VB testing paper

1. What's the different between these two variable definition if optimization not enforced?

A. Dim obj as OBJ.CLASS

    Set obj = New OBJ.CLASS

B. Dim obj as New OBJ.CLASS

Reference answer: For the second approach, the final executable will check whether obj is nothin every time obj is referenced/used.  If optimized, the compiler will translate the second approach as if it were the first one.

2. What is the utility to register an ActiveX DLL component?

Reference answer: Regsvr32.exe

3. What two methods are called from the ObjectContext object to inform COM+ that the transaction was successful or unsuccessful?

Reference answer: SetComplete and SetAbort

4. Name and explain the difference compatibility types when compiling a COM component.

Reference answer:

No Compatibility: New GUID created,references from other components will not work.

Project Compatibility: Default for a new component(dosen't matter if this item is not mentioned).

Binary Compatibility: GUID does not change, references form other components will work.

5. What's "SQL Injection" and how do you avoid this risk in your programming?

Reference answer: SQL injection is a type of security exploit in which the attacker adds Structured Query Langure(SQL) code to a Web form input box t gain access to resources or make changes to data.

How to prevent(to name a few):

a.Limit database user access, at least not to use 'sa' in your web application.

b.Use "Command" object and/or stored procedures to execute your SQL, never use clear text sql scripts.

c.Remove Culprit Characters/Character Sequences.

d. Delete powerful stored procedures that you are not using like xp_cmdshell.

6. What's the advantages of 3-tiered applications over its 3-tiered counterpart? Please take a 3-tiered approach based on COM++ for example.

Reference answer:  Distributed transactional operations, database connection pooling, deployment etc.