70-340 Exam
Implementing Security for Applications with Microsoft Visual C# .NET
- Exam Number/Code : 70-340
- Exam Name : Implementing Security for Applications with Microsoft Visual C# .NET
- Questions and Answers : 90 Q&As
- Update Time: 2011-09-21
- Price:
$ 119.00$ 69.00
Free 70-340 Demo Download
Test4pass offers free demo for MCSD.NET 70-340 exam (Implementing Security for Applications with Microsoft Visual C# .NET). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
Exam Description
It is well known that 70-340 exam test is the hot exam of Microsoft certification. Test4pass offer you all the Q&A of the 70-340 real test . It is the examination of the perfect combination and it will help you pass 70-340 exam at the first time!
Why choose Test4pass 70-340 braindumps
Quality and Value for the 70-340 Exam
100% Guarantee to Pass Your 70-340 Exam
Downloadable, Interactive 70-340 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.
Microsoft MCSD.NET 70-340 exam braindumps questions and answers
¡¡
¡¡
Exam : Microsoft 70-340
Title : Implementing Security for Applications with MS Visual C#.NET
1. You are an application developer for your company. You are developing an application that will be used in the human resources departments of companies that purchase the application. The application includes administrative features that enable users to access and modify confidential information that the application manages. Usability testing indicates that customers deploy the application without properly restricting administrative features.
You need to ensure that the application is more secure when it is deployed.
What should you do?
A. Develop sample template configuration files for the application.
B. Configure the default installation of the application to disable all the administrative features.
C. Develop two editions of the application that have the administrative features enabled by default in one edition and disabled by default in the other edition.
D. Create a Readme.doc file that describes the risks of leaving the administrative features enabled and provides instructions for disabling the features.
Answer: B
2. You are an application developer for your company. You create a serviced component named RecordsAdmin. RecordsAdmin exposes administrative methods for a records management application. The declaration for RecordsAdmin includes the following code segment.
[assembly: ApplicationAccessControl(true)]
[ComponentAccessControl(true),
SecurityRole("Admin")]
public class RecordsAdmin : ServicedComponent {
}
You install RecordsAdmin on a test computer. You use a test application that runs on the test computer under a local computer account named Tester. The Tester account is a member of the Users group and the Debugger Users group. When the test application calls RecordsAdmin, you receive the following error message: "Access is denied."
You want the test application to have access to RecordsAdmin. You want to achieve this goal without granting unnecessary permissions to the Tester account.
What should you do?
A. Add the Tester account to the local Administrators group.
B. Add the Tester account to the Admin role of RecordsAdmin by using the Component Services tool.
C. Add a role named TesterRole to RecordsAdmin. Add the Tester account to the TesterRole role by using the Component Services tool.
D. To the beginning of each method exposed by RecordsAdmin, add the following code segment.
if (ContextUtil.IsCallerInRole("Admin")) {
// Method body here
}
E. To the beginning of each method exposed by RecordsAdmin, add the following code segment.
SecurityCallContext context;
context = SecurityCallContext.CurrentCall;
if (context.IsUserInRole("Admin", "Tester")) {
// Method body here
}
Answer: C
3. You are an application developer for your company. You are conducting a code review of an application that was developed by another developer. The application stores both public data and confidential data. The application stores the data in a file on the hard disk of a user's client computer.
The following code segment manages the writing of all application data to the file. The array named data1 contains the public data, and the array named data2 contains the confidential data.
public void WriteData(DES des, byte[] data1, byte[] data2, FileStream fsout) {
CryptoStream cs = new CryptoStream(
fsout, des.CreateEncryptor(), CryptoStreamMode.Write);
cs.Write(data1, 0, data1.Length);
cs.Write(data2, 0, data2.Length);
cs.FlushFinalBlock();
}
You need to improve the response time of this application, without reducing its security. Any changes you make to the WriteData function will be reflected in the code portion for reading data.
What should you do?
A. Replace the code segment with the following code segment.
public void WriteData(DES des, byte[] data1, byte[] data2, FileStream fsout) {
fsout.Write(data1, 0, data1.Length);
CryptoStream cs = new CryptoStream(
fsout, des.CreateEncryptor(), CryptoStreamMode.Write);
cs.Write(data2, 0, data2.Length);
cs.FlushFinalBlock();
}
B. Replace the call to the FlushFinalBlock method with the following code segment.
int excess = (data1.Length+data2.Length) % des.BlockSize;
if (excess > 0) {
byte[] padding = new byte[des.BlockSize - excess];
cs.Write(padding, 0, padding.Length);
}
C. Modify the application to use asymmetric encryption
D. Call the cs.Write function by using data blocks that have a length equal to the des.BlockSize property. Repeat the call until all the data is written to the file.
Answer: A
4. You are an application developer for your company. You are developing a forms-based application that reads files that are named by users of the application. The application contains the following method.
bool approveFileName(string fileName) {
string docRoot=@"C:MyAppDocuments";
// Your code goes here... Throw an exception if you meet an error.
return true;
}
Users of the application must not be allowed to access files that are stored in any location other than the C:MyAppDocuments folder.
You need to add code to the method to achieve this goal.
Which code segment or code segments should you use? (Choose all that apply.)
A. fileName=Path.GetFullPath(fileName);
B. fileName=fileName.ToUpper();
C. fileName=fileName.ToLower();
D. docRoot=docRoot.ToLower();
E. fileName=docRoot+fileName;
F. if (!fileName.StartsWith(docRoot))
throw new ApplicationException (
"User asked for file in wrong directory");
Answer: ACDF
5. You are an application developer for your company. Part of an application that you are developing accepts user input from a TextBox control. The information entered by the user must be alphanumeric only, and it must contain no symbols or punctuation.
You need to ensure that the user's input contains only the appropriate data before using the input elsewhere in the application. Your solution must not require users of the application to take additional steps when entering data.
What should you do?
A. Modify the TextChanged event handler of the TextBox control so that the Text property of the text box is cleared whenever a non-alphanumeric character is detected.
B. Use the following regular expression to modify the user's input.
[^w.@-]
C. Store the user's input in a variable named userinput. Use the following expression to modify the user's input.
userinput.Replace("@-]","")
D. Convert the user's input to all lowercase characters.
Answer: B
6. You are an application developer for your company. You are developing an ASP.NET Web application. All users in the company use Microsoft Internet Explorer 6.0. A group of users is testing the application. The users report that when an exception occurs, the full exception information is displayed in their Web browsers.
You need to ensure that the full exception information is not displayed when an exception occurs.
What should you do?
A. Require users to use HTTPS to access the application.
B. Trap all exceptions and display a generic error message.
C. Instruct users to enable friendly error messages in Internet Explorer.
D. Obfuscate the compiled assemblies of the application
E. Modify the application's configuration to disable custom errors.
Answer: B
7. You are an application developer for your company. You develop a Windows Forms application that connects to a local Microsoft SQL Server database by using the Microsoft .NET Framework Data Provider for SQL Server. The application currently connects to the database by using an account that is a member of the System Administrator role in SQL Server.
You need to ensure that the application can connect to the database by using the user account of the interactive user without providing additional permissions.
What should you do?
A. Modify the application to activate a SQL Server application role.
B. Modify the application to use SQL Server integrated security.
C. Modify the application to send a security token that contains the authentication information in a Kerberos ticket.
D. Modify the application to use COM+ security roles.
Answer: B
8. You are an application developer for your company. You are conducting a code review of a Windows Forms application that was developed by another developer. The application includes a function named Logon(), which validates a user's logon credentials. The function displays a dialog box for the user to enter the user's credentials, and the function validates those credentials by using a database.
The function returns a value of 0 if the user's password is incorrect, a value of 1 if the user's user ID is incorrect, and a value of 2 if both are correct. Users should receive access to the application only if the function returns a value of 2. A function named EndApp() is used to exit the application.
The application must display a message to the user, depending on the result of the Logon() function. The application contains the following code segment.
int logonresult = Logon();
switch(logonresult) {
case 0:
MessageBox.Show("User name is OK, password incorrect.");
break;
case 1:
MessageBox.Show("User name is incorrect.");
break;
default:
MessageBox.Show("Welcome!");
break;
}
if(logonresult != 2) {
EndApp();
}
You need to improve the security of this code segment while maintaining its funtionality. You decide to replace the existing code segment.
Which code segment should you use?
A. if(Logon() != 2) {
Console.WriteLine("Logon error.");
EndApp();
}
B. if(Logon() != 2) {
Console.WriteLine("Logon error.");
EndApp();
}
else {
MessageBox.Show("Welcome!");
}
C. int logonresult = Logon();
switch(logonresult) {
case 0:
MessageBox.Show("User name is OK, password incorrect.");
EndApp();
break;
case 1:
MessageBox.Show("User name is incorrect.");
EndApp();
break;
default:
MessageBox.Show("Welcome!");
break;
}
D. int logonresult = Logon();
if(logonresult == 2) {
MessageBox.Show("Welcome!");
}
else {
MessageBox.Show("User name or password was incorrect.");
EndApp();
}
Answer: D
9. You are an application developer for your company. You are responsible for maintaining an application that uses data that is stored in a Microsoft SQL Server database.
The application accepts user input into a variable named userinput and saves the input in a smallint column in a SQL Server table. The application uses a stored procedure to save the data. The application contains the following code segment.
//Gets input and ensures input is numeric
userinput = GetUserInput();
if(userinput < -32768 || userinput > 32767) {
MessageBox.Show("Input is out of range.");
}
else {
//call stored procedure to save input
SaveToSQL(userinput);
}
The SQL Server administrator informs you that several errors have been logged on the SQL Server computer. The errors indicate that the stored procedure attempted to save data that was out of range for the smallint column.
You need to prevent these errors from occurring.
What should you do?
A. Modify the stored procedure so that the input parameter is declared as smallint.
B. Change the data type of the column to int.
C. Replace the code segment with the following code segment.
//Gets input and ensures input is numeric
userinput = GetUserInput();
if(userinput > -32768 || userinput < 32767) {
MessageBox.Show("Input is out of range.");
}
else {
//call stored procedure to save input
SaveToSQL(userinput);
}
D. Replace the code segment with the following code segment.
//Gets input and ensures input is numeric
userinput = GetUserInput();
if(userinput < 0 || userinput > 32767) {
MessageBox.Show("Input is out of range.");
}
else {
//call stored procedure to save input
SaveToSQL(userinput);
}
Answer: A
10. You are an application developer for your company. You are developing a Windows-based payroll application that will be used by all payroll administrators in the company. The application has a single executable file that uses a separate assembly to modify payroll data.
You need to design security for your application to ensure that the assembly cannot be called by unauthenticated and unauthorized users.
What should you do?
A. Run the application by using a user account that has access to the application directory.
B. Modify the application to validate all user-entered data.
C. Modify the application to authenticate and authorize user access within each assembly as it is called.
D. Modify the application to authenticate and authorize user access when each user runs the executable file.
E. Set the folder-level permissions to the executable file by using directory security
Answer: C
11. You are an application developer for your company. You develop an application that uses an external class library. You run the Permissions View tool on the class library and receive the following outpu
Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
minimal permission set:
<PermissionSet class="System.Security.PermissionSet" version="1">
<IPermission class="System.Security.Permissions.ReflectionPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="ReflectionEmit"/>
<IPermission class="System.Security.Permissions.SecurityPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="SerializationFormatter"/>
</PermissionSet>
optional permission set:
<PermissionSet class="System.Security.PermissionSet"
version="1" Unrestricted="true"/>
refused permission set:
Not specified
You need to add corresponding attributes in your application.
Which code segment should you use?
A. [assembly: ReflectionPermission(SecurityAction.RequestRefuse, ReflectionEmit=false)]
[assembly: SecurityPermission(SecurityAction.RequestRefuse,
SerializationFormatter=false)]
[assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)]
B. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=false)]
[assembly: SecurityPermission(SecurityAction.RequestRefuse,
SerializationFormatter=false)]
[assembly: PermissionSetAttribute(SecurityAction.RequestRefuse, Unrestricted=true)]
C. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=false)]
[assembly: SecurityPermission(SecurityAction.RequestMinimum,
SerializationFormatter=false)]
[assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)]
D. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=true)]
[assembly: SecurityPermission(SecurityAction.RequestMinimum,
SerializationFormatter=true)]
[assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)]
Answer: D
12. You are an application developer for your company. You are developing a Windows Forms application. You deploy a supporting assembly named MyAssembly.dll to the global assembly cache. During testing, you discover that the application is prevented from accessing MyAssembly.dll.
You need to ensure that the application can access MyAssembly.dll.
What should you do?
A. Digitally sign the application by using a digital certificate.
B. Run the caspol.exe -s on command from the command line.
C. Run the Assembly Linker to link MyAssembly.dll to the application.
D. Modify the security policy to grant the application the FullTrust permission.
Answer: D
13. You are an application developer for your company. You are using the Microsoft .NET Framework to develop an application that uses a Web service. The Web service is provided by a vendor and is accessed over the Internet.
Your application retrieves string data from the Web service and stores it in a variable named webdata. The application also defines a SqlCommand object named sqlcmd. The application contains the following code segment.
string myquery;
myquery = "INSERT INTO WebTable (WebData) VALUES(";
myquery += webdata + ")";
sqlcmd.CommandText = myquery;
sqlcmd.ExecuteNonQuery()
You need to improve the security of this code segment while maintaining its functionality.
What should you do?
A. Ask the vendor to perform data validation on all data that is provided by the Web service.
B. Modify the application to use declarative security.
C. Ask the vendor to provide a Web service that is written by using the .NET Framework.
D. Format the contents of webdata to be compatible with the SQL Server data type and remove encoded data or SQL statements.
Answer: D
14. You are an application developer for your company. You create a Web application that is used by all users in the company. The application is hosted on the intranet Web server, which is named WebServer. WebServer has IIS 5.0 installed. The Web application is configured to use Integrated Windows authentication. The Web.config file specifies that the authentication mode is set to Windows.
The application connects to a Microsoft SQL Server database named DataStore. The database is located on WebServer. The SQL Server computer is configured with SQL Server logins disabled. The database connection code is shown in the following code segment.
string myConnStr;
myConnStr = @"Initial Catalog=""DataStore"";";
myConnStr = myConnStr + "Data Source=localhost;Integrated Security=SSPI;";
SqlConnection myConn = new SqlConnection(myConnStr);
string myInsert;
myInsert = "INSERT INTO Customer (CustomerID, Name) Values('123', 'John Doe')";
SqlCommand myCmd = new SqlCommand(myInsert);
myCmd.Connection = myConn;
myConn.Open();
myCmd.ExecuteNonQuery();
myCmd.Connection.Close();
When you run the application by using Microsoft Internet Explorer, you receive an error message that reads in part: "Login failed for user WebServerASPNET."
You need to ensure that the application can run successfully without prompting the user for a user name and password.
What should you do?
A. Change the authentication mode in IIS to basic authentication. Update the connection string.
B. Change the authentication mode in IIS to Anonymous and supply a login ID and password for a SQL Server login account that has access to the database. Update the connection string.
C. Enable Integrated Windows authentication in Internet Explorer.
D. Enable impersonation in the Web.config file.
Answer: D
Click Online chat to talk with us , get more informations about Microsoft MCSD.NET 70-340 practice exam study guides questions and answers
¡¡
Exam : Microsoft 70-340
Title : Implementing Security for Applications with MS Visual C#.NET
1. You are an application developer for your company. You are developing an application that will be used in the human resources departments of companies that purchase the application. The application includes administrative features that enable users to access and modify confidential information that the application manages. Usability testing indicates that customers deploy the application without properly restricting administrative features.
You need to ensure that the application is more secure when it is deployed.
What should you do?
A. Develop sample template configuration files for the application.
B. Configure the default installation of the application to disable all the administrative features.
C. Develop two editions of the application that have the administrative features enabled by default in one edition and disabled by default in the other edition.
D. Create a Readme.doc file that describes the risks of leaving the administrative features enabled and provides instructions for disabling the features.
Answer: B
2. You are an application developer for your company. You create a serviced component named RecordsAdmin. RecordsAdmin exposes administrative methods for a records management application. The declaration for RecordsAdmin includes the following code segment.
[assembly: ApplicationAccessControl(true)]
[ComponentAccessControl(true),
SecurityRole("Admin")]
public class RecordsAdmin : ServicedComponent {
}
You install RecordsAdmin on a test computer. You use a test application that runs on the test computer under a local computer account named Tester. The Tester account is a member of the Users group and the Debugger Users group. When the test application calls RecordsAdmin, you receive the following error message: "Access is denied."
You want the test application to have access to RecordsAdmin. You want to achieve this goal without granting unnecessary permissions to the Tester account.
What should you do?
A. Add the Tester account to the local Administrators group.
B. Add the Tester account to the Admin role of RecordsAdmin by using the Component Services tool.
C. Add a role named TesterRole to RecordsAdmin. Add the Tester account to the TesterRole role by using the Component Services tool.
D. To the beginning of each method exposed by RecordsAdmin, add the following code segment.
if (ContextUtil.IsCallerInRole("Admin")) {
// Method body here
}
E. To the beginning of each method exposed by RecordsAdmin, add the following code segment.
SecurityCallContext context;
context = SecurityCallContext.CurrentCall;
if (context.IsUserInRole("Admin", "Tester")) {
// Method body here
}
Answer: C
3. You are an application developer for your company. You are conducting a code review of an application that was developed by another developer. The application stores both public data and confidential data. The application stores the data in a file on the hard disk of a user's client computer.
The following code segment manages the writing of all application data to the file. The array named data1 contains the public data, and the array named data2 contains the confidential data.
public void WriteData(DES des, byte[] data1, byte[] data2, FileStream fsout) {
CryptoStream cs = new CryptoStream(
fsout, des.CreateEncryptor(), CryptoStreamMode.Write);
cs.Write(data1, 0, data1.Length);
cs.Write(data2, 0, data2.Length);
cs.FlushFinalBlock();
}
You need to improve the response time of this application, without reducing its security. Any changes you make to the WriteData function will be reflected in the code portion for reading data.
What should you do?
A. Replace the code segment with the following code segment.
public void WriteData(DES des, byte[] data1, byte[] data2, FileStream fsout) {
fsout.Write(data1, 0, data1.Length);
CryptoStream cs = new CryptoStream(
fsout, des.CreateEncryptor(), CryptoStreamMode.Write);
cs.Write(data2, 0, data2.Length);
cs.FlushFinalBlock();
}
B. Replace the call to the FlushFinalBlock method with the following code segment.
int excess = (data1.Length+data2.Length) % des.BlockSize;
if (excess > 0) {
byte[] padding = new byte[des.BlockSize - excess];
cs.Write(padding, 0, padding.Length);
}
C. Modify the application to use asymmetric encryption
D. Call the cs.Write function by using data blocks that have a length equal to the des.BlockSize property. Repeat the call until all the data is written to the file.
Answer: A
4. You are an application developer for your company. You are developing a forms-based application that reads files that are named by users of the application. The application contains the following method.
bool approveFileName(string fileName) {
string docRoot=@"C:MyAppDocuments";
// Your code goes here... Throw an exception if you meet an error.
return true;
}
Users of the application must not be allowed to access files that are stored in any location other than the C:MyAppDocuments folder.
You need to add code to the method to achieve this goal.
Which code segment or code segments should you use? (Choose all that apply.)
A. fileName=Path.GetFullPath(fileName);
B. fileName=fileName.ToUpper();
C. fileName=fileName.ToLower();
D. docRoot=docRoot.ToLower();
E. fileName=docRoot+fileName;
F. if (!fileName.StartsWith(docRoot))
throw new ApplicationException (
"User asked for file in wrong directory");
Answer: ACDF
5. You are an application developer for your company. Part of an application that you are developing accepts user input from a TextBox control. The information entered by the user must be alphanumeric only, and it must contain no symbols or punctuation.
You need to ensure that the user's input contains only the appropriate data before using the input elsewhere in the application. Your solution must not require users of the application to take additional steps when entering data.
What should you do?
A. Modify the TextChanged event handler of the TextBox control so that the Text property of the text box is cleared whenever a non-alphanumeric character is detected.
B. Use the following regular expression to modify the user's input.
[^w.@-]
C. Store the user's input in a variable named userinput. Use the following expression to modify the user's input.
userinput.Replace("@-]","")
D. Convert the user's input to all lowercase characters.
Answer: B
6. You are an application developer for your company. You are developing an ASP.NET Web application. All users in the company use Microsoft Internet Explorer 6.0. A group of users is testing the application. The users report that when an exception occurs, the full exception information is displayed in their Web browsers.
You need to ensure that the full exception information is not displayed when an exception occurs.
What should you do?
A. Require users to use HTTPS to access the application.
B. Trap all exceptions and display a generic error message.
C. Instruct users to enable friendly error messages in Internet Explorer.
D. Obfuscate the compiled assemblies of the application
E. Modify the application's configuration to disable custom errors.
Answer: B
7. You are an application developer for your company. You develop a Windows Forms application that connects to a local Microsoft SQL Server database by using the Microsoft .NET Framework Data Provider for SQL Server. The application currently connects to the database by using an account that is a member of the System Administrator role in SQL Server.
You need to ensure that the application can connect to the database by using the user account of the interactive user without providing additional permissions.
What should you do?
A. Modify the application to activate a SQL Server application role.
B. Modify the application to use SQL Server integrated security.
C. Modify the application to send a security token that contains the authentication information in a Kerberos ticket.
D. Modify the application to use COM+ security roles.
Answer: B
8. You are an application developer for your company. You are conducting a code review of a Windows Forms application that was developed by another developer. The application includes a function named Logon(), which validates a user's logon credentials. The function displays a dialog box for the user to enter the user's credentials, and the function validates those credentials by using a database.
The function returns a value of 0 if the user's password is incorrect, a value of 1 if the user's user ID is incorrect, and a value of 2 if both are correct. Users should receive access to the application only if the function returns a value of 2. A function named EndApp() is used to exit the application.
The application must display a message to the user, depending on the result of the Logon() function. The application contains the following code segment.
int logonresult = Logon();
switch(logonresult) {
case 0:
MessageBox.Show("User name is OK, password incorrect.");
break;
case 1:
MessageBox.Show("User name is incorrect.");
break;
default:
MessageBox.Show("Welcome!");
break;
}
if(logonresult != 2) {
EndApp();
}
You need to improve the security of this code segment while maintaining its funtionality. You decide to replace the existing code segment.
Which code segment should you use?
A. if(Logon() != 2) {
Console.WriteLine("Logon error.");
EndApp();
}
B. if(Logon() != 2) {
Console.WriteLine("Logon error.");
EndApp();
}
else {
MessageBox.Show("Welcome!");
}
C. int logonresult = Logon();
switch(logonresult) {
case 0:
MessageBox.Show("User name is OK, password incorrect.");
EndApp();
break;
case 1:
MessageBox.Show("User name is incorrect.");
EndApp();
break;
default:
MessageBox.Show("Welcome!");
break;
}
D. int logonresult = Logon();
if(logonresult == 2) {
MessageBox.Show("Welcome!");
}
else {
MessageBox.Show("User name or password was incorrect.");
EndApp();
}
Answer: D
9. You are an application developer for your company. You are responsible for maintaining an application that uses data that is stored in a Microsoft SQL Server database.
The application accepts user input into a variable named userinput and saves the input in a smallint column in a SQL Server table. The application uses a stored procedure to save the data. The application contains the following code segment.
//Gets input and ensures input is numeric
userinput = GetUserInput();
if(userinput < -32768 || userinput > 32767) {
MessageBox.Show("Input is out of range.");
}
else {
//call stored procedure to save input
SaveToSQL(userinput);
}
The SQL Server administrator informs you that several errors have been logged on the SQL Server computer. The errors indicate that the stored procedure attempted to save data that was out of range for the smallint column.
You need to prevent these errors from occurring.
What should you do?
A. Modify the stored procedure so that the input parameter is declared as smallint.
B. Change the data type of the column to int.
C. Replace the code segment with the following code segment.
//Gets input and ensures input is numeric
userinput = GetUserInput();
if(userinput > -32768 || userinput < 32767) {
MessageBox.Show("Input is out of range.");
}
else {
//call stored procedure to save input
SaveToSQL(userinput);
}
D. Replace the code segment with the following code segment.
//Gets input and ensures input is numeric
userinput = GetUserInput();
if(userinput < 0 || userinput > 32767) {
MessageBox.Show("Input is out of range.");
}
else {
//call stored procedure to save input
SaveToSQL(userinput);
}
Answer: A
10. You are an application developer for your company. You are developing a Windows-based payroll application that will be used by all payroll administrators in the company. The application has a single executable file that uses a separate assembly to modify payroll data.
You need to design security for your application to ensure that the assembly cannot be called by unauthenticated and unauthorized users.
What should you do?
A. Run the application by using a user account that has access to the application directory.
B. Modify the application to validate all user-entered data.
C. Modify the application to authenticate and authorize user access within each assembly as it is called.
D. Modify the application to authenticate and authorize user access when each user runs the executable file.
E. Set the folder-level permissions to the executable file by using directory security
Answer: C
11. You are an application developer for your company. You develop an application that uses an external class library. You run the Permissions View tool on the class library and receive the following outpu
Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
minimal permission set:
<PermissionSet class="System.Security.PermissionSet" version="1">
<IPermission class="System.Security.Permissions.ReflectionPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="ReflectionEmit"/>
<IPermission class="System.Security.Permissions.SecurityPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="SerializationFormatter"/>
</PermissionSet>
optional permission set:
<PermissionSet class="System.Security.PermissionSet"
version="1" Unrestricted="true"/>
refused permission set:
Not specified
You need to add corresponding attributes in your application.
Which code segment should you use?
A. [assembly: ReflectionPermission(SecurityAction.RequestRefuse, ReflectionEmit=false)]
[assembly: SecurityPermission(SecurityAction.RequestRefuse,
SerializationFormatter=false)]
[assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)]
B. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=false)]
[assembly: SecurityPermission(SecurityAction.RequestRefuse,
SerializationFormatter=false)]
[assembly: PermissionSetAttribute(SecurityAction.RequestRefuse, Unrestricted=true)]
C. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=false)]
[assembly: SecurityPermission(SecurityAction.RequestMinimum,
SerializationFormatter=false)]
[assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)]
D. [assembly: ReflectionPermission(SecurityAction.RequestMinimum, ReflectionEmit=true)]
[assembly: SecurityPermission(SecurityAction.RequestMinimum,
SerializationFormatter=true)]
[assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted=true)]
Answer: D
12. You are an application developer for your company. You are developing a Windows Forms application. You deploy a supporting assembly named MyAssembly.dll to the global assembly cache. During testing, you discover that the application is prevented from accessing MyAssembly.dll.
You need to ensure that the application can access MyAssembly.dll.
What should you do?
A. Digitally sign the application by using a digital certificate.
B. Run the caspol.exe -s on command from the command line.
C. Run the Assembly Linker to link MyAssembly.dll to the application.
D. Modify the security policy to grant the application the FullTrust permission.
Answer: D
13. You are an application developer for your company. You are using the Microsoft .NET Framework to develop an application that uses a Web service. The Web service is provided by a vendor and is accessed over the Internet.
Your application retrieves string data from the Web service and stores it in a variable named webdata. The application also defines a SqlCommand object named sqlcmd. The application contains the following code segment.
string myquery;
myquery = "INSERT INTO WebTable (WebData) VALUES(";
myquery += webdata + ")";
sqlcmd.CommandText = myquery;
sqlcmd.ExecuteNonQuery()
You need to improve the security of this code segment while maintaining its functionality.
What should you do?
A. Ask the vendor to perform data validation on all data that is provided by the Web service.
B. Modify the application to use declarative security.
C. Ask the vendor to provide a Web service that is written by using the .NET Framework.
D. Format the contents of webdata to be compatible with the SQL Server data type and remove encoded data or SQL statements.
Answer: D
14. You are an application developer for your company. You create a Web application that is used by all users in the company. The application is hosted on the intranet Web server, which is named WebServer. WebServer has IIS 5.0 installed. The Web application is configured to use Integrated Windows authentication. The Web.config file specifies that the authentication mode is set to Windows.
The application connects to a Microsoft SQL Server database named DataStore. The database is located on WebServer. The SQL Server computer is configured with SQL Server logins disabled. The database connection code is shown in the following code segment.
string myConnStr;
myConnStr = @"Initial Catalog=""DataStore"";";
myConnStr = myConnStr + "Data Source=localhost;Integrated Security=SSPI;";
SqlConnection myConn = new SqlConnection(myConnStr);
string myInsert;
myInsert = "INSERT INTO Customer (CustomerID, Name) Values('123', 'John Doe')";
SqlCommand myCmd = new SqlCommand(myInsert);
myCmd.Connection = myConn;
myConn.Open();
myCmd.ExecuteNonQuery();
myCmd.Connection.Close();
When you run the application by using Microsoft Internet Explorer, you receive an error message that reads in part: "Login failed for user WebServerASPNET."
You need to ensure that the application can run successfully without prompting the user for a user name and password.
What should you do?
A. Change the authentication mode in IIS to basic authentication. Update the connection string.
B. Change the authentication mode in IIS to Anonymous and supply a login ID and password for a SQL Server login account that has access to the database. Update the connection string.
C. Enable Integrated Windows authentication in Internet Explorer.
D. Enable impersonation in the Web.config file.
Answer: D
Click Online chat to talk with us , get more informations about Microsoft MCSD.NET 70-340 practice exam study guides questions and answers
Test4pass 70-340 Exam Features
Quality and Value for the 70-340 Exam
Test4pass Practice Exams for Microsoft 70-340 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 70-340 Exam
If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the MCSD.NET 70-340 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.
Microsoft 70-340 Downloadable, Printable Exams (in PDF format)
Our Exam 70-340 Preparation Material provides you everything you will need to take your 70-340 Exam. The 70-340 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.
70-340 Downloadable, Interactive Testing engines
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Microsoft 70-340 Exam will provide you with free 70-340 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 70-340 Exam:100% Guarantee to Pass Your MCSD.NET exam and get your MCSD.NET Certification.
Test4pass 70-340 examTest4pass 70-340 pdf exam
Test4pass 70-340 braindumps
Test4pass 70-340 study guides
Test4pass 70-340 trainning materials
Test4pass 70-340 simulations
Test4pass 70-340 testing engine
Test4pass 70-340 vce
Test4pass 70-340 torrent
Test4pass 70-340 dumps
free download 70-340
Test4pass 70-340 practice exam
Test4pass 70-340 preparation files
Test4pass 70-340 questions
Test4pass 70-340 answers
http://www.test4pass.com/70-340-exam.html The safer.easier way to get MCSD.NET Certification
MCAD.NET Certification
.
My Shopping Cart
