Pass4side Microsoft 70-330 Q&A
1. You are an application developer for your company. You develop an application that uses an external class library. You run the Permissions View tool on the class library and receive the following output.Microsoft (R) .NET Framework Permission Request Viewer. Version 1.1.4322.573Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.minimal permission set: <PermissionSet class=”System.Security.PermissionSet” version=”1″><IPermission class=”System.Security.Permissions.ReflectionPermission,
mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″version=”1″ Flags=”ReflectionEmit”/>
<IPermission class=”System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ version=”1″ Flags=”SerializationFormatter”/>
</PermissionSet> optional permission set:<PermissionSet class=”System.Security.PermissionSet”
version=”1″ Unrestricted=”true”/> refused permission set:
Not specified You need to add corresponding attributes in your application. Which code segment should you use?
A. <Assembly: ReflectionPermission(SecurityAction.RequestRefuse, _ ReflectionEmit:=False), _ Assembly: SecurityPermission(SecurityAction.RequestRefuse, _ SerializationFormatter:=False), _ Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
B. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=False), _ Assembly: SecurityPermission(SecurityAction.RequestRefuse, _ SerializationFormatter:=False), _ Assembly: PermissionSetAttribute(SecurityAction.RequestRefuse, Unrestricted:=True)>
C. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=False), _ Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=False), _ Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
D. <Assembly: ReflectionPermission(SecurityAction.RequestMinimum, _ ReflectionEmit:=True), _ Assembly: SecurityPermission(SecurityAction.RequestMinimum, _ SerializationFormatter:=True), _ Assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted:=True)>
Answer: D
2. You are an application developer for your company. You create a Web application that is used by all users in the company. The application is hosted on the intranet Web server, which is named WebServer. WebServer has IIS 5.0 installed. The Web application is configured to use Integrated Windows authentication. The Web.config file specifies that the authentication mode is set to Windows.
The application connects to a Microsoft SQL Server database named DataStore. The database is located on WebServer. The SQL Server computer is configured with SQL Server logins disabled. The database connection code is shown in the following code segment.
Dim myConnStr As String myConnStr = “Initial Catalog=”"DataStore”";” myConnStr = myConnStr & “Data Source=localhost;Integrated Security=SSPI;” Dim myConn As New SqlConnection(myConnStr) Dim myInsert As String
myInsert = “INSERT INTO Customer (CustomerID, Name) Values(’123′, ‘John Doe’)” Dim myCmd As New SqlCommand(myInsert) myCmd.Connection=myConn myConn.Open() myCmd.ExecuteNonQuery() myCmd.Connection.Close() When you run the application by using Microsoft Internet Explorer, you receive an error message that reads in part: “Login failed for user WebServer\ASPNET.” You need to ensure that the application can run successfully without prompting the user for a user name and password. What should you do?
A. Change the authentication mode in IIS to basic authentication. Update the connection string.
B. Change the authentication mode in IIS to Anonymous and supply a login ID and password for a SQL Server login account that has access to the database. Update the connection string.
C. Enable Integrated Windows authentication in Internet Explorer.
D. Enable impersonation in the Web.config file.
Answer: D
3. You are an application developer for your company. You are developing a Windows Forms application. You deploy a
supporting assembly named MyAssembly.dll to the global assembly cache. During testing, you discover that theapplication is prevented from accessing MyAssembly.dll. You need to ensure that the application can access MyAssembly.dll. What should you do?
A. Digitally sign the application by using a digital certificate.
B. Run the caspol.exe -s on command from the command line.
C. Run the Assembly Linker to link MyAssembly.dll to the application.
D. Modify the security policy to grant the application the FullTrust permission.
Answer: D
4. You are an application developer for your company. You maintain a Windows Forms application. Data entry logic for the application is enforced by the user interface layer. The application contains assemblies that communicate data changes to the database. The application also contains assemblies that implement business logic. You create a new assembly named NewAssembly, which is called from the user interface. Values are passed to NewAssembly, which performs calculations by using the data. NewAssembly calls a separate assembly to store the resulting data in a database. You need to perform unit testing on the application to identify security vulnerabilities caused by unanticipated use of the application. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Test the application by calling NewAssembly directly.
B. Test the application to verify whether it performs to the original functional specifications.
C. Test the application by using a domain administrator account.
D. Test the application by using the account of a user who should not have access to the application.
Answer: AD
5. You are an application developer for your company. You are testing an application that was developed by another developer. The application maintains its own list of authorized users. Each user is assigned a security level of 1, 2, or 3. When a new user account is created, the security level for that user is entered into a text box. The new user account information is saved in a Microsoft SQL Server table by using a stored procedure. You verify that user accounts that have any of the three security levels can perform only the intended actions within the application. You need to identify any security vulnerabilities in the portion of the application that creates new user accounts. What should you do first?
A. Use SQL Query Analyzer to create a new user account that has a security level of 2. Test the application to see if the new user account can log on to the application.
B. Create a new user account that has a security level other than 1, 2, or 3. Test the application to see what the new user account can do.
C. Use Osql.exe to call the stored procedure and create a new user account that has a security level of 3. Test the application to see what the new user account can do.
D. Create a new user account that has a security level of 3. Test the application to see what the new user account can do.
Answer: B
