Zend PHP5 Certification Mock Exam Sample Questions — 2

This is the second part of the explanation exam questions to test Zend PHP5 with the correct (imho) answers and useful links on manuals.
If you have additional minds please use comments.

61. Given the two values below, which of the following possiblities will print 10 foos20 bars? (Choose 1 answer)
$var1 = "10 foos";
$var2 = "20 bars";
print ???????;
  1. None of the above
  2. implode(««, array($var1,$var2));
  3. $var1 . $var2
  4. $var1 + $var2
  5. All of the above

Answer: B, C
http://php.net/manual/en/language.operators.string.php, http://ru.php.net/manual/en/function.implode.php

62. Given the string, which of the following will extract the TLD (top level domain) of „.net“ from the string? (Choose 1 answer)
$var = „john@php.net“;

  1. strstr($var, strpos($var, „.“));
  2. substr($var, strpos($var, „@“));
  3. substr($var, strstr($var, „.“));
  4. substr($var, strpos($var, „.“) + 1);
  5. substr($var, strpos($var, „.“));

Answer: E
http://ru.php.net/manual/en/function.substr.php, http://ru.php.net/manual/en/function.strpos.php

63. When comparing two strings, which of the following is acceptable? (Choose 4 answers)

  1. $a === $b;
  2. strcasecmp($a, $b);
  3. strcmp($a, $b);
  4. $a == $b;
  5. str_compare($a,$b);

Answer: A, B, C, D
http://ru.php.net/manual/en/function.strcasecmp.php, http://ru.php.net/manual/en/function.strcmp.php and str_compare does not exist.

64. A fingerprint of a string can be determined using which of the following? (Choose 1 answer)

  1. md5()
  2. hash()
  3. fingerprint()
  4. None of the above

Answer: A

65. Which of the following is the best way to split a string on the „-=-“ pattern? (Choose 1 answer)

  1. They all are equally proper methods
  2. str_split($string, strpos($string, „-=-“))
  3. preg_split(„-=-“, $string);
  4. explode(„-=-“ $string);

Answer: D
http://ru.php.net/manual/en/function.str-split.php, http://ru.php.net/manual/en/function.preg-split.php, http://ru.php.net/manual/en/function.explode.php — but where is comma?

66. What is the output of the following code? (Choose 1 answer)
$string = "14302";
$string[$string[2]] = "4";
print $string;

  1. 14304
  2. 14342
  3. 44302
  4. 14402
  5. Array

Answer: B

67. Which of the following comparisons will evaluate to true? (Choose 3 answers)

  1. 't' == t
  2. 1 === „1time“
  3. „top“ == 0
  4. „top“ === 0
  5. 1 == „1time“

Answer: A, C, E

68. Which function is best suited for removing markup tags from a string? (Choose 1 answer)

  1. strip_markup
  2. strip_tags
  3. str_replace
  4. preg_replace
  5. preg_strip

Answer: B

69. Identify the best approach to compare to variables in a binary-safe fashion (Choose 1 answer)

  1. Both strcmp() and $a === $b
  2. $a == $b
  3. $a === $b
  4. str_compare()
  5. strstr()

Answer: A
http://ru2.php.net/manual/en/function.strcmp.php, http://php.net/manual/en/language.operators.comparison.php

70. Consider the following script, what could be placed in place of ?????? to output the string: I have 5 apples and 10 oranges? (Choose 2 answers)
$oranges = 10;
$apples = 5;
$string = "I have %d apples and %d oranges";

  1. str_format($string, $apples, $oranges);
  2. print($string, $apples, $oranges);
  3. printf($string, $apples, $oranges);
  4. print sprintf($apples, $oranges);
  5. sprintf($string, $oranges, $apples);

Answer: E

71. Consider the following script, In this script, do the two var_dump() calls produce the same string? Why or Why Not? (Choose 1 answer)
$string = "<b>I like 'PHP' & I think it is \"cool\"</b>";
var_dump(htmlentities($string, ENT_QUOTES));
var_dump(print htmlspecialchars($string));

  1. No, the htmlentities() call will translate quotes while the htmlspecialchars() call will not
  2. No, htmlentites() translates < and > symbols to their HTML entity equivalents while htmlspecialchars() only does quotes
  3. No, the htmlentites() call won't translate quotes to HTML entities while the htmlspecialchars() call will
  4. Yes, htmlspecialchars() and htmlentities() with the ENT_QUOTES constants produce the same result

Answer: A
http://ru.php.net/manual/en/function.htmlentities.php, http://ru.php.net/manual/en/function.htmlspecialchars.php

72. Consider the following String, which of the following functions would best parse the string above by the tab (\t) and newline (\n) characters? (Choose 1 answer)
$string = „John\tMark\nTed\tLarry“;

  1. strsplit($string, „\t\n“);
  2. strtok($string, „\t\n“);
  3. strstr($string, „\t\n“);
  4. explode(„\t\n“, $string);
  5. All of the above

Answer: 2

73. Which functions would be needed to translate the following string: ‘I love PHP 5’ to the following ‘5 PHP EVOL I’? (Choose 2 answers)

  1. mirror()
  2. strtoupper()
  3. toupper()
  4. str_reverse()
  5. strrev()

Answer: B, E
http://ru.php.net/manual/en/function.strtoupper.php, http://ru.php.net/manual/en/function.strrev.php

74. What is the best approach for converting this string, Into this array? (Choose 1 answer)
$string = „a=10&b[]=20&c=30&d=40+50“;
array(4) {
["a"]=>string(2) „10“
["b"]=>array(1) {
   [0]=>string(2) „20“
["c"]=>string(2) „30“
["d"]=>string(5) „40 50“

  1. Write a parser completely by hand, it's the only way to make sure it's 100% accurate
  2. Use the parse_str() function to translate it to an array()
  3. Pass the variable to another PHP script via an HTTP GET request and return the array as a serialized variable
  4. Just call unserialize() to translate it to an array()
  5. Write a string parser using strtok() and unserialize() to convert it to an array

Answer: B

75. Which string does the following PCRE regular expression match? (Choose 2 answers)
$regex = „/^([a-z]{5})[1-5]+([a-z]+)/“;

  1. None of the above
  2. Hello34262343goodbye
  3. frank12345abc
  4. hello34212343goodbye
  5. abcdefghi12345abc

Answer: C, D

76. Which PCRE regular expression will match the string ‘PhP5-rocks’? (Choose 1 answer)

  1. /^[hp1-5]*\- .*/i
  2. /[hp1-5]*\- .?/
  3. /[hp][1-5]*\- .*/
  4. /[PhP]{3}[1-5]{2,3}\- .*$/
  5. /[a-z1-5\-]*/

Answer: A

77. If regular expressions must be used, in general which type of regular expression functions available to PHP is preferred for performance reasons? (Choose 1 answer)

  1. strtok() using regular expressions
  2. preg_* regular expression functions
  3. parse_str() using regular expressions
  4. strregex* regular expression functions
  5. ereg* regular expression functions

Answer: B
http://ru.php.net/manual/en/function.ereg.php: preg_match(), which uses a Perl-compatible regular expression syntax, is often a faster alternative to ereg().

78. To destroy one variable within a PHP session you should use which method in PHP 5? (Choose 1 answer)

  1. Unset the variable in $HTTP_SESSION_VARS
  2. Use the session_destroy() function
  3. Use the session_unset() function
  4. unset the variable in $_SESSION using unset()
  5. Any of the above are acceptable in PHP 5

Answer: D
http://docs.php.net/manual/ru/session.examples.basic.php: Example #2 Unregistering a variable with $_SESSION and register_globals disabled.

79. If you would like to store your session in the database, you would do which of the following? (Choose 1 answer)

  1. It requires a custom PHP extension to change the session handler
  2. Implement the session_set_save_handler() function
  3. Create functions for each session handling step and use session_set_save_handler() to override PHP's internal settings
  4. Configure the session.save_handler INI directive to your session class

Answer: C
http://ru.php.net/manual/en/function.session-set-save-handler.php: This is most useful when a storage method other than those supplied by PHP sessions is preferred. i.e. Storing the session data in a local database.

80. To destroy a PHP session completely, one must which of the following? (Choose 2 answers)

  1. Regenerate the session ID using session_regenerate_id()
  2. If cookies are used, destroy it
  3. Use session_demolish() to completely destroy the session
  4. Change the session name using session_name()
  5. Destroy the session data using session_destroy()

Answer: B, E
http://ru.php.net/manual/en/function.session-destroy.php, and delete the session cookie

81. If you would like to change the session ID generation function, which of the following is the best approach for PHP 5? (Choose 1 answer)

  1. Set the session.hash_function INI configuration directive
  2. Use the session_set_id_generator() function
  3. Set the session id by force using the session_id() function
  4. Use the session_regenerate_id() function
  5. Implement a custom session handler

Answer: C

82. Consider the following HTML fragement, which of the following name attributes should be used to capture all of the data from the user in PHP? (Choose 1 answer)

<select name=»?????» multiple>
<option value=»1">Item #1</option>
<!— … more options … —>

  1. myselectbox=array()
  2. myselectbox[]
  3. myselectbox['multiple']
  4. myselectbox{'multiple'}
  5. myselectbox

Answer: B

83. When uploading a file using HTTP, which variable can be used to locate the file on PHP's local filesystem? (Choose 1 answer)

  1. None of the above
  2. $_FILES['fieldname']['tmp_name']
  3. $_FILES['fieldname']
  4. $_FILES['fieldname'][0]['filename']
  5. $_FILES['fieldname']['filename']

Answer: B
http://www.php.net/manual/en/features.file-upload.post-method.php:$_FILES['userfile']['tmp_name'] – the temporary filename of the file in which the uploaded file was stored on the server.

84. To force a user to redirect to a new URL from within a PHP 5 script, which of the following should be used? (Choose 1 answer)

  1. Send a HTTP «Location:» header
  2. Use the HTML <redirect> Tag
  3. Send a HTTP «Forward:» header
  4. Use the redirect() function

http://php.net/manual/en/function.header.php, respectively with Location response-header field.

85. Setting a cookie on the client in PHP 5 can be best accomplished by: (Choose 1 answer)

  1. Use the add_cookie() function
  2. Use the setcookie() function
  3. Use the the apache_send_header() function
  4. Setting a variable in the $_COOKIE superglobal

Answer: B

86. How does one create a cookie which will exist only until the browser session is terminated? (Choose 1 answer)

  1. You cannot create cookies that expire when the browser session is terminated
  2. Setting the expiration time for a cookie to a time in the distant future
  3. Do not provide a cookie expiration time
  4. Enable Cookie Security
  5. Set a cookie without a domain

Answer: C
http://php.net/manual/en/function.setcookie.php: if expire set to 0, or omitted, the cookie will expire at the end of the session (when the browser closes).

87. Setting a HTTP cookie on the client which is not URL-encoded is done how in PHP 5? (Choose 1 answer)

  1. Use the setrawcookie() function
  2. Set the cookies.urlencode INI directive to false
  3. Use urldecode() on the return value of setcookie()
  4. Setting the $no_encode parameter of setcookie() to a boolean 'true'
  5. All cookies must be URL encoded

Answer: A
http://ru.php.net/manual/en/function.setrawcookie.php: setrawcookie() is exactly the same as setcookie() except that the cookie value will not be automatically urlencoded when sent to the browser.

88. During an HTTP authentication, how does one determine the username and password provided by the browser? (Choose 1 answer)

  1. Parse the HTTP headers manually using http_get_headers()
  2. Use the get_http_username() and get_http_password() functions
  3. Use the $_SERVER['HTTP_USER'] and $_SERVER['HTTP_PASSWORD'] variables
  4. Use the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables
  5. Parse the $_SERVER['REQUEST_URI'] variable

Answer: D

89. Consider the following function, what conditional should replace the ????? above? (Choose 1 answer)
function redirect($url) {
// Check to make sure we haven't already sent
// the header:
if(???????) {
   header("Location: $url");

  1. !in_array(«Location: $url», headers_list())
  2. !header_exists(«Location: $url»)
  3. !header_location($url)
  4. $_SERVER['HTTP_LOCATION'] != $url

Answer: A
http://ru.php.net/manual/en/function.headers-list.php, also header_exists is not exists.

90. One can ensure that headers can always be sent from a PHP script by doing what? (Choose 1 answer)

  1. Enable header buffering in PHP 5
  2. Set the header.force INI directive to true
  3. Enable output buffering in PHP 5
  4. There is no way to ensure that headers can always be set, they must always be checked
  5. None of the above

Answer: C
http://php.net/manual/en/function.ob-start.php: while output buffering is active no output is sent from the script (other than headers), instead the output is stored in an internal buffer.

91. When is it acceptable to store sensitive information in an HTTP cookie? (Choose 1 answer)

  1. Only under extremely controlled situations
  2. When the cookie is sent over a secure HTTP request
  3. When it is encrypted
  4. It is always acceptable

Answer: C (A)
http://php.net/manual/en/function.setcookie.php — the value of the cookie is stored on the clients computer; do not store sensitive information.

92. Removing undesired markup tags from input can best be done using which function? (Choose 1 answer)

  1. strip_tags()
  2. tidy_strip_html()
  3. str_replace()
  4. strip_html()

Answer: A
http://ru2.php.net/manual/en/function.strip-tags.php — strip HTML and PHP tags from a string.

93. When using a function such as strip_tags, are markup-based attacks still possible? (Choose 1 answer)

  1. No, HTML does not pose any security risks
  2. Yes, even a <p> HTML tag is a security risk
  3. Yes, attributes of allowed tags are ignored
  4. No, strip_tags will prevent any markup-based attack

Answer: C
http://ru2.php.net/manual/en/function.strip-tags.php — This function does not modify any attributes on the tags that you allow using allowable_tags, including the style and onmouseover attributes that a mischievous user may abuse when posting text that will be shown to other users.

94. Consider the following PHP string representing an SQL statement. Which of the following values for $username or $password would change the behavior of this query when executed? (Choose 1 answer)
$query = «UPDATE users SET password='$password' WHERE username='$username'»;

  1. None of the above
  2. $username = «foobar\' WHERE username='admin'»;
  3. $password = «foobar' WHERE username='admin' —:»;
  4. $password = «\»foobar\» WHERE username=\»admin\»";

Answer: C
http://php.net/manual/en/security.database.sql-injection.php — It is common technique to force the SQL parser to ignore the rest of the query written by the developer with — which is the comment sign in SQL.

95. SQL Injections can be best prevented using which of the following database technologies? (Choose 1 answer)

  1. All of the above
  2. Prepared Statements
  3. Persistent Connections
  4. Unbuffered Queries
  5. Query escaping

Answer: B
http://php.net/manual/en/pdo.prepared-statements.php — If an application exclusively uses prepared statements, the developer can be sure that no SQL injection will occur (however, if other portions of the query are being built up with unescaped input, SQL injection is still possible).

96. Where should indirectly executed PHP scripts (i.e. include files) be stored in the file system? (Choose 1 answer)

  1. Outside of the Document Root
  2. In the document root
  3. Anywhere you want
  4. In the database

Answer: A
http://phpsec.org/projects/guide/3.html: Remember that everything within document root has a URL associated with it. For example, if document root is /usr/local/apache/htdocs, then a file located at /usr/local/apache/htdocs/inc/db.inc has a URL such as http://example.org/inc/db.inc.

97. When executing system commands from PHP, what should one do to keep applications secure? (Choose 3 answers)

  1. Remove all quote characters from variables used in a shell execution
  2. Avoid using shell commands when PHP equivlents are available
  3. Hard code all shell commands
  4. Escape all shell arguments
  5. Escape all shell commands executed

Answer: B, C, D (?)
http://ru.php.net/manual/en/function.exec.php: When allowing user-supplied data to be passed to this function, use escapeshellarg() or escapeshellcmd() to ensure that users cannot trick the system into executing arbitrary commands.

98. Why is it important from a security perspective to never display PHP error messages directly to the end user, yet always log them? (Choose 2 answers)

  1. Error messages will contain sensitive session information
  2. Error messages can contain cross site scripting attacks
  3. Security risks involved in logging are handled by PHP
  4. Error messages give the perception of insecurity to the user
  5. Error messages can contain data useful to a potential attacker

Answer: D, E (A)

99. The MVC pattern in Web development involves which of the following components? (Choose 4 answers)

  1. View
  2. Controller
  3. Validation
  4. Model
  5. Front Controller

Answer: D, A, B (-C)

100. Which of the following aspects of the MVC pattern is used in conjunction with the database? (Choose 1 answer)

  1. Model
  2. Schema
  3. Validation
  4. Controller
  5. View

Answer: A
http://en.wikipedia.org/wiki/Model–view–controller: the 'model' in MVC is both the data and the business/domain logic needed to manipulate the data in the application.

101. What are the primary benefits of object oriented programming? (Choose 3 answers)

  1. Maintainability
  2. Execution Speed
  3. Encapsulation
  4. Code Reuse

Answer: A, C, D
http://en.wikipedia.org/wiki/Object-oriented_programming#cite_ref-realisticcodereuse_23-0: OOP was developed to increase the reusability and maintainability of source code.[24], and of course Encapsulation.

102. What constitutes a View in the MVC pattern for PHP 5, in the following list? (Choose 2 answers)

  1. Iterators
  2. PDO
  3. Classes
  4. PHP
  5. Smarty

Answer: D, E
http://en.wikipedia.org/wiki/Model–view–controller#Concepts: The view renders the model into a form suitable for interaction, typically a user interface element.

103. Which of the following extensions are no longer part of PHP 5 and have been moved to PECL? (Choose 2 answers)

  1. tidy
  2. mysql
  3. w32api
  4. curl
  5. dio

Answer: C, E
http://ru.php.net/manual/en/intro.w32api.php & http://ru.php.net/manual/en/intro.dio.php: This extension has been moved to the » PECL repository and is no longer bundled with PHP as of PHP 5.1.0.

104. Which of the following functions were added to PHP 5 for dealing with arrays? (Choose 2 answers)

  1. array_intersect_key()
  2. array_unshift()
  3. array_diff_key()
  4. array_merge()
  5. array_slice()

Answer: A, C
http://ru.php.net/manual/en/function.array-intersect-key.php & http://ru.php.net/manual/en/function.array-diff-key.php: (PHP 5 >= 5.1.0)

105. Consider the following script. This code has changed behavior in PHP 5. Identify the output of this script as it would have been in PHP 4, as well as the new behavior in PHP 5. (Choose 2 answers)
function func(&$arraykey) {
   return $arraykey; // function returns by value!
$array = array('a', 'b', 'c');
foreach (array_keys($array) as $key) {
   $y = &func($array[$key]);
   $z[] =& $y;

  1. array('a', 'a', 'b')
  2. array('a', 'b', 'c')
  3. array('c', 'b', 'a')
  4. array('c', 'c', 'c')
  5. array('b', 'b', 'b')

Answer: B, D
http://www.php.net/manual/en/language.references.return.php & http://php.net/manual/en/functions.returning-values.php

106. Consider the following code block. This code block's behavior has changed between PHP 4 and PHP 5. Why? (Choose 1 answer)
function &myFunction() {
   $string = "MyString";
   return ($undefined);
for($i = 0; $i < 10; $i++) {
   $retval = myFunction();

  1. None of the above
  2. This could would cause an automatic segmentation fault in PHP 4
  3. This code would throw a syntax error in PHP 4
  4. Returning an undefined variable by reference in PHP 4 would cause eventual memory corruption
  5. You could not return undefined variables by reference in PHP 4

Answer: A
http://php.net/manual/en/function.return.php: You should never use parentheses around your return variable when returning by reference, as this will not work.

107. When migrating the following code from PHP 4 to PHP 5, what should be changed? (Choose 2 answers)
class MyClass {
   function MyClass($param) {
      /* Do something with $param */
   // Private method to MyClass
   function _doSomething($param) {
      /* Do something with $param */
class AnotherClass extends MyClass {
   var $param = "foo";
   function AnotherClass() {

  1. Access modifiers should be added to methods
  2. The Constructors for the objects should both be renamed to __construct
  3. The use of the parent keyword has changed to 'super'
  4. Constructors must have the same parameter lists

Answer: A, B
http://php.net/manual/en/language.oop5.decon.php: For backwards compatibility, if PHP 5 cannot find a __construct() function for a given class, it will search for the old-style constructor function, by the name of the class. Effectively, it means that the only case that would have compatibility issues is if the class had a method named __construct() which was used for different semantics. And http://devzone.zend.com/article/1714#Heading4 about Access modifiers in PHP 5.

108. Assuming every method call below returns an instance of an object, how can the following be re-written in PHP 5? (Choose 1 answer)
$a = new MyClass();
$b = $a->getInstance();
$c = $b->doSomething();

  1. $c = ((MyClass)$a->getInstance()) ->doSomething();
  2. This cannot be re-written in PHP 5
  3. $c = $a->getInstance() ->doSomething();
  4. $c = (MyClass)$a->getInstance();
  5. $c = (new MyClass()) ->getInstance() ->doSomething();

Answer: C
What the link?

109. How can the following code be re-written from PHP 4 to PHP 5? (Choose 1 answer)
if(get_class($myObj) == "MyClass") {
   // Do something

  1. if(get_class($myObj) === «MyObject)
  2. if(strtolower(get_class($myObj)) == «MyClass»)
  3. if($myObj implements MyClass)
  4. if($myObj instanceof Object)
  5. if($myObj instanceof MyClass)

Answer: E

110. Is this code valid only in PHP 4, in PHP 5, or both? (Choose 1 answer)
function myfunction(&$myvalue = null) {
   /* ... */

  1. Both
  2. PHP 5
  3. PHP 4

Answer: B
http://php.net/manual/en/functions.arguments.php: As of PHP 5, default values may be passed by reference.

Комментариев: 18

  • 18.09.2012 Serggr:

    76. Правильны ответ E

  • 18.09.2012 Serggr:

    90 правильный ответ E Здесь разбор этого вороса float-middle.blogspot.com...ing-headers.html

    • 19.01.2015 Const:

      C — верный ответ. И по твоей ссылке это написано

  • 21.09.2013 Stas:

    70. Правильный C: printf($string, $apples, $oranges);

    Во-первых нужно вывести строку (sprintf просто возвращает), во-вторых в E аргументы перепутаны

  • 12.02.2014 igor:

    71. скорее всего правильный ответ D вопросы 71-75

    а это выдача данного скрипта

    string(78) "<b>I like 'PHP' & I think it is "cool"</b>" <b>I like 'PHP' & I think it is "cool"</b>int(1)

  • 18.01.2015 Константин:

    C, D

    Два правильных ответа. Потому что printf это тоже самое что и print sprintf

Добавление комментария: