

















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Focuses on the exam creation lifecycle for the JSNSD certification. Candidates demonstrate test design skills, blueprint creation, competency mapping, scenario writing, validating service-oriented Node.js coding exercises, ensuring fairness and performance evaluation accuracy, and contributing to the OpenJS certification ecosystem.
Typology: Exams
1 / 89
This page cannot be seen from the preview
Don't miss anything!


















































































Question 1. Which core Node.js module is used to create an HTTP server without any external framework? A) net B) http C) url D) dns Answer: B Explanation: The http module provides createServer for building HTTP servers directly. Question 2. In an Express application, which method registers a route that responds to HTTP PUT requests? A) app.get() B) app.post() C) app.put() D) app.update() Answer: C Explanation: app.put() is the Express method for handling PUT requests. Question 3. Which HTTP status code indicates that a new resource has been successfully created? A) 200 OK B) 201 Created C) 202 Accepted D) 204 No Content Answer: B
Explanation: 201 Created is the standard response for a successful POST that creates a resource. Question 4. When serving static assets with Express, which middleware function is typically used? A) bodyParser() B) static() C) cors() D) helmet() Answer: B Explanation: express.static() serves files from a directory as static assets. Question 5. Which HTTP verb should be used to partially update a resource? A) POST B) PUT C) PATCH D) DELETE Answer: C Explanation: PATCH is intended for partial modifications, unlike PUT which replaces the entire resource. Question 6. Which of the following libraries provides a native‑like fetch API for Node.js? A) axios B) request C) undici D) superagent
Answer: D Explanation: 422 signals that the request is well‑formed but semantically invalid. Question 10. Which Node.js API is most appropriate for handling large file uploads without loading the entire file into memory? A) fs.readFileSync() B) http.request() C) stream.Writable D) child_process.exec() Answer: C Explanation: Streams allow processing data chunk‑by‑chunk, ideal for large uploads. Question 11. Which of the following is NOT a valid way to protect an Express app against Cross‑Site Request Forgery? A) Using CSRF tokens B) SameSite cookie attribute C) Disabling CORS D) Double‑submit cookie pattern Answer: C Explanation: Disabling CORS does not mitigate CSRF; CSRF tokens or SameSite cookies are the proper defenses. Question 12. Which Helmet middleware sets the Content‑Security‑Policy header? A) helmet.hidePoweredBy() B) helmet.contentSecurityPolicy() C) helmet.xssFilter()
D) helmet.frameguard() Answer: B Explanation: helmet.contentSecurityPolicy() configures the CSP header. Question 13. In JWT authentication, which claim typically contains the user’s unique identifier? A) iss B) sub C) aud D) exp Answer: B Explanation: The sub (subject) claim identifies the principal that the token represents. Question 14. Which npm package is primarily used for schema‑based validation of request bodies? A) multer B) joi C) cors D) morgan Answer: B Explanation: joi defines validation schemas and checks data against them. Question 15. What does the X-Content-Type-Options: nosniff header prevent? A) Click‑jacking B) MIME type sniffing
B) Order they are defined in the code C) Random order at runtime D) Reverse order of definition Answer: B Explanation: Middleware runs sequentially in the order they are added with app.use() or route methods. Question 19. Which HTTP status code indicates that the server understood the request but refuses to authorize it? A) 401 Unauthorized B) 403 Forbidden C) 404 Not Found D) 405 Method Not Allowed Answer: B Explanation: 403 means the client is authenticated but does not have permission. Question 20. Which Node.js core module provides utilities for working with binary data? A) stream B) buffer C) crypto D) util Answer: B Explanation: The buffer module handles raw binary data. Question 21. Which library would you use to securely hash passwords before storing them in a database?
A) jsonwebtoken B) bcrypt C) multer D) express-validator Answer: B Explanation: bcrypt implements a strong adaptive hashing algorithm for passwords. Question 22. Which of the following is the most appropriate response header to enable CORS for all origins? A) X-Frame-Options: DENY B) Access-Control-Allow-Origin: * C) Strict-Transport-Security: max-age= D) Referrer-Policy: no-referrer Answer: B Explanation: Access-Control-Allow-Origin: * permits any origin to access the resource. Question 23. In a reverse proxy setup, which header is commonly added by the proxy to indicate the original client IP? A) X-Forwarded-For B) X-Real-IP C) X-Proxy-User D) X-Client-Host Answer: A Explanation: X-Forwarded-For carries the chain of client IP addresses.
Explanation: stream.resume() switches a paused readable stream into flowing mode. Question 27. Which of the following is a best practice for limiting request payload size in Express? A) Set limit option in express.json() B) Increase maxListeners on the EventEmitter C) Use app.disable('x-powered-by') D) Disable keep‑alive connections Answer: A Explanation: express.json({ limit: '100kb' }) restricts the size of JSON bodies. Question 28. Which of these tools can be used to generate a self‑signed certificate for local HTTPS development? A) npm init B) openssl C) git clone D) yarn add Answer: B Explanation: openssl can create private keys and self‑signed X.509 certificates. Question 29. In the context of rate limiting, which Redis data structure is commonly used to track request counts? A) List B) Set C) Sorted Set D) String (counter)
Answer: D Explanation: A simple integer stored as a string is incremented atomically to count requests. Question 30. Which Express middleware is specifically designed to protect against HTTP Parameter Pollution? A) express-rate-limit B) hpp C) csurf D) compression Answer: B Explanation: The hpp middleware removes duplicate query parameters. Question 31. Which HTTP response header instructs browsers to only load resources over HTTPS? A) Content-Security-Policy: upgrade-insecure-requests B) Strict-Transport-Security C) X-Content-Type-Options D) X-Frame-Options Answer: B Explanation: Strict-Transport-Security (HSTS) forces browsers to use HTTPS for the domain. Question 32. Which of the following is NOT a valid way to pass configuration secrets to a Node.js process? A) Hard‑coding them in source files B) Using environment variables C) Loading from a .env file via dotenv
C) setImmediate(fn) D) Both B and C are correct Answer: D Explanation: Both process.nextTick and setImmediate defer execution, but they run at slightly different phases. Question 36. When using the axios library, which property of the response object contains the HTTP status code? A) response.statusCode B) response.status C) response.httpStatus D) response.code Answer: B Explanation: axios returns { status, data, headers, ... }. Question 37. Which npm package is designed to help parse multipart/form-data for file uploads? A) body-parser B) multer C) querystring D) url Answer: B Explanation: multer handles multipart parsing and stores uploaded files. Question 38. Which of the following is the most secure default for cookie SameSite attribute in modern browsers?
A) None B) Lax C) Strict D) No attribute (defaults to None) Answer: B Explanation: Browsers default to SameSite=Lax, which balances security and usability. Question 39. Which of these commands prints the current working directory in a Linux terminal? A) pwd B) ls C) cd D) cat Answer: A Explanation: pwd stands for “print working directory”. Question 40. Which Node.js method is used to spawn a new child process that runs a command line program? A) child_process.exec() B) child_process.spawn() C) child_process.fork() D) All of the above Answer: D Explanation: All three create child processes with different semantics.
Question 44. Which of the following is the correct way to start an HTTPS server that listens on port 8443? A) https.createServer(options).listen(8443); B) http.createServer(options).listen(8443); C) https.listen(8443, options); D) app.listen(8443, httpsOptions); Answer: A Explanation: https.createServer(options).listen(port) is the proper pattern. Question 45. Which of these is a recommended size limit for a JSON body in a public API? A) 1 MB B) 10 MB C) 100 MB D) No limit Answer: A Explanation: Keeping payloads ≤1 MB improves performance and reduces abuse risk. Question 46. Which Node.js event is emitted when a readable stream reaches its end? A) 'close' B) 'finish' C) 'end' D) 'error' Answer: C Explanation: The 'end' event signals that no more data will be emitted.
Question 47. Which of the following npm packages can be used to implement rate limiting in an Express app? A) express-rate-limit B) cors C) helmet D) morgan Answer: A Explanation: express-rate-limit tracks request counts and throttles excess calls. Question 48. In a JWT, which part contains the base64‑url encoded header? A) First segment before the first dot B) Second segment C) Third segment D) All three combined Answer: A Explanation: A JWT is header.payload.signature; the header is the first segment. Question 49. Which of the following is the most appropriate way to log errors in a production Node.js service? A) console.log() only B) Write to a file using fs.appendFileSync() C) Use a structured logger like pino or winston with log rotation D) Ignore errors to keep the service fast Answer: C
Answer: B Explanation: Whitelisting target URLs ensures redirects are safe. Question 53. Which of the following is a standard way to indicate that a response should not be cached? A) Cache-Control: no-store B) Expires: 0 C) Pragma: no-cache D) All of the above Answer: D Explanation: All three headers can be used together to prevent caching. Question 54. Which of the following Node.js functions is used to read a file asynchronously? A) fs.readFileSync() B) fs.readFile() C) fs.openSync() D) fs.createReadStream() Answer: B Explanation: fs.readFile reads a file without blocking the event loop. Question 55. Which of these is the correct way to define a route parameter named id in Express? A) app.get('/users/:id', …) B) app.get('/users/{id}', …) C) app.get('/users?id=', …)
D) app.get('/users/*', …) Answer: A Explanation: :id denotes a dynamic segment in the path. Question 56. Which HTTP status code indicates that the client must authenticate to gain network access? A) 401 Unauthorized B) 403 Forbidden C) 407 Proxy Authentication Required D) 511 Network Authentication Required Answer: D Explanation: 511 is defined for network‑level authentication (e.g., captive portals). Question 57. Which npm script runs the test suite using mocha? A) npm run test B) npm start test C) mocha test.js D) npm exec mocha Answer: A Explanation: By convention, npm test runs the script named test (often mocha). Question 58. Which of the following is the most secure way to store a secret token in a Docker container? A) Hard‑code it in the source code B) Pass it as an environment variable at runtime