[&] What is the primary purpose of serialization in PHP?
- To convert PHP objects into a string for storage or transmission -- Correct
- To authenticate users across sessions
- To encrypt sensitive data
- To translate PHP code into bytecode for execution

[&] Which PHP magic method is automatically invoked during deserialization?
- __clone
- __construct
- __wakeup -- Correct
- __destruct

[&] What does the 'unserialize' function do in PHP?
- It converts serialized strings back to data types like object or array -- Correct
- It connects to a database to fetch data
- It encrypts data for secure communication
- It removes unnecessary spaces from a string

[&] Which of the following is a critical security risk associated with improper use of PHP unserialize function?
- Excessive memory usage
- Remote code execution -- Correct
- Data replication issues
- Loss of data integrity

[&] Why is object injection considered dangerous in the context of PHP?
- It can result in database locks
- It can allow attackers to manipulate object behavior and execute arbitrary code -- Correct
- It can lead to phishing attacks on users
- It can slow down the server performance

[&] What does the 'O' character indicate in PHP serialized data?
- An array type
- An object type -- Correct
- An integer type
- A boolean type