70-330 Exam
Implementing Security for Applications with Microsoft Visual Basic .NET
- Exam Number/Code : 70-330
- Exam Name : Implementing Security for Applications with Microsoft Visual Basic .NET
- Questions and Answers : 90 Q&As
- Update Time: 2011-09-21
- Price:
$ 119.00$ 69.00
Free 70-330 Demo Download
Test4pass offers free demo for MCSD.NET 70-330 exam ( Implementing Security for Applications with Microsoft Visual Basic .NET). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
Exam Description
It is well known that 70-330 exam test is the hot exam of Microsoft certification. Test4pass offer you all the Q&A of the 70-330 real test . It is the examination of the perfect combination and it will help you pass 70-330 exam at the first time!
Why choose Test4pass 70-330 braindumps
Quality and Value for the 70-330 Exam
100% Guarantee to Pass Your 70-330 Exam
Downloadable, Interactive 70-330 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.
Microsoft MCSD.NET 70-330 exam braindumps questions and answers
¡¡
¡¡
Exam : Microsoft 70-330
Title : Implementing Security for Applications with MS VB.NET
1. You are an application developer for your company. You are developing a Windows Forms application. You deploy a supporting assembly named MyAssembly.dll to the global assembly cache. During testing, you discover that the application is prevented from accessing MyAssembly.dll.
You need to ensure that the application can access MyAssembly.dll.
What should you do?
A. Digitally sign the application by using a digital certificate.
B. Run the caspol.exe -s on command from the command line.
C. Run the Assembly Linker to link MyAssembly.dll to the application.
D. Modify the security policy to grant the application the FullTrust permission.
Answer: D
2. You are an application developer for your company. You are testing an application that was developed by another developer. The application maintains its own list of authorized users. Each user is assigned a security level of 1, 2, or 3. When a new user account is created, the security level for that user is entered into a text box. The new user account information is saved in a Microsoft SQL Server table by using a stored procedure. You verify that user accounts that have any of the three security levels can perform only the intended actions within the application. You need to identify any security vulnerabilities in the portion of the application that creates new user accounts. What should you do first?
A. Use SQL Query Analyzer to create a new user account that has a security level of 2. Test the application to see if the new user account can log on to the application.
B. Create a new user account that has a security level other than 1, 2, or 3. Test the application to see what the new user account can do.
C. Use Osql.exe to call the stored procedure and create a new user account that has a security level of 3. Test the application to see what the new user account can do.
D. Create a new user account that has a security level of 3. Test the application to see what the new user account can do.
Answer: B
3. You are an application developer for your company. The company runs an e-commerce Web site. Users log on to the Web site by using a password. Passwords are stored in a text file. The following code segment prepares the passwords for storage.
Function HashPassword(ByVal Pwd As String) As String
Return FormsAuthentication.HashPasswordForStoringInConfigFile(Pwd, "SHA1")
End Function
Users of the Web site are creating passwords that are easily cracked by dictionary attacks.
You need to decrease the likelihood that a dictionary attack will succeed if the password file is stolen, without restricting the passwords that users can create.
What should you do?
A. Create a dictionary file that contains common words. Write additional code to reject passwords that match the entries in the dictionary.
B. Apply a more restrictive discretionary access control list (DACL) to the password storage file.
C. Replace the HashPassword function with the following code segment. Function HashPassword(ByVal Pwd As String) As String Return FormsAuthentication.HashPasswordForStoringInConfigFile(Pwd, "MD5")End Function
D. Replace the HashPassword function with the following code segment. Function HashPassword(ByVal Pwd As String) As String Dim Rng As New RNGCryptoServiceProvider Dim Salt(16) As Byte Rng.GetBytes(Salt) Dim saltstr As String = Convert.ToBase64String(Salt) Return saltstr & FormsAuthentication.HashPasswordForStoringInConfigFile( _ saltstr & Pwd, "SHA1")End Function
E. Replace the HashPassword function with the following code segment. Function HashPassword(ByVal Pwd As String) As String Dim Hash As Integer = 0 Dim Enc As New UnicodeEncoding Dim HashData As Byte() = Enc.GetBytes(Pwd) Dim i As Integer For i = 0 To HashData.Length Step 2 Hash = Hash Xor (HashData(i) Or (HashData(i + 1) << 8)) Next Return Hash.ToString()End Function
Answer: D
4. You are an application developer for your company. You are developing an application that receives signed data. The data is signed by using the RSA encryption algorithm and the SHA1 hash algorithm. You need to write a function that will verify signatures by using RSA public credentials. Which code segment should you use?
A. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Dim MySig As Byte() = RSA.SignData(Data, "SHA1") Dim i As Integer For i = 0 To MySig.Length - 1 If i >= Signature.Length Or Signature(i) <> MySig(i) Then Return False End If Next Return TrueEnd Function
B. Public Function VerifySignature(ByVal Data() As Byte, ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Return RSA.VerifyData(Data, "SHA1", Signature)End Function
C. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Dim MySig As Byte() = RSA.Decrypt(Data, False) Dim i As Integer For i = 0 To MySig.Length - 1 If i >= Signature.Length Or Signature(i) <> MySig(i) Then Return False End If Next Return TrueEnd Function
D. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Dim shaOID As String = CryptoConfig.MapNameToOID("SHA1") Return RSA.VerifyHash(Data, shaOID, Signature)End Function
Answer: B
5. You are an application developer for your company, which is named Humongous Insurance. You are developing an application to manage medical insurance claims. The application includes a serviced component named ClaimRecord. The business rules implemented by the application allow only those users who are members of the HumongousInsuranceClaimsProcessor domain group to access the ClaimRecord component.
You apply attributes to the ClaimRecord component to enable role-based security. You use the following assembly-level attribute to add a role named ClaimsProcessor to the COM+ application that hosts the ClaimRecord component.
<Assembly: SecurityRole("ClaimsProcessor")>
You deploy the ClaimRecord component to your staging server. You log on to the application by using a user account that is a member of the HumongousInsuranceClaimsProcessor domain group. When your application attempts to access the ClaimRecord component, an UnauthorizedAccessException exception is thrown.
You need to modify the ClaimRecord component or reconfigure the COM+ application so that access is granted.
You need to achieve this goal without compromising the security requirement of the ClaimRecord component.
What should you do?
A. Replace the assembly-level attribute with the following attribute. <Assembly: SecurityRole("ClaimsProcessor", SetEveryoneAccess:=True)>
B. Replace the assembly-level attribute with the following attribute. <Assembly: SecurityRole("HumongousInsuranceClaimsProcessor")>
C. Add the SuppressUnmanagedCodeSecurity attribute to the ClaimRecord component.
D. Using the Component Services tool, add the HumongousInsuranceClaimsProcessor domain group to the COM+ ClaimsProcessor role.
Answer: D
6. You are an application developer for your company. You are developing an application that reads the USERNAME environment variable and executes code in an unmanaged DLL. The design document specifies that the application must display a custom message when the code access security policy restricts access to required resources. You need to write the code segment that will ascertain whether your application is permitted to access unmanaged code and the USERNAME environment variable. Your solution must allow the application to display the custom message when the application is being loaded. Which code segment should you use?
A. Try Dim ep As EnvironmentPermission = New _
EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME") Dim sp As SecurityPermission = New _ SecurityPermission(SecurityPermissionFlag.UnmanagedCode) ep.Demand() sp.Demand()Catch ex As SecurityException '...End Try
B. Dim ep As EnvironmentPermission = New _
EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME")Dim sp As SecurityPermission = New _ SecurityPermission(SecurityPermissionFlag.UnmanagedCode)If Not (ep.IsUnrestricted() And sp.IsUnrestricted()) Then ' ... End If
C. <EnvironmentPermission(SecurityAction.Demand, Read:="USERNAME"), _
SecurityPermission(SecurityAction.Demand, UnmanagedCode:=True)> _Sub Main() ' ... End Sub
D. <Assembly: EnvironmentPermission(SecurityAction.RequestMinimum,
Read:="USERNAME")><Assembly: SecurityPermission(SecurityAction.RequestMinimum, UnmanagedCode:=True)>
Answer: B
7. You are an application developer for your company. The company maintains an internal, self-signed certification authority (CA). You are releasing a new internal Windows Forms application. A written company policy prohibits internal applications from running on client computers unless the identity and integrity of those applications can be proven. The Microsoft .NET Framework on all client computers is configured to enforce this restriction. You need to ensure that your application will run when installed on all client computers. Your solution must not require any financial expenditure. What should you do?
A. Use a software publisher certificate issued by the internal CA to sign the application assemblies.
B. Use a software publisher certificate issued by a third-party commercial CA to sign the application assemblies.
C. Run the Certificate Creation tool and the Software Publisher Certificate Test tool before distributing the application to client computers.
D. Distribute the application as an e-mail attachment. Digitally sign the e-mail message before sending it to all company users.
Answer: A
8. You are an application developer for your company. You create a Web application that is used by all users in the company. The application is hosted on the intranet Web server, which is named WebServer. WebServer has IIS 5.0 installed. The Web application is configured to use Integrated Windows authentication. The Web.config file specifies that the authentication mode is set to Windows.
The application connects to a Microsoft SQL Server database named DataStore. The database is located on WebServer. The SQL Server computer is configured with SQL Server logins disabled. The database connection code is shown in the following code segment.
Dim myConnStr As String
myConnStr = "Initial Catalog=""DataStore"";"
myConnStr = myConnStr & "Data Source=localhost;Integrated Security=SSPI;"
Dim myConn As New SqlConnection(myConnStr)
Dim myInsert As String
myInsert = "INSERT INTO Customer (CustomerID, Name) Values('123', 'John Doe')"
Dim myCmd As New SqlCommand(myInsert)
myCmd.Connection=myConn
myConn.Open()
myCmd.ExecuteNonQuery()
myCmd.Connection.Close()
When you run the application by using Microsoft Internet Explorer, you receive an error message that reads in part: "Login failed for user WebServerASPNET."
You need to ensure that the application can run successfully without prompting the user for a user name and password.
What should you do?
A. Change the authentication mode in IIS to basic authentication. Update the connection string.
B. Change the authentication mode in IIS to Anonymous and supply a login ID and password for a SQL Server login account that has access to the database. Update the connection string.
C. Enable Integrated Windows authentication in Internet Explorer.
D. Enable impersonation in the Web.config file.
Answer: D
9. You are an application developer for your company. You are developing an application that needs to exchange a shared key at the start of each communication with remote components. The exchange occurs over the Internet. You need to ensure that only the intended recipient can read the shared key. What should you do?
A. Sign the shared key by using the application's private key.
B. Encrypt the shared key by using the application's private key.
C. Encrypt the shared key by using the remote component's public key.
D. Encode the shared key by using the System.Text.Encoding.UTF8 object.
E. Encode the shared key by using the System.Text.Encoding.BigEndianUnicode object.
Answer: E
10. You are an application developer for your company. You maintain a Windows Forms application. Data entry logic for the application is enforced by the user interface layer. The application contains assemblies that communicate data changes to the database. The application also contains assemblies that implement business logic.
You create a new assembly named NewAssembly, which is called from the user interface. Values are passed to NewAssembly, which performs calculations by using the data. NewAssembly calls a separate assembly to store the resulting data in a database.
You need to perform unit testing on the application to identify security vulnerabilities caused by unanticipated use of the application.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Test the application by calling NewAssembly directly.
B. Test the application to verify whether it performs to the original functional specifications.
C. Test the application by using a domain administrator account.
D. Test the application by using the account of a user who should not have access to the application.
Answer: AD
11. You are an application developer for your company. You are developing an application that can be extended by using custom components. The application uses reflection to dynamically load and invoke these custom components. In some cases, custom components will originate from a source that is not fully trusted, such as the Internet. You need to programmatically restrict the code access security policy under which custom components run so that custom components do not run with an elevated permission grant. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Create a new application domain and set the security policy level. Run custom components in this application domain.
B. Use permission class operations to modify the security policy.
C. Implement custom permission classes to protect custom component resources.
D. Programmatically modify the machine-level security policy file after loading a custom component.
Answer: AB
12. You are an application developer for your company. You develop an application that uses an external class library. You run the Permissions View tool on the class library and receive the following output.
Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
minimal permission set:
<PermissionSet class="System.Security.PermissionSet" version="1">
<IPermission class="System.Security.Permissions.ReflectionPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="ReflectionEmit"/>
<IPermission class="System.Security.Permissions.SecurityPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="SerializationFormatter"/>
</PermissionSet>
optional permission set:
<PermissionSet class="System.Security.PermissionSet"
version="1" Unrestricted="true"/>
refused permission set:
Not specified
You need to add corresponding attributes in your application.
Which code segment should you use?
A. <Assembly: ReflectionPermission(SecurityAction.RequestRefuse, _ ReflectionEmit:=False), _
Assembly: SecurityPermission(SecurityAction.RequestRefuse, _ SerializationFormatter:=False), _ Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
B. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=False), _
Assembly: SecurityPermission(SecurityAction.RequestRefuse, _ SerializationFormatter:=False), _ Assembly: PermissionSetAttribute(SecurityAction.RequestRefuse, Unrestricted:=True)>
C. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=False), _
Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=False), _ Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
D. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=True), _
Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=True), _ Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
Answer: D
13. You are an application developer for your company. You develop an ASP.NET Web application for the company's intranet. The application accesses data that is stored in a Microsoft SQL Server database. Access to objects in the database is granted based on the identity of the user of the application. The application uses Windows authentication, and it has impersonation enabled. You need to modify the application so that it also uses a new serviced component. The new component requires applications that call it to have membership in the COM+ role named AuthorizedCallers. The developer who developed the new component creates a new Windows user account named InternalWebAppUser and adds this user account to the COM+ AuthorizedCallers role. The developer instructs you to write your application to access the serviced component by using the security context of this user account. You need to modify your code to call the new serviced component by using the security context of the InternalWebAppUser user account. What should you do?
A. Disable impersonation in the Web.config file and configure the ASP.NET worker process to run by using the InternalWebAppUser user account.
B. Set the authentication mode to None in the Web.config file.
C. Modify the database connection string to connect as the InternalWebAppUser user account.
D. Write code to impersonate the InternalWebAppUser user account for each call to the serviced component.
Answer: D
14. You are an application developer for your company. You create an ASP.NET Web application. The application allows customers to select items for purchase. During the active session of a customer, data about the quantity and price of items selected by the customer is stored in a cookie on the client computer. You need to test the application for security vulnerabilities. What should you do?
A. Test the application by using a browser that has cookies disabled.
B. Test the application by selecting 150 items for purchase.
C. Test the application by using a cookie that you create in a text editor.
D. Test the application by using the five most common Internet browsers.
Answer: C
Click Online chat to talk with us , get more informations about Microsoft MCSD.NET 70-330 practice exam study guides questions and answers
¡¡
Exam : Microsoft 70-330
Title : Implementing Security for Applications with MS VB.NET
1. You are an application developer for your company. You are developing a Windows Forms application. You deploy a supporting assembly named MyAssembly.dll to the global assembly cache. During testing, you discover that the application is prevented from accessing MyAssembly.dll.
You need to ensure that the application can access MyAssembly.dll.
What should you do?
A. Digitally sign the application by using a digital certificate.
B. Run the caspol.exe -s on command from the command line.
C. Run the Assembly Linker to link MyAssembly.dll to the application.
D. Modify the security policy to grant the application the FullTrust permission.
Answer: D
2. You are an application developer for your company. You are testing an application that was developed by another developer. The application maintains its own list of authorized users. Each user is assigned a security level of 1, 2, or 3. When a new user account is created, the security level for that user is entered into a text box. The new user account information is saved in a Microsoft SQL Server table by using a stored procedure. You verify that user accounts that have any of the three security levels can perform only the intended actions within the application. You need to identify any security vulnerabilities in the portion of the application that creates new user accounts. What should you do first?
A. Use SQL Query Analyzer to create a new user account that has a security level of 2. Test the application to see if the new user account can log on to the application.
B. Create a new user account that has a security level other than 1, 2, or 3. Test the application to see what the new user account can do.
C. Use Osql.exe to call the stored procedure and create a new user account that has a security level of 3. Test the application to see what the new user account can do.
D. Create a new user account that has a security level of 3. Test the application to see what the new user account can do.
Answer: B
3. You are an application developer for your company. The company runs an e-commerce Web site. Users log on to the Web site by using a password. Passwords are stored in a text file. The following code segment prepares the passwords for storage.
Function HashPassword(ByVal Pwd As String) As String
Return FormsAuthentication.HashPasswordForStoringInConfigFile(Pwd, "SHA1")
End Function
Users of the Web site are creating passwords that are easily cracked by dictionary attacks.
You need to decrease the likelihood that a dictionary attack will succeed if the password file is stolen, without restricting the passwords that users can create.
What should you do?
A. Create a dictionary file that contains common words. Write additional code to reject passwords that match the entries in the dictionary.
B. Apply a more restrictive discretionary access control list (DACL) to the password storage file.
C. Replace the HashPassword function with the following code segment. Function HashPassword(ByVal Pwd As String) As String Return FormsAuthentication.HashPasswordForStoringInConfigFile(Pwd, "MD5")End Function
D. Replace the HashPassword function with the following code segment. Function HashPassword(ByVal Pwd As String) As String Dim Rng As New RNGCryptoServiceProvider Dim Salt(16) As Byte Rng.GetBytes(Salt) Dim saltstr As String = Convert.ToBase64String(Salt) Return saltstr & FormsAuthentication.HashPasswordForStoringInConfigFile( _ saltstr & Pwd, "SHA1")End Function
E. Replace the HashPassword function with the following code segment. Function HashPassword(ByVal Pwd As String) As String Dim Hash As Integer = 0 Dim Enc As New UnicodeEncoding Dim HashData As Byte() = Enc.GetBytes(Pwd) Dim i As Integer For i = 0 To HashData.Length Step 2 Hash = Hash Xor (HashData(i) Or (HashData(i + 1) << 8)) Next Return Hash.ToString()End Function
Answer: D
4. You are an application developer for your company. You are developing an application that receives signed data. The data is signed by using the RSA encryption algorithm and the SHA1 hash algorithm. You need to write a function that will verify signatures by using RSA public credentials. Which code segment should you use?
A. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Dim MySig As Byte() = RSA.SignData(Data, "SHA1") Dim i As Integer For i = 0 To MySig.Length - 1 If i >= Signature.Length Or Signature(i) <> MySig(i) Then Return False End If Next Return TrueEnd Function
B. Public Function VerifySignature(ByVal Data() As Byte, ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Return RSA.VerifyData(Data, "SHA1", Signature)End Function
C. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Dim MySig As Byte() = RSA.Decrypt(Data, False) Dim i As Integer For i = 0 To MySig.Length - 1 If i >= Signature.Length Or Signature(i) <> MySig(i) Then Return False End If Next Return TrueEnd Function
D. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey) Dim shaOID As String = CryptoConfig.MapNameToOID("SHA1") Return RSA.VerifyHash(Data, shaOID, Signature)End Function
Answer: B
5. You are an application developer for your company, which is named Humongous Insurance. You are developing an application to manage medical insurance claims. The application includes a serviced component named ClaimRecord. The business rules implemented by the application allow only those users who are members of the HumongousInsuranceClaimsProcessor domain group to access the ClaimRecord component.
You apply attributes to the ClaimRecord component to enable role-based security. You use the following assembly-level attribute to add a role named ClaimsProcessor to the COM+ application that hosts the ClaimRecord component.
<Assembly: SecurityRole("ClaimsProcessor")>
You deploy the ClaimRecord component to your staging server. You log on to the application by using a user account that is a member of the HumongousInsuranceClaimsProcessor domain group. When your application attempts to access the ClaimRecord component, an UnauthorizedAccessException exception is thrown.
You need to modify the ClaimRecord component or reconfigure the COM+ application so that access is granted.
You need to achieve this goal without compromising the security requirement of the ClaimRecord component.
What should you do?
A. Replace the assembly-level attribute with the following attribute. <Assembly: SecurityRole("ClaimsProcessor", SetEveryoneAccess:=True)>
B. Replace the assembly-level attribute with the following attribute. <Assembly: SecurityRole("HumongousInsuranceClaimsProcessor")>
C. Add the SuppressUnmanagedCodeSecurity attribute to the ClaimRecord component.
D. Using the Component Services tool, add the HumongousInsuranceClaimsProcessor domain group to the COM+ ClaimsProcessor role.
Answer: D
6. You are an application developer for your company. You are developing an application that reads the USERNAME environment variable and executes code in an unmanaged DLL. The design document specifies that the application must display a custom message when the code access security policy restricts access to required resources. You need to write the code segment that will ascertain whether your application is permitted to access unmanaged code and the USERNAME environment variable. Your solution must allow the application to display the custom message when the application is being loaded. Which code segment should you use?
A. Try Dim ep As EnvironmentPermission = New _
EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME") Dim sp As SecurityPermission = New _ SecurityPermission(SecurityPermissionFlag.UnmanagedCode) ep.Demand() sp.Demand()Catch ex As SecurityException '...End Try
B. Dim ep As EnvironmentPermission = New _
EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME")Dim sp As SecurityPermission = New _ SecurityPermission(SecurityPermissionFlag.UnmanagedCode)If Not (ep.IsUnrestricted() And sp.IsUnrestricted()) Then ' ... End If
C. <EnvironmentPermission(SecurityAction.Demand, Read:="USERNAME"), _
SecurityPermission(SecurityAction.Demand, UnmanagedCode:=True)> _Sub Main() ' ... End Sub
D. <Assembly: EnvironmentPermission(SecurityAction.RequestMinimum,
Read:="USERNAME")><Assembly: SecurityPermission(SecurityAction.RequestMinimum, UnmanagedCode:=True)>
Answer: B
7. You are an application developer for your company. The company maintains an internal, self-signed certification authority (CA). You are releasing a new internal Windows Forms application. A written company policy prohibits internal applications from running on client computers unless the identity and integrity of those applications can be proven. The Microsoft .NET Framework on all client computers is configured to enforce this restriction. You need to ensure that your application will run when installed on all client computers. Your solution must not require any financial expenditure. What should you do?
A. Use a software publisher certificate issued by the internal CA to sign the application assemblies.
B. Use a software publisher certificate issued by a third-party commercial CA to sign the application assemblies.
C. Run the Certificate Creation tool and the Software Publisher Certificate Test tool before distributing the application to client computers.
D. Distribute the application as an e-mail attachment. Digitally sign the e-mail message before sending it to all company users.
Answer: A
8. You are an application developer for your company. You create a Web application that is used by all users in the company. The application is hosted on the intranet Web server, which is named WebServer. WebServer has IIS 5.0 installed. The Web application is configured to use Integrated Windows authentication. The Web.config file specifies that the authentication mode is set to Windows.
The application connects to a Microsoft SQL Server database named DataStore. The database is located on WebServer. The SQL Server computer is configured with SQL Server logins disabled. The database connection code is shown in the following code segment.
Dim myConnStr As String
myConnStr = "Initial Catalog=""DataStore"";"
myConnStr = myConnStr & "Data Source=localhost;Integrated Security=SSPI;"
Dim myConn As New SqlConnection(myConnStr)
Dim myInsert As String
myInsert = "INSERT INTO Customer (CustomerID, Name) Values('123', 'John Doe')"
Dim myCmd As New SqlCommand(myInsert)
myCmd.Connection=myConn
myConn.Open()
myCmd.ExecuteNonQuery()
myCmd.Connection.Close()
When you run the application by using Microsoft Internet Explorer, you receive an error message that reads in part: "Login failed for user WebServerASPNET."
You need to ensure that the application can run successfully without prompting the user for a user name and password.
What should you do?
A. Change the authentication mode in IIS to basic authentication. Update the connection string.
B. Change the authentication mode in IIS to Anonymous and supply a login ID and password for a SQL Server login account that has access to the database. Update the connection string.
C. Enable Integrated Windows authentication in Internet Explorer.
D. Enable impersonation in the Web.config file.
Answer: D
9. You are an application developer for your company. You are developing an application that needs to exchange a shared key at the start of each communication with remote components. The exchange occurs over the Internet. You need to ensure that only the intended recipient can read the shared key. What should you do?
A. Sign the shared key by using the application's private key.
B. Encrypt the shared key by using the application's private key.
C. Encrypt the shared key by using the remote component's public key.
D. Encode the shared key by using the System.Text.Encoding.UTF8 object.
E. Encode the shared key by using the System.Text.Encoding.BigEndianUnicode object.
Answer: E
10. You are an application developer for your company. You maintain a Windows Forms application. Data entry logic for the application is enforced by the user interface layer. The application contains assemblies that communicate data changes to the database. The application also contains assemblies that implement business logic.
You create a new assembly named NewAssembly, which is called from the user interface. Values are passed to NewAssembly, which performs calculations by using the data. NewAssembly calls a separate assembly to store the resulting data in a database.
You need to perform unit testing on the application to identify security vulnerabilities caused by unanticipated use of the application.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Test the application by calling NewAssembly directly.
B. Test the application to verify whether it performs to the original functional specifications.
C. Test the application by using a domain administrator account.
D. Test the application by using the account of a user who should not have access to the application.
Answer: AD
11. You are an application developer for your company. You are developing an application that can be extended by using custom components. The application uses reflection to dynamically load and invoke these custom components. In some cases, custom components will originate from a source that is not fully trusted, such as the Internet. You need to programmatically restrict the code access security policy under which custom components run so that custom components do not run with an elevated permission grant. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Create a new application domain and set the security policy level. Run custom components in this application domain.
B. Use permission class operations to modify the security policy.
C. Implement custom permission classes to protect custom component resources.
D. Programmatically modify the machine-level security policy file after loading a custom component.
Answer: AB
12. You are an application developer for your company. You develop an application that uses an external class library. You run the Permissions View tool on the class library and receive the following output.
Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
minimal permission set:
<PermissionSet class="System.Security.PermissionSet" version="1">
<IPermission class="System.Security.Permissions.ReflectionPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="ReflectionEmit"/>
<IPermission class="System.Security.Permissions.SecurityPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="SerializationFormatter"/>
</PermissionSet>
optional permission set:
<PermissionSet class="System.Security.PermissionSet"
version="1" Unrestricted="true"/>
refused permission set:
Not specified
You need to add corresponding attributes in your application.
Which code segment should you use?
A. <Assembly: ReflectionPermission(SecurityAction.RequestRefuse, _ ReflectionEmit:=False), _
Assembly: SecurityPermission(SecurityAction.RequestRefuse, _ SerializationFormatter:=False), _ Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
B. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=False), _
Assembly: SecurityPermission(SecurityAction.RequestRefuse, _ SerializationFormatter:=False), _ Assembly: PermissionSetAttribute(SecurityAction.RequestRefuse, Unrestricted:=True)>
C. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=False), _
Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=False), _ Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
D. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=True), _
Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=True), _ Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
Answer: D
13. You are an application developer for your company. You develop an ASP.NET Web application for the company's intranet. The application accesses data that is stored in a Microsoft SQL Server database. Access to objects in the database is granted based on the identity of the user of the application. The application uses Windows authentication, and it has impersonation enabled. You need to modify the application so that it also uses a new serviced component. The new component requires applications that call it to have membership in the COM+ role named AuthorizedCallers. The developer who developed the new component creates a new Windows user account named InternalWebAppUser and adds this user account to the COM+ AuthorizedCallers role. The developer instructs you to write your application to access the serviced component by using the security context of this user account. You need to modify your code to call the new serviced component by using the security context of the InternalWebAppUser user account. What should you do?
A. Disable impersonation in the Web.config file and configure the ASP.NET worker process to run by using the InternalWebAppUser user account.
B. Set the authentication mode to None in the Web.config file.
C. Modify the database connection string to connect as the InternalWebAppUser user account.
D. Write code to impersonate the InternalWebAppUser user account for each call to the serviced component.
Answer: D
14. You are an application developer for your company. You create an ASP.NET Web application. The application allows customers to select items for purchase. During the active session of a customer, data about the quantity and price of items selected by the customer is stored in a cookie on the client computer. You need to test the application for security vulnerabilities. What should you do?
A. Test the application by using a browser that has cookies disabled.
B. Test the application by selecting 150 items for purchase.
C. Test the application by using a cookie that you create in a text editor.
D. Test the application by using the five most common Internet browsers.
Answer: C
Click Online chat to talk with us , get more informations about Microsoft MCSD.NET 70-330 practice exam study guides questions and answers
Test4pass 70-330 Exam Features
Quality and Value for the 70-330 Exam
Test4pass Practice Exams for Microsoft 70-330 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 70-330 Exam
If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the MCSD.NET 70-330 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.
Microsoft 70-330 Downloadable, Printable Exams (in PDF format)
Our Exam 70-330 Preparation Material provides you everything you will need to take your 70-330 Exam. The 70-330 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.
70-330 Downloadable, Interactive Testing engines
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Microsoft 70-330 Exam will provide you with free 70-330 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 70-330 Exam:100% Guarantee to Pass Your MCSD.NET exam and get your MCSD.NET Certification.
Test4pass 70-330 examTest4pass 70-330 pdf exam
Test4pass 70-330 braindumps
Test4pass 70-330 study guides
Test4pass 70-330 trainning materials
Test4pass 70-330 simulations
Test4pass 70-330 testing engine
Test4pass 70-330 vce
Test4pass 70-330 torrent
Test4pass 70-330 dumps
free download 70-330
Test4pass 70-330 practice exam
Test4pass 70-330 preparation files
Test4pass 70-330 questions
Test4pass 70-330 answers
http://www.test4pass.com/70-330-exam.html The safer.easier way to get MCSD.NET Certification
MCAD.NET Certification
.
My Shopping Cart
