I.

Answer TRUE or FALSE to the following statements e) Express

f) Postman
1. The POST HTTP method is typically used to retrieve data from a server.
IV. Postman in Backend Application Development: TRUE or FALSE
2. Middleware in Express.js can be used to modify the request and response objects.
14 a. Postman is a popular tool for testing and documenting APIs.
3. A 404 Not Found status code indicates that the requested resource was b. It provides a user-friendly interface for sending HTTP requests to APIs, inspecting
successfully created. responses, and automating API testing.
4. In Express.js, the next() function is used to pass control to the next middleware V. General Statements: TRUE or FALSE
function in the stack.
15. Nodemon is a utility tool for Node.js that helps developers during the
5. Debugging a RESTful API involves reviewing and updating the API development process.
documentation as one of the steps.
16. Node.js is an open-source JavaScript runtime environment that allows developers
6. CRUD operations in Node.js using Express.js include creating, reading, updating, to execute algorithm code on the server side.
and deleting resources.
17. Postman is a popular tool for developing and documenting APIs.
II. Complete the sentences with the correct word
18. Dependencies are internal packages or libraries that a Node.js application relies
7. To define endpoints in an Express.js application, you must first __________. on to perform various tasks.
8. The HTTP status code __________ is used when a server-side error occurs, such VI. Command Line Knowledge
as a database query failing.
18. What will be performed once you use the following command:
9. In Node.js, the __________ middleware checks if the data in the request meets mkdir ubudeheproject
necessary requirements.
19. What is the command that can be used to install Express as a Node package?
10. When testing API endpoints with Postman, you should first select the
__________. 20. What is the command that can be used to install Nodemon globally?

11. A __________ is a tool in Express.js used to perform tasks like logging, input 21. What command is used to initialize a Node.js project?
validation, and error handling during the request-response cycle. A) npm start
B) npm init -y
12. The 201 Created status code is used when __________. C) node init
D) npm create
III. Multiple Choice Questions
VII. Express & Middleware Concepts
13. Once you want to develop a back-end application, the following are requirements
except (select one): 24. Which package is used to parse incoming request bodies in Express?
a) Node.js installed on your computer A) express
b) Npm B) body-parser
c) Nodemon C) mysql
d) Install MS Word D) nodemon
25. What HTTP method is typically used to retrieve data from a server? 32. What is the default port number for an Express server if not specified?
A) POST A) 8080
B) PUT B) 3000
C) GET C) 5000
D) DELETE D) 4000

26. What status code indicates that a resource was successfully created? 33. Match the HTTP methods in Column B with their typical usage in Column C
A) 404
B) 200 Column A Column B (Methods) Column C (Usage)
C) 500
D) 201 A …… A) GET 1) Retrieve data

27. Which middleware function is used to log details of incoming requests?

B …… B) POST 4) Create new resource
A) Error Handling Middleware
B) Input Validation Middleware
C …… C) PUT 2) Update data
C) Logging Middleware
D) Authentication Middleware
D …… D) DELETE 3) Delete data
28. What is the correct method to delete a resource in REST?
A) POST
B) DELETE
C) GET 34. Match the middleware in Column B to its function in Column C
D) PUT
Column A Middleware Function
29. Which command installs Express in your Node.js project?
A) npm install express A …… A) Logging Middleware 1) Logs details of requests
B) npm add express
C) npm get express B …… B) Input Validation 2) Validates incoming data
D) npm express install
C …… C) Error Handling 3) Catches errors and sends responses
30. What is the purpose of Error Handling Middleware?
A) To log requests
B) To validate input
C) To handle errors and send appropriate responses 35–52. Complete the sentences with the correct keyword
D) To connect to the database Keywords:
31. Which HTTP status code indicates a resource was not found? POST, end, npm install mysql, 500 Internal Server Error, Postman, Logging, 404 Not
A) 200 Found, 200 OK, Error Handling, Create, Read, Update, and Delete, PUT, listen, meets, 201
B) 201 Created, MySQL Connection, GET, body-parser, validate
C) 404 35. To create a new resource, you typically use the __________ HTTP method.
D) 500
36. In Express.js, middleware functions can modify the request and response objects,
__________ the request-response cycle, and call the next middleware function.
Practical Assessment
37. The command to install the MySQL package in a Node.js project is __________.
Scenario:
38. When a server encounters an unexpected issue, it typically responds with a Tela Tech Ltd requires a backend application using Node.js and MySQL.
__________ status code.
Task:
39. To test API endpoints, you can use a tool called __________.
• Create a database: KigaliInnovationDB
40. The __________ middleware is responsible for logging the details of incoming
requests. • Create a table: clients

41. A resource that does not exist in the database should return a __________ status o Fields: ID, Names, Sex, Address, Phone, Email
code.
• Develop APIs for:
42. The status code __________ indicates that a request was successful and data is
returned. o Insert (POST)

43. To handle errors in an Express application, you can implement __________ o Update (PUT)
middleware.
o Select (GET)
44. CRUD operations in Node.js require setting up an Express server that contains
endpoints for __________.
o Delete (DELETE)

45. The method used to update an existing resource is typically __________. • Include appropriate HTTP status codes (e.g., 200 OK, 201 Created, 404 Not
Found, 500 Internal Server Error)
46. An Express server can be started by calling the __________ method on the app
object.
I. Multiple Choice Questions (Encryption)
47. The purpose of input validation middleware is to ensure that incoming data
__________ the necessary requirements. 1. Which type of encryption uses the same key for both encryption and decryption?
A) Symmetric Encryption
48. A successful resource creation in a RESTful API returns a __________ status B) Asymmetric Encryption
code. C) Hashing
D) None of the above
49. To connect to a MySQL database in Node.js, you need to create a __________.
2. Which algorithm is commonly used for symmetric encryption in Node.js?
50. The __________ method is used to request data from a specified resource. A) RSA
B) AES
51. In Express, to parse JSON data from incoming requests, you must use the
C) SHA-256
__________ middleware.
D) bcrypt
52. When debugging a RESTful API, it is important to __________ input data and
monitor network traffic for issues.
3. In asymmetric encryption, which key is used to decrypt the data? 10. In the context of encryption, what does IV stand for?
A) Public Key A) Initialization Vector
B) Private Key B) Interchangeable Variable
C) Symmetric Key C) Inner Value
D) None of the above D) Independent Verification

4. Which Node.js module provides built-in support for cryptographic operations? II. Respond TRUE or FALSE
A) fs
B) http 1. Asymmetric encryption uses the same key for both encryption and decryption.
C) crypto
2. The Moment.js library in Node.js is primarily used for date manipulation.
D) path
3. The crypto module in Node.js supports both symmetric and asymmetric
5. Which of the following is NOT a use case for hashing?
encryption techniques.
A) Storing passwords securely
B) Encrypting large amounts of data 4. Using bcrypt in Node.js automatically handles the addition of salt to the hashing
C) Verifying data integrity process.
D) Generating fixed-size hash values
5. The package.json file in a Node.js project keeps track of dependencies and their
6. What is the output size of a SHA-256 hash? versions.
A) 128 bits
B) 256 bits 6. Hash functions are reversible.
C) 512 bits
7. Asymmetric encryption is more suitable for bulk data encryption than symmetric
D) 1024 bits
encryption.
7. Which of the following is a disadvantage of symmetric encryption?
8. A public key can be shared openly while the private key must be kept secret.
A) Speed
B) Key distribution 9. All cryptographic algorithms are equally secure.
C) Complexity
D) Security 10. Hashing can be used to securely store passwords.

8. What does the bcrypt library primarily do? III. Fill in the Blank with the Correct Keyword (Choose the Best Option)
A) Encrypt files
B) Hash passwords 1. Symmetric encryption is typically used for encrypting large amounts of data ___.
C) Generate keys
o A) quickly
D) Create SSL certificates
o B) slowly
9. Which encryption method is generally slower?
A) Symmetric o C) securely
B) Asymmetric
C) Both are equally fast o D) publicly
D) Hashing
2. The ___ module in Node.js supports various cryptographic functions.
 o A) fs o C) Hashing

o B) crypto o D) Encrypting

o C) path 7. ___ encryption is more efficient for encrypting large amounts of data.

o D) url o A) Symmetric

3. In ___ encryption, a pair of keys (public and private) is used, with one key o B) Asymmetric
encrypting the data and the other decrypting it.
o C) Hashing
o A) symmetric
o D) Hybrid
o B) asymmetric
8. The ___ algorithm is commonly used in asymmetric encryption to generate
o C) hashing public and private keys.

o D) block o A) SHA-1

4. The bcrypt library is commonly used in Node.js for securely ___. o B) RSA

o A) hashing passwords o C) AES

o B) encrypting files o D) MD5

o C) generating keys 9. To store passwords securely, we use ___, not encryption.

o D) decoding messages o A) Encoding

5. A ___-bit key and a 16-byte initialization vector (IV) are generated for AES o B) Hashing
encryption.
o C) Public Key
o A) 128
o D) Decryption
o B) 256
10. The process of converting plaintext into ciphertext is known as ___.
o C) 512
• A) Hashing
o D) 1024
• B) Decryption
6. ___ is often used to prevent brute-force attacks on hashed passwords.
• C) Encryption
o A) Salting

o B) Encoding
• D) Encoding
IV. Match the Encryption Type with the Correct Description o D) Blowfish

Answer No. Encryption Type Description 4. What type of attack does salting help prevent?

o A) Replay attacks
…………. A) Symmetric 2) Uses the same key for encryption/decryption
o B) Man-in-the-middle attacks
…………. B) Asymmetric 1) Uses a pair of keys (public and private) o C) Rainbow table attacks

…………. C) Hashing 3) Produces a fixed-size output from input data o D) Denial of service attacks

5. Which cryptographic operation is reversible?

…………. D) Encryption 4) Converts plaintext into ciphertext
o A) Hashing

o B) Encryption
V. Multiple Choice Questions
o C) Salting
1. Which of the following is a secure hash function?
o D) None of the above
o A) SHA-1
6. What is the main purpose of the initialization vector (IV)?
o B) MD5
o A) To hash data
o C) SHA-256
o B) To ensure randomness
o D) All of the above
o C) To create keys
2. What is the purpose of salt in hashing?
o D) To compress data
o A) To increase speed
7. Which of the following is an example of a symmetric encryption algorithm?
o B) To add randomness
o A) RSA
o C) To encrypt data
o B) AES
o D) To create keys
o C) Diffie-Hellman
3. Which is an example of a one-way hash function?
o D) DSA
o A) AES
8. What does SSL stand for?
o B) RSA
o A) Secure Socket Layer
o C) SHA-512
o B) Simple Security Layer
 o C) Standard Security Layer o Async/await
• Ensure dependency security via:
o D) Secure System Layer o Monitoring and updating with npm
9. Which of the following is NOT a feature of hashing? • Manage environment variables with:
o dotenv for loading
o A) Deterministic o Monitoring variable changes
o Detecting suspicious activity
o B) Fixed size output • Implement logging and auditing to detect unauthorized access.

o C) Reversible
I. Multiple Choice Questions
o D) Fast
1. What is the primary purpose of unit testing?
10. Which Node.js function is used to create a hash? a) Test entire application
b) Validate individual components
• A) crypto.createCipher c) Identify vulnerabilities
d) Test UI responsiveness
• B) crypto.createHash 2. Popular unit testing framework for Node.js?
a) Jest
• C) crypto.generateKeyPair b) JUnit
c) Selenium
• D) crypto.createSign d) Mocha
3. Common assertion library with Mocha?
Practical Assessment: Secure Node.js Web Development at Tela Tech Ltd a) Jasmine
b) Chai
c) QUnit
Tela Tech Ltd develops websites for various institutions. As part of your practical task, you d) RSpec
are required to: 4. Command to install Mocha:
a) npm install mocha
Key Tasks: b) npm install chai
c) npm install jest
d) npm install selenium
• Implement symmetric and asymmetric encryption in Node.js using the crypto
5. In Chai, BDD-style assertion API:
module (e.g., AES, RSA).
a) Should
• Use hashing techniques for password security and data integrity. b) Must
• Integrate third-party libraries: c) Could
o bcrypt for password hashing d) Shall
o jsonwebtoken for JWT-based secure transmission 6. Main benefit of Chai's Expect API:
• Secure RESTful APIs using encryption to protect data in transit. a) Simpler to write and understand
• Integrate and manage Node.js third-party libraries b) Advanced security testing
• Handle asynchronous operations via: c) Automates UI testing
o Callbacks d) Faster execution
o Promises
7. First step in unit testing: c) Increased code coverage
a) Run test cases d) Improved network performance
b) Write test cases 16. Purpose of describe() in Mocha:
c) Analyze results a) Group related test cases
d) Setup environment b) Define global variables
8. Tool for usability testing: c) Parallel execution
a) Postman d) Handle async ops
b) Puppeteer 17. Chai Expect API feature:
c) Usabilla a) Allows chaining assertions
d) OWASP ZAP b) Manipulates DOM
9. OWASP stands for: c) Built-in logging
a) Open Web Application Security Project d) Handles network requests
b) Online Web Security Platform 18. Method to run Mocha tests:
c) Web and Software Protection a) mocha run
d) System Security Platform b) npm test
10. Not a type of vulnerability: c) mocha --exec
a) SQL Injection d) test start
b) Cross-Site Scripting (XSS) 19. Dynamic analysis tool for Node.js:
c) Unit Testing a) OWASP ZAP
d) CSRF b) JSHint
11. Command to install Chai: c) ESLint
a) npm install chai d) GitHub Copilot
b) npm install mocha 20. Framework for security tests in Node.js:
c) npm install jest a) OWASP
d) npm install puppeteer b) Mocha
12. Postman is used for: c) Chai
a) Unit Testing d) Cypress
b) API Testing 21. Key benefit of Puppeteer:
c) Usability Testing a) Reduces human error
d) Load Testing b) Eliminates testing
13. Puppeteer's primary function: c) Increases runtime
a) Simulate user interactions in web apps d) Advanced security features
b) Secure web apps 22. Command to run Postman collection:
c) Static code analysis a) postman run
d) Server configuration b) newman run
14. Mocha hook before all tests: c) postman exec
a) before() d) newman exec
b) after() 23. Skip test in Mocha:
c) beforeEach() a) Use it.skip
d) afterEach() b) Use it.skip()
15. NOT a key benefit of unit testing: c) Use describe.skip()
a) Early bug detection d) Use test.skip()
b) Reduced maintenance cost
 24. Example of a static analysis tool: Answer No. Method Description
a) ESLint
…………. a) page.goto() 3. Navigates to a URL
b) Burp Suite
c) Postman …………. b) page.click() 1. Simulates a browser click
d) JMeter …………. c) page.screenshot() 2. Takes a screenshot of the page
25. Use case for Chai’s Should API: …………. d) page.type() 4. Enters text into an input field
a) Write natural language style assertions
b) Run tests in parallel
c) Automate UI
d) Manage DB connections

Practical Assessment:
II. Match the Statements
Backend Testing and Security at TelaTech Ltd

1. Unit Testing Tools with Language Support:

TelaTech Ltd develops websites for various institutions. You are required to:

Answer No. Tool Language Task Summary

…………. a) Mocha 1. JavaScript
…………. b) JUnit 3. Java • Perform unit testing using Mocha and Chai
…………. c) PyTest 2. Python • Use Postman and Puppeteer for API and usability testing
• Conduct security testing and penetration testing using OWASP tools
…………. d) RSpec 4. Ruby
• Implement secure backend API interactions with Node.js
• Manage backend application deployment and test environments

2. Security Testing Tools with Functions:

Answer No. Tool Function II. Matching Questions

…………. a) OWASP ZAP 2. Dynamic application security testing
…………. b) ESLint 1. Static code analysis 4. Chai Assertion Style with Description
…………. c) Burp Suite 3. Automated web vulnerability scanner
…………. d) SonarQube 4. Code quality analysis Column A Column B
a) Expect 2. Assert style chaining with "expect"
b) Should 4. Assert style using "should"
3. Puppeteer Functions with Descriptions: c) Assert 1. Classic assert style without chaining
d) Chain 3. Not a Chai assertion style
5. Usability Testing Tool with Feature Column A Column B
c) Pre-request Script 4. Executing scripts before a request is sent
Column A Column B d) Tests 3. Validating responses from API requests
a) Postman 3. API testing and automation
b) Usabilla 1. Collecting user feedback on websites
c) Optimizely 4. A/B testing and experimentation 9. Node.js Security Practice with Best Practice
d) Maze 2. Remote user testing and reporting
Column A Column B
a) Use of SSL/TLS 2. Encrypting data in transit
6. Vulnerability Type with Description b) Input Validation 4. Sanitizing user inputs to prevent attacks
c) Dependency Management 1. Keeping packages up-to-date
Column A Column B d) Error Handling 3. Avoiding exposure of sensitive information
a) SQL Injection 1. Executing unauthorized SQL commands
b) XSS 3. Injecting malicious scripts into web pages
c) CSRF 4. Forcing users to perform actions they did not intend 10. Unit Test Concept with Description
d) Insecure Storage 2. Storing sensitive data without proper encryption
Column A Column B
a) Test Case 4. A single scenario to validate
7. OWASP Top 10 Risk with Attack Type b) Test Suite 1. A collection of related test cases
c) Mocking 2. Simulating dependencies in a test
Column A Column B d) Assertion 3. A statement that must be true for the test to pass
a) Injection 4. SQL Injection
b) Broken Authentication 3. Credential stuffing
c) Cross-Site Scripting 1. Script injection III. Complete the Statements

d) Security Misconfiguration 2. Default passwords

1. Unit testing is primarily conducted to ensure that individual components or
functions work as expected.
2. In Chai, the Expect API allows for natural language assertions.
8. Postman Feature with Description 3. The Mocha testing framework uses the describe() method to group related tests.
4. Usability testing is important because it helps identify issues with user experience
and interface design.
Column A Column B 5. A common vulnerability in web applications, where an attacker can inject SQL
a) Collections 2. Grouping related API requests queries, is known as SQL Injection.
6. Postman is commonly used to test API endpoints and automate testing.
b) Environment Variables 1. Storing reusable data like API keys
 7. Puppeteer allows developers to automate user interactions in a headless Chrome
browser.
8. In security testing, penetration testing is used to identify potential vulnerabilities I. Multiple Choice: Backend Management
before an attacker can exploit them.
9. Node.js applications should always use SSL/TLS encryption to ensure data is
transmitted securely. 1. What is the primary purpose of Node.js application deployment?
10. A test case in unit testing is designed to validate a specific function or feature. c) Preparing, transferring, and running a Node.js application on a server or cloud
11. The OWASP ZAP tool is used to scan web applications for vulnerabilities. environment
12. In Mocha, the beforeEach() hook runs before each individual test case. 2. Which of the following tools is commonly used for containerizing a Node.js
13. Chai’s should API is often used for assertions in a BDD style. application?
14. Security misconfigurations often arise from insecure settings or defaults. b) Docker
15. After performing a penetration test, it is crucial to document the findings in a 3. Which command is used to start a Node.js application if index.js is the entry
detailed report. point?
d) node index.js
4. Which of the following is NOT a type of Node.js application deployment?
Practical Task Instructions d) Script-based Deployment
5. Which process manager is commonly used to manage Node.js applications in
You are provided with: production?
b) PM2
• A database: Kigali Innovation DB
• A table: clients with fields: ID, Names, Sex, Address, Phone, Email II. Complete the following statements by choosing the correct answer
• Node.js-based backend APIs for:
o Insert 1. In a CI/CD pipeline, tools like _____________ are used to automate the testing
o Update and deployment process.
o Select a) Jenkins
o Delete b) FTP
• APIs must integrate with the frontend c) npm
d) Webpack
• Includes HTTP status codes for error handling
2. To manage environment variables and sensitive information like API keys in a
• A login form is created for system access Node.js application, you should use _____________.
a) package.json
Your Tasks: b) npm install
c) Environment Variables
d) scp
Test APIs using Postman
3. Before deploying a Node.js application, it is essential to install all necessary
Conduct usability testing with Puppeteer modules using _____________.
Perform unit testing using Mocha a) npm start
Monitor and analyze test results b) npm install
Implement security testing in Node.js c) Docker
Conduct penetration testing using OWASP ZAP d) Git
4. The command pm2 start index.js is used to _____________ the application using
PM2.
All required tools and materials will be provided by TelaTech Ltd. a) Install
 b) Monitor
c) Start
d) Delete
5. For secure file transfer to a server, tools like _____________ can be used.
a) RDP
b) SCP
c) FTP
d) Git

III. Match the tool with its function

Write the number corresponding to the correct description:

1. Deployment and description

2. The tool with its function:

Tool Function
A) Webserver
B) Database
C) NodeJS Runtime

IV. True or False

1. Node.js is a runtime environment that allows you to run JavaScript on the server
side.
2. Continuous deployment means that every change that passes the automated tests
is deployed to production automatically.
3. Docker is a version control system used for managing Node.js application code.
4. PM2 is used for managing and monitoring Node.js applications in production.
5. SCP is used to manage Node.js dependencies and packages.
6. In a CI/CD pipeline, Jenkins can be used to automate the deployment of a
Node.js application.
7. Environment variables are used to store sensitive information, such as API keys,
in a Node.js application.
8. A webserver is responsible for storing and retrieving data in a Node.js
application.