REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 
Reyna Lopez
 
 

Braindumps of 70-330
Implementing Security for Applications with
Microsoft Visual Basic .NET

Exam Questions, Answers, Braindumps (70-330)

Thanx to www.exams.ws for providing dumps.

QUESTION 1
You are an application developer for Abc .com. You develop library assemblies that are called by your main applications. These library assemblies access confidential data in the applications. To ensure that this data is not accessed in an unauthorized and unsafe manner, users must not be allowed to call the library assemblies from their own applications. You apply a strong name to all assemblies to support versioning. You need to prevent users from writing managed applications that make calls to your library assemblies. You need to achieve this goal while minimizing the impact on response times for applications. What should you do?
A. Use the internal access modifier to declare all classes and structures in each library.
B. Use the protected internal access modifier to declare all classes and structures in each library.
C. Add the following attribute to each class and structure in each library assembly:
<StrongNameIdentityPermission(SecurityAction.Demand,
PublicKey:="002400..bda4")>
D. Add the following attribute to each class and structure in each library assembly:
<StrongNameIdentityPermission(SecurityAction.LinkDemand,
PublicKey:="002400..bda4")>
Answer:
QUESTION 2
You are an application developer for Abc .com. You are developing an application that can be extended by using custom components. The application uses reflection to dynamically load and invoke these custom components. In some cases, custom components will originate from a source that is not fully trusted, such as the Internet. You need to programmatically restrict the code access security policy under which custom components run so that custom components do not run with an elevated permission grant. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two)
A. Create a new application domain and set the security policy level.
Run custom components in this application domain.
B. Use permission class operations to modify the security policy.
C. Implement custom permission classes to protect custom component resources.
D. Programmatically modify the machine-level security policy file after loading a custom component.
Answer:
QUESTION 3
You are an application developer for Abc .com. You are developing an application that salespeople in Abc will use to process customer orders. This application includes a library assembly that implements a serviced component named Order. This serviced component adds roles named Abc Manager and SalesPerson to the COM+ application that hosts it.
To promote customer satisfaction, salespeople are allowed to apply discounts to orders if the order was erroneously delayed. However, only Abc Managers are allowed to apply discounts greater than 10 percent. The application includes the following method to apply the discount. Public Function Apply Discount (ByVal discountPct As Integer) As Boolean This method will return a value of False when the current user is not a member of the Abc Manager role and the value of the discountPct parameter exceeds the maximum that other salespeople are allowed to apply. You need to add the code that will verify the role membership requirement when the value of discountPct is greater than 10. Which code segment should you use?
A. If discountPct > 10 And_
Thread.CurrentPrincipal.IsInRole(" Abc Manager") = False Then
Return False
End If
B. If discountPct > 10 Then
Dim p As PrincipalPermission = New PrincipalPermission(Nothing,
" Abc Manager")
If Security Abc Manager.IsGranted(p) = False Then
Return False
End If
End if
C. If discountPct > 10 Then
Dim p As PrincipalPermission = New PrincipalPermission(Nothing,
" Abc Manager")
Try
p.Demand()
Catch e As SecurityException
Return False
End Try
End If
D. If discountPct > 10 And _
SecurityCallContext.CurrentCall.IsCallerInRole(" Abc Manager") _
= False Then
Return False
End if
Answer:
QUESTION 4
You are an application developer for Abc .com. You develop an application that receives data from a remote component. You are developing a method to detect any corrupted incoming data and log information to a file for analysis. You plan to use two functions. A function named Abc Data will be called by the remote component. The second function will be called by the local application to verify that the data was not corrupted during transmission. You need to ensure that corrupted data can be identified. Which code segment should you use?
A. Public Function Abc Data(ByVal Data As Byte()= As Byte()
Dim Ms As New MemoryStream
Ms.Write(Data, 0, Data.Lenght)
Ms.Write(Data, 0, Data.Lenght)
Return Ms.ToArray()
End Function
B. Public Function Abc Data(ByVal Data As Byte()) As Byte()
Dim Md5 As MD5 = New MD5CryptoServiceProvider
Dim Ms As New MemoryStream
Ms.Write(Md5.ComputeHash(Data), 0, Md5.HashSize)
Ms.Write(Data, 0, Data.Lenght)
Return Ms.ToArray()
End Function
C. Public Function Abc Data(ByVal Data As Byte()) As Byte()
Dim Des As DES = New DESCryptoServiceProvider
Dim Ms As New MemoryStream
Ms.Write(Des.Key, 0, Des.Key.Length)
Ms.Write(Des.IV, 0, Des.IV.Length)
Dim Cs As New CryptoStream(Ms, Des.CreateEncryptor(),
CryptoStreamMode.Write)
Cs.Write(Data, 0, Data.Length)
Cs.FlushFinalBlock()
Return Ms.ToArray()
End Function
D. Public Function Abc Data (ByVal Data As Byte()) As Byte()
Dim Ms As New MemoryStream
Dim Sw As New StreamWriter(Ms, Encoding.UTF8=
Sw.Write(Encoding.UTF8.GetString(Data))
Return Ms.ToArray()
Answer:
QUESTION 5
You are an application developer for your company, which is named Abc .com. You are developing an ASP.NET Web application that users in the accounting department will use to process payroll reports and view payroll reports. The application will use Integrated Windows authentication to authenticate all users. Because payroll data is confidential only users in the accounting department will be granted access to the application. All employees in the accounting department belong to a specific Active Directory group. However, users in the IT department can add themselves to various Active Directory groups in order to troubleshoot resource access problems. These IT department users must not be granted access to the ASP.NET Web application. The following rules can be used to distinguish between users in the accounting department and users in the IT department:
• All users in the accounting department are members of a group named Abc \Accounting.
• Some users in the IT department are members of the Abc \Accounting group.
• All users in the IT department are members of a group named Abc \Domain Admin.
• No users in the accounting department are members of the Abc \Domain Admin group.
You need to configure URL authorization for the application by adding an <authorization> element to the Web.config file in the application root. Which element should you use?
A. <authorization>
<deny roles=" Abc \Domain Admin"/>
<allow roles=" Abc \Accounting"/>
<deny users="*"/>
</authorization>
B. <authorization>
<allow roles=" Abc \Accounting"/>
<deny roles=" Abc \Domain Admin"/>
<dent users="?"/>
<authorization>
C. <authorization>
<deny roles="Domain Admin"/>
<allow roles="Accounting"/>
<deny users="*"/>
</authorization>
D. <authorization>
<allow roles="Accounting"/>
<deny roles="Domain Admin"/>
<deny users="?"/>
</authorization>
Answer:
QUESTION 6
You are an application developer for Abc .com. Your team is developing a Windows Forms application. Users will have access to different functionality depending on their roles in Abc . The application includes the following method. Private Shared Function AuthenticateUser (ByVal user As String, _ ByVal password As String. ByRef roles As String()) As Boolean This method authenticates the user against a third-party data store. When authentication is successfully, this method returns a value of True, and the string array named roles is updated to contain the user's roles. You need to write the code that associates an authenticated user and the user's roles with the current security context. Which code segment should you use?
A. ' p is initialized above as a PrincipalPermission.
If AuthenticateUser (name, password, roles) = True Then
Dim r As String
For Each r In Roles
Dim ppTemp As PrincipalPermission = New
PrincipalPermission(name, r
p.Union(ppTemp)
Next
End If
p.IsUnrestricted()
B. ' p is initialized above as a PrincipalPermission
If AuthenticateUser (name, password, roles) = True Then
Dim r As String
For Each r In roles
Dim ppTemp As PrincipalPermission = New PrincipalPermission(name,
r)
Next
End If
p.IsUnrestricted()
C. If AuthenticateUser(name, password, roles) = True Then
Dim r As String
For Each r In roles
Thread.CurrentPrincipal.IsInRole(r)
Next
End If
D. If AuthenticateUser(name, password, roles) = True Then
Thread.CurrentPrincipal = New GenericPrincipal(New
GenericIdentity(name), roles)
End If
Answer:
QUESTION 7
You are an application developer for Abc .com. You are developing a three-tier Windows Forms application that will be used to manage confidential records. The business layer includes a remote object that is installed on an application server. The remote object is hosted in ASP.NET on the application server. IIS is configured to use Integrated Windows authentication, and ASP.NET is configured to use Windows authentication. All client computers and servers on the network support Kerberos authentication. The Windows Forms application communicates with the remote object by using a remoting proxy named Abc Proxy. The remote object accessed a Microsoft SQL Server database. Permissions to database objects are granted based on the identity of the user. The remote object needs to run under the security context of the user. Which code segment should you use?
A. Dim channel Properties As IDictionary
channel Properties =.
ChannelServices.GetChannelSinkProperties( Abc Proxy)
channel Properties("credentials") =
CredenticalCache.DefaultCredentials
B. Dim channel Properties As IDictionary
Dim cred As NetworkCredential = New NetworkCredential(_userName,
_psswd)
channel Properties =
ChannelServices.GetChannelSinkProperties( Abc Proxy)
channel Properties("credentials") = cred
C. Dim channel Properties As IDictionary
channel Properties =
ChannelServices.GetChannelSinkProperties( Abc Proxy)
channel Properties("credentials") = Thread.CurrentPrincipal
D. Dim channel Properties As Idictionary
channel Properties =
ChannelServices.GetChannelSinkProperties( Abc Proxy)
channel Properties("credentials") = Thread.CurrentPrincipal.Identity
Answer:
QUESTION 8
You are an application developer for Abc .com. You develop an ASP.NET Web application for Abc 's intranet. The application accesses data that is stored in a Microsoft SQL Server database. The application authenticates users by using Windows authentication, and it has impersonation enabled. You configure database object permissions based on the identity of the user of the application. You need to provide the user's identity to the SQL Server database. What should you do?
A. Connect to the database by using the following connection string
"Persists Security Info=False;Integrated Security=SSPI;
database=ApplicationDB;server=DataServer;"
B. Connect to the database by using the following connection string
"User ID=ASPNET;Persist Security Info=False;Integrated
Security=False;
database=ApplicationDB;server=DataServer;"
C. Develop a serviced component that wraps all database operations.
Use COM+ role-based security to restrict access to database operations based on user identity.
D. Disable impersonation.
Answer:

70-330


 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend