Below we have listed all the MCSD.NET - 70-330 Exam Interview Questions and answers. Feel free to comment on any MCSD.NET - 70-330 Exam Interview Questions or answer by the comment feature available on the page.
To buy an eBook containing 30,000 Interview Questions, with Answers, Click Here.
View All MCSD.NET - 70-330 Exam Interview Questions & Answers - Exam Mode /
Learning Mode
You are an application developer for your company. You are developing an application that reads the USERNAME environment variable and executes code in an unmanaged DLL. The design document specifies that the application must display a custom message when the code access security policy restricts access to required resources. You need to write the code segment that will ascertain whether your application is permitted to access unmanaged code and the USERNAME environment variable. Your solution must allow the application to display the custom message when the application is being loaded. Which code segment should you use? A. Try Dim ep As EnvironmentPermission = New _ EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME") Dim sp As SecurityPermission = New _ SecurityPermission(SecurityPermissionFlag.UnmanagedCode) ep.Demand() sp.Demand()Catch ex As SecurityException '...End Try B. Dim ep As EnvironmentPermission = New _ EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME")Dim sp As SecurityPermission = New _ SecurityPermission(SecurityPermissionFlag.UnmanagedCode)If Not (ep.IsUnrestricted() And sp.IsUnrestricted()) Then ' ... End If C. <EnvironmentPermission(SecurityAction.Demand, Read:="USERNAME"), _ SecurityPermission(SecurityAction.Demand, UnmanagedCode:=True)> _Sub Main() ' ... End Sub D. <Assembly: EnvironmentPermission(SecurityAction.RequestMinimum, Read:="USERNAME")><Assembly: SecurityPermission(SecurityAction.RequestMinimum, UnmanagedCode:=True)>
You develop a Windows Forms application that connects to a local Microsoft SQL Server database by using the Microsoft .NET Framework Data Provider for SQL Server. The application currently connects to the database by using an account that is a member of the System Administrator role in SQL Server. You need to ensure that the application can connect to the database by using the user account of the interactive user without providing additional permissions. What should you do? A. Modify the application to activate a SQL Server application role. B. Modify the application to use SQL Server integrated security. C. Modify the application to send a security token that contains the authentication information in a Kerberos ticket. D. Modify the application to use a COM+ security roles.
You are developing an application that stores and retrieves data in a Microsoft SQL Server database. The application accepts input from the user and stores the input in a variable named strInput. The input is to be saved in a SQL Server nchar column that has a length of 10. The application calls a stored procedure to save the input, and the stored procedure stores the input in a parameter named @CompanyInput. You need to ensure that input by the user can be stored in the SQL Server column without causing an exception. Your solution must ensure that either the entire user input is saved, or none of the user input is saved. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two) A. In the application, reject the input if the strInput.Length value is greater than 10. B. In the application, pass only strInput.Chars(9) to the stored procedure. C. In the application, use a regular expression to remove all non-alphanumeric characters. D. In the stored procedure, reject the input if the length of @CompanyInput is greater than 10. E. In the stored procedure, save only the result of LEFT(“CompanyInput,10) to the database column. F. In the stored procedure, save the result of REPLACE(@CompanyInput,”@-]”,””) to the database column.
You are an application developer for your company. You are developing a Windows-based application that stores user configuration information for the application. The information is stored in a file named Application.config. You need to ensure that only users in the Administrators group can make changes to the configuration of the application. What should you do? A. Encrypt Application.config by using the Administrators group's private key. Decrypt the file prior to reading its data from the application. B. Set a discretionary access control list (DACL) on Application.config that grants the Administrators group Read permission and Write permission, but grants other users only Read permission. C. Add the following code segment to the assembly settings of the application. <Assembly: FileIOPermission(SecurityAction.RequestMinimum, _ Read:="C:Program FilesMyAppApplication.config")>Add the following code segment to the start of the Main() function in the application code. Dim Wi As WindowsIdentityWi = WindowsIdentity.GetCurrent()Dim Wp As New WindowsPrincipal(Wi)If Wp.IsInRole("BUILTINAdministrators") Then Dim Fip As New FileIOPermission _ (FileIOPermissionAccess.AllAccess,"Application.config") Fip.Assert()End If D. Add the following code segment at each point that Application.config is opened. Dim Wi As WindowsIdentityWi = WindowsIdentity.GetCurrent()Dim Wp As New WindowsPrincipal(Wi)If Not Wp.IsInRole("BUILTINAdministrators") Then Dim Fip As New FileIOPermission _ (FileIOPermissionAccess.Read,"Application.config") Fip.PermitOnly()End If
You develop an ASP.NET Web application for Company’s intranet. The application accesses data that is stored in a Microsoft SQL Server database. The application authenticates users by using Windows authentication, and it has impersonation enabled. You configure database object permissions based on the identity of the user of the application. You need to provide the user’s identity to the SQL Server database. What should you do? A. Connect to the database by using the following connection string “Persists Security Info=False;Integrated Security=SSPI; database=ApplicationDB;server=DataServer;” B. Connect to the database by using the following connection string “User ID=ASPNET;Persist Security Info=False;Integrated Security=False; database=ApplicationDB;server=DataServer;” C. Develop a serviced component that wraps all database operations. Use COM+ role-based security to restrict access to database operations based on user identity. D. Disable impersonation.
You are developing an application that will be used by members of three domain user groups in your company. The user groups are named Company Sales, Company Marketing, and Account Management. Each of the three user groups will have different permission within the application. You log on to your development computer by using a domain user account that is a member of only the Domain Users and the Developers domain user groups. On your development computer, you user account is a member of only the local Users group. When you finish developing the application, you need to ensure that the application runs correctly before you send the application to the company’s internal software examsing department. How should you exam the application? A. Select one user from each of the three user groups that will run the application. Deploy the application to the client computer of each of these three users. Exam the application on each of the computers. B. Deploy the application to a client computer. Ask a domain administrator to place the computer’s domain account into all three of the user groups that will run the application. Exam the application on the client computer. C. Ask a domain administrator to create a domain user account for examsing. Place the account in each of the three user groups that will run the application. Exam the application, logging on to your computer by using the exam domain user account. D. Ask a domain administrator to create three domain user accounts for examsing. Place one account in each of the three user groups that will run the application.Exam the application three times, logging on to your computer by using a different exam domain User account for each exam.
You are developing an application that will be used both by company users and by contractors. Contractors will install the application on their own portable computers. A written company policy prohibits contractors from easily accessing or reviewing the source code of company applications. The file servers that contain the source code for the application are configured so that only company software developers have access. You need to ensure that the contractors cannot easily access the application source code. What should you do? A. Run Dotfuctaor Community Edition on each of the application assemblies. B. Apply a strong name to each of the application assemblies. C. Run the Code Access Security Policy tool for each of the application assemblies before distributing the application. D. Use Encrypting File System (EFS) to encrypt the compiled application assemblies.
You create an ASP.NET Web application that all authenticated network users will access. The authentication mode in the Web.config file is currently set to None. Due to recent security threats, the network administrator requires that all connections to the application’s Web server use the network credentials of the authenticated user. You need to configure the application to use the network credentials of the authenticated user as HTTPContext.Current.User. Which action or actions should you perform? (Choose all that apply) A. Ask the network administrator to configure the IIS directory security to Anonymous authentication. B. Ask the network administrator to configure the IIS directory security to Integrated Windows authentication. C. Set the authentication mode in the Web.config file to Forms. D. Set the authentication mode in the Web.config file to Windows. E. Set the impersonation attribute of the identity element in the Web.config file to true.
Users who are temporary employees are members of a group named TemporaryEmployees. You develop a serviced component named CompanyComponent. CompanyComponent is part of a COM+ application named MyApplication. CompanyComponent is secured by using the SecurityRole attribute for the Employees role. You need to ensure that members of the TemporaryEmployees group are assigned to the Employees role. You decide to add the TemporaryEmployees group to the existing Employees role. Which tool should you use? A. The code Access Security Policy tool. B. The Permission View tool. C. The Component Services tool. D. The Secutil tool. E. The Microsoft .NET Framework Configuration tool.
You are an application developer for your company. You develop library assemblies that are called by your main applications. These library assemblies access confidential data in the applications. To ensure that this data is not accessed in an unauthorized and unsafe manner, users must not be allowed to call the library assemblies from their own applications. You apply a strong name to all assemblies to support versioning. You need to prevent users from writing managed applications that make calls to your library assemblies. You need to achieve this goal while minimizing the impact on response times for applications. What should you do? A. Use the internal access modifier to declare all classes and structs in each library. B. Use the protected internal access modifier to declare all classes and structs in each library. C. Add the following attribute to each class and struct in each library assembly. <StrongNameIdentityPermission(SecurityAction.Demand, PublicKey:="002400..bda4")> D. Add the following attribute to each class and struct in each library assembly. <StrongNameIdentityPermission(SecurityAction.LinkDemand, PublicKey:="002400..bda4")>
You develop a Windows Forms application. You want your application to use a class library that was developed by another developer. You run the Permissions View tool on the class library and receive the following output. Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573 Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. minimal permission set: <PermissionSet class=”System.Security.PermissionSet” version=”1”> <IPermission class=”System.Security.Permissions.FileIOPermission, mscorlib, Version=1.05000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089” version=”1” Write=”C:SecureFile.txt”/> <IPermission class=”System.Security.Permissions.ReflectionPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089” version=”1” Flags=”ReflectionEmit”/> IPermission class=”System.Security.Permission.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=netrual, PublicKeyToken=b77a5c561934e089” version=”1” Flags=”SerializationFormatter”/> </PermissionSet> optional permission set: <PermissionSet class=”System.Security.PermissionSet” version=”1” Unrestricted=”true”/> refused permission set: Not specified You need to add the correct attributes to the Windows Forms application code before the call to the class library. Which code segment should you use? A. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=False), _ Assembly: SecurityPermission(SecurityAction.RequestOptional, _ SerializationFormatter:=False), _ Assembly: FileIOPermissionAttribute(SecurityAction.RequestRefuse, _ Write:=”C:SecureFile.txt”), _ Assembly: PermissionSetAttribute(SecurityAction.RequestOptinal, Unrestricted:=Trye)> B. <Assembly: ReflectionPermission(SecurityAction.RequestOptional, _ ReflectionEmit:True), _ Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=True), _ Assembly: FileIOPermissionAttribute(SecurityAction.RequestOptional, _ Write:=”C:SecureFile.txt”), _ Assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Unrestricted:=True)> C. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=False), _ Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=False), _ Assembly: FileIOPermissionAttribute(SeurityAction.RequestOptional, _ Write:=”C:SecureFile.txt”), _ Assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Unrestricted:=True)> D. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=True), _ Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=True), _ Assembly: FileIOPermissionAttribute(SecurityAction.RequestMinimum, _
You are developing a three-tier Windows Forms application that will be used to manage confidential records. The business layer includes a remote object that is installed on an application server. The remote object is hosted in ASP.NET on the application server. IIS is configured to use Integrated Windows authentication, and ASP.NET is configured to use Windows authentication. All client computers and servers on the network support Kerberos authentication. The Windows Forms application communicates with the remote object by using a remoting proxy named myProxy. The remote object accesses a Microsoft SQL Server database. Permissions to database objects are granted based on the identity of the user. The remote object needs to run under the security context of the user. You need to write the code in the Windows Forms application that will configure the remoting proxy to have the credentials to use for authentication. Which code segment should you use? A. Dim channelProperties As IDictionarychannelProperties = ChannelServices.GetChannelSinkProperties(myProxy)channelProperties("credentials") = CredentialCache.DefaultCredentials B. Dim channelProperties As IDictionaryDim cred As NetworkCredential = New NetworkCredential(_userName, _psswd)channelProperties = ChannelServices.GetChannelSinkProperties(myProxy)channelProperties("credentials") = cred C. Dim channelProperties As IDictionarychannelProperties = ChannelServices.GetChannelSinkProperties(myProxy)channelProperties("credentials") = Thread.CurrentPrincipal D. Dim channelProperties As IDictionarychannelProperties = ChannelServices.GetChannelSinkProperties(myProxy)channelProperties("credentials") = Thread.CurrentPrincipal.Identity
You create a Web Forms application to track employee expense report information. Information is entered by each user and stored in a Microsoft SQL Server database. The application uses Integrated Windows authentication with impersonation enabled to communicate with the database. All users are assigned to the DataReader role and the DataWriter role in SQL Server. The employee expense report form contains client-side validation scripts and additional server controls. This form is ViewState enabled. All employee expense reports must be approved by the accounting department by using a separate form in the application before payment is made. You need to unit exam the security of the application. What should you do? A. Copy the ViewState information to a text file and attempt to decrypt it. B. Exam the application from the hosting computer and from the client computers. C. Create your own page that mimics the approved page and submit that page to the server. D. Sign on as a user in the accounting department and verify that you can approve expense reports.
You are an application developer for your company. You are developing an application that salespeople in your company will use to process customer orders. This application includes a library assembly that implements a serviced component named Order. This serviced component adds roles named Manager and SalesPerson to the COM+ application that hosts it. To promote customer satisfaction, salespeople are allowed to apply discounts to orders if the order was erroneously delayed. However, only managers are allowed to apply discounts greater than 10 percent. The application includes the following method to apply the discount. Public Function ApplyDiscount(ByVal discountPct As Integer) As Boolean This method will return a value of False when the current user is not a member of the Manager role and the value of the discountPct parameter exceeds the maximum that other salespeople are allowed to apply. You need to add the code that will verify the role membership requirement when the value of discountPct is greater than 10. Which code segment should you use? A. If discountPct > 10 And _ Thread.CurrentPrincipal.IsInRole("Manager") = False Then Return FalseEnd If B. If discountPct > 10 Then Dim p As PrincipalPermission = New PrincipalPermission(Nothing, "Manager") If SecurityManager.IsGranted(p) = False Then Return False End IfEnd If C. If discountPct > 10 Then Dim p As PrincipalPermission = New PrincipalPermission(Nothing, "Manager") Try p.Demand() Catch e As SecurityException Return False End TryEnd If D. If discountPct > 10 And _ SecurityCallContext.CurrentCall.IsCallerInRole("Manager") _ = False Then Return FalseEnd If
You are an application developer for Company.com. You develop an application that receives data from a remote component. You are developing a method to detect any corrupted incoming data and log information to a file for analysis. You plan to use two functions. A function named CompanyData will be called by the remote component. The second function will be called by the local application to verify that the data was not corrupted during transmission. You need to ensure that corrupted data can be identified. Which code segment should you use? A. Public Function CompanyData(ByVal Data As Byte()= As Byte() Dim Ms As New MemoryStream Ms.Write(Data, 0, Data.Lenght) Ms.Write(Data, 0, Data.Lenght) Return Ms.ToArray() End Function B. Public Function CompanyData(ByVal Data As Byte()) As Byte() Dim Md5 As MD5 = New MD5CryptoServiceProvider Dim Ms As New MemoryStream Ms.Write(Md5.ComputeHash(Data), 0, Md5.HashSize) Ms.Write(Data, 0, Data.Lenght) Return Ms.ToArray() End Function C. Public Function CompanyData(ByVal Data As Byte()) As Byte() Dim Des As DES = New DESCryptoServiceProvider Dim Ms As New MemoryStream Ms.Write(Des.Key, 0, Des.Key.Length) Ms.Write(Des.IV, 0, Des.IV.Length) Dim Cs As New CryptoStream(Ms, Des.CreateEncryptor(), CryptoStreamMode.Write) Cs.Write(Data, 0, Data.Length) Cs.FlushFinalBlock() Return Ms.ToArray() End Function D. Public Function CompanyData (ByVal Data As Byte()) As Byte() Dim Ms As New MemoryStream Dim Sw As New StreamWriter(Ms, Encoding.UTF8= Sw.Write(Encoding.UTF8.GetString(Data)) Return Ms.ToArray()
You are developing an application that receives signed data. The data is signed by using the RSA encryption algorithm and the SHA1 hash algorithm. You need to write a function that will verify signatures by using RSA public credentials. Which code segment should you use? A. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Dim MySig As Byte() = RSA.SignData(Data, "SHA1") Dim i As Integer For i = 0 To MySig.Length - 1 If i >= Signature.Length Or Signature(i) <> MySig(i) Then Return False End If Next Return TrueEnd Function B. Public Function VerifySignature(ByVal Data() As Byte, ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Return RSA.VerifyData(Data, "SHA1", Signature)End Function C. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Dim MySig As Byte() = RSA.Decrypt(Data, False) Dim i As Integer For i = 0 To MySig.Length - 1 If i >= Signature.Length Or Signature(i) <> MySig(i) Then Return False End If Next Return TrueEnd Function D. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Dim shaOID As String = CryptoConfig.MapNameToOID("SHA1") Return RSA.VerifyHash(Data, shaOID, Signature)End Function
You develop an ASP.NET Web application that writes to an event log named EventLog1. All managers in Company will run this application. During a exam on a manager’s client computer, the application fails in the following code segment. (Line numbers are includes for reference only.) 1. Dim EventLog1 As New EventLog 2. If Not EventLog.SourceExists(“CompanyWebApp”) Then 3. EventLog.CreateEventSource(“CompanyWebApp”, “Application”) 4. End If 5. EventLog1.Source = “CompanyWebApp” 6. EventLog1.WriteEntry(“The event occurred.”) You need to ensure that event data is written to EventLog1. You want to achieve this goal without granting unnecessary permissions. What should you do? A. Insert the following code into the application. Dim eventLogDir As String eventLogDir = “C:\%windir”system32configAppEvent.Evt” Dim FilePermission As _ New FileOPermission(FileIOPermissionAccess.AllAcces, eventLogDir) FilePermission.Assert() B. Replace line 6 of the code segment with the following line of code. EventLog1.WriteEntry(“The event occurred”,”EventLogWriter”) C. Grant the managers the Full Control permission for the event log file. D. Add the aspnet_wp account to the Administrators group. E. Create the event log source in the installer class of the application.
Your team is developing a Windows Forms application. Users will have access to different functionality depending on their roles in Company. The application includes the following method. Private Shared Function AuthenticateUser (ByVal user As String, _ ByVal password As String. ByRef roles As String()) As Boolean This method authenticates the user against a third-party data store. When authentication is successfully, this method returns a value of True, and the string array named roles is updated to contain the user’s roles. You need to write the code that associates an authenticated user and the user’s roles with the current security context. Which code segment should you use? A. ‘ p is initialized above as a PrincipalPermission If AuthenticateUser (name, password, roles) = True Then Dim r As String For Each r In Roles Dim ppTemp As PrincipalPermission = New PrincipalPermission(name, r p.Union(ppTemp) Next End If p.IsUnrestricted() B. ‘ p is initialized above as a PrincipalPermission If AuthenticateUser (name, password, roles) = True Then Dim r As String For Each r In roles Dim ppTemp As PrincipalPermission = New PrincipalPermission(name, r) Next End If p.IsUnrestricted() C. If AuthenticateUser(name, password, roles) = True Then Dim r As String For Each r In roles Thread.CurrentPrincipal.IsInRole(r) Next End If D. If AuthenticateUser(name, password, roles) = True Then Thread.CurrentPrincipal = New GenericPrincipal(New GenericIdentity(name), roles) End If
Each client computer in Company runs either Microsoft Windows XP Professional or Windows 98. You are developing an application that will be used by all users in Company. Users log on to their client computers by using a domain user account that is a member of the local Power Users group and the user’s computer. You log on to your Windows XP Professional computer by using a domain user account that is a member of the local Administrators group and Power Users group on your computer. When examsing your application, you need to ensure that your examss accurately reflect the production environment in which the application will run. How should you exam the application? A. Ask a domain administrator to temporarily remove your domain user account from the local Administrators group on your computer while you are examsing the application. B. Exam the application on your computer. When examsing, log on to the computer by using a domain user account that is a member of only the local Power Users group on your computer. C. Deploy the application to a Windows XP Professional computer and a Windows 98 computer. Log on to each computer by using a domain user account that is a member of only the local Power Users group. D. Compile the assemblies of the application from the command line by running the runas command and specifying a domain user account that is a member of only the local Power Users group on your computer.
You are developing an ASP.NET Web application that users in the accounting department will use to process payroll reports and view payroll reports. The application will use Integrated Windows authentication to authenticate all users. Because payroll data is confidential only users in the accounting department will be granted access to the application. All employees in the accounting department belong to a specific Active Directory group. However, users in the IT department can add themselves to various Active Directory groups in order to troubleshoot resource access problems. These IT department users must not be granted access to the ASP.NET Web application. The following rules can be used to distinguish between users in the accounting department and users in the IT department: • All users in the accounting department are members of a group named CompanyAccounting. • Some users in the IT department are members of the CompanyAccounting group. All users in the IT department are members of a group named CompanyDomain Admin. • • No users in the accounting department are members of the CompanyDomain Admin group. You need to configure URL authorization for the application by adding an <authorization> element to the Web.config file in the application root. Which element should you use? A. <authorization> <deny roles=”CompanyDomain Admin”/> <allow roles=”CompanyAccounting”/> <deny users=”*”/> </authorization> B. <authorization> <allow roles=”CompanyAccounting”/> <deny roles=”CompanyDomain Admin”/> <dent users=”?”/> <authorization> C. <authorization> <deny roles=”Domain Admin”/> <allow roles=”Accounting”/> <deny users=”*”/> </authorization> D. <authorization> <allow roles=”Accounting”/> <deny roles=”Domain Admin”/> <deny users=”?”/> </authorization>