|
Question |
Rating |
View Answer |
|
You are an application developer for your company. You are developing a Windows Forms application. You deploy a supporting assembly named MyAssembly.dll to the global assembly cache. During testing, you discover that the application is prevented from accessing MyAssembly.dll. You need to ensure that the application can access MyAssembly.dll. What should you do? A. Digitally sign the application by using a digital certificate. B. Run the caspol.exe -s on command from the command line. C. Run the Assembly Linker to link MyAssembly.dll to the application. D. Modify the security policy to grant the application the FullTrust permission.
|
|
View Answer |
|
You develop an application that customers will be able to automate by using Microsoft Visual Basic for Applications (VBA) scripts. The application will be accompanied by sample VBA scripts. Customers must be able to review the sample VBA scripts. You want customers to be able to automate the installed application by using any of the sample VBA scripts or by creating their own automation scripts. You also want to allow customers to choose not to apply any automation scripts. You need to distribute the sample VBA scripts with your application in a manner that minimizes security risks for the customer. What should you do? A. On installation, place all the sample VBA scripts in a subfolder of the application’s installation folder. B. On installation, as the user to choose one sample VBA script to install as the application’s automation script. C. Do not install the same VBA scripts. Leave the files in a folder on the installation media. D. Encrypt same VBA scripts on the installation media and decrypt the files during installation.
|
|
View Answer |
|
You develop an application that uses an external class library. You run the Permissions View tool on the class library and receive the following output. Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573 Copyright (C) Microsoft Corporation 1998-2002. All rights reserved. minimal permission set: <PermissionSet class="System.Security.PermissionSet" version="1"> <IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="ReflectionEmit"/> <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="SerializationFormatter"/> </PermissionSet> optional permission set: <PermissionSet class="System.Security.PermissionSet" version="1" Unrestricted="true"/> refused permission set: Not specified You need to add corresponding attributes in your application. Which code segment should you use? A. [assembly: ReflectionPermission(SecurityAction.RequestRefuse, ReflectionEmit=false)] [assembly: SecurityPermission(SecurityAction.RequestRefuse, SerializationFormatter=false)] [assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)] B. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=false)] [assembly: SecurityPermission(SecurityAction.RequestRefuse, SerializationFormatter=false)] [assembly: PermissionSetAttribute(SecurityAction.RequestRefuse, Unrestricted=true)] C. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=false)] [assembly: SecurityPermission(SecurityAction.RequestMinimum, SerializationFormatter=false)] [assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)] D. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=true)] [assembly: SecurityPermission(SecurityAction.RequestMinimum, SerializationFormatter=true)] [assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)]
|
|
View Answer |
|
You are an application developer for your company. You are conducting a code review of a Windows Forms application that was developed by another developer. The application includes a function named Logon(), which validates a user's logon credentials. The function displays a dialog box for the user to enter the user's credentials, and the function validates those credentials by using a database. The function returns a value of 0 if the user's password is incorrect, a value of 1 if the user's user ID is incorrect, and a value of 2 if both are correct. Users should receive access to the application only if the function returns a value of 2. A function named EndApp() is used to exit the application. The application must display a message to the user, depending on the result of the Logon() function. The application contains the following code segment. int logonresult = Logon(); switch(logonresult) { case 0: MessageBox.Show("User name is OK, password incorrect."); break; case 1: MessageBox.Show("User name is incorrect."); break; default: MessageBox.Show("Welcome!"); break; } if(logonresult != 2) { EndApp(); } You need to improve the security of this code segment while maintaining its funtionality. You decide to replace the existing code segment. Which code segment should you use? A. if(Logon() != 2) { Console.WriteLine("Logon error."); EndApp(); } B. if(Logon() != 2) { Console.WriteLine("Logon error."); EndApp(); } else { MessageBox.Show("Welcome!"); } C. int logonresult = Logon(); switch(logonresult) { case 0: MessageBox.Show("User name is OK, password incorrect."); EndApp(); break; case 1: MessageBox.Show("User name is incorrect."); EndApp(); break; default: MessageBox.Show("Welcome!"); break; } D. int logonresult = Logon(); if(logonresult == 2) { MessageBox.Show("Welcome!"); } else { MessageBox.Show("User name or password was incorrect."); EndApp(); }
|
|
View Answer |
|
ou develop library assemblies that are called by your main applications. These library assemblies access confidential data in the applications. To ensure that this data is not accessed in an unauthorized and unsafe manner, users must not be allowed to call the library assemblies from their own applications. You apply a strong name to all assemblies to support versioning. You need to prevent users from writing managed applications that make calls to your library assemblies. You need to achieve this goal while minimizing the impact on response times for applications. What should you do? A. Use the internal access modifier to declare all classes and structures in each library. B. Use the protected internal access modifier to declare all classes and structures in each library. C. Add the following attribute to each class and structure in each library assembly: <StrongNameIdentityPermission(SecurityAction.Demand, PublicKey:=”002400..bda4”)> D. Add the following attribute to each class and structure in each library assembly: <StrongNameIdentityPermission(SecurityAction.LinkDemand, PublicKey:=”002400..bda4”)>
|
|
View Answer |
|
To prevent malicious code from running, a written company policy does not permit developers to log on by using accounts that have more permissions than necessary. Your user account is a member of the Users group and the VS Developers group. You attempt to run an application that requires Administrator-level permissions. You receive an error message that states that permission is denied. You need to be able to run the application. What should you do? A. Ask the network administrator to add your user account to the domain Administrators group. B. Ask the administrator of your client computer to add your user account to the local Administrators group. C. Add the administrator of your client computer to add your user account to the Power Users group. D. Run the application by using the runas command and specify a user account in the local Administrators group.
|
|
View Answer |
|
You are developing an application that will be used both by company users and by contractors. Contractors will install the application on their own portable computers. A written company policy prohibits contractors from easily accessing or reviewing the source code of company applications. The file servers that contain the source code for the application are configured so that only company software developers have access. You need to ensure that the contractors cannot easily access the application source code. What should you do? A. Run Dotfuctaor Community Edition on each of the application assemblies. B. Apply a strong name to each of the application assemblies. C. Run the Code Access Security Policy tool for each of the application assemblies before distributing the application. D. Use Encrypting File System (EFS) to encrypt the compiled application assemblies.
|
|
View Answer |
|
You develop an ASP.NET Web application for Company’s intranet. The application accesses data that is stored in a Microsoft SQL Server database. The application authenticates users by using Windows authentication, and it has impersonation enabled. You configure database object permissions based on the identity of the user of the application. You need to provide the user’s identity to the SQL Server database. What should you do? A. Connect to the database by using the following connection string “Persists Security Info=False;Integrated Security=SSPI; database=ApplicationDB;server=DataServer;” B. Connect to the database by using the following connection string “User ID=ASPNET;Persist Security Info=False;Integrated Security=False; database=ApplicationDB;server=DataServer;” C. Develop a serviced component that wraps all database operations. Use COM+ role-based security to restrict access to database operations based on user identity. D. Disable impersonation.
|
|
View Answer |
|
You are an application developer for Company.com. You develop a Windows Forms application that connects to a local Microsoft SQL Server database by using the Microsoft .NET Framework Data Provider for SQL Server. The application currently connects to the database by using an account that is a member of the System Administrator role in SQL Server. You need to ensure that the application can connect to the database by using the user account of the interactive user without providing additional permissions. What should you do? A. Modify the application to activate a SQL Server application role. B. Modify the application to use SQL Server integrated security. C. Modify the application to send a security token that contains the authentication information in a Kerberos ticket. D. Modify the application to use a COM+ security roles.
|
|
View Answer |
|
Users who are temporary employees are members of a group named TemporaryEmployees. You develop a serviced component named CompanyComponent. CompanyComponent is part of a COM+ application named MyApplication. CompanyComponent is secured by using the SecurityRole attribute for the Employees role. You need to ensure that members of the TemporaryEmployees group are assigned to the Employees role. You decide to add the TemporaryEmployees group to the existing Employees role. Which tool should you use? A. The code Access Security Policy tool. B. The Permission View tool. C. The Component Services tool. D. The Secutil tool. E. The Microsoft .NET Framework Configuration tool.
|
|
View Answer |
|
You are developing an application that will be used by members of three domain user groups in your company. The user groups are named CompanySales, CompanyMarketing, and AccountManagement. Each of the three user groups will have different permission within the application. You log on to your development computer by using a domain user account that is a member of only the Domain Users and the Developers domain user groups. On your development computer, you user account is a member of only the local Users group. When you finish developing the application, you need to ensure that the application runs correctly before you send the application to the company’s internal software examing department. How should you exam the application? A. Select one user from each of the three user groups that will run the application. Deploy the application to the client computer of each of these three users. Exam the application on each of the computers. B. Deploy the application to a client computer. Ask a domain administrator to place the computer’s domain account into all three of the user groups that will run the application. Exam the application on the client computer. C. Ask a domain administrator to create a domain user account for examing. Place the account in each of the three user groups that will run the application. Exam the application, logging on to your computer by using the exam domain user account. D. Ask a domain administrator to create three domain user accounts for examing. Place one account in each of the three user groups that will run the application. Exam the application three times, logging on to your computer by using a different exam domain user account for each exam.
|
|
View Answer |
|
You create a Web application that is used by all users in the company. The application is hosted on the internet Web server, which is named WebServer. WebServer has IIS 5.0 installed. The Web application is configured to use Intergrated Windows authentication. The Web.Config file specifies that the authentication mode is set to Windows. The application connects to a Microsoft SQL Server database named DataStore. The database is located on WebServer. The SQL Server computer is configured with SQL Server logins disabled. The database connection code is shown in the following code segment. String myConnsTr; myConnStr = @”Initial Catalog= “”DataStore””;”; myConnStr = myConnStr + “Data Source=localhost;Integrated Security=SSPI;”; SqlConnection myConn = new SqlConnection (myConnStr); string myInsert; myInsert = “INSERT INTO Customer (Customer ID, Name) Values (‘123’, ‘John Doe’)”; SqlCommand myCmd = new SqlCommand (myInsert); myCmd.Connection = myConn; myConn.Open ( ) ; myCmd.ExecuteNonQuery ( ) ; myCmd.Connection.Close ( ) ; When you run the application by using Microsoft Internet Explorer, you receive an error message that reads in part: “Login failed for user WebServerASPNET.” You need to ensure that the application can run successfully without prompting the user for a user name and password. What should you do? A. Change the authentication mode is IIS to basic authentication. Update the connection string. B. Change the authentication mode in IIS to Anonymous and supply a login ID and password for SQL Server login account that has access to the database. Update the connection string. C. Enable Integrated Windows authentication in Internet Explorer. D. Enable impersonation in the Web.Config file.
|
|
View Answer |
|
You are responsible for maintaining an application that uses data that is stored in a Microsoft SQL Server database. The application accepts user input into a variable named userinput and saves the input in a smallint column in a SQL Server table. The application uses a stored procedure to save the data. The application contains the following code segment. //Gets input and ensures input is numeric userinput = GetUserInput (); if (userinput < - 32767) { MessageBox.Show (“Input is out of range.”); } else { //Call stored procedure to save input SaveToSQL (userinput); } The SQL Server administrator informs you that several errors have been logged on the SQL Server computer. The errors indicate that the stored procedure attempted to save data that was out of range for the smallint column. You need to prevent these errors from occurring. What should you do? A. Modify the stored procedure so that the input parameter is declared as smallint. B. Change the data type of the column to int. C. Replace the code segment with the following code segment. //Gets input and ensures input is numeric userinput = GetUserInput (); if (userinput > -32768 || userinput < 32767) { MessageBox.Show (“Input is out of range.”); } else { //call stored procedure to save input SaveToSQL (userinput); } D. Replace the code segment with the following code segment. //Gets input and ensures input is numeric userinput = GetUserInput (); if (Userinput < 0 | | userinput > 32767) { MessageBox.Show (“Input is out of range.”); } else { //call stored procedure to save input SaveToSQL (Userinput); }
|
|
View Answer |
|
You are developing a three-tier application. You enter sample data to exam the application. The following exception is caught by the data layer before the application continues to run. Cannot set column ‘Column1’ to ‘Text too long for maximum length’. The value violates the MaxLength limit of this column. You need to improve the security of the application. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two) A. Increase the maximum length of data characters allowed in the column. B. Validate all incoming data character lengths at the business layer. C. Modify the data layer to process data above the maximum length. D. Modify the user interface to prevent users from entering data above the maximum character length.
|
|
View Answer |
|
You are conducting a code review of an application that was developed by another developer. The application stores both public data and confidential data. The application stores the data in a file on the hard disk of a user’s client computer. The following code segment manages the writing of all application data to the file. The array named data1 contains the public data, and the array named data2 contains the confidential data. Public void WriteData (DES des, byte[] data1, byte [] data2, FileStream fsourt) { CryptoStream cs = new CryptoStream ( Fsout, des.CreateEncryptor (), CryptoStreamMOde.Write); cs.Write (data1, 0, data1.Length); cs.Write (data2, 0, data2.Length); cs.FlushFinalBlock ( ); } You need to improve the response time of this application, without reducing its security. Any changes you make to the WriteData function will be reflected in the code portion for reading data. What should you do? A. Replace the code segment with the following code segment. public void WriteData (DES des, byte [] data1, byte [] data2, FileStream fsout) { fsout.Write(data1, 0, data1.Length); CryptoStream cs = new CryptoStream ( Fsout, des.CreateEncryptor (), CryptoStreamMOde.Write); cs.Write (data2, 0, data2.Length); cs.FlushFinalBlock (); } B. Replace the call to the FlushFinalBlock method with the following code segment. int excess = (data11.Length+data.Length) % des.BlockSize; if (excess > 0) { byte[] padding = new byte [des.BlockSize – excess]; cs.Write (padding, 0, padding.Length); } C. Modify the application to use asymmetric encryption D. Call the cs.Write function by using data blocks that have a length equal to the des.BlockSize property. Repeat the call until all the data is written the file.
|
|
View Answer |
|
You are developing an application that can be extended by using custom components. The application uses reflection to In some cases, custom components will originate from a source that is not fully trusted, such as the Internet. You need to programmatically restrict the code access security policy under which custom components run so that custom components do not run with an elevated permission grant. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.) A. Create a new application domain and set the security policy level. Run custom components in this application domain. B. Use permission class operations to modify the security policy. C. Implement custom permission classes to protect custom component resources. D. Programmatically modify the machine-level security policy file after loading a custom component.
|
|
View Answer |
|
You create an ASP.NET Web application that all authenticated network users will access. The authentication mode in the Web.config file is currently set to None. Due to recent security threats, the network administrator requires that all connections to the application’s Web server use the network credentials of the authenticated user. You need to configure the application to use the network credentials of the authenticated user as HTTPContext.Current.User. Which action or actions should you perform? (Choose all that apply) A. Ask the network administrator to configure the IIS directory security to Anonymous authentication. B. Ask the network administrator to configure the IIS directory security to Integrated Windows authentication. C. Set the authentication mode in the Web.config file to Forms. D. Set the authentication mode in the Web.config file to Windows. E. Set the impersonation attribute of the identity element in the Web.config file to true.
|
|
View Answer |
|
ou are an application developer for your company, which is named Company.com. You are developing an ASP.NET Web application that users in the accounting department will use to process payroll reports and view payroll reports. The application will use Integrated Windows authentication to authenticate all users. Because payroll data is confidential only users in the accounting department will be granted access to the application. All employees in the accounting department belong to a specific Active Directory group. However, users in the IT department can add themselves to various Active Directory groups in order to troubleshoot resource access problems. These IT department users must not be granted access to the ASP.NET Web application. The following rules can be used to distinguish between users in the accounting department and users in the IT department: • All users in the accounting department are members of a group named CompanyAccounting. • Some users in the IT department are members of the CompanyAccounting group. • All users in the IT department are members of a group named CompanyDomain Admin. • No users in the accounting department are members of the CompanyDomain Admin group. You need to configure URL authorization for the application by adding an <authorization> element to the Web.config file in the application root. Which element should you use? A. <authorization> <deny roles=”CompanyDomain Admin”/> <allow roles=”CompanyAccounting”/> <deny users=”*”/> </authorization> B. <authorization> <allow roles=”CompanyAccounting”/> <deny roles=”CompanyDomain Admin”/> <dent users=”?”/> <authorization> C. <authorization> <deny roles=”Domain Admin”/> <allow roles=”Accounting”/> <deny users=”*”/> </authorization> D. <authorization> <allow roles=”Accounting”/> <deny roles=”Domain Admin”/> <deny users=”?”/> </authorization>
|
|
View Answer |
|
You are developing a Windows-based payroll application that will be used by all payroll administrators in the company. The application has a single executable file that uses a separate assembly to modify payroll data. You need to design security for your application to ensure that the assembly cannot be called by unauthenticated and unauthorized users. What should you do? A. Run the application by using a user account that has access to the application directory. B. Modify the application to validate all user-entered data. C. Modify the application to authenticate and authorize user access within each assembly as it is called. D. Modify the application to authenticate and authorize user access when each user runs the executable file. E. Set the folder-level permissions to the executable file by using directory security.
|
|
View Answer |
|
Each client computer in Company runs either Microsoft Windows XP Professional or Windows 98. You are developing an application that will be used by all users in Company. Users log on to their client computers by using a domain user account that is a member of the local Power Users group and the user’s computer. You log on to your Windows XP Professional computer by using a domain user account that is a member of the local Administrators group and Power Users group on your computer. When examing your application, you need to ensure that your exams accurately reflect the production environment in which the application will run. How should you exam the application? A. Ask a domain administrator to temporarily remove your domain user account from the local Administrators group on your computer while you are examing the application. B. Exam the application on your computer. When examing, log on to the computer by using a domain user account that is a member of only the local Power Users group on your computer. C. Deploy the application to a Windows XP Professional computer and a Windows 98 computer. Log on to each computer by using a domain user account that is a member of only the local Power Users group. D. Compile the assemblies of the application from the command line by running the runas command and specifying a domain user account that is a member of only the local Power Users group on your computer.
|
|
View Answer |