You are not logged in.
- Topics: Active | Unanswered
#1 2012-04-02 06:09:11
MCSD.NET - 70-340 Exam Interview Questions And Answers
Certifications :: MCSD.NET - 70-340 Exam Job Interview Questions and Answers
MCSD.NET - 70-340 Exam Frequently Asked Questions in various MCSD.NET - 70-340 Exam Interviews asked by the interviewer. So learn MCSD.NET - 70-340 Exam with the help of this MCSD.NET - 70-340 Exam Interview questions and answers guide and feel free to comment as your suggestions, questions and answers on any MCSD.NET - 70-340 Exam Interview Question or answer by the comment feature available on the page.
1 ► Suppose You create a Web Forms application to trackemployee expense report information. Information is entered by each user and stored in aMicrosoft SQL Server database. The application uses Integrated Windows authentication withimpersonation enabled to communicate with the database. All users are assigned to theDataReader role and the DataWriter role in SQL Server.The employee expense report form contains client-side validation scripts and additional servercontrols. This form is ViewState enabled. All employee expense reports must be approved by theaccounting department by using a separate form in the application before payment is made.You need to unit exam the security of the application.What should you do?A. Copy the ViewState information to a text file and attempt to decrypt it.B. Exam the application from the hosting computer and from the client computers.C. Create your own page that mimics the approved page and submit that page to the server.D. Sign on as a user in the accounting department and verify that you can approve expensereports.
2 ► Suppose You are an application developer for your company. You are conducting a code review of aWindows Forms application that was developed by another developer. The applicationincludes a function named Logon(), which validates a users logon credentials. The functiondisplays a dialog box for the user to enter the users credentials, and the function validates thosecredentials by using a database.The function returns a value of 0 if the users password is incorrect, a value of 1 if the users userID is incorrect, and a value of 2 if both are correct. Users should receive access to the applicationonly if the function returns a value of 2. A function named EndApp() is used to exit the application.The application must display a message to the user, depending on the result of the Logon()function.The application contains the following code segment.int logonresult = Logon();switch(logonresult) {case 0:MessageBox.Show("User name is OK, password incorrect.");break;case 1:MessageBox.Show("User name is incorrect.");break;default:MessageBox.Show("Welcome!");break;}if(logonresult != 2) {EndApp();}You need to improve the security of this code segment while maintaining its funtionality. Youdecide to replace the existing code segment.Which code segment should you use?A. if(Logon() != 2) {Console.WriteLine("Logon error.");EndApp();}B. if(Logon() != 2) {Console.WriteLine("Logon error.");EndApp();}else {MessageBox.Show("Welcome!");}C. int logonresult = Logon();switch(logonresult) {case 0:MessageBox.Show("User name is OK, password incorrect.");EndApp();break;case 1:MessageBox.Show("User name is incorrect.");EndApp();break;default:MessageBox.Show("Welcome!");break;}D. int logonresult = Logon();if(logonresult == 2) {MessageBox.Show("Welcome!");}else {MessageBox.Show("User name or password was incorrect.");EndApp();}
3 ► How to prevent malicious code from running, awritten company policy does not permit developers to log on by using accounts that have morepermissions than necessary.Your user account is a member of the Users group and the VS Developers group. You attempt torun an application that requires Administrator-level permissions. You receive an error messagethat states that permission is denied.You need to be able to run the application.What should you do?A. Ask the network administrator to add your user account to the domain Administrators group.B. Ask the administrator of your client computer to add your user account to the localAdministrators group.C. Add the administrator of your client computer to add your user account to the Power Usersgroup.D. Run the application by using the runas command and specify a user account in the localAdministrators group.
4 ► Suppose You develop an application that customerswill be able to automate by using Microsoft Visual Basic for Applications (VBA) scripts. Theapplication will be accompanied by sample VBA scripts. Customers must be able to review thesample VBA scripts. You want customers to be able to automate the installed application by usingany of the sample VBA scripts or by creating their own automation scripts. You also want to allowcustomers to choose not to apply any automation scripts.You need to distribute the sample VBA scripts with your application in a manner that minimizessecurity risks for the customer.What should you do?A. On installation, place all the sample VBA scripts in a subfolder of the application?s installationfolder.B. On installation, as the user to choose one sample VBA script to install as the application?sautomation script.C. Do not install the same VBA scripts.Leave the files in a folder on the installation media.D. Encrypt same VBA scripts on the installation media and decrypt the files during installation.
5 ► Suppose You are an application developer for your company. You are developing a Windows Formsapplication. You deploy a supporting assembly named MyAssembly.dll to the global assemblycache. During testing, you discover that the application is prevented from accessingMyAssembly.dll.You need to ensure that the application can access MyAssembly.dll.What should you do?A. Digitally sign the application by using a digital certificate.B. Run the caspol.exe -s on command from the command line.C. Run the Assembly Linker to link MyAssembly.dll to the application.D. Modify the security policy to grant the application the FullTrust permission.
6 ► Suppose You are developing an application that willbe used by members of three domain user groups in your company. The user groups are namedCompanySales, CompanyMarketing, and AccountManagement. Each of the three user groupswill have different permission within the application.You log on to your development computer by using a domain user account that is a member ofonly the Domain Users and the Developers domain user groups. On your development computer,you user account is a member of only the local Users group.When you finish developing the application, you need to ensure that the application runs correctlybefore you send the application to the company?s internal software examing department.How should you exam the application?A. Select one user from each of the three user groups that will run the application.Deploy the application to the client computer of each of these three users.Exam the application on each of the computers.B. Deploy the application to a client computer.Ask a domain administrator to place the computer?s domain account into all three of the usergroups that will run the application.Exam the application on the client computer.C. Ask a domain administrator to create a domain user account for examing.Place the account in each of the three user groups that will run the application.Exam the application, logging on to your computer by using the exam domain user account.D. Ask a domain administrator to create three domain user accounts for examing.Place one account in each of the three user groups that will run the application.Exam the application three times, logging on to your computer by using a different examdomain user account for each exam.
7 ► You create an ASP.NET Web applicationthat all authenticated network users will access. The authentication mode in the Web.config file iscurrently set to None. Due to recent security threats, the network administrator requires that allconnections to the application?s Web server use the network credentials of the authenticateduser.You need to configure the application to use the network credentials of the authenticated user asHTTPContext.Current.User.Which action or actions should you perform? (Choose all that apply)A. Ask the network administrator to configure the IIS directory security to Anonymousauthentication.B. Ask the network administrator to configure the IIS directory security to Integrated Windowsauthentication.C. Set the authentication mode in the Web.config file to Forms.D. Set the authentication mode in the Web.config file to Windows.E. Set the impersonation attribute of the identity element in the Web.config file to true.
8 ► Suppose Each client computer in Company runseither Microsoft Windows XP Professional or Windows 98. You are developing an application thatwill be used by all users in Company.Users log on to their client computers by using a domain user account that is a member of thelocal Power Users group and the user?s computer. You log on to your Windows XP Professionalcomputer by using a domain user account that is a member of the local Administrators group andPower Users group on your computer.When examing your application, you need to ensure that your exams accurately reflect theproduction environment in which the application will run.How should you exam the application?A. Ask a domain administrator to temporarily remove your domain user account from the localAdministrators group on your computer while you are examing the application.B. Exam the application on your computer.When examing, log on to the computer by using a domain user account that is a member ofonly the local Power Users group on your computer.C. Deploy the application to a Windows XP Professional computer and a Windows 98 computer.Log on to each computer by using a domain user account that is a member of only the localPower Users group.D. Compile the assemblies of the application from the command line by running the runascommand and specifying a domain user account that is a member of only the local PowerUsers group on your computer.
9 ► Suppose You are developing a three-tier application.You enter sample data to exam the application. The following exception is caught by the datalayer before the application continues to run. Cannot set column ?Column1? to ?Text too long formaximum length?. The value violates the MaxLength limit of this column.You need to improve the security of the application. Which two actions should you perform?(Each correct answer presents part of the solution. Choose two)A. Increase the maximum length of data characters allowed in the column.B. Validate all incoming data character lengths at the business layer.C. Modify the data layer to process data above the maximum length.D. Modify the user interface to prevent users from entering data above the maximum characterlength.
10 ► Suppose You are an application developer for Company.com. You develop a Windows Forms applicationthat connects to a local Microsoft SQL Server database by using the Microsoft .NET FrameworkData Provider for SQL Server. The application currently connects to the database by using anaccount that is a member of the System Administrator role in SQL Server.You need to ensure that the application can connect to the database by using the user account ofthe interactive user without providing additional permissions.What should you do?A. Modify the application to activate a SQL Server application role.B. Modify the application to use SQL Server integrated security.C. Modify the application to send a security token that contains the authentication information in aKerberos ticket.D. Modify the application to use a COM+ security roles.
11 ► Suppose A. Create a new application domain and set the security policy level. Run custom components inthis application domain.B. Use permission class operations to modify the security policy.
12 ► Users who are temporary employees aremembers of a group named TemporaryEmployees. You develop a serviced component namedCompanyComponent. CompanyComponent is part of a COM+ application named MyApplication.CompanyComponent is secured by using the SecurityRole attribute for the Employees role.You need to ensure that members of the TemporaryEmployees group are assigned to theEmployees role.You decide to add the TemporaryEmployees group to the existing Employees role.Which tool should you use?A. The code Access Security Policy tool.B. The Permission View tool.C. The Component Services tool.D. The Secutil tool.E. The Microsoft .NET Framework Configuration tool.
13 ► You are developing an application that willbe used both by company users and by contractors. Contractors will install the application ontheir own portable computers. A written company policy prohibits contractors from easilyaccessing or reviewing the source code of company applications. The file servers that contain thesource code for the application are configured so that only company software developers haveaccess.You need to ensure that the contractors cannot easily access the application source code.What should you do?A. Run Dotfuctaor Community Edition on each of the application assemblies.B. Apply a strong name to each of the application assemblies.C. Run the Code Access Security Policy tool for each of the application assemblies beforedistributing the application.D. Use Encrypting File System (EFS) to encrypt the compiled application assemblies.
14 ► Suppose You are developing a Windows-basedpayroll application that will be used by all payroll administrators in the company. The applicationhas a single executable file that uses a separate assembly to modify payroll data.You need to design security for your application to ensure that the assembly cannot be called byunauthenticated and unauthorized users.What should you do?A. Run the application by using a user account that has access to the application directory.B. Modify the application to validate all user-entered data.C. Modify the application to authenticate and authorize user access within each assembly as it iscalled.D. Modify the application to authenticate and authorize user access when each user runs theexecutable file.E. Set the folder-level permissions to the executable file by using directory security.
Offline
2012-04-02 06:09:11
- Advertisement
- Ads By Google
Re: MCSD.NET - 70-340 Exam Interview Questions And Answers
\n