Review Questions | MCAD/MCSD: Visual Basic .NET XML Web Services and Server Components Study Guide

1.	You create a .NET Remoting object named Account that exposes a client’s financial information. The business requirements state that you must ensure that this confidential data is secure. Your design calls for client applications to connect to Account over a secure communication channel. You need the application to perform as well as possible. You also want to accomplish this task by writing the minimum amount of code. What should you do? Install Account in an Internet Information Services (IIS) virtual directory called VAccount. Configure Account to use an HttpChannel and a SoapFormatter. Configure IIS to use SSL. Enable SSL on VAccount. Create a Windows service to host the application. Configure Account to use an HttpChannel and a BinaryFormatter. Use a CryptoStream object to encrypt the content traveling over the wire. Install Account in an Internet Information Services (IIS) virtual directory called VAccount. Configure Account to use an HttpChannel and a BinaryFormatter. Configure IIS to use SSL. Enable SSL on VAccount. Create a Windows service to host the application. Configure Account to use an HttpChannel and a SoapFormatter. Use a CryptoStream object to encrypt the content traveling over the wire.
2.	You create three Windows services named MyServiceA, MyServiceB, and MyServiceC. You want to install all three services on a computer named Server1 by using the .NET Installer utility (InstallUtil.exe). You open a Visual Studio .NET command prompt and run the following command: installutil.exe MyServiceA MyServiceB MyServiceC During the installation process, MyServiceC throws an installation error and then the installation process completes. How many of the three services are now installed on Server1? None One Two Three
3.	You create a COM+ application named Goals by using Visual Basic .NET. Goals consists of a serious of components used to track incentive compensation for a sales staff of over 500 people in your company. You need to deploy the application to a number of regional servers that the sales staff will connect to from their Goals client and from another sales client application on their workstations and laptops to track how they are doing in meeting goals and to update information used by Goals to track progress to incentives. The business people can also use Goals from their client application to run “what if” scenarios for various incentive programs. The clients run on a variety of Windows platforms, including Windows 98 and Windows NT Workstation. Each client needs to connect to the server in their region because of bandwidth requirements for the application. What should you do to deploy the application? (Choose the best answer.) Generate an application proxy Windows Installer file by using the Component Services tool. On install, you will be prompted for the server name you need to connect to. Enter the server name for the region that the salesperson or manager is in. Generate an application proxy Windows Installer file by using the Component Services tool. Generate an install script for each location that uses the Windows Installer executable (msiexec.exe) with the installation option of REMOTESERVERNAME set to the name of the server that is in their region. Create a custom install script that uses the configuration classes in the System.EnterpriseServices namespace to set all the properties (including the server to connect to), create the necessary Registry entries, and register the components. Upgrade the Windows 98 and Windows NT Workstation computers because they cannot run COM+ applications. Generate an application proxy Windows Installer file by using the Component Services tool. Generate an install script for each location that uses the Windows Installer executable (msiexec.exe) with the installation option of REMOTESERVERNAME set to the name of the server that is in their region.
4.	You create a serviced component named MyApp that uses attributes contained in the source to dynamically register itself for COM+ services. MyApp uses transactions and role-based security. All the settings for MyApp, including the application identity, are currently configured properly on the development computer. MyApp is compiled into an assembly file named MyAssembly.dll. You need to give MyApp to the administrator for installation into the production environment. You want all the COM+ configuration information for MyApp to be installed on the production computers. What should you do? (Choose the best answer.) Provide to the administrator the MyAssembly.dll file. Provide instructions to the administrator on how to use the Component Services tool to create the application with the correct settings. Provide to the administrator the MyAssembly.dll file. Instruct the administrator to install it in the global assembly cache. Use the Component Services tool to export MyApp to an MSI file. Provide the administrator the MSI file with instructions to run the installer. Provide the administrator the MyAssembly.dll file. Instruct the administrator to use the .NET Services Installation tool (regsvcs.exe) to install MyApp.
5.	You are working for a financial planning company. You create a serviced component named Portfolio that provides access to a client’s portfolio. You declaratively secure Portfolio by using COM+ role-based security. You must ensure that security checks are enforced, and the component must not execute if an administrator turns off security for the COM+ application. Which of the following should you do? To the project source code, add the following: <Assembly: ApplicationAccessLevelControl _ (AccessChecksLevelOption.ApplicationComponent)> Add the following attribute just before each method: <ApplicationAccessLevelControl _ (AccessChecksLevelOption.ApplicationComponent)> Add the following code in each method: If Not ContextUtil.IsSecurityEnabled Then Throw New SecurityException ("The Portfolio" &_ object requires that security is enabled.") End If Add the following code just before each method: If Not ContextUtil.IsSecurityEnabled Then ContextUtil.SetAbort End If
6.	You created and tested a new serviced component named UsefulThing that will be distributed to your customers through a Windows Installer package. This package will register the component in the global assembly cache on each customer’s computer. You know that you will be providing future updates to UsefulThing. You will provide these updates to your customers. All updates to UsefulThing will be backward compatible. You will create Windows Installer packages for each update of UsefulThing that will register the updated assembly in the global assembly cache. Which action should you take? (Choose all that apply.) Sign UsefulThing by using a strong name. Compile UsefulThing as a satellite assembly. Add Registry entries to the setup project for the Windows Installer package to update the version of UsefulThing. Increment the assembly version for each update of UsefulThing. Include a version.config file. Increment the assembly version for each update of UsefulThing.
7.	You need to deploy a serviced component named ClientPortfolio. This component will look up financial information for the company’s financial planning application. You want to configure the COM+ application running the component to run under a user account called PortfolioAcct. This is a restricted account to maximize the security of the application. Which of the following should you do? Implement the ISecurityIdentity interface. Override the UserName and Password properties. Use the Component Services tool to set the Identity property of the COM+ application to RemoteUser. Add the following attributes to the AssemblyInfo.vb file: <assembly: ApplicationAccessControl(ImpersonationLevel = _ ImpersonationLevelOption.Impersonate)> <assembly: SecurityAccount("PortfolioAcct")> Add the following attributes to the AssemblyInfo.vb file: <assembly: Impersonate("PortfolioAcct", Password="p@ssw0rd")>
8.	You create version 1.0.0.0 of an assembly named Bank. This assembly contains two .NET Remoting objects called Deposit and Withdrawal. You register the assembly in the global assembly cache and configure the Remoting objects in the Bank.config file. You install it on the testing server of your company. You create a Windows application named TestClient on your workstation (which is a different computer than the testing server). TestClient references version 1.0.0.0 of Bank. TestClient is used to test all the functionality of the Deposit and Withdrawal objects. After successful testing, you release Bank to your customers. Later, you uncover some issues with the Bank assembly and must update it. You create version 2.0.0.0 of Bank, which is backward compatible, but you do not update any information in the TestClient.config file of Assembly. You register version 2.0.0.0 of Bank in the global assembly cache. Which version of Deposit and Withdrawal will TestClient use? Version 1.0.0.0 of Deposit; version 1.0.0.0 of Withdrawal. Version 1.0.0.0 of Deposit; version 2.0.0.0 of Withdrawal. Version 2.0.0.0 of Deposit; version 1.0.0.0 of Withdrawal. Version 2.0.0.0 of Deposit; version 2.0.0.0 of Withdrawal.
9.	You create a serviced component. You need to ensure that the component can be accessed only by members in the AuthorizedUsers role. Which two attributes should you add to the component? (Choose two.) <ComponentAccessControl> <Transaction(TransactionOption.Required)> <IsCallerInRole("AuthorizedUsers")> <SecurityRole("AuthorizedUsers", false)>
10.	You create one assembly that contains a number of serviced components. You are required to secure the assembly based on a number of COM+ roles. You need to ensure that role-based security is enforced in the assembly by using a directive in your source code. Which attribute should you use? <assembly: SecurityRoleLevel(SecurityAction.Assembly)> <assembly: SecurityLevel("Assembly")> <assembly: ApplicationAccessControl(AccessChecksLevel = AccessChecksLevelOption.ApplicationComponent)> <assembly: ApplicationActivation(ActivationOption.Server)>
11.	You need to install a .NET serviced component in such a fashion that it can be shared by multiple applications deployed by different developers at different times. Where should you deploy the serviced component? The Windows directory (for example C:\Windows) The System32 directory (for example C:\Windows\System32) The global assembly cache A shared directory on the network
12.	Jennifer creates a .NET Remoting object named Employee. This object enables client applications (both Windows and Web forms) to access employee information contained in the company’s HR application. As part of the requirements for the object, she needs to ensure that the client applications are securely authenticated before they can access the Employee object. She does not have much time left to deliver this component and would like to write the minimum amount of code. What should she do? Write code to use the Credential cache object and other objects to authenticate the client with the remote object. Host the Employee object in an Internet Information Services (IIS) virtual directory. Enable Basic authentication on the directory. Host the Employee object in an Internet Information Services (IIS) virtual directory. Enable Windows authentication on the directory. Use an HttpChannel and a SoapFormatter for the Employee object.
13.	You are building a payroll application. You create an application called PayrollServer.exe. This server loads various .NET Remoting objects that are contained in the assembly file named PayrollBL.dll. The application is configured as a client-activated object and is configured to use the HttpChannel with the SoapFormatter in the configuration file PayrollServer.exe.config. You deploy the application, but users complain that the application doesn’t work some of the time. Upon further investigation, you determine that the application quits working when the server is rebooted. You need to fix the problem. What should you do? Install PayrollBL.dll in the global assembly cache on the server. Configure the server to run PayrollServer.exe whenever it is restarted. Register the PayrollBL.dll assembly in the Registry with regasm.exe. Register the PayrollBL.dll assembly in the Registry with regsvr32.exe.
14.	How can you turn off an installer in a Windows service application? Set the RunInstaller attribute for the installer class to False as follows; then recompile the class: <RunInstaller(False)> Public Class ProjectInstaller Set the RunInstaller attribute for the installer class to True as follows; then recompile the class: <RunInstaller(True)> Public Class ProjectInstaller Set the DoInstaller attribute for the installer class to False as follows; then recompile the class: <DoInstaller(False)> Public Class ProjectInstaller Set the DoInstaller attribute for the installer class to True as follows; then recompile the class: <DoInstaller(True)> Public Class ProjectInstaller
15.	You create a serviced component called MyComponent. You set the attributes correctly for dynamic registration and you try to use it logged in as Administrator, but it will not start. What other step or steps should be taken so the component can be registered? (Choose all that apply.) Register it in the Windows Registry by using regsvcs.exe. Give it a strong name. Add it to the global assembly cache. Create an application for the component by using the Component Services tool.

Answers

1.	C You want to implement the solution by using the least amount of code, so using IIS services for encryption reduces the amount of code that needs to be written. Using the BinaryFormatter will make the application perform better because the payload is more compact and the application takes less time serializing and deserializing the stream. The first answer could also be correct but it uses the SoapFormatter, which is significantly slower than the BinaryFormatter. This would be a better option if interoperability with other systems was important. The remaining answers are incorrect because they would require you to write the code for the Windows service host and the encrypting/decrypting streams from scratch (although you could potentially get better performance this way).
2.	A The .NET Installation utility (Installutil.exe) is transacted, and therefore if any part of the install fails, the whole install will fail. Because the install of MyServiceC failed, the installs of MyServiceA and MyServiceB had to be rolled back also. If you wanted to install the services without them all being in the same transaction, you would run Installutil.exe for each service.
3.	B You need to generate an application proxy that will connect to the server application. You need to make sure that the application proxy points to the correct regional server, so you need to install the application proxy and use the REMOTESERVERNAME installation option to specify the server name. Although t is true that Windows 98 and Windows NT clients cannot host COM+ applications, they can interact with the COM+ application through the use the application proxy. You will not be prompted for a server name on install, and the default will be used (which is the name of the computer where the MSI file was generated via the export). The third answer could be done but would be more work than the correct answer.
4.	C An MSI file provides the most flexibility and is the standard way to install applications on Windows. It will also contain all of the properties that are configured on the COM+ application. The last answer D could work, but it is not the best answer because it might miss some of the settings on the COM+ application (it knows only about the attributes in the source code and is not the standard way to install applications on the Windows platform). The first answer could work but would be tedious and error prone. The second answer will most likely not work because the application might not be run by a user with Administrative privileges to have it dynamically register itself, and installing in the GAC has no effect on this.
5.	C The IsSecurityEnabled method of the ContextUtil object will return False if the security of the COM+ application is turned off by an administrator. You would check the return value of this method in an If statement, and the best course of action would be to throw an exception to indicate that this is the case. The last answer aborts the current transaction but does not prevent the component from running. The other answers try to set attributes to determine whether security is enabled on the application, which is not possible to do in .NET.
6.	A, D You will need to give the assembly UsefulThing a strong name to register it in the GAC and therefore enable versioning of the component. You will then need to increment the assembly version in the manifest by using the AssemblyVersion attribute (found in the AssemblyInfo.vb file in a VB .NET project in Visual Studio .NET). You do not need to make UsefulThing a satellite assembly. Satellite assemblies contain resources only (graphics, strings of text) and are usually used to add foreign language support to an application. Versioning information is contained in the manifest, not the Registry or a separate configuration file.
7.	B You must use the Component Services tool to configure the Identity property of an application or use the COM interfaces to the COM+ catalog directly through COM interop. No attribute exists in the System.EnterpriseServices namespace that will allow you to configure the Identity property of a COM+ application. There is no interface that you can use to configure the Identity property in .NET.
8.	A You never recompiled the application or updated the configuration file of the assembly, so you will not use another version of the assembly. When you compiled the TestClient application, the version of the Bank assembly it was binding to is stored in the TestClient’s manifest.
9.	A, D You need to enable access control at the component level and then use the SecurityRole attribute to specify which role the user needs to be a member of. The second answer is incorrect because the Transaction attribute is used to specify whether this component takes place in a transaction, which has nothing to do with security roles. The third answer is not an attribute that is available.
10.	C This answer is correct because it shows the syntax for the attribute that enables assembly-level security checking. The last answer uses the attribute that sets the application to a server (out-of-process) application instead of a library (in-process) application, which is how the application is run, not secured. The remaining answers are not attributes in the .NET Framework.
11.	C The GAC is where you would install any component that needs to be shared among multiple developers and multiple applications. The GAC supports multiple versions of the same component to be installed, which aids in avoiding versioning problems with applications. Applications will use the version they were compiled against. The first and second answers indicate locations where shared COM components are installed. The last answer could work in certain circumstances (all developers work for the same company and deploy their applications in the company), but the assembly would not be versioned and users of the component would likely have versioning issues in the future.
12.	C Using IIS to host the Employee object would require writing the minimum code; the clients involve the use of Windows applications, which would be using Windows authentication. Basic authentication would require more coding to get all the clients to work with it. The last answer just describes the protocol and the format of the information sent, but does nothing to address the security concern. The first answer would work because you can programmatically control security, but would involve writing a lot more code than the IIS solution.
13.	B Because he .NET Remoting object was created as an executable, whenever the server restarted it would need to be run again. You would configure the server to log on automatically and run the PayrollServer.exe. A better configuration would be to create a service out of PayrollServer.exe.
14.	A Passing False to the installer will turn it off for the service after a recompile. The second answer would enable the installer, not disable it. The remaining answers refer to an attribute that is not in the .NET Framework.
15.	A, B Serviced components require a strong name and registration in the Registry before they can be registered in the COM+ catalog on the machine. In addition, you need a type library generated for the serviced component. These steps do not change whether the method of installation is dynamic or manual (that is, using regsvcs.exe or the Component Services tool).