Exam Developer OpenJS Node js Services Developer Practice Exam, Exams of Technology

Focuses on the exam creation lifecycle for the JSNSD certification. Candidates demonstrate test design skills, blueprint creation, competency mapping, scenario writing, validating service-oriented Node.js coding exercises, ensuring fairness and performance evaluation accuracy, and contributing to the OpenJS certification ecosystem.

Typology: Exams

2025/2026

Available from 01/11/2026

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 89

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Exam Developer OpenJS Node js Services
Developer Practice Exam
**Question 1. Which core Node.js module is used to create an HTTP server without any external
framework?**
A) net
B) http
C) url
D) dns
Answer: B
Explanation: The `http` module provides `createServer` for building HTTP servers directly.
**Question 2. In an Express application, which method registers a route that responds to HTTP
PUT requests?**
A) app.get()
B) app.post()
C) app.put()
D) app.update()
Answer: C
Explanation: `app.put()` is the Express method for handling PUT requests.
**Question 3. Which HTTP status code indicates that a new resource has been successfully
created?**
A) 200 OK
B) 201 Created
C) 202 Accepted
D) 204 No Content
Answer: B
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59

Partial preview of the text

Download Exam Developer OpenJS Node js Services Developer Practice Exam and more Exams Technology in PDF only on Docsity!

Developer Practice Exam

Question 1. Which core Node.js module is used to create an HTTP server without any external framework? A) net B) http C) url D) dns Answer: B Explanation: The http module provides createServer for building HTTP servers directly. Question 2. In an Express application, which method registers a route that responds to HTTP PUT requests? A) app.get() B) app.post() C) app.put() D) app.update() Answer: C Explanation: app.put() is the Express method for handling PUT requests. Question 3. Which HTTP status code indicates that a new resource has been successfully created? A) 200 OK B) 201 Created C) 202 Accepted D) 204 No Content Answer: B

Developer Practice Exam

Explanation: 201 Created is the standard response for a successful POST that creates a resource. Question 4. When serving static assets with Express, which middleware function is typically used? A) bodyParser() B) static() C) cors() D) helmet() Answer: B Explanation: express.static() serves files from a directory as static assets. Question 5. Which HTTP verb should be used to partially update a resource? A) POST B) PUT C) PATCH D) DELETE Answer: C Explanation: PATCH is intended for partial modifications, unlike PUT which replaces the entire resource. Question 6. Which of the following libraries provides a native‑like fetch API for Node.js? A) axios B) request C) undici D) superagent

Developer Practice Exam

Answer: D Explanation: 422 signals that the request is well‑formed but semantically invalid. Question 10. Which Node.js API is most appropriate for handling large file uploads without loading the entire file into memory? A) fs.readFileSync() B) http.request() C) stream.Writable D) child_process.exec() Answer: C Explanation: Streams allow processing data chunk‑by‑chunk, ideal for large uploads. Question 11. Which of the following is NOT a valid way to protect an Express app against Cross‑Site Request Forgery? A) Using CSRF tokens B) SameSite cookie attribute C) Disabling CORS D) Double‑submit cookie pattern Answer: C Explanation: Disabling CORS does not mitigate CSRF; CSRF tokens or SameSite cookies are the proper defenses. Question 12. Which Helmet middleware sets the Content‑Security‑Policy header? A) helmet.hidePoweredBy() B) helmet.contentSecurityPolicy() C) helmet.xssFilter()

Developer Practice Exam

D) helmet.frameguard() Answer: B Explanation: helmet.contentSecurityPolicy() configures the CSP header. Question 13. In JWT authentication, which claim typically contains the user’s unique identifier? A) iss B) sub C) aud D) exp Answer: B Explanation: The sub (subject) claim identifies the principal that the token represents. Question 14. Which npm package is primarily used for schema‑based validation of request bodies? A) multer B) joi C) cors D) morgan Answer: B Explanation: joi defines validation schemas and checks data against them. Question 15. What does the X-Content-Type-Options: nosniff header prevent? A) Click‑jacking B) MIME type sniffing

Developer Practice Exam

B) Order they are defined in the code C) Random order at runtime D) Reverse order of definition Answer: B Explanation: Middleware runs sequentially in the order they are added with app.use() or route methods. Question 19. Which HTTP status code indicates that the server understood the request but refuses to authorize it? A) 401 Unauthorized B) 403 Forbidden C) 404 Not Found D) 405 Method Not Allowed Answer: B Explanation: 403 means the client is authenticated but does not have permission. Question 20. Which Node.js core module provides utilities for working with binary data? A) stream B) buffer C) crypto D) util Answer: B Explanation: The buffer module handles raw binary data. Question 21. Which library would you use to securely hash passwords before storing them in a database?

Developer Practice Exam

A) jsonwebtoken B) bcrypt C) multer D) express-validator Answer: B Explanation: bcrypt implements a strong adaptive hashing algorithm for passwords. Question 22. Which of the following is the most appropriate response header to enable CORS for all origins? A) X-Frame-Options: DENY B) Access-Control-Allow-Origin: * C) Strict-Transport-Security: max-age= D) Referrer-Policy: no-referrer Answer: B Explanation: Access-Control-Allow-Origin: * permits any origin to access the resource. Question 23. In a reverse proxy setup, which header is commonly added by the proxy to indicate the original client IP? A) X-Forwarded-For B) X-Real-IP C) X-Proxy-User D) X-Client-Host Answer: A Explanation: X-Forwarded-For carries the chain of client IP addresses.

Developer Practice Exam

Explanation: stream.resume() switches a paused readable stream into flowing mode. Question 27. Which of the following is a best practice for limiting request payload size in Express? A) Set limit option in express.json() B) Increase maxListeners on the EventEmitter C) Use app.disable('x-powered-by') D) Disable keep‑alive connections Answer: A Explanation: express.json({ limit: '100kb' }) restricts the size of JSON bodies. Question 28. Which of these tools can be used to generate a self‑signed certificate for local HTTPS development? A) npm init B) openssl C) git clone D) yarn add Answer: B Explanation: openssl can create private keys and self‑signed X.509 certificates. Question 29. In the context of rate limiting, which Redis data structure is commonly used to track request counts? A) List B) Set C) Sorted Set D) String (counter)

Developer Practice Exam

Answer: D Explanation: A simple integer stored as a string is incremented atomically to count requests. Question 30. Which Express middleware is specifically designed to protect against HTTP Parameter Pollution? A) express-rate-limit B) hpp C) csurf D) compression Answer: B Explanation: The hpp middleware removes duplicate query parameters. Question 31. Which HTTP response header instructs browsers to only load resources over HTTPS? A) Content-Security-Policy: upgrade-insecure-requests B) Strict-Transport-Security C) X-Content-Type-Options D) X-Frame-Options Answer: B Explanation: Strict-Transport-Security (HSTS) forces browsers to use HTTPS for the domain. Question 32. Which of the following is NOT a valid way to pass configuration secrets to a Node.js process? A) Hard‑coding them in source files B) Using environment variables C) Loading from a .env file via dotenv

Developer Practice Exam

C) setImmediate(fn) D) Both B and C are correct Answer: D Explanation: Both process.nextTick and setImmediate defer execution, but they run at slightly different phases. Question 36. When using the axios library, which property of the response object contains the HTTP status code? A) response.statusCode B) response.status C) response.httpStatus D) response.code Answer: B Explanation: axios returns { status, data, headers, ... }. Question 37. Which npm package is designed to help parse multipart/form-data for file uploads? A) body-parser B) multer C) querystring D) url Answer: B Explanation: multer handles multipart parsing and stores uploaded files. Question 38. Which of the following is the most secure default for cookie SameSite attribute in modern browsers?

Developer Practice Exam

A) None B) Lax C) Strict D) No attribute (defaults to None) Answer: B Explanation: Browsers default to SameSite=Lax, which balances security and usability. Question 39. Which of these commands prints the current working directory in a Linux terminal? A) pwd B) ls C) cd D) cat Answer: A Explanation: pwd stands for “print working directory”. Question 40. Which Node.js method is used to spawn a new child process that runs a command line program? A) child_process.exec() B) child_process.spawn() C) child_process.fork() D) All of the above Answer: D Explanation: All three create child processes with different semantics.

Developer Practice Exam

Question 44. Which of the following is the correct way to start an HTTPS server that listens on port 8443? A) https.createServer(options).listen(8443); B) http.createServer(options).listen(8443); C) https.listen(8443, options); D) app.listen(8443, httpsOptions); Answer: A Explanation: https.createServer(options).listen(port) is the proper pattern. Question 45. Which of these is a recommended size limit for a JSON body in a public API? A) 1 MB B) 10 MB C) 100 MB D) No limit Answer: A Explanation: Keeping payloads ≤1 MB improves performance and reduces abuse risk. Question 46. Which Node.js event is emitted when a readable stream reaches its end? A) 'close' B) 'finish' C) 'end' D) 'error' Answer: C Explanation: The 'end' event signals that no more data will be emitted.

Developer Practice Exam

Question 47. Which of the following npm packages can be used to implement rate limiting in an Express app? A) express-rate-limit B) cors C) helmet D) morgan Answer: A Explanation: express-rate-limit tracks request counts and throttles excess calls. Question 48. In a JWT, which part contains the base64‑url encoded header? A) First segment before the first dot B) Second segment C) Third segment D) All three combined Answer: A Explanation: A JWT is header.payload.signature; the header is the first segment. Question 49. Which of the following is the most appropriate way to log errors in a production Node.js service? A) console.log() only B) Write to a file using fs.appendFileSync() C) Use a structured logger like pino or winston with log rotation D) Ignore errors to keep the service fast Answer: C

Developer Practice Exam

Answer: B Explanation: Whitelisting target URLs ensures redirects are safe. Question 53. Which of the following is a standard way to indicate that a response should not be cached? A) Cache-Control: no-store B) Expires: 0 C) Pragma: no-cache D) All of the above Answer: D Explanation: All three headers can be used together to prevent caching. Question 54. Which of the following Node.js functions is used to read a file asynchronously? A) fs.readFileSync() B) fs.readFile() C) fs.openSync() D) fs.createReadStream() Answer: B Explanation: fs.readFile reads a file without blocking the event loop. Question 55. Which of these is the correct way to define a route parameter named id in Express? A) app.get('/users/:id', …) B) app.get('/users/{id}', …) C) app.get('/users?id=', …)

Developer Practice Exam

D) app.get('/users/*', …) Answer: A Explanation: :id denotes a dynamic segment in the path. Question 56. Which HTTP status code indicates that the client must authenticate to gain network access? A) 401 Unauthorized B) 403 Forbidden C) 407 Proxy Authentication Required D) 511 Network Authentication Required Answer: D Explanation: 511 is defined for network‑level authentication (e.g., captive portals). Question 57. Which npm script runs the test suite using mocha? A) npm run test B) npm start test C) mocha test.js D) npm exec mocha Answer: A Explanation: By convention, npm test runs the script named test (often mocha). Question 58. Which of the following is the most secure way to store a secret token in a Docker container? A) Hard‑code it in the source code B) Pass it as an environment variable at runtime