| |
| A1: | The correct answer is A. With a Singleton SAO, state is persisted, but all clients of the object share the same state. With a CAO, each client can persist its own state, which avoids the problem with clients sharing state. Answer B is incorrect because with a SingleCall SAO, state is not persisted. Answer C is incorrect because you can use any back end to store the data; you should take care to instantiate the remote object in the correct activation mode. Answer D is incorrect because if the object is activated in Singleton mode, then all the client requests are serviced by that instance. |
| |
| A2: | The correct answers are A and D. Static and private members are not available remotely. Therefore, EmployeeName, a private field, and DepartmentName, a static field, cannot participate in Remoting. Only nonstatic public members (methods, properties, and fields) can participate in Remoting, making answers B and C incorrect. |
| |
| A3: | The correct answers are B and C. The Serializable attribute indicates that the class containing this attribute can be serialized. If you do not want any field of the class to be serialized, you must apply a NonSerialized attribute to that field of the class. Answer A is incorrect because the Serializable attribute is applied to a class rather than a field in the class. Answer D is incorrect because the Product class does not want to provide its own serialization code. |
| |
| A4: | The correct answer is A. When you use IIS to host a remotable class, the full spectrum of IIS authentication and authorization methods are available to the Remoting infrastructure. Answers B, C, and D are incorrect because these solutions require you to write additional code to create the security infrastructure. |
| |
| A5: | The correct answer is B. By deriving a class from the System.MarshalByRefObject class, you enable the class to be accessed as a remote object. Answer A is incorrect because marking the class with the Serializable attribute does not mean that the resulting class can be instantiated as a marshal-by-reference object. Answers C and D are incorrect because implementing the ISerializable and IActivator interfaces does not allow the object to be activated as a remote object. |
| |
| A6: | The correct answer is D. The Configure() method of the RemotingConfiguration class loads the configuration file into memory, parses its contents to locate the <system.runtime.remoting> section, and, based on the settings, calls the relevant methods to register the channels and the remoting objects. Answers A, B, and C are incorrect because these methods are used to create instances of remote objects. |
| |
| A7: | The correct answer is B. In this program, although your co-worker has created an instance of TcpServerChannel and HttpServerChannel objects, she hasn't yet registered them with the remoting framework. You register the channels by using the RegisterChannel() method of the ChannelServices class. Answer A is incorrect because you can register more than one channel with the remoting system on the server. Answer C is incorrect because you are registering channels with the remoting system on the server; you can register HttpServerChannel and TcpServerChannel channels. HttpChannel and TcpChannel provide the functionality of both server and client channels. Answer D is incorrect because you can register only one channel to listen on one port. |
| |
| A8: | The correct answer is B. The Disco (.disco) file is the only one that contains pointers to non-XML resources. Answer A is incorrect because the results.discomap file shows you the name of the wsdl file and the URL from which its contents were retrieved. Answer C is incorrect because the Reference.cs file is the proxy class that defines the proxy objects to be used with the Web service. Answer D is incorrect because the OrderTracker.wsdl file is an XML file that contains information about the Web service's interface. |
| |
| A9: | The correct answer is C. Using an asynchronous call to invoke a Web service allows other code in your application to execute while you are waiting for the Web service to return results. When the results are ready, the asynchronous call can invoke a callback method to make them available. Answers A and B are incorrect because these options will still run the Web service synchronously, blocking the application to run any other code until the Web method is executed. Answer D is incorrect because generating the proxy by adding a Web reference does not make the Web method execute asynchronously. Answer E is incorrect because the proxy option is used to specify the URL of the proxy server and will have no impact on making the Web method execute asynchronously. |
| |
| A10: | The correct answer is A. The Web Services Discovery tool retrieves copies of the files that you need to know more information about the Web service. Answer B is incorrect because it displays only the test page of the Web service but does not provide any WSDL information or documentation information about the Web service. Answer C is incorrect because the XML Schema Definition tool can be used to generate an XML Schema or class file from the source but does not provide any information on the URL of the .asmx file. Answer D is incorrect because you want the details to invoke the Web service from the client, not add the Web service to the client. |
| |
| A11: | The correct answer is A. Setting the BufferResponse property to false sends the data in chunks so that the client processes will not time out while waiting for the data. Answers B and C are incorrect because the CacheDuration property specifies how long the response will be cached for succeeding calls and doesn't have any effect on a single call to the method. Answer D is incorrect because the session state does not need to be enabled unless you require the Web service to be stateful. |
| |
| A12: | The correct answer is C. SOAP extensions are activated by applying the corresponding attribute to the Web method proxy that you want to intercept. Answers A, B, and D are incorrect because the btnGetData_Click() and GetInitializer() methods and the Load event are not Web methods. |
| |
| A13: | The correct answer is A. SOAP extensions execute in order from lowest priority to highest priority. Because your SOAP extension needs to work with the XML data, it must be invoked in the BeforeDeserialize event rather than in the AfterDeserialize event. Answer B is incorrect because if you set a lower priority for the new SOAP extension, it cannot access the decrypted attributes. Answers C and D are incorrect because the AfterDeserialize event occurs when the XML has been converted back to native objects. |
| |
| A14: | The correct answers are B and D. You can use either of these options to generate proxy classes for use in a client application. Answer A is not correct because the .NET WebService Studio tool is used to invoke a Web service for testing. Answer C is not correct because the Web Services Discovery Tool can locate files related to a Web service, but it does not generate any proxy classes. |
| |
| A15: | The correct answers are C and D. You need to wait after executing the code until both the asynchronous calls complete. Therefore, you should call the WaitHandle.WaitAll() method to wait for both the asynchronous calls to complete. You can also make two calls to the WaitHandle.WaitOne() method to wait for both Web methods to complete. Answer A is incorrect because you can't use delegates; they won't pause the code at a specified point. Answer B is incorrect because the WaitHandle.WaitAny() method is used to coordinate two or more methods and to proceed when any one of them completes. |
| |
| A16: | The correct answer is C. XML Web services act as a root object in a transaction due to the stateless nature of the HTTP protocol. Therefore, the transactions in the ValidateCreditCard() and RecordSales() Web methods are committed regardless of the TransactionOption attribute in the Books Serviced component. The ProcessSale() method throws an exception; hence, the transaction in the method is rolled back. Thus, this behavior makes answers A, B, and D incorrect. |
| |
| A17: | The correct answer is A. The LocalSystem value defines a highly privileged account. Answers B and C are incorrect because the LocalService and NetworkService values provide a lower privilege level for the security context. Answer D is incorrect because the privileges for User value depend on the specified username and password. |
| |
| A18: | The correct answer is B. When a Windows service is started, any startup parameters are passed to the OnStart() method, thus making answers A, C, and D incorrect. |
| |
| A19: | The correct answer is A. You should use the event log for error reporting from a Windows service. Event logs are easy to use for administrators because they already use event logs for monitoring notifications from other applications. The service base class provides an EventLog property that allows you to use a single line of code to write messages to the application event log. Answers B, C, and D are incorrect because they involve writing more code. |
| |
| A20: | The correct answer is D. The ClassInterface attribute specifies how the interfaces will be generated for a class. To define your own interfaces, you must explicitly set the ClassInterface attribute to None. Answers A and B are incorrect because, by default, the value of the ClassInterface attribute is AutoDispatch, which generates a late-bound interface. Answer C is incorrect because it generates both late-bound and early-bound interfaces. |
| |
| A21: | The correct answer is A. When you check the Activate Component Events and Statistics option within the Component Services administrative tool, you can monitor a variety of statistics on pooled components, including the number of objects in the pool, the number currently activated, and the number of objects currently executing a client request. Answers B, C, and D are incorrect because they involve extra efforts. |
| |
| A22: | The correct answers are C and D. For achieving maximum performance, you can use COM+ object pooling and just-in-time activation services. Answer A is incorrect because asynchronous processing of the application is not the requirement. Answer B is incorrect because the question does not require you to maintain transactions across components. |
| |
| A23: | The correct answer is B. The Construct() method of a serviced component enables you to retrieve data entered in the Component Services administration tool. Therefore, you should override the Construct() method to receive the connection string specified by the administrator. Answer A is incorrect because the Activate() method is invoked whenever a method is invoked if Just-In-Time activation is enabled for the component. Answer C is incorrect because the custom method defined cannot be invoked automatically like the Construct() method. Answer D is incorrect because serviced components cannot have nondefault constructors. |
| |
| A24: | The correct answer is C. You should change the Isolation property of the Transaction attribute to IsolationLevel.RepeatableRead. This isolation level places a type of lock, which protects dirty reads and allows new rows to be inserted, but prevents other users from updating the data. Answers A and B are not correct because these options allow dirty reads. Answer D is not correct because this option prevents users from inserting new rows. |
| |
| A25: | The correct answer is B. Using the Type Library Importer tool (tlbimp.exe) enables you to generate an RCW assembly. To place the RCW assembly in the GAC so that it can be shared by all projects on the computer, you need to use the gacutil.exe tool. Answers A and E are incorrect because you need to use the component in more than one project. Answer C is incorrect because you also need to sign the RCW assembly while generating it from the Type Library Importer tool. Answer D is incorrect because a Primary Interop Assembly is for code from other vendors, not for your own code. |
| |
| A26: | The correct answers are A and B. Among the given choices, you would use the Type Library Importer tool when you must call a COM component that you wrote from Visual C# .NET code and when you must produce a strong-named assembly that calls methods from one of your company's COM components. Answer C is incorrect because you should not use tlbimp on code from another vendor. Rather, you should go to that vendor to get the Primary Interop Assembly (PIA) for the COM library that you want to call. Answer D is incorrect because tlbimp is not necessary for calling Windows API functions. You can use platform invoke to call functions from Win32 API. |
| |
| A27: | The correct answers are A, B and E. Because multiple applications are using this assembly, you need to install the assembly in the GAC. To install the assembly into the GAC, you also need to sign the assembly with a strong name. Finally, to enable COM applications to use the assembly, you need to register the assembly in the Windows Registry. Answer C is incorrect because the COM applications that use the components are already compiled and do not require type libraries to support early binding. Answer D is incorrect because you do not need to use a COM DLL in a .NET application. Answer F is incorrect because shared assemblies should be deployed in the GAC. When an assembly is registered in the Windows Registry, COM applications can locate shared assemblies from the GAC. |
| |
| A28: | The correct answer is D. The DataView class represents a data-bindable, customized view of a data table, which is optimized for sorting, filtering, searching, editing, and navigation. Answers A and C are incorrect because they involve additional programming. Answer B is incorrect because it impacts SQL Server database with additional hits. |
| |
| A29: | The correct answer is D. Using the same connection string enables ADO.NET to reuse existing pooled database connections instead of creating new ones. This improves performance because creating a new database connection is a costly operation. Answer B is incorrect because another application that uses the same database is already performing well. Answer C is incorrect because if different connection strings are used, each request for the connection will create a new connection pool; therefore, increasing the maximum size of the pool will not matter. Answer A is incorrect because users are facing slow performance consistently, not just during the first execution. |
| |
| A30: | The correct answer is D. When you set the XmlWriteMode parameter of the DataSet.WriteXml() method to DiffGram, the output contains both original and current values. Answer A is incorrect because the DataSet.WriteXmlSchema() method writes the DataSet structure as an XML Schema instead of writing XML data. Answers B and C are incorrect because although the DataSet.WriteXml() method writes the DataSet as an XML file, setting the XmlWriteMode parameter to IgnoreSchema or WriteSchema writes only the current value of the data to the XML file. |
| |
| A31: | The correct answer is B. IsolationLevel.Serializable places a range lock on the database, preventing other users from updating or inserting rows into the database until the transaction is complete. Answer A is incorrect because IsolationLevel.ReadCommitted holds a lock while the data is being read, but data can be changed before the transaction is complete. Answers C and D are incorrect because the BeginTransaction() method should be called on the SqlConnection object rather than the SqlCommand object. |
| |
| A32: | The correct answers are D and E. Strings in Visual C# .NET are immutable, so concatenating multiple values into a string requires deleting and re-creating the string many times. The StringBuilder object is optimized for changing textual data. The GetString() method should be used rather than the GetValue() method to retrieve data because the typed methods are faster than the GetValue() method. Answer A is incorrect because stored procedures have much higher performance as compared to SQL statements. Answer B is incorrect because for a forward-only, read-only operation, SqlDataReader object provides the best performance. Answer C is incorrect because the while loop is faster than the foreach loop. |
| |
| A33: | The correct answer is A. You can have only a single SqlDataReader object open on a single SqlConnection object. If you need a second SqlDataReader object, you must open a second SqlConnection object. Answers B and C are incorrect because these options suggest an alternative approach rather than pointing to the cause of the error. Answer D is incorrect because you want to retrieve multiple values from the database, and the ExecuteScalar() method retrieves only the first column of the first row in the result set. |
| |
| A34: | The correct answers are A and C. XPath node numbering is 1-based. The expression /Orders/Order[1]/Part[2] explicitly selects the second <Part> element under the first <Order> element. The expression (/Orders/Order/Part)[2] selects the second <Part> element in the entire file, which happens to be under the first <Order> element in this case. The parentheses are necessary because the square bracket operator normally takes precedence over the path operators. Answers B and D are incorrect because XML nodes in XPath expressions are 1-based instead of 0-based. |
| |
| A35: | The correct answer is C. Calling the GetChanges() method of a DataSet returns a new DataSet that contains only records that have been changed. Answer A is incorrect because the DataSet.Clone() method copies the structure of the DataSet but does not copy any data. Answer B is incorrect because the DataSet.Copy() method copies all the data instead of only the changed data. Answer D is incorrect because you do not want to merge two DataSet objects. |
| |
| A36: | The correct answer is C. To create a connection string for a SqlConnection object that uses Windows Integrated authentication, you need to specify the data source and the initial catalog, and indicate that it is a secure connection. You can indicate that it is a secure connection by setting the Trusted_Connection or Integrated Security parameters to true or sspi. Answers A and B are incorrect because you do not specify the provider in the connection string when connecting through the SqlConnection object. Answer D is incorrect because you need to use Windows authentication instead of SQL Server authentication. |
| |
| A37: | The correct answers are B and C. To return a single value from the database, you should use the ExecuteScalar() method of the OleDbCommand object. The ExecuteScalar() method executes the query and retrieves the first column of the first row of the resultset. You should always prefer to use stored procedures rather than the ad hoc SQL statements for speedy delivery. Answer A is incorrect because it uses SQL query rather than the stored procedure. Answers D and E are incorrect because these solutions involve extra overhead when only a single value needs to be returned from the database. |
| |
| A38: | The correct answer is B. The classes in the System.Data.SqlClient namespace provide the best performance when working with SQL Server data because these classes can communicate with the SQL Server database directly using the SQL Server tabular data stream (TDS) packets. Answer A is not correct because the classes in the System.Data.OleDb namespace call a set of COM components (an OLE DB provider), which constructs the TDS packets to communicate with the SQL Server. Answer C is not correct because XML Web services will have a lot of additional overhead when compared to a direct connection to the SQL Server database. Answer D is not correct because calling COM components involves an extra COM-Interop layer and slows down the operation. |
| |
| A39: | The correct answer is A. The PrimaryKey property of the DataTable object specifies an array of column(s) that functions as primary keys for the data table. Answer B is not correct because the data type of the PrimaryKey property is not a String. Answer C is not correct because the PrimaryKey property accepts an array of DataColumn objects that does not provide any Add method. Answer D is not correct because even if the PrimaryKey is a single column, an array of DataColumn must be used with the PrimaryKey property. |
| |
| A40: | The correct answer is C. SQL Server uses single quotes to delimit date values. The original SQL did not return an error because SQL Server treated the date as a mathematical operation involving two divisions and silently converted the result into a date. Therefore answers A, B, and D are simply incorrect. |
| |
| A41: | The correct answer is A. The XmlTextWriter object is especially designed to write XML files. Answers B, C, D, and E are not correct because when you use these objects, you must write additional code for writing the XML structure. |
| |
| A42: | The correct answer is B. When an application calls the Update() method, the SqlDataAdapter object examines the RowState property and executes the required InsertCommand, UpdateCommand, or DeleteCommand statements iteratively for each row of the data. After the changes are written to the database, you need to call the DataTable.AcceptChanges() method to remove the deleted rows, and set the RowState property of the added and modified rows to Unchanged. Answer A is not correct because if you first call the AcceptChanges() method, the RowState for all the added and modified rows will be marked Unchanged and all the deleted rows will be removed. Later, when you call the Update() method, the SqlDataAdapter object will not be able to update the database because the RowState property of the rows will be Unchanged. Answers C and D are not correct because the Reset() method restores the DataTable to its original state, and the updates made to the table are lost in the DataTable object. |
| |
| A43: | The correct answer is C. The XmlTextReader is optimized for forward-only, read-only processing of an XML file. Answer A is incorrect because although XPathNavigator provides you with read-only, random access to XML documents, it loads the entire DOM representation of the XML document into memory. Answer B is incorrect because you cannot use the XmlReader class directly in an actual implementation because the XmlReader class is an abstract class. Answer D is incorrect because an XPathExpression class represents a precompiled XPath expression rather than the XML document. |
| |
| A44: | The correct answer is C. The DataSet object and the XmlDataDocument object are two views of the same data in memory. The last change you make to this data will be saved, regardless of which object you used to make the change. Thus, answers A and B are incorrect. Answer D is incorrect because you can use the XmlDataDocument object to update XML data. |
| |
| A45: | The correct answer is B. You should use the XslTransform object to transform XML data using an XSLT style sheet. Answer A is incorrect because the XPathNavigator object enables you to explore the structure of the XML file. Answer C is incorrect because the XmlSchema object provides the schema definition. Answer D is incorrect because the XmlNode object represents a single node in the document. |
| |
| A46: | The correct answers are A and D. The Debug and Trace classes share the same Listeners collection. Therefore, you should add a listener object either to the Trace.Listeners collection or to the Debug.Listeners collection. Answer B is incorrect because this solution generates double entries in the event log. Answer C is incorrect because the newly created listener object is not attached to the Listeners collection of the Trace and Debug classes. |
| |
| A47: | The correct answer is D. To enable tracing for a particular page, you should set the Trace attribute of the Page directive to true. Answers A and B are incorrect because the <trace> element in the web.config file enables or disables tracing for all the Web pages of the application rather than just a single page. Answer C is incorrect because the enabled attribute takes a Boolean value rather than name of the Web page. Answer E is incorrect because it disables tracing for the Web page. |
| |
| A48: | The correct answer is D. The Merge Module projects allow you to create reusable setup components by packaging all the required files, resources, Registry entries, and setup logic necessary to install a component. Answer A is incorrect because the Cab project creates a cabinet file for downloading from a Web browser. Answer B is incorrect because the Setup project creates an installer for a Web application. Answer C is incorrect because the Web Setup project creates an installer for a Web application. |
| |
| A49: | The correct answer is A. You can use the Custom Actions editor to take custom actions such as database installation during application setup. If you have an installer class or program that can create a database, you must override the Install() method of the base class and add the installer program to the Install node of the Custom Actions Editor. Answer B is incorrect because the Launch Conditions Editor is used to specify the prerequisite conditions that must be met to successfully run an installation; it cannot be used to execute custom actions. Answer C is incorrect because the File System Editor provides only a mapping of the file system on the target machine and allows you to place files or folders on specific locations on the target machine. However, the File System Editor cannot be used to execute code to create the database. Answer D is incorrect because the User Interface Editor allows you to customize the user interface displayed during the installation process. |
| |
| A50: | The correct answer is E. When you enable impersonation, providing a name and password for impersonation, any authenticated user takes on the credentials of the specified account for purposes of authorizing resources. Answer A is incorrect because the name and password that ASP.NET will use to authorize resources is already defined by the <identity> element. Answer B is incorrect because the ASPNET account is used by ASP.NET for requests if impersonation is enabled and ASP.NET runs under a low-privilege account. Answer C is incorrect because the SYSTEM account is used by ASP.NET for requests if impersonation is enabled and ASP.NET runs under a high-privilege account. Answer D is incorrect because the IUSR_ComputerName account, the identity of the IIS, will be used by the ASP.NET to make requests if the application allows anonymous access. |
| |
| A51: | The correct answer is D. Answer D is correct. Installing a Windows service requires communicating with the Service Control Manager (SCM). Of the listed tools, only installutil can communicate with the SCM to install a new service. Therefore, answers A, B, and C are incorrect. |
| |
| A52: | The correct answer is C. Breakpoints are invoked only when the project's configuration is in debug mode. Answer A is incorrect because the Exceptions dialog box is used to configure the breakpoint only in case of an exception. Answer B is incorrect because when you place a breakpoint, it is enabled by default. Answer D is incorrect because the project's configuration should be Debug instead of Release for debugging to occur (breakpoints to be executed). |
| |
| A53: | The correct answer is C. The TraceContext class is responsible for providing detailed timing and other information in the browser window when you activate ASP.NET tracing. Answers A and B are incorrect because the Debug and Trace classes can be used to display messages about a program's execution, but these classes do not provide timing information. Answer D is incorrect because Page class cannot provide timing information for the events on the Web page. |
| |
| A54: | The correct answer is B. You can step into a stored procedure execution directly from within Visual Studio .NET. Answer A is incorrect because the Tools, Debug Processes menu item is useful for debugging running processes, not the stored procedures. Answer C is incorrect because this option takes more time and effort. Answer D is incorrect because the Debug.WriteLine() method cannot directly access the stored procedure values. |
| |
| A55: | The correct answers are A and E. You need to sign a shared assembly with the strong name and then install the assembly in the Global Assembly Cache. Answer B is incorrect because you use sn.exe instead of signcode.exe to sign an assembly with a strong name. Answer C is incorrect because the Windows system directory does not allow multiple versions of an assembly to be maintained. Answer D is incorrect because an assembly that needs to be shared by multiple applications should be stored in a common place such as the GAC rather than the bin directory of the Web application. Furthermore, multiple versions of the assembly can be placed only in the GAC. |
| |
| A56: | The correct answer is C. Because the components are being used among several games published by your company, they are good candidates to be placed in the Global Assembly Cache of the target machine. Before a component can be placed in the GAC, however, it must be signed using a Strong Name Tool (sn.exe). Your company is also deploying software over the Internet; in this case, it is a good idea to digitally sign your code with a software publisher's certificate obtained by a respected certification authority. After you obtain the certificate, you can use signcode.exe to sign your component. When you are using both sn.exe and signcode.exe with your assembly, you must always use sn.exe before using signcode.exe. Answers A and B are incorrect because you need to use both tools instead of just one of them. Answer D is incorrect because sn.exe must be used before signcode.exe. |
| |
| A57: | The correct answer is C. The applications always bind to the assemblies with which they are compiled. If you want to execute a new version of the assembly, the applications either should recompile the application with the new version of the assembly or should modify the application configuration file to redirect to a new version of the assembly. Therefore answers A, B, and D are incorrect. |
| |
| A58: | The correct answer is D. You can store your custom settings in the <appSettings> element of the application configuration file. The .NET Framework provides the AppSettings property of the System.Configuration.ConfigurationSettings class to access the value of the custom key added to the <appSettings> element. Answer A is incorrect because asking the user to modify the Windows Registry might have undesirable effects. Answers B and C are incorrect because they involve writing additional code. |
| |
| A59: | The correct answer is A. Passport authentication enables users to be authenticated with a strong identity using any browser or version. Answer B is incorrect because Basic IIS authentication does not securely encrypt passwords. Answers C and D are incorrect because Digest and Windows Integrated authentication require Internet Explorer as the browser. |
| |
| A60: | The correct answers are A and C. You should deny all unauthenticated users with the ? wildcard character at the application level so that only authenticated users can access the application. In the web.config file of the Accounting directory, you should allow only members of the Accounting role and deny all other users (authenticated as well as unauthenticated) with the * wildcard character. Answer B is incorrect because you should disallow all unauthenticated users. The roles attribute should not contain wildcard characters; it should contain only the names of the Windows roles separated by a comma. Answer D is incorrect because the <deny> element denies only unauthenticated users and provides the access to the authenticated users. |
| |
| A61: | Answer D is correct. To debug a serviced component that is a server application, you should place breakpoints in the serviced component code and attach a debugger to the dllhost.exe process in which the desired serviced component is running. Answer A is incorrect because you need to execute the serviced component code by running the client application. Answer B is incorrect because setting a breakpoint in the client code debugs only the client application; it does not step into the code of the serviced component. Answer C is incorrect because if the serviced component is a server application, the serviced component runs in a separate process called dllhost.exe. |
| |
| A62: | Answer B is correct. If you attempt to write an event log entry to a log that you have not yet created, the .NET Framework automatically creates the appropriate source. Calling the CreateEventSource() method is optional, thus making answers A, C, and D incorrect. |
| |
| A63: | Answer C is correct. The SecurityAction.RequestOptional action is used to request additional permissions that are optional. Answer A is incorrect because SecurityAction.RequestMinimum requests the minimum permissions required for code to run. Answer B is incorrect because SecurityAction.Demand requires all callers higher in the call stack to have been granted the permission specified by the current permission object. Answer D is incorrect because SecurityAction.RequestRefuse is used to refuse those requests that might be misused. |
| |
| A64: | Answer B is correct. Declarative code access security can handle only scenarios in which you know the details at design time. If the security requirements are finalized at runtime, you must use imperative security. Answers A, C, and D are incorrect because the details for verifying security are known at design time. |
| |
| A65: | Answer B is correct. The RemoteServices assembly is a member of code groups that belong to three different levels: enterprise, machine, and user. Within a level, the permission set granted to an assembly is the union of all the permission sets of code groups to which the assembly belongs. Therefore, at the enterprise level, the RemoteServices assembly gets the FullTrust permission set; at the machine level, the RemoteServices assembly gets the LocalIntranet (union of LocalIntranet and Nothing) permission set; and at the user level, the RemoteServices assembly gets the Internet permission set. Across levels, the permission set granted to an assembly is the intersection of all the permission sets of the levels. Therefore, as the intersection of the FullTrust, LocalIntranet, and Internet permission sets, the Internet permission set is assigned to the assembly, thus making answers A, C, and D incorrect. |
