Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Microsoft 70-330 Exam - Cheat-Test.com

Free 70-330 Sample Questions:

Q: 1 You are an application developer for your company. You develop an application that uses an external class library. You run the Permissions View tool on the class library and receive the following output.
Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
minimal permission set:
<PermissionSet class="System.Security.PermissionSet" version="1">
<IPermission class="System.Security.Permissions.ReflectionPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="ReflectionEmit"/>
<IPermission class="System.Security.Permissions.SecurityPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1" Flags="SerializationFormatter"/>
</PermissionSet>
optional permission set:
<PermissionSet class="System.Security.PermissionSet"
version="1" Unrestricted="true"/>
refused permission set:
Not specified
You need to add corresponding attributes in your application.
Which code segment should you use?
A. <Assembly: ReflectionPermission(SecurityAction.RequestRefuse, _ ReflectionEmit:=False), _ Assembly:
SecurityPermission(SecurityAction.RequestRefuse, _ SerializationFormatter:=False), _ Assembly:
PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
B. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=False), _
Assembly: SecurityPermission(SecurityAction.RequestRefuse, _ SerializationFormatter:=False), _ Assembly:
PermissionSetAttribute(SecurityAction.RequestRefuse, Unrestricted:=True)>
C. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=False), _
Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=False), _
Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
D. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=True), _
Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=True), _
Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
Answer: D

Q: 2 You are an application developer for your company. You create a Web application that is used by all users in the company. The application is hosted on the intranet Web server, which is named WebServer. WebServer has IIS 5.0 installed. The Web application is configured to use Integrated Windows authentication. The Web.config file specifies that the authentication mode is set to Windows.
The application connects to a Microsoft SQL Server database named DataStore. The database is located on WebServer. The SQL Server computer is configured with SQL Server logins disabled. The database connection code is shown in the following code segment.
Dim myConnStr As String
myConnStr = "Initial Catalog=""DataStore"";"
myConnStr = myConnStr & "Data Source=localhost;Integrated Security=SSPI;"
Dim myConn As New SqlConnection(myConnStr)
Dim myInsert As String
myInsert = "INSERT INTO Customer (CustomerID, Name) Values('123', 'John Doe')"
Dim myCmd As New SqlCommand(myInsert)
myCmd.Connection=myConn
myConn.Open()
myCmd.ExecuteNonQuery()
myCmd.Connection.Close()
When you run the application by using Microsoft Internet Explorer, you receive an error message that reads in part: "Login failed for user WebServer\ASPNET."
You need to ensure that the application can run successfully without prompting the user for a user name and password.
What should you do?
A. Change the authentication mode in IIS to basic authentication. Update the connection string.
B. Change the authentication mode in IIS to Anonymous and supply a login ID and password for a SQL Server login account that has access to the database. Update the connection string.
C. Enable Integrated Windows authentication in Internet Explorer.
D. Enable impersonation in the Web.config file.
Answer: D

Q: 3 You are an application developer for your company. You are developing a Windows Forms application. You deploy a supporting assembly named MyAssembly.dll to the global assembly cache. During testing, you discover that the application is prevented from accessing MyAssembly.dll.
You need to ensure that the application can access MyAssembly.dll.
What should you do?
A. Digitally sign the application by using a digital certificate.
B. Run the caspol.exe -s on command from the command line.
C. Run the Assembly Linker to link MyAssembly.dll to the application.
D. Modify the security policy to grant the application the FullTrust permission.
Answer: D

Q: 4 You are an application developer for your company. You maintain a Windows Forms application. Data entry logic for the application is enforced by the user interface layer. The application contains assemblies that communicate data changes to the database. The application also contains assemblies that implement business logic.
You create a new assembly named NewAssembly, which is called from the user interface. Values are passed to NewAssembly, which performs calculations by using the data. NewAssembly calls a separate assembly to store the resulting data in a database.
You need to perform unit testing on the application to identify security vulnerabilities caused by
unanticipated use of the application.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Test the application by calling NewAssembly directly.
B. Test the application to verify whether it performs to the original functional specifications.
C. Test the application by using a domain administrator account.
D. Test the application by using the account of a user who should not have access to the application.
Answer: A, D

Q: 5 You are an application developer for your company. You are testing an application that was developed by another developer. The application maintains its own list of authorized users. Each user is assigned a security level of 1, 2, or 3. When a new user account is created, the security level for that user is entered into a text box. The new user account information is saved in a Microsoft SQL Server table by using a stored procedure. You verify that user accounts that have any of the three security levels can perform only the intended actions within the application. You need to identify any security vulnerabilities in the portion of the application that creates new user accounts. What should you do first?
A. Use SQL Query Analyzer to create a new user account that has a security level of 2. Test the application to see if the new user account can log on to the application.
B. Create a new user account that has a security level other than 1, 2, or 3. Test the application to see what the new user account can do.
C. Use Osql.exe to call the stored procedure and create a new user account that has a security level of 3. Test the application to see what the new user account can do.
D. Create a new user account that has a security level of 3. Test the application to see what the new user account can do.
Answer: B

Q: 6 You are an application developer for your company. The company maintains an internal, self-signed certification authority (CA). You are releasing a new internal Windows Forms application. A written company policy prohibits internal applications from running on client computers unless the identity and integrity of those applications can be proven. The Microsoft .NET Framework on all client computers is configured to enforce this restriction. You need to ensure that your application will run when installed on all client computers. Your solution must not require any financial expenditure. What should you do?
A. Use a software publisher certificate issued by the internal CA to sign the application assemblies.
B. Use a software publisher certificate issued by a third-party commercial CA to sign the application assemblies.
C. Run the Certificate Creation tool and the Software Publisher Certificate Test tool before distributing the application to client computers.
D. Distribute the application as an e-mail attachment. Digitally sign the e-mail message before sending it to all company users.
Answer: A

Q: 7 You are an application developer for your company. You create an ASP.NET Web application. The application allows customers to select items for purchase. During the active session of a customer, data about the quantity and price of items selected by the customer is stored in a cookie on the client computer. You need to test the application for security vulnerabilities. What should you do?
A. Test the application by using a browser that has cookies disabled.
B. Test the application by selecting 150 items for purchase.
C. Test the application by using a cookie that you create in a text editor.
D. Test the application by using the five most common Internet browsers.
Answer: C

Q: 8 You are an application developer for your company. You are developing an application that can be extended by using custom components. The application uses reflection to dynamically load and invoke these custom components. In some cases, custom components will originate from a source that is not fully trusted, such as the Internet. You need to programmatically restrict the code access security policy under which custom components run so that custom components do not run with an elevated permission grant. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Create a new application domain and set the security policy level. Run custom components in this application domain.
B. Use permission class operations to modify the security policy.
C. Implement custom permission classes to protect custom component resources.
D. Programmatically modify the machine-level security policy file after loading a custom component.
Answer: A, B

Q: 9 You are an application developer for your company, which is named Humongous Insurance. You are developing an application to manage medical insurance claims. The application includes a serviced component named ClaimRecord. The business rules implemented by the application allow only those users who are members of the HumongousInsurance\ClaimsProcessor domain group to access the ClaimRecord component.
You apply attributes to the ClaimRecord component to enable role-based security. You use the following assembly-level attribute to add a role named ClaimsProcessor to the COM+ application that hosts the ClaimRecord component.
<Assembly: SecurityRole("ClaimsProcessor")>
You deploy the ClaimRecord component to your staging server. You log on to the application by using a user account that is a member of the HumongousInsurance\ClaimsProcessor domain group. When your application attempts to access the ClaimRecord component, an UnauthorizedAccessException exception is thrown.
You need to modify the ClaimRecord component or reconfigure the COM+ application so that access is granted.
You need to achieve this goal without compromising the security requirement of the ClaimRecord
component. What should you do?
A. Replace the assembly-level attribute with the following attribute. <Assembly:
SecurityRole("ClaimsProcessor", SetEveryoneAccess:=True)>
B. Replace the assembly-level attribute with the following attribute. <Assembly:
SecurityRole("HumongousInsurance\ClaimsProcessor")>
C. Add the SuppressUnmanagedCodeSecurity attribute to the ClaimRecord component.
D. Using the Component Services tool, add the HumongousInsurance\ClaimsProcessor domain group to the COM+ ClaimsProcessor role.
Answer: D

Q: 10 You are an application developer for your company. The company runs an e-commerce Web site. Users log on to the Web site by using a password. Passwords are stored in a text file. The following code segment prepares the passwords for storage.
Function HashPassword(ByVal Pwd As String) As String
Return FormsAuthentication.HashPasswordForStoringInConfigFile(Pwd, "SHA1")
End Function
Users of the Web site are creating passwords that are easily cracked by dictionary attacks.
You need to decrease the likelihood that a dictionary attack will succeed if the password file is stolen, without restricting the passwords that users can create.
What should you do?
A. Create a dictionary file that contains common words. Write additional code to reject passwords that match the entries in the dictionary.
B. Apply a more restrictive discretionary access control list (DACL) to the password storage file.
C. Replace the HashPassword function with the following code segment. Function HashPassword(ByVal Pwd As String) As String Return FormsAuthentication.HashPasswordForStoringInConfigFile(Pwd, "MD5")End Function
D. Replace the HashPassword function with the following code segment. Function HashPassword(ByVal Pwd As String) As String Dim Rng As New RNGCryptoServiceProvider Dim Salt(16) As Byte Rng.GetBytes(Salt) Dim saltstr As String = Convert.ToBase64String(Salt) Return saltstr & FormsAuthentication.HashPasswordForStoringInConfigFile( _ saltstr & Pwd, "SHA1")End Function
E. Replace the HashPassword function with the following code segment. Function HashPassword(ByVal Pwd As String) As String Dim Hash As Integer = 0 Dim Enc As New UnicodeEncoding Dim HashData As Byte()
= Enc.GetBytes(Pwd) Dim i As Integer For i = 0 To HashData.Length Step 2 Hash = Hash Xor (HashData(i)
Or (HashData(i + 1) << 8)) Next Return Hash.ToString()End Function
Answer: D

Q: 11 You are an application developer for your company. You develop an ASP.NET Web application for the company's intranet. The application accesses data that is stored in a Microsoft SQL Server database. Access to objects in the database is granted based on the identity of the
user of the application. The application uses Windows authentication, and it has impersonation enabled.
You need to modify the application so that it also uses a new serviced component. The new component requires applications that call it to have membership in the COM+ role named AuthorizedCallers. The developer who developed the new component creates a new Windows user account named InternalWebAppUser and adds this user account to the COM+ AuthorizedCallers role. The developer instructs you to write your application to access the serviced component by using the security context of this user account. You need to modify your code to call the new serviced component by using the security context of the InternalWebAppUser user account. What should you do?
A. Disable impersonation in the Web.config file and configure the ASP.NET worker process to run by using the InternalWebAppUser user account.
B. Set the authentication mode to None in the Web.config file.
C. Modify the database connection string to connect as the InternalWebAppUser user account.
D. Write code to impersonate the InternalWebAppUser user account for each call to the serviced component.
Answer: D

Q: 12 You are an application developer for your company. You are developing an application that reads the USERNAME environment variable and executes code in an unmanaged DLL.
The design document specifies that the application must display a custom message when the code access security policy restricts access to required resources. You need to write the code segment that will ascertain whether your application is permitted to access unmanaged code and the USERNAME environment variable. Your solution must allow the application to display the custom message when the application is being loaded. Which code segment should you use?
A. Try Dim ep As EnvironmentPermission = New _
EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME") Dim sp As SecurityPermission
= New _ SecurityPermission(SecurityPermissionFlag.UnmanagedCode) ep.Demand() sp.Demand()Catch ex
As SecurityException '...End Try
B. Dim ep As EnvironmentPermission = New _
EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME")Dim sp As SecurityPermission
= New _ SecurityPermission(SecurityPermissionFlag.UnmanagedCode)If Not (ep.IsUnrestricted() And
sp.IsUnrestricted()) Then ' ... End If
C. <EnvironmentPermission(SecurityAction.Demand, Read:="USERNAME"), _
SecurityPermission(SecurityAction.Demand, UnmanagedCode:=True)> _Sub Main() ' ... End Sub
D. <Assembly: EnvironmentPermission(SecurityAction.RequestMinimum,
Read:="USERNAME")><Assembly: SecurityPermission(SecurityAction.RequestMinimum,
UnmanagedCode:=True)>
Answer: B

Q: 13 You are an application developer for your company. You are developing an application that receives signed data. The data is signed by using the RSA encryption algorithm and the SHA1 hash algorithm. You need to write a function that will verify signatures by using RSA public credentials. Which code segment should you use?
A. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As
RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey)
Dim MySig As Byte() = RSA.SignData(Data, "SHA1") Dim i As Integer For i = 0 To MySig.Length - 1 If i>= Signature.Length Or Signature(i) <> MySig(i) Then Return False End If Next Return TrueEnd
Function
B. Public Function VerifySignature(ByVal Data() As Byte, ByVal Signature As Byte(), _ ByVal RsaKey As
RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey)
Return RSA.VerifyData(Data, "SHA1", Signature)End Function
C. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As
RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey)
Dim MySig As Byte() = RSA.Decrypt(Data, False) Dim i As Integer For i = 0 To MySig.Length - 1 If i >=
Signature.Length Or Signature(i) <> MySig(i) Then Return False End If Next Return TrueEnd Function
D. Public Function VerifySignature(ByVal Data As Byte(), ByVal Signature As Byte(), _ ByVal RsaKey As
RSAParameters) As Boolean Dim RSA As New RSACryptoServiceProvider RSA.ImportParameters(RsaKey)
Dim shaOID As String = CryptoConfig.MapNameToOID("SHA1") Return RSA.VerifyHash(Data, shaOID,
Signature)End Function
Answer: B

Q: 14 You are an application developer for your company. You are developing an application that needs to exchange a shared key at the start of each communication with remote components. The exchange occurs over the Internet. You need to ensure that only the intended recipient can read the shared key. What should you do?
A. Sign the shared key by using the application's private key.
B. Encrypt the shared key by using the application's private key.
C. Encrypt the shared key by using the remote component's public key.
D. Encode the shared key by using the System.Text.Encoding.UTF8 object.
E. Encode the shared key by using the System.Text.Encoding.BigEndianUnicode object.
Answer: E

Q: 15 You are an application developer for your company, which is a financial services company. You are developing an ASP.NET Web application that will be used by the company's customers. Customers will use the application to access their portfolios and to view business and financial reports. The customers are divided into two categories named Standard and Premier. The Premier
customers will have access to an additional set of reports and analysis. You plan to use roles named Standard and Premier to differentiate the two customer categories. The application will use Forms authentication to authenticate all users and assign each authenticated user to either the Standard role or the Premier role. Web pages that are accessible only by Premier customers are in a subfolder named Premier. Web pages that are accessible by both categories of customers are in the application root. You need to configure URL authorization for the application. You plan to achieve this goal by adding configuration elements to the Web.config file in the application root. Which elements should you use?
A. <authorization> <deny users="?"/></authorization><location path="Premier"> <system.web>
<authorization> <allow roles="Premier"/> <deny users="*"/> </authorization>
</system.web></location>
B. <authorization> <deny users="?"/></authorization><location path="Premier"> <system.web>
<authorization> <deny users="*"/> <allow roles="Premier"/> </authorization>
</system.web></location>
C. <authorization> <deny users="?"/> <deny roles="Premier"/> <allow
users="*"/></authorization><location path="Premier"> <system.web> <authorization> <allow
roles="Premier"/> </authorization> </system.web></location>
D. <authorization> <deny users="?"/></authorization><location path="Premier"> <system.web>
<authorization> <allow roles="Premier"/> </authorization> </system.web></location>
Answer: A

Q: 16 You are an application developer for your company. You are developing an ASP.NET Web application that will use Forms authentication to authenticate each user who attempts to use the application. The application will store user names and passwords in the <credentials> section of
the Web.config file. You need to configure and implement Forms authentication for the application.
Which four actions should you perform? (Each correct answer presents part of the solution. Choose
four.)
A. Add the following element to the Web.config file. <authentication mode="Forms"> <forms
loginUrl="logon.aspx" name="myAuthCookie" path="/"> </forms></authentication>
B. Add the following element to the Web.config file. <authorization> <deny users="?" /> <allow users="*" /></authorization>
C. Create a Logon.aspx page that includes a Logon button. Add a Click event handler for the Logon button.
D. Add an Application_OnAuthenticate event handler.
E. Add code that calls FormsAuthentication.Authenticate to authenticate a user.
F. Add code that creates an IPrincipal object and associates it with the current HTTP context.
Answer: A, B, C, E

Q: 17 You are an application developer for your company. You develop a library assembly that contains diagnostic utility classes. This library assembly is installed in the global assembly cache on all client computers on the company network. You develop a Windows Forms application that calls the library assembly. You successfully test the application on your computer, and then you deploy the application to a Web folder on the intranet. Further testing reveals that when you run this application from the intranet, a SecurityException exception is thrown when the application is loading.
You need to correct the problem that is causing the SecurityException exception. What should you do?
A. Add the following code segment to the library assembly. <Assembly: AllowPartiallyTrustedCallers()>
B. Add the following code segment to the Windows Forms application assembly. <Assembly:
AllowPartiallyTrustedCallers()>
C. Add the following code segment to the library assembly. <Assembly:
PermissionSet(SecurityAction.RequestOptional, Name:="LocalIntranet")>
D. Add the following code segment to the Windows Forms application assembly. <Assembly:
PermissionSet(SecurityAction.RequestMinimum, Name:="LocalIntranet")>
Answer: A

Q: 18 You are an application developer for your company. You are developing an application that calls a Web service on the company intranet. This Web service uses Integrated Windows authentication to authenticate callers. The application must be authenticated by the Web service. You plan to use a proxy class named ProductInfo to invoke a Web service method named GetProductCount. You write the following code segment. (Line numbers are included for reference only.)
1 Public Function GetInventory(ByVal name As String) As Integer
2 Dim productProxy As ProductInfo = New ProductInfo
3 '...
4 Return productProxy.GetProductCount(name)
5 End Function
You need to set the credentials that will be used by the call to the Web service method. You need to add code at line 3 of the code segment to achieve this goal.
Which code segment should you use?
A. Dim cred As NetworkCredential = New NetworkCredential(_userName, _psswd, _domain)Dim cache As
CredentialCache = New CredentialCachecache.Add(New Uri(productProxy.Url), "Basic",
cred)productProxy.Credentials = cache
B. Dim cred As NetworkCredential = New NetworkCredential(_userName, _psswd, _domain)Dim cache As
CredentialCache = New CredentialCachecache.Add(New Uri(productProxy.Url), "Windows",
cred)productProxy.Credentials = cache
C. productProxy.Credentials = CredentialCache.DefaultCredentials
D. Dim identity As GenericIdentity = New GenericIdentity(_userName, "Windows")Dim principal As
GenericPrincipal = New GenericPrincipal(identity, Nothing)Thread.CurrentPrincipal = principal
Answer: C

Q: 19 You are an application developer for your company. You are developing an application. Part of the application accepts a URL from the user and stores the URL in a variable named strInput. Only URLs that specify HTTP or FTP as the protocol are usable by the application. URLs specifying the messenger, news, file, or other protocols are not permitted because they might allow the user to bypass certain security features. You need to ensure that the URL provided by the user specifies only HTTP or FTP as the protocol. What should you do?
A. Test the user's input by using the following regular expression. ^(http:|ftp:)Reject input that does not match the regular expression.
B. Test the user's input by using the following regular expression. ^(messenger:|file:|news:)Reject input that matches the regular expression.
C. Modify the contents of strInput so that all instances of messenger or news are replaced with http, and all instances of file are replaced with ftp.
D. Add the following code segment to the application. If strInput.Chars(0) <> "h" And strInput.Chars(0) <>
"f" Then MsgBox "Protocol is not allowed." strInput = ""End If
E. Add the following code segment to the application. Select Case strInput Case "messenger", "news", "file" MsgBox "Protocol is not allowed." strInput = ""End Select
Answer: A

Q: 20 You are an application developer for your company. You are conducting a code review of a Windows Forms application that was developed by another developer. The application contains code that validates a user's ability to access restricted functionality. A variable named bolElevated contains a value of True when a user logs on by using a user account named Admin.
Otherwise, the variable contains a value of False. If a user other than Admin attempts to access the restricted functionality, the application must display an error message.
A function named OpenAdmin() displays the user interface for the restricted functionality. The
application contains the following code segment.
If bolElevated Then
OpenAdmin()
Else
MsgBox "That functionality is restricted."
MsgBox "To access restricted functionality, log in as user 'Admin'."
End If
You need to improve the security of this code segment while maintaining its functionality. You decide to replace the existing code segment.
Which code segment should you use?
A. If bolElevated Then OpenAdmin()Else MsgBox "That functionality is restricted."End If
B. If bolElevated Then OpenAdmin()Else Console.WriteLine "That functionality is restricted."End If
C. If bolElevated = False Then OpenAdmin()Else MsgBox "That functionality is restricted." MsgBox "To access restricted functionality, log in as user 'Admin'."End If
D. If bolElevated = True Then OpenAdmin()Else MsgBox "That functionality is restricted." MsgBox "To access restricted functionality, log in as user 'Admin'."End If
Answer: A

Q: 21 You are an application developer for your company. You are developing an application that stores and retrieves data in a Microsoft SQL Server database. Part of the application accepts a value from a third-party component and stores the value in a variable named intInput. The application then inserts the value of intInput into a tinyint column in a SQL Server table. You need to improve the security of the application when the contents of intInput are used in a SQL query. What should you do?
A. Convert the contents of intInput to a string value.
B. Ensure that the contents of intInput are compatible with the SQL Server tinyint data type.
C. Ensure that the contents of intInput do not include any Base-64 encoding.
D. Ensure that the contents of intInput do not include any single or double quotation marks.
Answer: B

Q: 22 You are an application developer for your company. You are developing an ASP.NET Web application. All users in the company use Microsoft Internet Explorer 6.0. A group of users is testing the application. The users report that when an exception occurs, the full exception information is displayed in their Web browsers. You need to ensure that the full exception information is not displayed when an exception occurs. What should you do?
A. Require users to use HTTPS to access the application.
B. Trap all exceptions and display a generic error message.
C. Instruct users to enable friendly error messages in Internet Explorer.
D. Obfuscate the compiled assemblies of the application.
E. Modify the application's configuration to disable custom errors.
Answer: B

Q: 23 You are an application developer for your company. You are developing a Windows-based payroll application that will be used by all payroll administrators in the company. The application has a single executable file that uses a separate assembly to modify payroll data. You need to
design security for your application to ensure that the assembly cannot be called by unauthenticated and unauthorized users. What should you do?
A. Run the application by using a user account that has access to the application directory.
B. Modify the application to validate all user-entered data.
C. Modify the application to authenticate and authorize user access within each assembly as it is called.
D. Modify the application to authenticate and authorize user access when each user runs the executable file.
E. Set the folder-level permissions to the executable file by using directory security.
Answer: C

Q: 24 You are an application developer for your company. You are conducting a code review of an ASP.NET Web application that uses Forms authentication. The application uses the following code segment to create a new user account and add the account to a database by using a custom class named FormUser.
Public Class FormUser
<Flags()> _
Enum UserPerms
AccessPayroll = 1
AccessHRData = 2
AccessBlueprints = 4
End Enum
Dim Perms As UserPerms
Private Sub RemovePermission(ByVal Gone As UserPerms)
Perms = Perms And Not Gone
End Sub
Private Sub AddPermission(ByVal Gone As UserPerms)
Perms = Perms Or Gone
End Sub
Public Sub SetPerms(ByVal Department As String)
Perms = UserPerms.AccessPayroll Or UserPerms.AccessHRData _
Or UserPerms.AccessBlueprints
Select Case Department
Case "Engineering"
RemovePermission(UserPerms.AccessPayroll Or UserPerms.AccessHRData)
Case "Accounting"
RemovePermission(UserPerms.AccessHRData Or UserPerms.AccessBlueprints)
End Select
End Sub
End Class
You need to improve the security of this code.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Add the following code segment to the case statement. Case Else Throw New
ApplicationException("Unknown department")
B. Change the UserPerms enumeration as follows. Enum UserPerms AccessPayroll AccessHRData
AccessBlueprintsEnd Enum
C. Change the initial part of the SetPerms subroutine as follows. Perms = 0Select Case Department Case
"Engineering" AddPermission(UserPerms.AccessBlueprints) Case "Accounting"
AddPermission(UserPerms.AccessPayroll)
D. Replace the code segment with the following code segment. Public Class FormUser <Flags()> _ Enum
UserPerms ProhibitPayroll = 1 ProhibitHRData = 2 ProhibitBlueprints = 4 End Enum Dim Perms As
UserPerms Private Sub AddProhibition(ByVal Add As UserPerms) Perms = Perms Or Add End Sub Public
Sub SetPerms(ByVal Department As String) Perms = 0 Select Case Department Case "Engineering"
AddProhibition(UserPerms.ProhibitPayroll Or UserPerms.ProhibitHRData) Case "Accounting"
AddProhibition(UserPerms.ProhibitHRData Or UserPerms.ProhibitBlueprints) End Select End SubEnd Class
Answer: A, C

Q: 25 You are an application developer for your company. Part of an application that you are developing accepts user input from a TextBox control. The information entered by the user must be alphanumeric only, and it must contain no symbols or punctuation. You need to ensure that the user's input contains only the appropriate data before using the input elsewhere in the application. Your solution must not require users of the application to take additional steps when entering data. What should you do?
A. Modify the TextChanged event handler of the TextBox control so that the Text property of the text box is cleared whenever a non-alphanumeric character is detected.
B. Use the following regular expression to modify the user's input. [^\w\.@-]
C. Store the user's input in a variable named strInput. Use the following expression to modify the user's input.
Replace(strInput,"@-]","")
D. Convert the user's input to all lowercase characters.
Answer: B

Q: 26 You are an application developer for your company. You are conducting a code review of an application that was developed by another developer. The application stores both public data and confidential data. The application stores the data in a file on the hard disk of a user's client computer.
The following code segment manages the writing of all application data to the file. The array named Data1 contains the public data, and the array named Data2 contains the confidential data.
Sub WriteData(ByVal Des As DES, ByVal Data1() As Byte, _
ByVal Data2() As Byte, ByVal FSout As FileStream)
Dim CS As New CryptoStream(FSout, Des.CreateEncryptor(), _
CryptoStreamMode.Write)
CS.Write(Data1, 0, Data1.Length)
CS.Write(Data2, 0, Data2.Length)
CS.FlushFinalBlock()
End Sub
You need to improve the response time of this application, without reducing its security. Any changes you make to the WriteData function will be reflected in the code portion for reading data.
What should you do?
A. Replace the code segment with the following code segment. Sub WriteData(ByVal Des As DES, ByVal
Data1() As Byte, _ ByVal Data2() As Byte, ByVal FSout As FileStream) FSout.Write(Data1, 0,
Data1.Length) Dim CS As New CryptoStream(FSout, Des.CreateEncryptor(), _
CryptoStreamMode.Write) CS.Write(Data2, 0, Data2.Length) CS.FlushFinalBlock()End Sub
B. Replace the call to the FlushFinalBlock method with the following code segment. Dim Excess As
IntegerExcess = (Data1.Length + Data2.Length) Mod Des.BlockSizeIf Excess > 0 Then Dim
Padding(Des.BlockSize - Excess) As Byte CS.Write(Padding, 0, Padding.Length)End If
C. Modify the application to use asymmetric encryption.
D. Call the CS.Write function by using data blocks that have a length equal to the Des.BlockSize property.
Repeat the call until all the data is written to the file.
Answer: A

Q: 27 You are an application developer for your company. You create a Windows Service application that runs under the local System account on each user's client computer. This application creates a new folder for each exception event that occurs. The application design specifies that these new folders do not inherit the permissions of the parent folder. The application adds text files to the new folders for troubleshooting. These files must be accessible only by the local System account and by specific members of the support staff. After you deploy the application, the specific members of the support staff report that they cannot access the files. You need to ensure that the specific members of the support staff can access the files. What should you do?
A. Ask the network administrator to grant the Everyone account discretionary access control list (DACL) permissions for the folders and files.
B. Ask the network administrator to remove all permissions from the folders that do not belong to the System account and set the parent folder of the new folders to allow inheritable permissions to propagate from the parent folder to the new folders.
C. Create an assembly that the Windows Service application calls to set the discretionary access control list (DACL) permissions for the folders and files.
D. Create an assembly that the Windows Service application calls to impersonate the System account that grants permissions for the folders and files to the System account.
Answer: C

Q: 28 You are an application developer for your company. You develop a Windows Forms application. You set a breakpoint in the code and run the application. You receive an error message stating that you are unable to start debugging. You need to be able to debug the application without having more authority than necessary. What should you do?
A. Add your user account to the local Debugger Users group.
B. Grant your user account complete control of the executable file for the application.
C. Modify the code access security policy to run the Microsoft Visual Studio .NET debugger with the
FullTrust permission.
D. Run Microsoft Visual Studio .NET 2003 by using the runas command and specify a user account in the Power Users group.
Answer: B

Q: 29 You are an application developer for your company. You are reviewing the security for a console application that was written by another developer. The application uses impersonation to run as a member of the Administrators group. The following code segment is the only code that deals with security in the application.
Dim key As RegistryKey
key = Registry.CurrentUser.CreateSubKey("Name")
key.SetValue("Name", "Tester")
You need to improve the security of the application.
What should you do?
A. Change the application to run as the interactive user.
B. Run the application from the command line by using the runas command and specify the Administrator account.
C. Change the application to use code access security.
D. Change the application to write to the HKEY_LOCAL_MACHINE hive.
Answer: A

Q: 30 You are an application developer for your company. You are developing a method for a Windows Forms application. The method will be used to access local files. The files are located in a folder and its subfolders on drive C of the client computer. All the computers in your company use the NTFS file system exclusively. The design document for the application specifies the path
location for the folder that contains the files. The design document also specifies that the path to the files will be provided as an input parameter to the method. The parameter will be a string parameter. You need to prevent users of the application from accessing any files that are not contained in the specified folder. Which two actions should you include in the method? (Each correct answer presents part of the solution. Choose two.)
A. Reject any path string that includes a tilde (~).
B. Reject any path string that includes a folder location that does not match the specified folder location.
C. Reject any path string that includes either a colon (:) or a backslash (\).
D. Reject any path string that includes either a \..\ sequence or a \\ sequence.
Answer: B, D


© 2014 Cheat-Test.com, All Rights Reserved