Web Applications Overview

Questions and Answers

What is the main function of the web application server?

• To serve static content to clients
• To provide user authentication services
• To generate and send results back to the web server (correct)
• To manage the database directly

Which layer of the web application architecture is responsible for user interface components?

• Presentation Layer (correct)
• Business Layer
• Database Layer
• Persistence Layer

How can the layers of a web application architecture be modified?

• Changes are reflected only during server upgrades
• Each layer can be upgraded independently (correct)
• Only all layers can be changed at once
• Layers must be rewritten to accommodate changes

What does the Business Layer primarily do?

Manages the interactions between user requests and the data accessed (A)

Which of the following describes the Persistence Layer?

It provides access to persistent storage of data (D)

What common technology is used to build user interface components in the Presentation Layer?

HTML, CSS, and JavaScript (C)

What type of logic is encoded in the Business Layer?

Workflow logic for data processing (A)

What is a crucial benefit of using a three-tier architecture for web applications?

Isolation of presentation, logic, and data handling (C)

What does the Same-Origin Policy (SOP) restrict?

Communication between different origins (C)

Which components must be identical for two URLs to share the same origin?

Protocol, domain, and port number (A)

Which of the following best explains why SOP is important?

It prevents access to sensitive data on other websites. (A)

What is the primary function of Cross-Origin Resource Sharing (CORS)?

To specify which origins can access server resources (D)

What does the Access-Control-Allow-Origin header do?

Specifies which origins are allowed to access the resource (B)

Which situation would require a preflight request in CORS?

Requests with custom headers or methods (B)

What aspect of web application security does SOP primarily enhance?

User privacy and data isolation (D)

How does CORS maintain security while allowing cross-origin communication?

By specifying allowed origins and methods through headers (D)

What is the primary function of the Domain Name System (DNS)?

To convert domain names into IP addresses. (A)

Which component of the DNS process acts as a librarian, searching across various servers?

DNS Recursor (A)

What is the role of the Root Nameserver in the DNS process?

To direct the DNS Recursor to TLD nameservers. (C)

What type of IP address is typically represented as 192.168.1.1?

IPv4 (A)

In the DNS hierarchy, what is the purpose of the Authoritative Nameserver?

To deliver the exact IP address for a requested hostname. (B)

What is a primary characteristic of the client-server model?

Tasks are divided between clients and servers with no resource sharing. (D)

What occurs first when a user enters a URL in their web browser?

The request is sent to a DNS resolver. (A)

Which of the following best describes a client in the digital world?

A program running on a local machine requesting services. (D)

What best describes a TLD Nameserver's function in the DNS resolution process?

To narrow down the search to a specific top-level domain. (C)

What role does a server play in the client-server architecture?

Processes and delivers service requests from clients. (D)

Which of the following IP address formats is newer and more complex than IPv4?

IPv6 (C)

How does centralized security benefit web applications?

Simplifies the implementation of enhanced security measures. (C)

What is one advantage of automated monitoring in web applications?

Decreases the need for manual user tracking. (C)

What defines a client program's operation?

It starts upon user request and terminates after service completion. (B)

What is one key distinction between clients and servers in this model?

Clients initiate requests, while servers respond to those requests. (B)

Which of the following is NOT a benefit of using web applications?

More complexity in managing access permissions. (D)

What is the primary function of a session in web applications?

To remember user actions during their session. (B)

How is a session ID typically stored on the user's device?

As a cookie. (C)

What occurs when a session expires?

The user is logged out and session data can be deleted. (C)

What distinguishes tokens from sessions in web applications?

Tokens can be used in stateless communication. (D)

Which type of token is commonly used in OAuth frameworks?

OAuth Tokens (B)

What is the main purpose of token generation upon successful authentication?

To produce a token containing user information and permissions. (C)

What does a JSON Web Token (JWT) contain?

Encoded information about the user and their permissions. (A)

What role do tokens play in authentication systems?

They verify user identity and define access rights. (D)

Flashcards are hidden until you start studying

Study Notes

How Web Applications Work

• Web application servers process tasks and generate results based on data requests.
• Information is sent from the web server back to the client’s device (laptop, desktop, mobile).
• The requested information is displayed on the user’s screen.

Web Application Three-Tier Architecture

• Multi-Tier Architecture allows independent upgrades and replacements of different layers.

Presentation Layer

• Interface layer accessible via browsers, includes UI components built with HTML, CSS, and JavaScript.
• Responsible for presenting data to users and interacting with them.

Business Layer

• Also known as Business Logic or Domain Logic; processes user requests and manages data flow.
• Contains workflow rules such as booking hotel rooms on related websites.

Persistence Layer

• Storage or data access layer; handles data calls and manages access to application’s persistent storage.
• Optimizes data retrieval by integrating with the business layer.

Same-Origin Policy (SOP)

• A browser security feature that restricts documents/scripts from different origins from interacting.
• An origin consists of the protocol, domain, and port number; two URLs are considered the same origin if these match.
• Prevents malicious scripts from accessing sensitive data across different sites.

Purpose of SOP

• Enhances security and user privacy by isolating data from different origins.

Cross-Origin Resource Sharing (CORS)

• A mechanism that allows web servers to specify which origins can access their resources.
• Involves CORS headers that permit or deny access based on specified conditions.

CORS Details

• Access-Control-Allow-Origin is a key header that identifies permitted origins.
• Preflight requests (OPTIONS) check server permissions for specific requests.

Benefits of Web Applications

• Centralized Security Protocols streamline security management.
• Controlled Access simplifies user permission handling.
• Analytics and Monitoring provide insights into user behavior and system performance.

Client-Server Model

• A distributed application structure separating providers of services (servers) from requesters (clients).
• Clients make requests, while servers respond with data; clients do not share resources.
• Examples include email systems and the World Wide Web.

DNS (Domain Name System)

• Functions as the Internet's phonebook, translating domain names into IP addresses for browser access.
• Allows users to navigate using familiar domain names instead of numeric IPs.

DNS Resolution Process

• Converts hostnames like www.example.com into IP addresses.
• Involves multiple DNS servers: Recursor, Root Nameserver, TLD Nameserver, and Authoritative Nameserver.

Traffic Routing Using DNS

• When requesting a website, the user's input is processed by a DNS resolver managed by their ISP.
• Ensures efficient and correct traffic routing to the desired web resources.

Sessions

• Initiated when a user logs in; generates a unique session ID for tracking.
• Session ID is stored as a cookie, while session data resides on the server.
• Sessions typically expire after inactivity or upon user logout.

Tokens

• Secure strings used for user identification and authentication in web applications.
• Facilitate stateless authentication, minimizing server resource usage.

Types of Tokens

• JSON Web Tokens (JWT) include encoded user details and permissions, digitally signed for integrity.
• OAuth Tokens enable limited resource access without exposing user passwords.

Token Functionality

• Generated upon successful authentication; contains necessary user information.
• Transmitted to clients and stored in local storage or cookies for subsequent requests.