| Question 1 | Your application requires permission to read environment variables and to properly prompt users with the Open File dialog box. Which .NET security features should you use to ensure that your code has these capabilities? A. Encryption B. Authentication C. Code access security D. Role-based security
|
| A1: | Answer C is correct. The CLR uses code access security to determine whether particular permissions should be available to the code under execution. Answer A is incorrect because encryption is just a process of converting plain text to a coded message. Encryption does not check whether code has a particular privilege needed to accomplish a task. Answer B is incorrect because authentication establishes the identity of the current user. Answer D is incorrect because role-based security determines the permissions of the user rather than of the code. |
| Question 2 | Assembly A is a member of the following code groups (and only the following code groups): Level | Code Group | Permission Set | Exclusive | LevelFinal |
|---|
Enterprise | All Code | Everything | No | No | Enterprise | Company Code | LocalIntranet | No | No | Enterprise | Restricted Code | Internet | No | No | Enterprise | Restricted Components | Nothing | No | No |
What permission does the CLR assign to Assembly A? A. Everything B. LocalIntranet C. Internet D. Nothing
|
| A2: | Answer A is correct. Within a level, the permission set granted to an assembly is the union of all the permission sets of code groups on that level to which the assembly belongs. Answers B, C, and D are incorrect because those permission sets are more restrictive than Everything. |
| Question 3 | Assembly B is a member of the following code groups (and only the following code groups): Level | Code Group | Permission Set | Exclusive | LevelFinal |
|---|
Enterprise | All Code | Everything | No | No | Enterprise | Company Code | LocalIntranet | No | No | Machine | Restricted Code | Internet | No | No | User | Restricted Components | Nothing | No | No |
What permission does the CLR assign to Assembly B? A. Everything B. LocalIntranet C. Internet D. Nothing
|
| A3: | Answer D is correct. Across levels, the permission set granted to an assembly is the intersection of all the permission sets of the levels. Because the user level grants no permissions to Assembly B, Assembly B gets no permissions from the common language runtime. Answers A, B, and C are incorrect because those permission sets are less restrictive than Nothing. |
| Question 4 | Assembly C is a member of the following code groups (and only the following code groups): Level | Code Group | Permission Set | Exclusive | LevelFinal |
|---|
Enterprise | All Code | Everything | No | No | Enterprise | Company Code | LocalIntranet | Yes | No | Machine | Restricted Code | Internet | No | No | User | Restricted Components | Nothing | No | No |
What permission does the CLR assign to Assembly C? A. Everything B. LocalIntranet C. Internet D. Nothing
|
| A4: | Answer B is correct. The Company Code code group is marked as an exclusive code group, so only its permission set is taken into account when determining the permission set for the assembly. Answers A, C, and D are incorrect because these groups are not considered in this case. |
| Question 5 | Assembly D is a member of the following code groups (and only the following code groups): Level | Code Group | Permission Set | Exclusive | LevelFinal |
|---|
Enterprise | All Code | Everything | No | No | Enterprise | Company Code | LocalIntranet | No | Yes | Machine | Restricted Code | Internet | No | No | User | Restricted Components | Nothing | No | No |
What permission does the common language runtime assign to Assembly D? A. Everything B. LocalIntranet C. Internet D. Nothing
|
| A5: | Answer A is correct. When an assembly is a member of a code group marked with the LevelFinal property, the CLR does not consider code groups below that level when determining the permissions of the code. In this case, that leaves the two code groups on the Enterprise level, and the final permissions are the union (the least-restrictive combination) of those two groups. Answer B is incorrect because LocalIntranet is more restrictive than Everything. Answers C and D are incorrect because these permissions come from levels below the Enterprise level. |
| Question 6 | Your application requires the user to be in the Developers group to activate certain functions. Which .NET security feature should you use to ensure that the user is in this group? A. Code access security B. Role-based security C. Encryption D. Authentication
|
| A6: | Answer B is correct. The CLR uses role-based security to determine whether a user has permissions available to execute a piece of code. Answer A is incorrect because code-based security determines that the code under execution has permission to perform particular operations. Code-access security does not check for user permissions. Answer C is incorrect because encryption is just the process of converting plain text to a coded message. Encryption does not check whether code has a particular privilege needed to accomplish a task. Answer D is incorrect because authentication establishes the identity of the current user. You still need to authorize the user to establish the available permissions. |
| Question 7 | Your code will be called from the Internet, and you want to minimize the chance that it can do unintentional damage to the local computer. As a result, you want to ensure that your code is not granted Registry permissions. Which SecurityAction action should you use with the FileIOPermissionAttribute declaration? A. SecurityAction.Demand B. SecurityAction.RequestRefuse C. SecurityAction.RequestMinimum D. SecurityAction.RequestOptional
|
| A7: | Answer B is correct. SecurityAction.RequestRefuse tells the CLR that your assembly does not want to be granted the specified permission. Answer A is incorrect because a demand request demands permissions of the code that calls your code. Answer C is incorrect because when you make a minimum permissions request, you get at least the permissions you asked for, if permissions can be assigned at all. Answer D is incorrect because an optional permissions request assigns only the requested permissions. |
| Question 8 | Your ASP.NET application contains this setting in the web.config file: <identity impersonate="true" userName="MAIN\Charles" password="CharlesPassword"/> You are allowing only Digest or Windows Integrated authentication in IIS. What identity will ASP.NET use to authorize resources if a user with the Windows account Fred in the MAIN domain logs in? A. ASPNET B. MAIN\Charles C. MAIN\Fred D. IUSR_ComputerName
|
| A8: | Answer B is correct. If you specify an account name in the identity element and impersonate is set to true, that account is used to impersonate all authenticated users. Answers A, C, and D are incorrect because they refer to other identities. |
| Question 9 | Which of these tasks requires you to use imperative security instead of declarative security? A. Ensuring that your application has access to a specific key in the Windows Registry B. Ensuring that your application can open a particular file whose name is specified by a configuration file that can be edited at runtime C. Ensuring that your application has access to a specific environment variable whose name is known at design time D. Ensuring that your application has access to SQL Server databases
|
| A9: | Answer B is correct. You must use imperative security to check access to resources whose names are not known until runtime. Answers A, C, and D are incorrect because the fact that access to these resources is needed is known at design time. These options are good candidates for declarative security. |
| Question 10 | You have created a Windows service that collects event log information from various computers around the network and then consolidates this information into a local disk file. The service does not need system-level privileges on the local computer, but it must be capable of authenticating to the remote computers. You run the Windows service on a Windows XP Professional machine. Which security context should you use for this service? A. User B. LocalSystem C. LocalService D. NetworkService
|
| A10: | Answer D is correct. The NetworkService account presents the computer's credentials to the remote computers. Answer A is incorrect because a properly configured user account could work in this scenario, but there's no need to create a user account when one of the built-in accounts will work fine. Answer B is incorrect because the LocalSystem account has more privileges than you need in the given scenario. Answer C is incorrect because the LocalService account presents anonymous credentials to the remote computers. |
