. NET Pen Test set (iv)

1, please simply explain the advantages and disadvantages of database indexing

Using an index can speed up the query of your data, but because it is indexed during data insertion, it slows the insertion and update of data, and the index takes up disk space.

2. What is a Web service control? What are the advantages and disadvantages of using Web Service controls?

A Web Service control is a control that can be executed on a server, with the advantage of being able to return data (ViewState) with event-driven (Dopostback), simplifying the use of HTML tags, making it as easy to develop an ASP as a WinForm program. The Web Service control is ultimately rendered (render) as an HTML tag. The disadvantage of using Web Service control is to generate some useless properties, viewstate, etc., not conducive to SEO, generally in the intranet system or the background of the Internet system to use the Web Services control. If there is no complex server interaction, the Web server control is not used. What are the features of Runat=server HTML controls: Paths do not need to be parsed by programmers, and "~" can be used for virtual paths.

3. What is the execution result of the following program?

int i = 10;if (i <=0); Console.WriteLine ("I must be greater than 0"); Console.WriteLine ("OK");

Answer:

I must be greater than 0

Ok

Answer: Note that if (I <=0) the ";", because of the ";", so that Console.WriteLine ("I must be greater than 0") is no longer part of the IF, but a separate statement. The same is true for a for loop.

4. What is the execution result of the following program?

static void Main (string[] args) {    Console.WriteLine (Calc ());    Console.readkey ();} static int Calc () {    int i = 0;    Try    {        return i;    }    Finally    {        Console.WriteLine ("finally");        i++;}    }

Answer:

Finally

0

Answer: Return executes first, finally executes, so the return value is 0 before the i++. Note that it is not return when the function really "returns, executes the end", return is only the token function return value is 0, the mark is finished will also execute the code in Finally, only finally the code after the completion of the function is really returned.

5. When the following options are not formed, the program that does not constitute a dead loop is (C)

A.int I=100;while (1) {i=i%100+1; if (i>100) break;}

B.for (;;);

C.int k=1000; do {++k;} while (k>=10000);

D.int s=36; while (s);--s;

6. Which of the following technologies is not related to database access technology (C)

A, SQLHelper

B, EnterPrise Library

C, AppDomain

D, Linq

7. Which of the following statements is wrong (AC)

A, to change the BMP format file to JPG is the easiest way to modify the image format

B, QQ dynamic expression displayed on the Web page with a GIF format is better

C, the BMP format pictures in the Web page can optimize the speed of the site

D, PNG format can be used in Web pages to achieve a transparent effect.

Answer: A, C. A error is because the suffix of the modified file does not really modify the format of the file, you want to use Photoshop, MSPaint and other image processing tools to convert. C errors are due to the inability to use BMP images in Web pages.

8, choose a simple description from the following abbreviations

OA (Office Automation): office automation

MIS (Managment Information System): Management Information System

HRM (Human Resource Managment): Human resources management, including employee management, payroll management, onboarding Management, exit management, reimbursement management, leave management, etc.

CRM (Customer Relation Managment): client Relationship management system, including customer management, customer care, customer visit, complaint management, consulting management, repair management, etc.

KM (Knowledge managment): knowledge Management

9. What is the execution result of the following program?

public struct point{public    int x;    public int y;    public point (int x, int y)    {        this.x = x;        This.y = y;    }} Point P1 = new Point (100, 100); Point P2 = p1;p1.x = 200; Console.WriteLine ("{0},{1}", p1.x, p2.x);

Answer:

200,100

Solution: The struct is copied and passed.

10, open question: If the program does not connect to SQL Server database servers server, how will you rule out this failure?

Reference: First ping the server IP, see if it can ping, if not ping, then see if there is a problem with the network, if you can ping, and then telnet to the server port 1433 to see if it can be connected If you cannot connect, it may be that the SQL Server service has stopped or the firewall on the servers has blocked port 1433, and if you can connect to check whether it is a local program problem or a driver problem.

11. What does HTTP status code mean?

301: redirect

404: Good page in

: Server Internal Error

12. The advantages and disadvantages of the MVC model

MVC (Model-view-controller) decomposes the composition of interactive systems into models, views, controllers, three parts

Advantages of MVC:

1. make complex projects easier to maintain by dividing the project into model View and controller.

2. The view state and server form controls are not used, which makes it easier to control the behavior of the application

3. The application uses a controller to control the request and can provide a rich URL rewrite.

4. better support for unit testing

5. better performance in team development mode

the lack of MVC:

(1) increase the complexity of the system structure and implementation. For a simple interface, strict adherence to MVC, which separates the model, view, and controller, increases the complexity of the structure and may result in excessive update operations and reduced operational efficiency.
(2) the connection between the view and the controller is too tight. Views and controllers are separated from each other, but they do have a tight connection, the view has no controller, its application is very limited, and vice versa, which prevents them from being reused independently.
(3) A view of inefficient access to model data. Depending on the model operator interface, the view may need to be called multiple times to obtain sufficient display data. Unnecessary frequent access to unchanged data will also compromise operational performance.

13. What is ViewState? What role does it have?

ViewState is used to save the page state, that is, after the submission we can also see the contents of the text box is viewstate save credit.

ViewState only maintain the status of the current page, different pages can not be shared between the session.

ViewState you can understand it as a hidden control.

14, ASP. NET page life cycle Simple description

Each page's life cycle is the user's every access, that is, each time a round trip between the client and the server. The life cycle of the global variable is in between.

1. Page_Init ();
2. Load ViewState and Postback data;
3. Page_Load ();
4. Handle control events;
5. Page_PreRender ();
6. Page_render ();
7. Unload event;
8. Dispose method called;

15. Advantages and disadvantages of stored procedures and SQL statements

Advantages:
1. improve performance, reduce network transmission, save time.

2. reduce the network traffic stored procedure is located on the server, when called only need to pass the name of the stored procedure and parameters, without each access to pass a long SQL statement.

4. security reduces SQL injection attacks.

5. maintainability High-update stored procedures typically require less time and effort than changing, testing, and redeploying assemblies.

Disadvantages:

1. poor interactivity.

2. portability is poor

16, when to use the abstract class, when to use the interface

Interfaces are used for specifications, and abstract classes are used for commonalities.

Only methods, properties, events, indexers can be declared in an interface. Abstract classes can have implementations of methods, and non-static class variables can be defined. Abstract classes are classes, so they can only be inherited, but interfaces are implemented more than once. Abstract classes can provide partial implementations of certain methods, and interfaces may not. An instance of an abstract class is given by its subclasses. An instance of an interface is given by the class that implements the interface. A method is added to the abstract class, and its subclasses have this method at the same time. Instead of adding a new method to the interface, the class that implements it is rewritten (which is why the interface is a specification of a class). Interface members are defined as public, but members of an abstract class can also be private, protected, internal, or protected internal members (where protected internal members can only be accessed in the application's code or derived classes). Additionally, the interface cannot contain fields, constructors, destructors, static members, or constants.

17. Heap and Stack in C #

Stack is a system-managed lifetime that stores code execution and invocation paths, which are purged from the stack after execution or invocation.
The heap holds values and objects that persist after the call is completed, and the garbage collector finds no reference to the value or object in the stack, and none is removed from the heap.

18, C # ref and out difference:

1 . When using a ref parameter, the passed-in parameter must first be initialized. For out, initialization must be done in the method.

2 . When using ref and out, the ref or out keyword is added to the method's parameters and execution methods. To meet the match.

3. Out is suitable for use where multiple return values need to be retrun, while ref is used to modify the caller's reference in a method that needs to be called.

19. Do you know anything about generics? What are the benefits of generics?

Generics: The use of parameterized types to implement multiple data types on the same piece of code. Use "parameterized type" to abstract the type for flexible reuse
The benefits are-type safety and reduced packing, unpacking. Improve performance, type safety and quality, and reduce repetitive programming tasks

20. New has several uses

The first type: Instantiate object, new Class ();

Second: Overriding the base class method, public new XXXX () {}

Third: The new constraint specifies that any type parameter in a generic class declaration must have a public parameterless constructor.

21, the session what is the major bug, Microsoft put forward what method to solve?

A: Because of the process recycling mechanism in IIS, the session is lost when the system is busy, and can be stored as a sate server or SQL Server database but it is slower and cannot capture the end event of the session

22. What is the difference between <%#%> and <%%>?

<%#%> represents a bound data source <%%> is a server-side code block constant

23, DateTime.Parse (myString); What's wrong with this line of code?

There is a problem, when mystring can not meet the time format requirements, will throw an exception, it is recommended to use Datetime.tryparse ()

24, why do not advocate catch (Exception),catch (Exception e) {throw e;} and catch (Exception e) {throw;} The difference betweenerror and exception

Try: Catch affects performance in the event of an exception; More specific anomalies, such as ioexeception,outofmemoryexception, should be captured.

The first one throws the exception object that occurs, the other just throws the exception, and the original exception object is not thrown

Error indicates a serious problem in situations where recovery is not impossible but difficult. For example, memory overflow. It is impossible to expect the program to handle such situations.

Exception represents a design or implementation issue. That is, it means that if the program runs normally, it never happens.

25. The difference between get and post

When the form is submitted, if you do not specify method, the default is a GET request, and the data submitted in the form will be appended to the URL, separated from the URL. Alphanumeric characters are sent as-is, but the space is converted to "+", and other symbols are converted to%XX, where x

The ASCII (or ISO Latin-1) value that is represented by the symbol as 16 binary. The GET request submits the data to be placed in the HTTP request protocol header, and the data submitted by the post is placed in the Entity data;

With the POST method, data is transferred without being part of the URL, and they are transferred as a separate entity. Therefore, the POST method is more secure and you can transfer more data in this way. And the number that is transmitted by POST

It is not necessarily the text, but it must be text if it is transmitted using the GET method.

(1)get gets data from the server and post is the data that is sent to the server.

(2) on the client side, the Get method submits the data through the URL, the data can be seen in the URL, the Post method, and the data is placed within the HTML header submission.

(3) for Get mode, the server side uses Request.QueryString to get the value of the variable, for the Post method, the server side uses Request.Form to obtain the submitted data.

(4) The Get method submits only 1024 bytes of data, while Post does not have this limit.

(5) security issues. As mentioned in (1), when you use Get, the parameters are displayed on the address bar, and Post does not. So, if the data is in Chinese and is non-sensitive, then use get; If the user enters data that is not a Chinese character and contains sensitive data, then it is better to use post.

26. The difference between bind and eval functions

The Binding expression <%# Eval ("field name")%> <%# bind ("field name")%>

1. Eval One-way binding: Data is read-only
Bind bidirectional binding: Data can be changed and returned to the server side, the server can process the changed data, such as the database.
2. when working with the sub-expression, you must use eval such as <%# eval ("Field name"). ToString (). Trim ()%>
3. bind the properties of the control, while Eval is some other. For example

<asp:textbox id= "First" runat= "Server" text= ' <%# Bind ("FirstName")%> '/> <td><%# Eval ("ProductID ")%></td>

27, the difference between Server.URLEncode and Httputility.urldecode

Server.URLEncode encoding is encoded in accordance with the encoding of local program settings,Httputility.urlencode is encoded by default in. NET Utf-8 format.

28, how to implement the connection pool

Make sure you use the same connection string (the same as the connection pool) for each connection, and only the connection string will work when the connection pool is connected. If the connection string is not the same, the application does not use a connection pool but creates a new connection.

Advantages

The main advantage of using connection pooling is performance. The time it takes to create a new database connection depends largely on the speed of the network and the distance between the application and the database server (network), and this process is often a time-consuming process. With a database connection pool, the database connection request can be met directly through the connection pool without having to reconnect to the request and authenticate to the database server, saving time.

Disadvantages

There may be multiple connections in the database connection pool that are not being used to connect to the database (which means a waste of resources).

Tips and Hints

1. When you need a database connection, create a connection pool instead of building it in advance. Once you're done using the connection, close it immediately, and don't wait for the garbage collector to handle it.

2. Ensure that all user-defined transactions are closed before closing the database connection.

3. do not close all connections in the database, at least one connection in the connection pool is guaranteed to be available. If memory and other resources are issues that you must first consider, you can close all connections and then create a connection pool when the next request arrives.

29, improve. NET's performance

1 invoking Web services and remote objects asynchronously

As long as it is possible to avoid synchronous calls to Web services and remote objects during the processing of requests, because it occupies a worker thread in an ASP. NET thread pool, this will directly affect the ability of the Web server to respond to other requests.

2 using the appropriate caching strategy to improve performance

3 Judge the string, do not use "" comparison.

Avoid
if (strabc!=null && strabc!= "")
{}

Recommended
if (!strabc.isnullorempty)
{}

4 page optimization

5 Close the database connection immediately after use

6 Use stored procedures as much as possible and refine query statements

7 read-only data access with SqlDataReader, do not use a dataset

..........

30. What do you know about the principle of XML Web service?

A: Use SOAP (Simple Object Access Protocol) to perform remote method calls on HTTP, or you can use WSDL (Web Service Description Language) to complete the description of the Web service, and then use UDDI to register the services provided by each service provider to share them.

. NET Pen Test set (iv)