|
Question |
Rating |
View Answer |
 |
You are an application developer for your company. You are developing a Windows Forms
application. You deploy a supporting assembly named MyAssembly.dll to the global assembly
cache. During testing, you discover that the application is prevented from accessing
MyAssembly.dll.
You need to ensure that the application can access MyAssembly.dll.
What should you do?
A. Digitally sign the application by using a digital certificate.
B. Run the caspol.exe -s on command from the command line.
C. Run the Assembly Linker to link MyAssembly.dll to the application.
D. Modify the security policy to grant the application the FullTrust permission.
|
|
View Answer |
|
You develop an application that customers
will be able to automate by using Microsoft Visual Basic for Applications (VBA) scripts. The
application will be accompanied by sample VBA scripts. Customers must be able to review the
sample VBA scripts. You want customers to be able to automate the installed application by using
any of the sample VBA scripts or by creating their own automation scripts. You also want to allow
customers to choose not to apply any automation scripts.
You need to distribute the sample VBA scripts with your application in a manner that minimizes
security risks for the customer.
What should you do?
A. On installation, place all the sample VBA scripts in a subfolder of the application’s installation
folder.
B. On installation, as the user to choose one sample VBA script to install as the application’s
automation script.
C. Do not install the same VBA scripts.
Leave the files in a folder on the installation media.
D. Encrypt same VBA scripts on the installation media and decrypt the files during installation.
|
|
View Answer |
|
You develop an application that uses an
external class library. You run the Permissions View tool on the class library and receive the
following output.
Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
minimal permission set:
<PermissionSet class="System.Security.PermissionSet" version="1">
<IPermission class="System.Security.Permissions.ReflectionPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="ReflectionEmit"/>
<IPermission class="System.Security.Permissions.SecurityPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="SerializationFormatter"/>
</PermissionSet>
optional permission set:
<PermissionSet class="System.Security.PermissionSet"
version="1" Unrestricted="true"/>
refused permission set:
Not specified
You need to add corresponding attributes in your application.
Which code segment should you use?
A. [assembly: ReflectionPermission(SecurityAction.RequestRefuse, ReflectionEmit=false)]
[assembly: SecurityPermission(SecurityAction.RequestRefuse,
SerializationFormatter=false)]
[assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)]
B. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=false)]
[assembly: SecurityPermission(SecurityAction.RequestRefuse,
SerializationFormatter=false)]
[assembly: PermissionSetAttribute(SecurityAction.RequestRefuse, Unrestricted=true)]
C. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=false)]
[assembly: SecurityPermission(SecurityAction.RequestMinimum,
SerializationFormatter=false)]
[assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)]
D. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=true)]
[assembly: SecurityPermission(SecurityAction.RequestMinimum,
SerializationFormatter=true)]
[assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)]
|
|
View Answer |
|
You are an application developer for your company. You are conducting a code review of a
Windows Forms application that was developed by another developer. The application
includes a function named Logon(), which validates a user's logon credentials. The function
displays a dialog box for the user to enter the user's credentials, and the function validates those
credentials by using a database.
The function returns a value of 0 if the user's password is incorrect, a value of 1 if the user's user
ID is incorrect, and a value of 2 if both are correct. Users should receive access to the application
only if the function returns a value of 2. A function named EndApp() is used to exit the application.
The application must display a message to the user, depending on the result of the Logon()
function.
The application contains the following code segment.
int logonresult = Logon();
switch(logonresult) {
case 0:
MessageBox.Show("User name is OK, password incorrect.");
break;
case 1:
MessageBox.Show("User name is incorrect.");
break;
default:
MessageBox.Show("Welcome!");
break;
}
if(logonresult != 2) {
EndApp();
}
You need to improve the security of this code segment while maintaining its funtionality. You
decide to replace the existing code segment.
Which code segment should you use?
A. if(Logon() != 2) {
Console.WriteLine("Logon error.");
EndApp();
}
B. if(Logon() != 2) {
Console.WriteLine("Logon error.");
EndApp();
}
else {
MessageBox.Show("Welcome!");
}
C. int logonresult = Logon();
switch(logonresult) {
case 0:
MessageBox.Show("User name is OK, password incorrect.");
EndApp();
break;
case 1:
MessageBox.Show("User name is incorrect.");
EndApp();
break;
default:
MessageBox.Show("Welcome!");
break;
}
D. int logonresult = Logon();
if(logonresult == 2) {
MessageBox.Show("Welcome!");
}
else {
MessageBox.Show("User name or password was incorrect.");
EndApp();
}
|
|
View Answer |
|
ou develop library assemblies that are
called by your main applications. These library assemblies access confidential data in the
applications. To ensure that this data is not accessed in an unauthorized and unsafe manner,
users must not be allowed to call the library assemblies from their own applications. You apply a
strong name to all assemblies to support versioning.
You need to prevent users from writing managed applications that make calls to your library
assemblies.
You need to achieve this goal while minimizing the impact on response times for applications.
What should you do?
A. Use the internal access modifier to declare all classes and structures in each library.
B. Use the protected internal access modifier to declare all classes and structures in each library.
C. Add the following attribute to each class and structure in each library assembly:
<StrongNameIdentityPermission(SecurityAction.Demand, PublicKey:=”002400..bda4”)>
D. Add the following attribute to each class and structure in each library assembly:
<StrongNameIdentityPermission(SecurityAction.LinkDemand, PublicKey:=”002400..bda4”)>
|
|
View Answer |
|
To prevent malicious code from running, a
written company policy does not permit developers to log on by using accounts that have more
permissions than necessary.
Your user account is a member of the Users group and the VS Developers group. You attempt to
run an application that requires Administrator-level permissions. You receive an error message
that states that permission is denied.
You need to be able to run the application.
What should you do?
A. Ask the network administrator to add your user account to the domain Administrators group.
B. Ask the administrator of your client computer to add your user account to the local
Administrators group.
C. Add the administrator of your client computer to add your user account to the Power Users
group.
D. Run the application by using the runas command and specify a user account in the local
Administrators group.
|
|
View Answer |
|
You are developing an application that will
be used both by company users and by contractors. Contractors will install the application on
their own portable computers. A written company policy prohibits contractors from easily
accessing or reviewing the source code of company applications. The file servers that contain the
source code for the application are configured so that only company software developers have
access.
You need to ensure that the contractors cannot easily access the application source code.
What should you do?
A. Run Dotfuctaor Community Edition on each of the application assemblies.
B. Apply a strong name to each of the application assemblies.
C. Run the Code Access Security Policy tool for each of the application assemblies before
distributing the application.
D. Use Encrypting File System (EFS) to encrypt the compiled application assemblies.
|
|
View Answer |
|
You develop an ASP.NET Web application
for Company’s intranet. The application accesses data that is stored in a Microsoft SQL Server
database. The application authenticates users by using Windows authentication, and it has
impersonation enabled. You configure database object permissions based on the identity of the
user of the application.
You need to provide the user’s identity to the SQL Server database.
What should you do?
A. Connect to the database by using the following connection string
“Persists Security Info=False;Integrated Security=SSPI;
database=ApplicationDB;server=DataServer;”
B. Connect to the database by using the following connection string
“User ID=ASPNET;Persist Security Info=False;Integrated
Security=False;
database=ApplicationDB;server=DataServer;”
C. Develop a serviced component that wraps all database operations.
Use COM+ role-based security to restrict access to database operations based on user
identity.
D. Disable impersonation.
|
|
View Answer |
|
You are an application developer for Company.com. You develop a Windows Forms application
that connects to a local Microsoft SQL Server database by using the Microsoft .NET Framework
Data Provider for SQL Server. The application currently connects to the database by using an
account that is a member of the System Administrator role in SQL Server.
You need to ensure that the application can connect to the database by using the user account of
the interactive user without providing additional permissions.
What should you do?
A. Modify the application to activate a SQL Server application role.
B. Modify the application to use SQL Server integrated security.
C. Modify the application to send a security token that contains the authentication information in a
Kerberos ticket.
D. Modify the application to use a COM+ security roles.
|
|
View Answer |
|
Users who are temporary employees are
members of a group named TemporaryEmployees. You develop a serviced component named
CompanyComponent. CompanyComponent is part of a COM+ application named MyApplication.
CompanyComponent is secured by using the SecurityRole attribute for the Employees role.
You need to ensure that members of the TemporaryEmployees group are assigned to the
Employees role.
You decide to add the TemporaryEmployees group to the existing Employees role.
Which tool should you use?
A. The code Access Security Policy tool.
B. The Permission View tool.
C. The Component Services tool.
D. The Secutil tool.
E. The Microsoft .NET Framework Configuration tool.
|
|
View Answer |
|
You are developing an application that will
be used by members of three domain user groups in your company. The user groups are named
CompanySales, CompanyMarketing, and AccountManagement. Each of the three user groups
will have different permission within the application.
You log on to your development computer by using a domain user account that is a member of
only the Domain Users and the Developers domain user groups. On your development computer,
you user account is a member of only the local Users group.
When you finish developing the application, you need to ensure that the application runs correctly
before you send the application to the company’s internal software examing department.
How should you exam the application?
A. Select one user from each of the three user groups that will run the application.
Deploy the application to the client computer of each of these three users.
Exam the application on each of the computers.
B. Deploy the application to a client computer.
Ask a domain administrator to place the computer’s domain account into all three of the user
groups that will run the application.
Exam the application on the client computer.
C. Ask a domain administrator to create a domain user account for examing.
Place the account in each of the three user groups that will run the application.
Exam the application, logging on to your computer by using the exam domain user account.
D. Ask a domain administrator to create three domain user accounts for examing.
Place one account in each of the three user groups that will run the application.
Exam the application three times, logging on to your computer by using a different exam
domain user account for each exam.
|
|
View Answer |
|
You create a Web application that is used by
all users in the company. The application is hosted on the internet Web server, which is named
WebServer. WebServer has IIS 5.0 installed. The Web application is configured to use
Intergrated Windows authentication. The Web.Config file specifies that the authentication mode is
set to Windows. The application connects to a Microsoft SQL Server database named DataStore.
The database is located on WebServer. The SQL Server computer is configured with SQL Server
logins disabled. The database connection code is shown in the following code segment.
String myConnsTr;
myConnStr = @”Initial Catalog= “”DataStore””;”;
myConnStr = myConnStr + “Data Source=localhost;Integrated
Security=SSPI;”;
SqlConnection myConn = new SqlConnection (myConnStr);
string myInsert;
myInsert = “INSERT INTO Customer (Customer ID, Name) Values (‘123’,
‘John Doe’)”;
SqlCommand myCmd = new SqlCommand (myInsert);
myCmd.Connection = myConn;
myConn.Open ( ) ;
myCmd.ExecuteNonQuery ( ) ;
myCmd.Connection.Close ( ) ;
When you run the application by using Microsoft Internet Explorer, you receive an error message
that reads in part: “Login failed for user WebServerASPNET.”
You need to ensure that the application can run successfully without prompting the user for a
user name and password.
What should you do?
A. Change the authentication mode is IIS to basic authentication. Update the connection string.
B. Change the authentication mode in IIS to Anonymous and supply a login ID and password for
SQL Server login account that has access to the database. Update the connection string.
C. Enable Integrated Windows authentication in Internet Explorer.
D. Enable impersonation in the Web.Config file.
|
|
View Answer |
|
You are responsible for maintaining an
application that uses data that is stored in a Microsoft SQL Server database.
The application accepts user input into a variable named userinput and saves the input in a
smallint column in a SQL Server table. The application uses a stored procedure to save the data.
The application contains the following code segment.
//Gets input and ensures input is numeric
userinput = GetUserInput ();
if (userinput < - 32767) {
MessageBox.Show (“Input is out of range.”);
}
else {
//Call stored procedure to save input
SaveToSQL (userinput);
}
The SQL Server administrator informs you that several errors have been logged on the SQL
Server computer. The errors indicate that the stored procedure attempted to save data that was
out of range for the smallint column.
You need to prevent these errors from occurring.
What should you do?
A. Modify the stored procedure so that the input parameter is declared as smallint.
B. Change the data type of the column to int.
C. Replace the code segment with the following code segment.
//Gets input and ensures input is numeric
userinput = GetUserInput ();
if (userinput > -32768 || userinput < 32767) {
MessageBox.Show (“Input is out of range.”);
}
else {
//call stored procedure to save input
SaveToSQL (userinput);
}
D. Replace the code segment with the following code segment.
//Gets input and ensures input is numeric
userinput = GetUserInput ();
if (Userinput < 0 | | userinput > 32767) {
MessageBox.Show (“Input is out of range.”);
}
else {
//call stored procedure to save input
SaveToSQL (Userinput);
}
|
|
View Answer |
|
You are developing a three-tier application.
You enter sample data to exam the application. The following exception is caught by the data
layer before the application continues to run. Cannot set column ‘Column1’ to ‘Text too long for
maximum length’. The value violates the MaxLength limit of this column.
You need to improve the security of the application. Which two actions should you perform?
(Each correct answer presents part of the solution. Choose two)
A. Increase the maximum length of data characters allowed in the column.
B. Validate all incoming data character lengths at the business layer.
C. Modify the data layer to process data above the maximum length.
D. Modify the user interface to prevent users from entering data above the maximum character
length.
|
|
View Answer |
|
You are conducting a code review of an
application that was developed by another developer. The application stores both public data and
confidential data. The application stores the data in a file on the hard disk of a user’s client
computer. The following code segment manages the writing of all application data to the file. The
array named data1 contains the public data, and the array named data2 contains the confidential
data.
Public void WriteData (DES des, byte[] data1, byte [] data2,
FileStream fsourt) { CryptoStream cs = new CryptoStream
(
Fsout, des.CreateEncryptor (), CryptoStreamMOde.Write);
cs.Write (data1, 0, data1.Length);
cs.Write (data2, 0, data2.Length);
cs.FlushFinalBlock ( );
}
You need to improve the response time of this application, without reducing its security. Any
changes you make to the WriteData function will be reflected in the code portion for reading data.
What should you do?
A. Replace the code segment with the following code segment.
public void WriteData (DES des, byte [] data1, byte [] data2,
FileStream fsout) { fsout.Write(data1, 0, data1.Length);
CryptoStream cs = new CryptoStream (
Fsout, des.CreateEncryptor (), CryptoStreamMOde.Write);
cs.Write (data2, 0, data2.Length);
cs.FlushFinalBlock ();
}
B. Replace the call to the FlushFinalBlock method with the following code segment.
int excess = (data11.Length+data.Length) % des.BlockSize;
if (excess > 0) {
byte[] padding = new byte [des.BlockSize – excess];
cs.Write (padding, 0, padding.Length);
}
C. Modify the application to use asymmetric encryption
D. Call the cs.Write function by using data blocks that have a length equal to the des.BlockSize
property.
Repeat the call until all the data is written the file.
|
|
View Answer |
|
You are developing an application that can
be extended by using custom components. The application uses reflection to In some cases,
custom components will originate from a source that is not fully trusted, such as the Internet.
You need to programmatically restrict the code access security policy under which custom
components run so that custom components do not run with an elevated permission grant.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution. Choose two.)
A. Create a new application domain and set the security policy level. Run custom components in
this application domain.
B. Use permission class operations to modify the security policy.
C. Implement custom permission classes to protect custom component resources.
D. Programmatically modify the machine-level security policy file after loading a custom
component.
|
|
View Answer |
|
You create an ASP.NET Web application
that all authenticated network users will access. The authentication mode in the Web.config file is
currently set to None. Due to recent security threats, the network administrator requires that all
connections to the application’s Web server use the network credentials of the authenticated
user.
You need to configure the application to use the network credentials of the authenticated user as
HTTPContext.Current.User.
Which action or actions should you perform? (Choose all that apply)
A. Ask the network administrator to configure the IIS directory security to Anonymous
authentication.
B. Ask the network administrator to configure the IIS directory security to Integrated Windows
authentication.
C. Set the authentication mode in the Web.config file to Forms.
D. Set the authentication mode in the Web.config file to Windows.
E. Set the impersonation attribute of the identity element in the Web.config file to true.
|
|
View Answer |
|
ou are an application developer for your company, which is named Company.com. You are
developing an ASP.NET Web application that users in the accounting department will use to
process payroll reports and view payroll reports. The application will use Integrated Windows
authentication to authenticate all users.
Because payroll data is confidential only users in the accounting department will be granted
access to the application. All employees in the accounting department belong to a specific Active
Directory group. However, users in the IT department can add themselves to various Active
Directory groups in order to troubleshoot resource access problems. These IT department users
must not be granted access to the ASP.NET Web application. The following rules can be used to
distinguish between users in the accounting department and users in the IT department:
• All users in the accounting department are members of a group named CompanyAccounting.
• Some users in the IT department are members of the CompanyAccounting group.
• All users in the IT department are members of a group named CompanyDomain Admin.
• No users in the accounting department are members of the CompanyDomain Admin group.
You need to configure URL authorization for the application by adding an <authorization>
element to the Web.config file in the application root.
Which element should you use?
A. <authorization>
<deny roles=”CompanyDomain Admin”/>
<allow roles=”CompanyAccounting”/>
<deny users=”*”/>
</authorization>
B. <authorization>
<allow roles=”CompanyAccounting”/>
<deny roles=”CompanyDomain Admin”/>
<dent users=”?”/>
<authorization>
C. <authorization>
<deny roles=”Domain Admin”/>
<allow roles=”Accounting”/>
<deny users=”*”/>
</authorization>
D. <authorization>
<allow roles=”Accounting”/>
<deny roles=”Domain Admin”/>
<deny users=”?”/>
</authorization>
|
|
View Answer |
|
You are developing a Windows-based
payroll application that will be used by all payroll administrators in the company. The application
has a single executable file that uses a separate assembly to modify payroll data.
You need to design security for your application to ensure that the assembly cannot be called by
unauthenticated and unauthorized users.
What should you do?
A. Run the application by using a user account that has access to the application directory.
B. Modify the application to validate all user-entered data.
C. Modify the application to authenticate and authorize user access within each assembly as it is
called.
D. Modify the application to authenticate and authorize user access when each user runs the
executable file.
E. Set the folder-level permissions to the executable file by using directory security.
|
|
View Answer |
|
Each client computer in Company runs
either Microsoft Windows XP Professional or Windows 98. You are developing an application that
will be used by all users in Company.
Users log on to their client computers by using a domain user account that is a member of the
local Power Users group and the user’s computer. You log on to your Windows XP Professional
computer by using a domain user account that is a member of the local Administrators group and
Power Users group on your computer.
When examing your application, you need to ensure that your exams accurately reflect the
production environment in which the application will run.
How should you exam the application?
A. Ask a domain administrator to temporarily remove your domain user account from the local
Administrators group on your computer while you are examing the application.
B. Exam the application on your computer.
When examing, log on to the computer by using a domain user account that is a member of
only the local Power Users group on your computer.
C. Deploy the application to a Windows XP Professional computer and a Windows 98 computer.
Log on to each computer by using a domain user account that is a member of only the local
Power Users group.
D. Compile the assemblies of the application from the command line by running the runas
command and specifying a domain user account that is a member of only the local Power
Users group on your computer.
|
|
View Answer |
QUESTIONS LISTING
Payment of time- barred debt is:
(a) Valid
(b) Void
(c) Illegal
(d) Voidable