More than 3000 questions in repository. There are more than 900 unanswered questions. Click here and help us by providing the answer. Have a video suggestion. Click Correct / Improve and please let us know.
Ans. 1. String Pool - When a string is created and if it exists in the pool, the reference of the existing string will be returned instead of creating a new object. If string is not immutable, changing the string with one reference will lead to the wrong value for the other references.
Example -
String str1 = "String1";
String str2 = "String1"; // It doesn't create a new String and rather reuses the string literal from pool
// Now both str1 and str2 pointing to same string object in pool, changing str1 will change it for str2 too
2. To Cache its Hashcode - If string is not immutable, One can change its hashcode and hence it's not fit to be cached.
3. Security - String is widely used as parameter for many java classes, e.g. network connection, opening files, etc. Making it mutable might possess threats due to interception by the other code segment.
Help us improve. Please let us know the company, where you were asked this question :
Ans. Hashcode is used for bucketing in Hash implementations like HashMap, HashTable, HashSet etc. The value received from hashcode() is used as bucket number for storing elements. This bucket number is the address of the element inside the set/map. when you do contains() then it will take the hashcode of the element, then look for the bucket where hashcode points to and if more than 1 element is found in the same bucket (multiple objects can have the same hashcode) then it uses the equals() method to evaluate if object are equal, and then decide if contain() is true or false, or decide if element could be added in the set or not.
Help us improve. Please let us know the company, where you were asked this question :
Ans. String is widely used as parameter for many java classes, e.g. network connection, opening files, etc. Making it mutable might possess threats due to interception by the other code segment or hacker over internet.
Once a String constant is created in Java , it stays in string constant pool until garbage collected and hence stays there much longer than what's needed. Any unauthorized access to string Pool pose a threat of exposing these values.
Help us improve. Please let us know the company, where you were asked this question :
Ans. Volatile is an instruction that the variables can be accessed by multiple threads and hence shouldn't be cached. As volatile variables are never cached and hence their retrieval cannot be optimized.
Help us improve. Please let us know the company, where you were asked this question :
Q5. Can a EC2 instance have multiple Security Groups ? Can a single security group be assigned to multiple Ec2 instances ? If either of them is true , doesn't it result in conflict ?
Ans. We can assign multiple security groups to single instance and we can use single security group with multiple instances.
It never results in conflict as security groups only have allow rules and no deny rules. Multiple security groups for an instance results in union of all rules.
Help us improve. Please let us know the company, where you were asked this question :
Ans. Yes, doesn't provide exclusive access as we cannot allocate and deallocate memory exclusively as Java internally manages it. The advantage of this is that it relieves the coder for such tasks and helps protect from many bugs that may get introduced with imperfect coding. Moreover as java garbage collector collects all unclaimed memory or objects, it helps the application from memory leaks.
On the flip side , as coder doesn't have extensive excess to memory , it is upto java to decide on the state for programming construct and data storage and hence may introduce some security risks. For example - Java keeps string literals in string pool and there is no exclusive way to remove it and hence may stay and sensitive data in string pool may introduce security issues. Moreover when we overwrite a value or object for a variable / reference, it is upto java to purge those values and hence it may stay in memory for a while till java decide that it is no longer referenced and hence should be removed and hence makes it vulnerable for inappropriate access.
Help us improve. Please let us know the company, where you were asked this question :
LikeDiscussCorrect / Improve  disadvantages of garbage collection  advantages and disadvantages of java memory management  java for security applications  java with sensitive data  memory management
Q8. What are the types of authentication used in Web services ?
Ans. Yes, Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
Help us improve. Please let us know the company, where you were asked this question :
Ans. DDOS is denial of service attack in which the hacker seeks to make a machine or resource unavailable to its expected users by disrupting services.
Help us improve. Please let us know the company, where you were asked this question :
Ans. XSS or cross site scripting is a javascript vulnerability in web applications. The easiest way to explain this is with a case when the user enters a script in the client side input fields and that input gets processed without getting validated. This leads to untrusted data getting saved and executed on the client side.
Help us improve. Please let us know the company, where you were asked this question :
Ans. A CSRF token is a unique, secret, unpredictable value that is generated by the server-side application and transmitted to the client in such a way that it is included in a subsequent HTTP request made by the client. When the later request is made, the server-side application validates that the request includes the expected token and rejects the request if the token is missing or invalid.
CSRF tokens can prevent CSRF attacks by making it impossible for an attacker to construct a fully valid HTTP request suitable for feeding to a victim user. Since the attacker cannot determine or predict the value of a user's CSRF token, they cannot construct a request with all the parameters that are necessary for the application to honor the request.
Help us improve. Please let us know the company, where you were asked this question :
Ans. SRF attack requires an authenticated session, whereas an XSS attack doesn’t.
XSS doesn’t require any user interaction.CSRF is restricted to the actions the victim can perform.
XSS requires a vulnerability to happen, whereas CSRF relies on tricking the user to click a link or access a page.
CSRF can only send an HTTP request but cannot view the response. XSS can send and receive HTTP requests and responses to extract the required data.
Help us improve. Please let us know the company, where you were asked this question :
Ans. Session storage can be accessed from XSS (Cross site Scripting) attacks but cookies (if set with "HttpOnly" and "Secure" flags) are more safer against these attacks.
Help us improve. Please let us know the company, where you were asked this question :