Study guide

How to use this study guide

This is a collection of example questions that could appear on the exam. Note that most of these won’t be on the exam, but I won’t guarantee none of them will (especially hard ones!).

In general, there are two components to exams I give. The first is that I minimize straight regurgitation of knowledge, and will often require chaining understanding of multiple topics in class together to come to the proper answer.

The second is that my exams test your ability to communicate about the content that you have learned. Many questions will ask you to explain a concept - the idea here is that you should not only have an understanding of some topic, but understand it sufficiently well that you can explain it to one of your peers in class, or even someone else in CS who is not taking this class. I give as much partial credit as I feel is possible when relevant and correct concepts are expressed, but full credit is often reserved for those who can communicate an answer succinctly and clearly enough that a CS major not taking this course could understand the topic at hand. This is an important skill in general, and being able to communicate well about a topic shows true mastery of it.

Note that this is not an exhaustive list of the topics covered on the midterm. Anything covered in class, anything in the readings, and anything you needed to know how to do for the assignments is fair game.

Something that has worked well for students in my classes in the past is to make a whole-class study guide in Google Docs that you flesh out as an outline of the topics covered in class. I have been known to skim those to drop comments about incorrect understanding, and would be happy to respond to Piazza questions asking for verification on various topics.

Example questions

  • how does the threat model for the HSTS and HPKP defenses differ? How are they the same?
  • What is a middleware function and how does it differ from a route handler?
  • Your coworker asked you about the crudapp you did way back when in CS 491. He wants to know why, even though multiple requests could be coming in at once, you still didn’t have to use any mutex locks on accessing the database. Why is that?
  • Explain the process your browser uses to decide whether to show a green lock for a website when you visit it via HTTPS.
  • An ORM allows you to abstract the _________ from the __________.

Other topics may include

  • App deployment
  • HTTP vs HTTP/2
  • Injection attacks
  • Event driven programming in the browser
  • Page load performance optimization
  • Testing web applications
  • Basic web app development in express
  • Front end vs. back end frameworks
  • How authenticated cookies work
  • How CSRF protection works
  • Model View Controller
  • Certificate authorities
  • Cooperative vs. preemptive multitasking