MCSD.NET - 70-330 Exam Interview Questions And Answers
MCSD.NET - 70-330 Exam Frequently Asked Questions in various MCSD.NET - 70-330 Exam Interviews asked by the interviewer. So learn MCSD.NET - 70-330 Exam with the help of this MCSD.NET - 70-330 Exam Interview questions and answers guide and feel free to comment as your suggestions, questions and answers on any MCSD.NET - 70-330 Exam Interview Question or answer by the comment feature available on the page.
1 ► Suppose You develop an ASP.NET Web applicationfor Company?s intranet. The application accesses data that is stored in a Microsoft SQL Serverdatabase. The application authenticates users by using Windows authentication, and it hasimpersonation enabled. You configure database object permissions based on the identity of theuser of the application. You need to provide the user?s identity to the SQL Server database. Whatshould you do?A. Connect to the database by using the following connection string?Persists Security Info=False;Integrated Security=SSPI;database=ApplicationDB;server=DataServer;?B. Connect to the database by using the following connection string?User ID=ASPNET;Persist Security Info=False;Integrated Security=False;database=ApplicationDB;server=DataServer;?C. Develop a serviced component that wraps all database operations.Use COM+ role-based security to restrict access to database operations based on useridentity.D. Disable impersonation.
2 ► Suppose You are an application developer for your company. You develop library assemblies that arecalled by your main applications. These library assemblies access confidential data in theapplications. To ensure that this data is not accessed in an unauthorized and unsafe manner,users must not be allowed to call the library assemblies from their own applications. You apply astrong name to all assemblies to support versioning. You need to prevent users from writingmanaged applications that make calls to your library assemblies. You need to achieve this goalwhile minimizing the impact on response times for applications. What should you do?A. Use the internal access modifier to declare all classes and structs in each library.B. Use the protected internal access modifier to declare all classes and structs in each library.C. Add the following attribute to each class and struct in each library assembly.<StrongNameIdentityPermission(SecurityAction.Demand, PublicKey:="002400..bda4")>D. Add the following attribute to each class and struct in each library assembly.<StrongNameIdentityPermission(SecurityAction.LinkDemand, PublicKey:="002400..bda4")>
3 ► Suppose You are an application developer for Company.com. You are developing an application that canbe extended by using custom components. The application uses reflection to dynamically loadand invoke these custom components. In some cases, custom components will originate from asource that is not fully trusted, such as the Internet.You need to programmatically restrict the code access security policy under which customcomponents run so that custom components do not run with an elevated permission grant.What are two possible ways to achieve this goal? (Each correct answer presents a completesolution. Choose two)A. Create a new application domain and set the security policy level. Run custom components inthis application domain.B. Use permission class operations to modify the security policy.C. Implement custom permission classes to protect custom component resources.D. Programmatically modify the machine-level security policy file after loading a customcomponent.
4 ► Suppose You aredeveloping an ASP.NET Web application that users in the accounting department will use toprocess payroll reports and view payroll reports. The application will use Integrated Windowsauthentication to authenticate all users. Because payroll data is confidential only users in theaccounting department will be granted access to the application. All employees in the accountingdepartment belong to a specific Active Directory group. However, users in the IT department canadd themselves to various Active Directory groups in order to troubleshoot resource accessproblems. These IT department users must not be granted access to the ASP.NET Webapplication. The following rules can be used to distinguish between users in the accountingdepartment and users in the IT department:? All users in the accounting department are members of a group named CompanyAccounting.? Some users in the IT department are members of the CompanyAccounting group.All users in the IT department are members of a group named CompanyDomain Admin.?? No users in the accounting department are members of the CompanyDomain Admin group.You need to configure URL authorization for the application by adding an <authorization>element to the Web.config file in the application root. Which element should you use?A. <authorization><deny roles=?CompanyDomain Admin?/><allow roles=?CompanyAccounting?/><deny users=?*?/></authorization>B. <authorization><allow roles=?CompanyAccounting?/><deny roles=?CompanyDomain Admin?/><dent users=???/><authorization>C. <authorization><deny roles=?Domain Admin?/><allow roles=?Accounting?/><deny users=?*?/></authorization>D. <authorization><allow roles=?Accounting?/><deny roles=?Domain Admin?/><deny users=???/></authorization>
5 ► Suppose You develop an ASP.NET Web applicationthat writes to an event log named EventLog1. All managers in Company will run this application.During a exam on a manager?s client computer, the application fails in the following codesegment. (Line numbers are includes for reference only.)1. Dim EventLog1 As New EventLog2. If Not EventLog.SourceExists(?CompanyWebApp?) Then3. EventLog.CreateEventSource(?CompanyWebApp?, ?Application?)4. End If5. EventLog1.Source = ?CompanyWebApp?6. EventLog1.WriteEntry(?The event occurred.?)You need to ensure that event data is written to EventLog1. You want to achieve this goal withoutgranting unnecessary permissions.What should you do?A. Insert the following code into the application.Dim eventLogDir As StringeventLogDir = ?C:%windir?system32configAppEvent.Evt?Dim FilePermission As _New FileOPermission(FileIOPermissionAccess.AllAcces, eventLogDir)FilePermission.Assert()B. Replace line 6 of the code segment with the following line of code.EventLog1.WriteEntry(?The event occurred?,?EventLogWriter?)C. Grant the managers the Full Control permission for the event log file.D. Add the aspnet_wp account to the Administrators group.E. Create the event log source in the installer class of the application.
6 ► Suppose You create an ASP.NET Web applicationthat all authenticated network users will access. The authentication mode in the Web.config file iscurrently set to None. Due to recent security threats, the network administrator requires that allconnections to the application?s Web server use the network credentials of the authenticateduser. You need to configure the application to use the network credentials of the authenticateduser as HTTPContext.Current.User. Which action or actions should you perform? (Choose all thatapply)A. Ask the network administrator to configure the IIS directory security to Anonymousauthentication.B. Ask the network administrator to configure the IIS directory security to Integrated Windowsauthentication.C. Set the authentication mode in the Web.config file to Forms.D. Set the authentication mode in the Web.config file to Windows.E. Set the impersonation attribute of the identity element in the Web.config file to true.
7 ► Users who are temporary employees aremembers of a group named TemporaryEmployees. You develop a serviced component namedCompanyComponent. CompanyComponent is part of a COM+ application named MyApplication.CompanyComponent is secured by using the SecurityRole attribute for the Employees role. Youneed to ensure that members of the TemporaryEmployees group are assigned to the Employeesrole. You decide to add the TemporaryEmployees group to the existing Employees role. Whichtool should you use?A. The code Access Security Policy tool.B. The Permission View tool.C. The Component Services tool.D. The Secutil tool.E. The Microsoft .NET Framework Configuration tool.
8 ► Suppose You develop a Windows Forms applicationthat connects to a local Microsoft SQL Server database by using the Microsoft .NET FrameworkData Provider for SQL Server. The application currently connects to the database by using anaccount that is a member of the System Administrator role in SQL Server. You need to ensurethat the application can connect to the database by using the user account of the interactive userwithout providing additional permissions. What should you do?A. Modify the application to activate a SQL Server application role.B. Modify the application to use SQL Server integrated security.C. Modify the application to send a security token that contains the authentication information in aKerberos ticket.D. Modify the application to use a COM+ security roles.
9 ► Suppose You are developing an application that willbe used both by company users and by contractors. Contractors will install the application ontheir own portable computers. A written company policy prohibits contractors from easilyaccessing or reviewing the source code of company applications. The file servers that contain thesource code for the application are configured so that only company software developers haveaccess. You need to ensure that the contractors cannot easily access the application sourcecode. What should you do?A. Run Dotfuctaor Community Edition on each of the application assemblies.B. Apply a strong name to each of the application assemblies.C. Run the Code Access Security Policy tool for each of the application assemblies beforedistributing the application.D. Use Encrypting File System (EFS) to encrypt the compiled application assemblies.
- Ads By Google