Challenge - 5 Problems

🎖️

HTTPS & SSL Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What happens when you run this Express HTTPS server code?

Consider this Express server setup using HTTPS. What will the server do when started?

Express

import express from 'express';
import https from 'https';
import fs from 'fs';

const app = express();

app.get('/', (req, res) => {
  res.send('Secure Hello!');
});

const options = {
  key: fs.readFileSync('server.key'),
  cert: fs.readFileSync('server.cert')
};

https.createServer(options, app).listen(8443, () => {
  console.log('HTTPS server running on port 8443');
});

AThe server starts on port 8443 and responds with 'Secure Hello!' over HTTPS.

BThe server starts but throws an error because Express cannot handle HTTPS directly.

CThe server starts on port 8443 but responds with 'Hello' over HTTP, not HTTPS.

DThe server fails to start because the key and cert files are missing or invalid.

Attempts:

2 left

📝 Syntax

intermediate

1:30remaining

Which option correctly reads SSL certificate files for HTTPS in Express?

You want to create an HTTPS server in Express. Which code snippet correctly reads the SSL key and certificate files?

Aconst options = { key: fs.readFileSync('key.pem'), cert: fs.readFileSync('cert.pem') };

Bconst options = { key: fs.readFile('key.pem'), cert: fs.readFile('cert.pem') };

Cconst options = { key: fs.readFileSync('key.pem'), cert: 'cert.pem' };

Dconst options = { key: 'key.pem', cert: 'cert.pem' };

Attempts:

2 left

🔧 Debug

advanced

2:30remaining

Why does this HTTPS Express server crash with 'Error: error:0909006C:PEM routines:get_name:no start line'?

Look at this code snippet. Why does the server crash with the PEM error when starting?

Express

import express from 'express';
import https from 'https';
import fs from 'fs';

const app = express();

const options = {
  key: fs.readFileSync('server.key'),
  cert: fs.readFileSync('server.cert')
};

https.createServer(options, app).listen(443);

AThe port 443 is already in use by another process.

BThe server.key and server.cert files are missing from the directory.

CThe key and cert files are read as strings but should be read as buffers without encoding.

DExpress app is missing a route handler, causing the crash.

Attempts:

2 left

❓ state_output

advanced

2:00remaining

What is the output when accessing the HTTP server that redirects to HTTPS?

Given this Express setup, what response does a client get when requesting http://localhost:3000?

Express

import express from 'express';

const app = express();

app.use((req, res, next) => {
  if (!req.secure) {
    return res.redirect('https://' + req.headers.host + req.url);
  }
  next();
});

app.get('/', (req, res) => {
  res.send('Welcome to secure site');
});

app.listen(3000, () => console.log('HTTP server running on port 3000'));

AThe client receives a 404 Not Found error.

BThe client receives the text 'Welcome to secure site' over HTTP.

CThe server crashes because req.secure is undefined.

DThe client receives a 302 redirect to the HTTPS version of the URL.

Attempts:

2 left

🧠 Conceptual

expert

3:00remaining

Why is it important to use a trusted SSL certificate in production Express HTTPS servers?

Choose the best reason why production HTTPS servers should use certificates from trusted Certificate Authorities (CAs).

ASelf-signed certificates are faster to generate and improve server performance.

BBrowsers trust certificates from known CAs, preventing security warnings and ensuring encrypted communication.

CTrusted certificates allow the server to run on any port without restrictions.

DUsing trusted certificates disables the need for HTTPS middleware in Express.

Attempts:

2 left