








































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This localized certification exam validates the skills of Node.js services developers in China. Domains include Node.js APIs, asynchronous programming, event-driven architecture, Express framework, testing, security practices, containerization, and deployment. Conducted in Chinese, it ensures accessibility for developers in one of the world’s largest Node.js ecosystems.
Typology: Exams
1 / 80
This page cannot be seen from the preview
Don't miss anything!









































































Question 1. Which native Node.js module is used to create an HTTPS server? A) http B) net C) tls D) https Answer: D Explanation: The https module provides https.createServer() for TLS-encrypted HTTP servers, while http creates plain HTTP servers. Question 2. In an Express route, which method is used to parse JSON bodies automatically? A) app.use(express.urlencoded()) B) app.use(express.json()) C) app.use(bodyParser.text()) D) app.use(morgan()) Answer: B Explanation: express.json() middleware parses incoming requests with Content-Type: application/json and populates req.body. Question 3. Which HTTP status code indicates that the request was successful and a new resource was created? A) 200 B) 201 C) 202 D) 204 Answer: B Explanation: 201 Created signals that the request resulted in a new resource, typically returned after a successful POST. Question 4. What property of an HTTP verb determines its idempotency? A) The presence of a request body B) The ability to be safely repeated without side effects
C) The need for authentication D) The size of the payload Answer: B Explanation: An idempotent method (e.g., PUT, DELETE) can be called multiple times with the same effect as a single call. Question 5. Which header controls cross-origin resource sharing for a response? A) Set-Cookie B) Authorization C) Access-Control-Allow-Origin D) Cache-Control Answer: C Explanation: Access-Control-Allow-Origin specifies which origins may access the resource, enabling CORS. Question 6. When using the native http.request method, which event signals that the response headers have been received? A) 'data' B) 'end' C) 'response' D) 'finish' Answer: C Explanation: The 'response' event is emitted with an IncomingMessage object containing the response headers. Question 7. In a Fastify plugin, which hook is executed before the route handler is called? A) onRequest B) preHandler C) onSend D) onError
Question 11. Which Node.js stream method is optimal for piping data from an external API directly to a client response? A) .pipe() B) .write() C) .end() D) .read() Answer: A Explanation: .pipe() connects readable and writable streams without buffering the entire payload in memory. Question 12. What does the helmet middleware primarily provide? A) Request logging B) Security-related HTTP headers C) Body parsing D) Session management Answer: B Explanation: helmet sets a collection of security headers such as CSP, HSTS, and X-Content-Type-Options. Question 13. Which status code indicates that the client must authenticate to gain network access? A) 401 B) 403 C) 407 D) 511 Answer: D Explanation: 511 Network Authentication Required is used when the client must authenticate to gain network access (e.g., captive portals). Question 14. In Express, which function signature represents an error-handling middleware? A) (req, res, next)
B) (err, req, res, next) C) (req, res) D) (req, res, err) Answer: B Explanation: Error-handling middleware must have four arguments, with the first being the error object. Question 15. Which of the following is a recommended way to limit request payload size in an Express app? A) app.use(express.json({ limit: '1mb' })) B) app.set('payloadLimit', 1024) C) res.setHeader('Content-Length', 0) D) process.setMaxListeners(10) Answer: A Explanation: express.json({ limit: '1mb' }) rejects bodies larger than the specified limit, preventing resource exhaustion. Question 16. Which of the following npm scripts will run a Node.js file named server.js with environment variable NODE_ENV=production? A) "start": "node server.js" B) "start": "NODE_ENV=production node server.js" C) "start": "node -e production server.js" D) "start": "env NODE_ENV=production node server.js" Answer: B Explanation: Prefixing the command with NODE_ENV=production sets the variable for the process on Unix-like systems. Question 17. Which HTTP header is used to instruct browsers to only use HTTPS for future requests to a domain? A) Content-Security-Policy B) Strict-Transport-Security C) X-Frame-Options
Explanation: PATCH applies partial modifications, whereas PUT replaces the entire resource. Question 21. Which Node.js built-in module provides low-level networking capabilities such as creating TCP servers? A) http B) net C) dns D) url Answer: B Explanation: The net module allows creation of TCP/IPC servers and sockets. Question 22. Which of the following is the most appropriate status code for a request that has been accepted for processing but not yet completed? A) 200 B) 202 C) 204 D) 301 Answer: B Explanation: 202 Accepted indicates the request is valid but processing is pending. Question 23. Which middleware pattern best isolates route-specific logic from global request handling? A) Global error handler B) Router-level middleware C) Application-level middleware D) Static file middleware Answer: B Explanation: Router-level middleware applies only to routes defined on a specific router instance, keeping concerns separated.
Question 24. Which of the following is a common technique to mitigate NoSQL injection in MongoDB queries? A) Using string concatenation for query building B) Directly inserting user input into $where clauses C) Validating and sanitizing input with a schema library like Joi D) Disabling authentication on the database Answer: C Explanation: Schema validation ensures only expected data types and structures are used, preventing malicious query injection. Question 25. In a Node.js application, which signal is typically used to trigger a graceful shutdown? A) SIGKILL B) SIGTERM C) SIGSTOP D) SIGUSR Answer: B Explanation: SIGTERM is the conventional signal for termination, allowing the process to close connections and clean up before exiting. Question 26. Which HTTP header can be used to control client-side caching of a response? A) Authorization B) Cache-Control C) Accept-Encoding D) Content-Type Answer: B Explanation: Cache-Control directives such as max-age and no-store dictate how and for how long browsers cache the response. Question 27. Which of the following libraries provides a Promise-based HTTP client with built-in timeout support? A) request
D) res.cookie('token', value, { httpOnly: false }) Answer: B Explanation: The secure attribute ensures the cookie is transmitted only over TLS-encrypted connections. Question 31. Which of the following is a recommended practice for handling unhandled promise rejections in a Node.js service? A) Ignoring them, as Node will automatically log them B) Adding a global process.on('unhandledRejection') handler to log and shut down gracefully C) Converting all promises to callbacks D) Using try/catch around every async function call Answer: B Explanation: A global handler allows logging, cleanup, and a controlled shutdown to avoid undefined state. Question 32. Which of the following is the primary purpose of the Content- Security-Policy header? A) Define allowed HTTP methods B) Restrict sources for scripts, styles, and other resources to mitigate XSS C) Set cookie attributes D) Control caching behavior Answer: B Explanation: CSP provides a whitelist of allowed content origins, reducing the risk of cross-site scripting. Question 33. Which method of an Express Router object registers a handler for all HTTP verbs on a path? A) router.get() B) router.all() C) router.use() D) router.route() Answer: B
Explanation: router.all('/path', handler) matches any HTTP method for the specified route. Question 34. Which of the following is the correct way to enable gzip compression for all responses in an Express app? A) app.use(compression()) B) app.use(gzip()) C) app.enable('gzip') D) app.use(express.gzip()) Answer: A Explanation: The compression middleware compresses response bodies using gzip/deflate when appropriate. Question 35. Which HTTP verb should be used to retrieve a resource without causing side effects? A) POST B) PUT C) DELETE D) GET Answer: D Explanation: GET is defined as a safe method that must not alter server state. Question 36. In the context of rate limiting, which algorithm provides a simple token-bucket implementation? A) Leaky bucket B) Fixed window counter C) Sliding log D) Token bucket Answer: D Explanation: The token-bucket algorithm allows a burst of requests up to a bucket size, then refills tokens at a fixed rate.
B) fs.readFile() C) fs.openSync() D) fs.createReadStream() Answer: B Explanation: fs.readFile() performs the I/O operation in a thread pool, invoking a callback when complete, thus non-blocking. Question 41. Which of the following headers is required for browsers to allow credentials (cookies, HTTP auth) in CORS requests? A) Access-Control-Allow-Origin: * B) Access-Control-Allow-Credentials: true C) Access-Control-Expose-Headers: * D) Access-Control-Max-Age: 86400 Answer: B Explanation: Access-Control-Allow-Credentials: true permits browsers to send and receive cookies and HTTP authentication with cross-origin requests. Question 42. In an Express error-handling middleware, which method is used to send the error response to the client? A) res.send() B) res.json() C) res.status().json() D) next() Answer: C Explanation: Typically, res.status(err.status || 500).json({ error: err.message }) sets the proper HTTP status and returns a JSON payload. Question 43. Which of the following best describes the purpose of the npm ci command? A) Install packages and update package-lock.json B) Clean the node_modules directory without reinstalling C) Perform a clean install based on package-lock.json for reproducible builds
D) Run continuous integration tests Answer: C Explanation: npm ci removes node_modules and installs exactly the versions listed in package-lock.json, ensuring deterministic builds. Question 44. Which HTTP header can be used to instruct browsers to never store a response in any cache? A) Cache-Control: no-store B) Pragma: no-cache C) Expires: 0 D) All of the above Answer: D Explanation: All three directives (Cache-Control: no-store, Pragma: no-cache, Expires: 0) together ensure that caches do not store the response. Question 45. Which of the following is the correct way to set a timeout for an axios request? A) axios.get(url, { timeout: 5000 }) B) axios.timeout(5000).get(url) C) axios({ url, method: 'GET', maxTime: 5000 }) D) axios.get(url).setTimeout(5000) Answer: A Explanation: The timeout option (in milliseconds) tells axios to abort the request if it exceeds the specified duration. Question 46. Which of the following is the most secure way to store a password in a Node.js application? A) Plain text in the database B) Base64-encoded string C) Hashed with a strong algorithm like bcrypt and a unique salt D) Encrypted with a symmetric key stored in source code Answer: C
Question 50. Which of the following HTTP methods is NOT idempotent? A) PUT B) DELETE C) PATCH D) HEAD Answer: C Explanation: PATCH may produce different results when applied multiple times, thus it is not guaranteed to be idempotent. Question 51. In Node.js, which method is used to gracefully close an HTTP server, stopping it from accepting new connections? A) server.stop() B) server.end() C) server.close() D) server.shutdown() Answer: C Explanation: server.close() stops the server from accepting new connections while allowing existing ones to finish. Question 52. Which of the following HTTP response codes indicates that the client should repeat the request with a different URI? A) 301 B) 303 C) 307 D) 308 Answer: B Explanation: 303 See Other tells the client to perform a GET request to the URI provided in the Location header. Question 53. Which of the following is a common technique to mitigate XSS when rendering user-provided data in server-side templates? A) Disabling JavaScript in the browser
B) Escaping HTML special characters before insertion C) Removing all whitespace from the output D) Using eval on the data Answer: B Explanation: Escaping characters like <, >, ", ', and & prevents malicious scripts from being interpreted. Question 54. Which of the following commands lists all open network ports on a Linux system? A) ls -l /proc/net/ B) netstat -tulnp C) ps aux | grep node D) cat /etc/services Answer: B Explanation: netstat -tulnp shows listening TCP/UDP ports and the associated processes. Question 55. Which Node.js module provides utilities for working with file and directory paths? A) fs B) path C) url D) querystring Answer: B Explanation: The path module offers methods like join, resolve, and basename for path manipulation. Question 56. Which of the following is the correct way to enable strict mode for an entire Node.js file? A) "use strict"; at the top of the file B) node --strict app.js C) "strict mode"; at the top of the file
Explanation: Limiting payload size prevents memory exhaustion; a 413 Payload Too Large response informs the client. Question 60. Which of the following methods can be used to retrieve the IP address of the client making a request in an Express handler? A) req.ip B) req.headers['host'] C) req.connection.remotePort D) req.protocol Answer: A Explanation: req.ip returns the remote IP, taking into account proxy headers like X-Forwarded-For when trust proxy is enabled. Question 61. Which of the following is the correct way to set the Content- Type header to JSON in a native Node.js HTTP response? A) res.setHeader('Content-Type', 'application/json'); B) res.writeHeader('Content-Type', 'application/json'); C) res.addHeader('Content-Type', 'application/json'); D) res.header('Content-Type', 'application/json'); Answer: A Explanation: setHeader assigns a header field on the outgoing response object. Question 62. Which of the following is a primary benefit of using async/await over plain Promises in route handlers? A) It automatically retries failed requests B) It eliminates the need for a callback function C) It makes asynchronous code appear synchronous, improving readability and error handling with try/catch D) It runs code in a separate thread Answer: C Explanation: async/await allows linear-style code and standard try/catch blocks for error handling, reducing callback nesting.
Question 63. Which of the following is the most appropriate HTTP status code for a successful DELETE operation that returns no content? A) 200 B) 202 C) 204 D) 404 Answer: C Explanation: 204 No Content indicates the request succeeded but there is no response body. Question 64. Which of the following environment variables is commonly used to indicate a production environment in Node.js applications? A) NODE_ENV=dev B) NODE_ENV=production C) APP_MODE=prod D) ENV=prod Answer: B Explanation: The convention NODE_ENV=production enables production-specific optimizations and disables debugging features. Question 65. Which of the following statements about the process.nextTick() function is true? A) It schedules a callback after I/O events have been processed B) It executes the callback immediately, before any I/O or timer events in the current loop iteration C) It creates a new thread for the callback D) It is deprecated in recent Node versions Answer: B Explanation: process.nextTick() places the callback at the front of the microtask queue, running it before the event loop proceeds to the next phase. Question 66. Which of the following is the correct way to enable CORS for all routes in an Express application using the cors package?