Hi all,
I'm preparing for zend exam which I'll be taking soon with some mock test from the zend. Some questions are easy and some are twisted. But, for some, I can't find related information over the net. I posted those questions for you guys to see. I hope you guys can help me on this.


1. Name three new extensions in PHP5
choose 3
a)tidy
b)soap
c)java
d)curl
e)mysqli
My Guess : soap,java,tidy

2.Identify the best appraoch to compare to variables in a binary-safe fashion
a)Both strcmp() and $a===$b
b)$a==$b
c)$a===$b
d)str_compare()
e)strstr
my guess : e

3.When running PHP in a shared host environment, what is the major security concern when it comes to session data?
a)Sessions on shared hosts are easily hijacked by outside malicious users
b)All of the above
c)You cannot use a custom data store in shared hosts
d)Session data stored in the file system can be read by other scripts on the same shared host
e)Users outside the shared host can access any site which created a session for them
my guess : c

Which PCRE regular expression will match the string PhP5-rocks?
a)/^[hp1-5]*\-.*/
b)/[hp1-5]*\-.?/
c)/[hp][1-5]*\-.*/
d)/[Php]{3}[1-5]{2,3}\-.*$/
e)/[a-z1-5\-]*/
my guess: No correct answer

Which of the following are examples of the new engine executor models available in PHP 5?
(choose 3)
a)Switch
b)Conditional
c)Goto
d)Call
e)Dynamic
my guess : cde

The ______ constant in a CLI script is an automatically provided file resource representing standard input of the terminal.
a)STDIN
b)__STDIN__
c)STDIO
d)PHP::STDIO
e)STD_IN
my guess : a

Event-based XML parsing is an example of which parsing model?
a)SAX
b)DOM
c)XML Object Mapping
d)XPath
e)XQuery
my guess : d

Ok Homer,
Here's what I've got.


Name three new extensions in PHP5
I believe the correct answer is a, b, e, tidy (http://209.85.173.104/search?q=cache:Q_u5H-KgLMMJ:devzone.zend.com/article/761-Tidying-up-your-HTML-with-PHP-5+php,+tidy&hl=en&ct=clnk&cd=2&gl=us), soap (http://devzone.zend.com/node/view/id/689) and mysqli (http://devzone.zend.com/node/view/id/686)


Identify the best appraoch to compare to variables in a binary-safe fashion
Like so many, this is one of those really poorly worded questions on the practice tests... however seeing as there is no mention of strings, or the nature of the comparison, I would have to guess "c" here.



When running PHP in a shared host environment, what is the major security concern when it comes to session data?
Actually this is THE VERY QUESTION I was investigating when I came upon your post here. Now, I don't know what "custom data store" even means, but I'm pretty darned sure it's NOT the answer to this question. In fact it is the ONE answer that renders me pretty certain that the answer is also NOT b."All of the above." (if MySQL or SQLite don't qualify as custom data stores then....????) currently my best guess would have to be.... d?


Which PCRE regular expression will match the string PhP5-rocks?
Your's is the second post I have encountered on this question, which posits the theory that there is NO correct answer.
One of two things here, either you both copied it wrong, or there is more than one version of this question being included in the practice tests.
Why? you ask... well, shortly after encountering the first such post on another forum, I did occasion to take a practice test, and found what appears to be the very same question included therein. As such, I did trouble myself to copy it for review and clarification. It turns out that my copy of the answers differs in one tiny but all important regard, specifically the character "i" following the closing delimiter in answer-option "a" as follows:
Mine a)/^[hp1-5]*\-.*/i
Yours a)/^[hp1-5]*\-.*/
The Correct answer -- not surprisingly --- is "a"


Which of the following are examples of the new engine executor models available in PHP 5?(choose 3)
The correct answers are a, c, d (SWITCH, GOTO, AND CALL) (http://sebastian-bergmann.de/archives/504-PHP-5.1-Performance.html)


The ______ constant in a CLI script is an automatically provided file resource representing standard input of the terminal.
Yes, the a is the correct answer.


Event-based XML parsing is an example of which parsing model?
a) SAX (http://en.wikipedia.org/wiki/Simple_API_for_XML)

# When running PHP in a shared host environment, what is the major security concern when it comes to session data?

The answer is (perhaps shockingly to some):

d)Session data stored in the file system can be read by other scripts on the same shared host

All session data is written to a common tmp directory which is accessible by any user on the virtual server, if usernames, passwords or any other sensitive info is stored then this data is at risk on a shared server.

Summary : dont store sensitive data in sessions on a shared server

Get a dedicated machine ! :)

You definitely can define a custom session data store (a mysql table for example) and for the reason mentioned above is advisable on shared hosting!

You definitely can define a custom session data store (a mysql table for example) and for the reason mentioned above is advisable on shared hosting!

Yes this is true, but the answer to the zend question remains the issue about the shared tmp directory.

The following functions can be used to mitigate the security risk somewhat:

session_save_path()

and

session_set_save_handler

Yes this is true, but the answer to the zend question remains the issue about the shared tmp directory.

Yes, I was just commenting :)

Hi

Which PCRE regular expression will match the string PhP5-rocks?
a)/^[hp1-5]*\-.*/
b)/[hp1-5]*\-.?/
c)/[hp][1-5]*\-.*/
d)/[php]{3}[1-5]{2,3}\-.*$/
e)/[a-z1-5\-]*/
my guess: No correct answer

the correct answer is B or E, i don't understand why u says A...

$str= "PhP5-rocks";
echo preg_match("/^[hp1-5]*\-.*/",$str); //0
echo preg_match("/[hp1-5]*\-.?/",$str); //1
echo preg_match("/[hp][1-5]*\-.*/",$str); //0
echo preg_match("/[php]{3}[1-5]{2,3}\-.*$/",$str); //0
echo preg_match("/[a-z1-5\-]*/",$str); // 1

Thanks

Hi

Which PCRE regular expression will match the string PhP5-rocks?
a)/^[hp1-5]*\-.*/
b)/[hp1-5]*\-.?/
c)/[hp][1-5]*\-.*/
d)/[php]{3}[1-5]{2,3}\-.*$/
e)/[a-z1-5\-]*/
my guess: No correct answer

the correct answer is B or E, i don't understand why u says A...

$str= "PhP5-rocks";
echo preg_match("/^[hp1-5]*\-.*/",$str); //0
echo preg_match("/[hp1-5]*\-.?/",$str); //1
echo preg_match("/[hp][1-5]*\-.*/",$str); //0
echo preg_match("/[php]{3}[1-5]{2,3}\-.*$/",$str); //0
echo preg_match("/[a-z1-5\-]*/",$str); // 1

Thanks

A and C would match if you added the "i" modifier to make them case-insensitive. B and C currently match simply because the use of the "*" repetition character, which is zero or more occurrences, and therefore matches in these cases because it can ignore any preceding characters that do not match, since those patterns are not anchored to the start of the string with the "^" character.

Same for E, it is essentially an empty expression that will match anything.

Same for E, it is essentially an empty expression that will match anything.

Yeah, I think I meant "B and E" in my last reply instead of "B and C". :)