier to work with.
• Demonstrates an Axios implementation example for fetching data.

JSX

• Javascript XML, a syntax extension, uses HTML-like syntax within JS/TS React files.

React Components

• Components are modular and reusable.
• State is internal values.
• Props allow values to be passed between components.
• Notes regarding component naming conventions and JSX formatting.

State Management

• useState hook to maintain component state
• Examples of fetching data asynchronously from APIs and displaying on screen.

Module 9: Cloud

• Covered in this module.

Deployment

• On-Premise (your data center)
• Public Cloud (managed by another company)
• Private Cloud (virtualized environments managed by your company).
• High-Availability (HA) – using multiple data centers.
• Disaster Recovery (DR) – spreading data centers to handle outages.

Cloud Configurations (Service models)

• IaaS (Infrastructure-as-a-service) – manage servers in the cloud.
• PaaS (Platform-as-a-service) – cloud provider manages scaling.
• Serverless – developers focus only on application logic.

Auto Scaling & Load Balancing

• Auto scaling adjusts resources based on load.
• Load balancing distributes traffic across resources.

Cloud Native

• Software for deployment onto modern cloud platforms.
• How applications are built and deployed.
• Describes deployment methodologies for edge computing.
• Polyglot – Mix of tools/languages (using the right tool for the job) .

Module 10: Security & Privacy

• Covering security and privacy aspects.

Injection Attacks

• Malicious code/database commands injected into input fields.
• Execution of malicious instructions, potentially causing system damage (e.g. Cross-site Scripting (XSS) and SQL Injection).

Attack Types

• DOS (Denial-of-service): causes systems to become unavailable
• DDOS (Distributed DOS): multiple computers coordinate to overload a target.
• Brute Force: trial-and-error attempts (lots and possibility).
• Buffer Overflow: overfilling a buffer, causing problems.
• Man-in-the-Middle: interception of user traffic.
• Supply Chain attacks: third-party vendor software attacks.

Countermeasures

• Encryption (data at rest and in transit).
• Multi-Factor Authentication (MFA).
• Input Validation (using regular expressions).
• Server-side defenses against malicious inputs.
• Role-based Access Controls (RBAC)

Privacy

• Personally Identifiable Information (PII) (name, address, SSN, etc).
• Protected Health Information (PHI) (medical records, etc)

Design Patterns

• API Gateway, Circuit Breaker, Async Messaging, Health Check, Saga, Adapter, Decorator, Facade, Factory, Singleton, Aggregator, BFF, Strangler, CORS, Sidecar.

Saga Pattern

• Managing data consistency for distributed transactions.
• Orchestration for controlling distributed interactions using services.
• Choreography for indepedent service execution.

Additional Patterns

• Other design patterns for APIs and microservice implementations.

Module 11: Reliable Programming

• Overview of how to develop reliable software.
• Techniques: fault avoidance, input validation, failure management

Code Smell Examples

• Common code design issues to watch out for
• Large classes (single responsibility principle violation).
• Long methods/functions (function doing multiple unrelated tasks).
• Duplicated code.
• Meaningless names.
• Unused code.

Guard Clauses

• Checking first to prevent further execution if a condition is true, and immediately exit the function.

Non-functionals

• Resilience (system's ability to recover in the absence of human help).
• Antifragility (system gets better when stressed)
• Black Swan (unpredictable events with severe and widespread impacts that are retrospectively deemed avoidable)

Chaos Engineering

• Deliberately introducing errors/failures to develop robust systems
• Disciplined experiments for identifying failures before critical issues arise.

Site Reliability Engineering (SRE) Guiding Principles

• SRE practices for systems reliability such as integration checking, testing, using pessimistic deployments, observing failures, urgent recovery, and updating frequently.

Monitoring

• Performance Monitoring (business transactions).
• Service Level Indicators (SLIs) (metrics of performance).
• Service Level Objectives (SLOs) (target values for SLIs).
• Service Level Agreements (SLAs) (contracts between providers and customers).

RPO/RTO

• RPO - Recovery Point Objective (how much data loss is tolerable).
• RTO - Recovery Time Objective (how long can system be down before problems result).
• Mean Time To Recovery (MTTR) (average time it takes to recover from a failure).

Testing Conceptual Understanding

• Identification of guard clauses.
• Identifying code smells.
• Design pattern recognition
• Recognizing and fixing errors in Python, React, or Docker code and SQL statements

Question Format

• Sample multiple choice question (final exam location).

Additional Information (From final slide)

• Overview of test format and logistics.

Description

Test your knowledge on the key characteristics of React components. This quiz will help you understand the foundational aspects of using components in React framework. Get ready to challenge yourself and deepen your React skills!