Microsoft Certified Solutions Developer (MCSD) Certification exam Dumps
By Unknown - 5:56 PM
1.1
1. You are designing an application
in which a section of the main page will be populated by content from a
third-party provider. You do not have control over the responsiveness of the
client or how much information will be returned with each request. The call is
to a RESTful service and will return the information formatted in Extensible
Markup Language (XML). What is the best way to implement this application?
2.
A. Design a model that handles the data call to populate the model. Create
a partial view containing only this display area and put an asynchronous
service call that returns this model in the partial view controller.
3.
Correct: Because you do not have control over the responsiveness of the
third-party provider and you do not know how much data might be returned from
each call, you should wrap the call in the asynchronous framework. Providing
the data in a strongly-typed model gives it more flexibility than working with the
raw XML on the client side.
4. B. Put a synchronous service call
into the main page controller.
5. C. Create a partial view containing
only this display area and put a synchronous service call in the partial view
controller.
6. D. Create a partial view containing
only this display area and put an asynchronous service call in the partial view
controller.
******************************************************************************************
- You have been given requirements for a dashboard page that will contain summary information from your order processing system in a single display table. However, this summarization needs to be done by combining data requests from the order system, the shipping system, and the accounting system. The dashboard page will be the only place you use this combined data. What is the best way to implement this requirement?
- A. Make the various data requests and compile the information in the controller for display.
- B. Create an individual model for each of the data requests, and then create a view-specific model that calls those models and merges the data.
11.
Correct: You will have a better chance of code reuse if you break down the
separate calls into their own models and then create another model to pull them
together and compile them.
- C. Create a model for the summary data and handle the various data requests within that model as well as the merging of the data.
- D. Create an individual model for each of the data requests and then merge the data on the client side for display.
*********************************************************************************************
- A significant change has been requested in an application maintained within your company. The application is a classic ASP application that uses custom Open Database Connectivity (ODBC) drivers to connect to a relational data repository on a mainframe computer. The CIO decided that the company needs to replace this 30-year-old system. The team that worked on the original project is made up of developers who have never worked with an object-oriented approach before. Which approaches would be the best to use when designing your initial schema in Entity Framework? (Choose all that apply.)
- A. Create your own custom design because it’s too much work to manage an inexperienced staff.
- B. Use Code First.
- C. Use Model First.
18.
Correct: The use of the Entity Designer as an integral component in the Model
First approach will help unfamiliar users to walk through the process
- D. Use Database First.
20.
Correct: There is already a working relational database for the application,
although it is in a system that will be replaced. A port of the design should
be considered.
*******************************************************************************************
- You are designing an application that allows employees to change their human resources (HR) information, such as next of kin and direct deposit information. The requirements state
- that the application should talk directly to the HR systems’ database. However, at a recent company meeting, the CFO announced that the company will be converting to a new HR system over the next two years. They will take an additional year to move employees to the new system, one department at a time. How will this affect your design?
- A. It won’t; the requirements state that the application should talk directly to the HR systems’ database.
24.
B. You should ensure your naming
convention for the database as clearly as possible so you can rework your data
calls with minimal changes.
25.
C. You should implement the Repository pattern with the
current HR system being the first repository that is built. When the second
system comes online, you implement that data access using the same pattern.
26.
Correct: Using the Repository pattern will give you a level of abstraction into
the data layer. When you create the second data access component for the new HR
system, you can then differentiate on a user or departmental level which implementation
to use.
27.
D. You should map the model directly to
the database calls, anticipating that you will have to change the model as the
new system rolls out.
28.
1.2
1.
You are developing an application. One requirement is that
part of your data access layer needs to be available to a third party, that
wants to get this information from a REST URL in XML. Your company does not
have experience with web services, but you have several websites running
ASP.NET MVC 4. How could you design and provide these new services? (Choose all
that apply.)
2.
A. Task an individual on staff to learn
WCF, and have this individual develop and deploy these new services using WCF.
3.
B. Use the Web API to create REST services using ApiController
in which the serialization type is defined by the Accepts property
of the browser.
4.
Correct: Using the Web API is a straightforward way to present REST services.
5.
C. Build a basic ASP.NET MVC 4 project in which the view
simply passes through the information provided by the controller, and the
controller manages the code for serializing the response.
6.
Correct: Using ASP.NET MVC is another way to create a controller that will
return XML.
7.
D. Create an ASP.NET ASMX services file to
get, serialize, and return the data.
***********************************************************************************
8.
How could you traditionally consume an ASMX web service from
your application? (Choose all that apply.)
9.
A. Generate a proxy by selecting Add
Reference In Visual Studio.
10.
B. Create an HttpService and connect using Get(URL).
11.
Correct: HttpService.Get gets the output of a REST
service.
12.
C. Generate a proxy by selecting Add A Service Reference in
Visual Studio.
13.
Correct: Visual Studio creates a proxy for you from the WSDL at the site you
select.
14.
D. Create a WCF proxy class.
*****************************************************************************
15.
What are examples of hybrid applications using Windows
Azure? (Choose all that apply.)
16.
A. An application
where the local network hosts the IIS server while the database is being run
from the corporate IT office
17.
B. An application where Windows Azure is
used to host the IIS process, and Windows Azure SQL is used to store the data
18.
C. An application where the IIS process is run on a local
web server, whereas the data is stored in Windows Azure SQL
19.
Correct: Part of the application is being run in the Windows Azure environment;
the other part is being run in the corporate network environment.
20.
D. An application where the web part of the application is
run on Windows Azure, whereas the confidential data is stored in the company’s
network
21.
Correct: Part of the application is being run in the Windows Azure environment;
the other part is being run in the corporate network environment
1.3
1.
What occurs if an unhandled error is fired on a startup
task?
2.
A. The startup role consumes the error
during its load; if there is no event handler configured, it is set to Handled
as the task completes.
3.
B. The startup is cancelled and the role does not start.
4.
Correct: The task will stop processing and return a non-zero value.
5.
C. The OnStop method automatically
runs.
6.
D. The startup task goes to the lowest
security setting and continues to run, if possible.
******************************************************************************************
7.
AppCmd.exe is an application that helps you work with which
objects? (Choose all that apply.)
8.
A. Site
9.
Correct: AppCmd.exe enables the configuration of virtual sites.
10.
B. Users
11.
C. Config
12.
Correct: AppCmd.exe supports the administration of general configuration
sections.
13.
D. App
14.
Correct: AppCmd.exe manages the support of applications.
****************************************************************************************
1.
Which of the following are valid reasons for overriding the Run
method? (Choose all that apply.)
2.
A. Creating and starting a messaging service that will work
in parallel with the Web role to manage queued messages
3.
Correct: Creating and running an application in parallel is what the Run method
was designed to allow.
4.
B. Creating an always-running service that periodically
makes HTTP calls to other websites to determine their availability
5.
Correct: The polling service is a good example of an activity in which the Run
method enables a process to work independently of the main role
6.
C. Managing error handling for the
application
7.
D. Starting and supporting a logging application for use by
the Worker role
8.
Correct: Creating and running an application in parallel is what the Run method
was designed to allow.
1.4
1.
You are designing an ASP.NET MVC 4 application that uses an
Oracle database for persistence. What session configuration choices enable you
to deploy your application on a web farm? (Choose all that apply.)
2.
A. InProc
3.
B. SQLServer
4.
C. StateServer
5.
Correct: Using a shared state server across the web farm is an available option.
Using a state server designates one server to maintain state for all the
servers that connect to it.
6.
D. Custom session provider
7.
Correct: A custom session provider enables you to maintain state as necessary by
doing the work in your custom code. It is generally used when you try to use a
different RDBMS system or when you do not want to use the default session
database design.
********************************************************************************************
1.
You are creating an ASP.NET MVC 4 web application that will
be accessed by a large number of traditional consumers. If you need to be able
to access state information on the client side in JavaScript/jQuery, where can
you store it? (Choose all that apply.)
2.
A. localStorage
3.
B. QueryString
4.
Correct: Query string information is available across all browsers and
is usable on both the client and server.
5.
C. ViewState
6.
D. Cookies
7.
Correct: Cookies can be stored for a period of time on the client and be read
from either client- or server-side operations.
********************************************************************************************
8.
As you design a sessionless state management system, what do
you need to ensure that your application manages? (Choose all that apply.)
9.
A. Access to the state management system, whether it is a
database, a web service, or other type of system
10.
Correct: Your application needs to manage whatever information might be required
to access the state management system.
11.
B. The HTTP headers
12.
C. The session setting within the
Web.config file
13.
D. An identifier used by the server to identify the request
14.
Correct: Your application needs to manage the passing of the identifier between
requests.
1.5
1.
You are designing a work order management application for a
mid-size repair company. The application will be used by repair personnel in
the field on their laptops with wireless phone connections. The connections are
slow, and the laptops are several years out of date. There will never be more
than 15 users at any one time, and rarely more than 2 concurrent users. What
kind of caching will give the repair personnel a better user experience? (Choose
all that apply.)
2.
A. Page output caching
3.
Correct: Page output caching will cache content at the client side to eliminate
some of the required downloads. It is useful in a limited bandwidth
environment. It can also be used in donut hole and donut caching scenarios for
partial client-side caching.
4.
B. Application caching
5.
C. Data caching
6.
D. HTTP caching
7.
Correct: HTTP caching will help response time even though there is not much a
developer needs to do to implement the caching.
*********************************************************************************************
8.
You are creating a solution in which the majority of the
application is dynamic, but some areas can be cached for a long time. What kind
of approach would you take? (Choose all that apply.)
9.
A. Data caching
10.
B. Donut hole caching
11.
Correct: Donut hole caching provides the ability to cache parts of each page.
12.
C. Donut caching
13.
Correct: Donut caching is another approach that gives the ability to cache parts
of the application.
14.
D. Windows AppFabric caching
******************************************************************************************
15.
You are adding a reporting vertical to an enterprise
application. Many of the reports will be run every morning by a set of users.
Some of the reports will be identical as every member of a team will get the
same report sometime in the morning. What kind of caching will provide an
improvement in performance? (Choose all that apply.)
16.
A. Data caching
17.
Correct: Data caching with the appropriate timeout will enable the data needed
for the reports to be stored so that the call to the database is not necessary.
18.
B. Page output caching with a duration of
two minutes
19.
C. Page output caching with a duration of four hours
20.
Correct: A page output caching of four hours caches the output of the report for
the whole morning and should eliminate the need for the report to be run a
second time.
21.
D. Windows AppFabric caching
22.
Correct: AppFabric caching acts much like data caching to eliminate the need for
additional calls to the database to generate the reports.
1.6
1.
What is the technique in which the client sends a request to
the server, and the server holds the response until it either times out or has
information to send to the client is?
2.
A. HTTP polling
3. B. HTTP long polling
4.
Correct: In HTTP long polling, the client sends a request to the server, and the
server holds it open until it either has something to return to the client or
the connection times out.
5.
C. WebSockets
6.
D. HTTP request-response
********************************************************************************************
7.
You are building an application in which you want to display
updated information to a website every 15 minutes. What are efficient ways to
manage the update? (Choose all that apply.)
8.
A. WebSockets
9.
Correct: WebSockets can be used to pass information between the client and
server.
10.
B. HTTP polling with 1-minute intervals
11.
C. HTTP long polling
12.
D. HTTP polling with 15-minute intervals
13.
Correct: HTTP polling with 15-minute intervals is a valid way to get the information
within the required time frame.
*********************************************************************************************
14.
What is the first request sent to start HTTP polling?
15.
A. HTTP DELETE
16.
B. HTTP GET
17.
Correct: The first request to open a WebSocket connection is a standard HTTP
GET. After the request is received, the browser sends a separate upgrade
request
18.
C. HTTP CONNECT
19.
D. Upgrade request
1.7
1.
In an HTTP module, can you redirect the request to a
different handler than is in the routing table? If so, what event would you
handle?
2.
A. Yes, and you handle the PostAuthorizeRequest
event.
3.
B. No, after the request starts into the
process, it either continues through to the mapped handler or throws an error.
4.
C. Yes, and you handle the MapRequestHandler event.
5.
Correct: You handle the mapping of the request in the MapRequestHandler.
6.
D. Yes, and you handle the ReleaseRequestState
event.
*******************************************************************************************
7.
When you are creating a custom handler, what is the
parameter being passed into the ProcessRequest method?
8.
A. object, EventArgs
9.
B. HttpApplication
10.
C. HttpContext
11.
Correct: The ProcessRequest method takes the HttpContext parameter.
12.
D. Object
*******************************************************************************************
13.
What is the best way to intercept every request for an image
on your site and ensure that a watermark is added to the image?
14.
A. An HTTP module handling the AuthorizeRequest
event
15.
B. A custom HTTP handler set to handle
.htm and .html pages
16.
C. A custom HTTP handler configured to serve .png and .jpg
files
17.
Correct: Intercepting every request for .jpg and .png files is the easiest way
to consistently add watermarks to the images.
18.
D. An HTTP module handling the PostRequestHandlerExecute
event
2.1
1.
Layout.cshtml and Site.Master are the two default template
pages in ASP.NET MVC. Which of the following scenarios would best be solved
using a single layout or master template? (Choose all that apply.)
2.
A. Your application has a requirement to display a menu
section that changes based on the area of the application the user is visiting.
3.
Correct: Adding logic to the master page to determine the menu
design enables your application to display a menu section that changes based on
the area of the application the user is visiting.
4.
B. Each content area on your page needs a
header that displays the company’s branded color and contains the first 40
characters of the content area’s content followed by an ellipsis.
5.
C. You have created a set of styles, each in a different
style sheet. The styles need to be available to every page in the application.
6.
Correct: Referencing all style pages in a single place, the layout page, is an
appropriate use.
7.
D. Your application has three different
default page designs: two rows of information, two columns of information, and
three columns of information.
*********************************************************************************************
1.
You are designing a web application. You want to create a
certain look and feel while reusing styles across pages as much as possible.
How should you handle styles?
2.
A. Use only one or two styles throughout
your application to simplify maintenance.
3.
B. Use a specific (unique) style for every
element.
4.
C. Use general styles for common elements and specific
styles for elements that are unique.
5.
Correct: You should use general styles as much as possible. Achieving a certain
look and feel means that you might have to create some specific styles,
however.
6.
D. Use inline styling.
********************************************************************************************
7.
What are compelling reasons to switch from static web
content to dynamic web content? (Choose all that apply.)
8.
A. The ability to substitute a new image
for the company logo
9.
B. The ability to display information from a database
10.
Correct: Displaying data from a database is an ideal reason to use a dynamic
website.
11.
C. The ability to link to other pages
outside of your application
12.
D. The ability to display information pertaining to the
current user
13. Correct: Personalization, or displaying information about
the user on-screen, is an example of dynamic content.
2.2
being submitted to the server. Which code segment should you
choose?
A. <div class=”editor-label”>
@Html.LabelFor(model => model.ProductName)</div><div
class=”editor-field”> @Html.EditorFor(model =>
model.ProductName)</div>
B. <div class=”editor-label”>
@Html.LabelFor(model => model.ProductName)</div><div
class=”editor-field”> @Html.ValidationMessageFor (model =>
model.ProductName)</div>
C. <div class=”editor-field”> @Html.EditorFor(model
=> model.ProductName) @Html.ValidationMessageFor(model =>
model.ProductName)</div>
Correct: @Html.EditorFor, in combination with @Html.ValidationMessageFor, are used for
client-side validation.
D. <div
class=”editor-label”> @Html.LabelFor(model =>
model.ProductName)</div>
**********************************************************************************
1.
Your team is building an application and you are reviewing
the functional specifications. Your team must include a stockticker in the UI
that displays the company’s stock price every 15 minutes, and include the
capability to do partial saves of base objects as users step through a data
entry wizard. You want to use the same approach for both requirements to make
it easier to add functionality and maintain it going forward. What approach
should you use?
2.
A. Use JavaScript
to refresh the page every 15 minutes and to manage whether wizard buttons are
enabled or disabled.
3.
B. Use AJAX to make asynchronous calls to the server on a
timer for the stock price and to automatically save the base objects as the
user navigates through the wizard.
4.
Correct: The best way to solve this issue is to use AJAX to do asynchronous
calls to check the stock price as well as manage the save process through the
wizard.
5.
C. Use jQuery to refresh the page every 15
minutes and to manage whether wizard buttons are enabled or disabled.
6.
D. Use data validation annotations on the
model to ensure that the stock price is validated every 15 minutes and that
the client saves the base object information after every wizard step.
******************************************************************************************
7.
In which of the following scenarios should you include
validation? (Choose all that apply.)
8.
A. You have an online diary with two form fields, a title,
and a large subject box. A title is not required, and the subject content is
stored in a database column with no maximum size.
9. Correct: You should
build in validation to check that at least one field has been populated before
saving an entry.
10.
B. The web application you maintain has an area that serves
as a pass-through to another company’s web services. The form contains personal
information, such as address and phone number, and is used to set up a profile
on the company’s retirement partner website. The partner has never given you
any instructions as to what is or is not required to be sent to them.
11.
Correct: Although the partner company has not provided any requirements, your
company is responsible for data entry and therefore should ensure that the data
passing through the application meets some minimum criteria.
12.
C. Your application is a long wizard that college students
use to apply for financial aid. They do not have access to the application
until they are already logged on to the system so the application knows who
they are. Most students will log on many times to finish the application, so
any field might or might not be completed at any time.
13.
Correct: The application has many entry fields so it is difficult to predict
when an entry hits a valid stage. However, you already know you have
constraints on the data being input because of the size of the database columns
in which you will be storing them. A MaxLength validator on each field
would help ensure that there is no loss of data.
14.
D. You are developing a simple form that helps home brewers
keep track of their process. The form provides two input fields: Date/time and
ph level. The Date/ time box needs to be an ordinary text box because people
around the world might enter the date differently, in a way that is meaningful
to them. The ph level can be either a numeric value or a text description.
15. Correct: Although either
field in the form can be anything, they should have a maximum length limit
imposed so the data does not exceed the size of the database column they will
be stored in. You should also validate that neither field is empty.
2.3
1.
You are creating an ASP.NET MVC web application. Within the
application, you have created a partial view for contact email and phone
number. Which code segment should you use to display the partial view on the
main page?
2.
A. <div class=”float-right”>
<section id=”contact”> @Html.ActionLink(“ContactPartial”)
</section></div>
3.
B. <div class=”float-right”> <section
id=”contact”> @Html.Partial(“ContactPartial”) </section></div>
4.
Correct: @Html.Partial loads a partial view.
C. <div class=”float-right”>
<section id=”contact”> @RenderPage(“ContactPartial”)
</section></div>
D. <div
class=”float-right”> <section id=”contact “> @RenderBody()
</section></div>
********************************************************************************************
2. You are
creating an ASP.NET MVC web application. The application accepts phone number
input through the application’s form. When viewing the source from a browser,
you find the following code:
PhoneNumber: <input id=”phoneNumber” name=”phoneNumber”
size=”10” type=”text” value=”” /><br />
What Razor syntax code segment was used?
A. PhoneNumber: <input id=”phoneNumber”
name=”phoneNumber” size=”10” type=”text” value=”3125551212” /><br />
B. <div class=”editor-field”>
@Html.EditorFor(model => model.PhoneNumber) </div>
C. PhoneNumber:
@Html.TextBox(“phoneNumber”, Request[“phoneNumber”], new { @placeholder =
“3125551212”})<br />
D. PhoneNumber: @Html.TextBox(“phoneNumber”,
Request[“phoneNumber”], new { size = 10 })<br />
Correct: This is the proper way to
limit the size of a certain field that is being bound to the model.
************************************************************************************
1.
You are modifying an ASP.NET MVC web application and you
have created a new master layout page named _Layout.WindowsPhone.cshtml. You
want to use that layout in a new view. Which code segment do you use?
2.
A. @Html.ActionLink(“_Layout.WindowsPhone.cshtml”);
3.
B. Layout=”~/Views/Shared/_Layout.WindowsPhone.cshtml”;
4.
Correct: Layout=”” loads the layout file to be used with that view.
5.
C. Layout=”Layout.WindowsPhone.cshtml”;
6.
D. @Html.Partial(“_Layout.WindowsPhone.cshtml”);
2.4
1.
You want to support the Internet Explorer, Firefox, and
Opera web browsers in your application. Which vendor-specific extensions do you
need to include with CSS3 properties? (Choose all that apply.)
2.
A. -webkit-
3.
B. -ms-
4.
Correct: The -ms- prefix is used for Internet Explorer.
5.
C. -o-
6.
Correct: The -o- prefix is used for the Opera browser.
7.
D. -hp-
8.
E. -moz-
9.
Correct: The -moz- prefix is used for Mozilla Firefox.
****************************************************************************************
10.
What are common methods for detecting the type of browser
running on a client? (Choose all that apply.)
11.
A. Use JavaScript to query for the userAgent header.
12.
Correct: Using JavaScript to query the userAgent gives you information
about the type of browser being used by the client.
13.
B. Use the window.addEventListener method.
14.
C. Use the viewport <meta> tag.
15.
D. Use the DisplayMode provider.
16.
Correct: The display mode provider performs some of the analysis of the HTTP
request to try and determine what kind of browser made the request.
*********************************************************************************************
1.
You are creating a different view for each of several
different browsers/devices, such as Home.iemobile.cshtml and Home.IPad.cshtml.
What is the best way to implement it so your application knows to look for the
specific views? A. Use the viewport <meta> tag.
2.
B. Add a new DisplayModeProvider for each of the
special view types you want to support.
3.
Correct: Adding a DisplayModeProvider for each type of special view, such
as IEMobile or IPad, informs the framework to use those views where the context
condition is fulfilled.
4.
C. Put logic into each action to select
the appropriate view based on information in the request.
5.
D. You don’t have to do anything. The
framework automatically handles browser/device detection by reading the new
extensions on the views.
6.
2.5
1.
You are creating an ASP.NET MVC web application, and you
decide to create a new layout for mobile devices with relatively small screens.
Which @media query should you create or modify to accomplish the task?
(Choose all that apply.)
2.
A. @media (max-width:768px)
3.
Correct: This allows for devices with a maximum width of 768 pixels.
4.
B. @media (max-width:478px) and (orientation:portrait)
5.
Correct: This allows for devices with a maximum width of 478 pixels in portrait
view, such as tablets.
6.
C. @media (min-width:768px) and
(orientation:portrait)
7.
D. @media (min-width:1200px)
*******************************************************************************************
8.
You are modifying an existing ASP.NET MVC web application to
incorporate mobile access. What should you do to ensure that mobile devices
view mobile-only pages? (Choose all that apply.
9.
A. Run the Install-Package jQuery.Mobile.MVC command
using the Package Manager console.
10.
Correct: This installs all the necessary mobile packages.
11.
B. Create a _Layout.Mobile.cshtml master
layout page.
12.
C. Create additional views with .Mobile,
such as Index.Mobile.cshtml.
13.
D. Create additional views with .Mobile, such as
Index.Mobile.cshtml as well as a _Layout.Mobile.cshtml master layout page.
14. Correct: All mobile
views and mobile master layout ensure that the page will load accordingly.
*******************************************************************************************
15.
You are modifying an ASP.NET MVC web application for a
client. The client requires that the application must be viewable on Android devices
in a UI format native to the device. What should you do? (Choose all that
apply.)
16.
A. Run the Install-Package
jQuery.Mobile.MVC command using the Package Manager console.
17.
B. Create a viewport and use @media queries
to make styles that are specific for Android.
18.
C. Create corresponding mobile views for the project
targeted toward Android.
19.
Correct: Additional views must be created or ported to fit the smaller layout.
20.
D. Modify the Web.config file in Shared
views in the project to add in support for other browsers.
3.1
1. You have been asked by the
marketing department to help improve your company’s ranking in search engine
results. They are particularly concerned about a section of the site that is
highly interactive, with extensive mouse-over color, background, and text
changes. Without looking at the code, what is the most likely reason for
ranking low in search engine results?
2. A. Unclosed HTML tags
3.
B. Content hidden in JavaScript tags
4.
Correct: Text revealed by mouse-overs not being picked up by search engine
crawlers indicates that content is being skipped.
5. C. Broken links
6. D. Excessive number of images
*****************************************************************************************
7. You have been asked by a company
to evaluate its web application as a user. The company wants you to review the
website from outside its network and identify areas that might be problematic.
You have been asked to consider SEO and accessibility. Which tools would be
helpful for your review? (Choose all that apply.)
8. A. IIS SEO Toolkit
9.
B. Internet Explorer F12 tools
10.
Correct: The Internet Explorer F12 tool enables you view HTML and CSS code,
which can help you detect structural problems or errors that might affect accessibility
or SEO.
11. C. IIS Logging tab
12. D. Bing Webmaster Toolkit
*******************************************************************************************
13. Your company has joined an
industry accessibility group and you are a member. As one of your
responsibilities, you have been asked to estimate the time it would take to
modify your corporate site for accessibility. What should you consider to
properly estimate the required time? (Choose all that apply.)
14. A. The amount of text in the website
15.
B. The level of current usage of HTML helpers in your views
16.
Correct: Because ASP.NET MVC 3 HTML helpers are not ARIA compliant, you need to
write custom HTML helpers or use a different process to create HTML forms.
17. C. The numbers of controllers in the
application
18.
D. The complexity of your data entry forms
19. Correct: Because many of the problems with accessibility
are related to giving context to content, complex forms need a thorough review
to ensure that labels and section context are provided for every element on the
page.
3.2
1. You are globalizing an
application and are compiling a list of items that need to be translated. Which
items should be included on the list? (Choose all that apply.)
2.
A. Images that are used as part of the menu structure
3.
Correct: Images that are being used for menus likely have text displayed on
them. That text should be localized, and extra sets of buttons might have to be
created.
4. B. The company logo
5. C. Server error-logging messages
6.
D. Button tooltips
7.
Correct: Tooltips are supposed to give extra contextual help about the item the
mouse hovers over. It is important to get them translated.
********************************************************************************************
8. You are creating an ASP.NET MVC
website and you want to replace a <h2>hello</h2> tag within
the view with custom resources you have created. What should you use?
9.
A. <h2>@mvcapp.Resources.Home.Index.Heading</h2>
10.
Correct: This is the correct way to insert resources into a view.
11. B. <h2
div=”resource”>Hello</h2>
12. C. <h2
class=”resource”>Hello</h2>
13. D. <h2>@mvcapp.Resources.Home.Index.Heading
Hello</h2>
****************************************************************************************
14. You are developing an ASP.NET MVC
application and you need to create satellite assemblies from resource files.
What code should you use?
15. A. mage.exe /n:
/embed:strings.de-DE.resources MyApp.de-DE.resources.dll
16. B. WinRes.exe /t:
embed:strings.de-DE.resources /culture:de-DE
17. C. Lc.exe strings.de-DE.resources
MyApp.de-DE.resources.dll
18.
D. al.exe /t:lib /embed:strings.de-DE.resources /culture:de-DE
/out:MyApp.de-DE. resources.dll
19. Correct: Assembly Linker generates modules or resource
files.
3.3
1. You have a set of requirements
that expects a particular action to be accessed only through HTTPS by an
authenticated user. What is the best way to meet these requirements?
2.
A. Use the Authorize
attribute before the RequireHttps filter.
3.
B. Use the RequireHttps attribute before the Authorize filter.
4.
Correct: It filters out those users not on an SSL connection before performing
the more resource-intensive authentication check.
5. C. Use a custom action filter that
combines the check for HTTPS and the check for authentication into a single
filter.
6. D. Use Authorize alone; you
do not need to use RequireHttps separately if you already have Authorize,
because using Authorize implies the use of HTTPS
**************************************************************************************
7. You have written a shareware
application and want to sell it on your personal website. You are considering
various approaches for distributing the application after users purchase it.
Which of the following is the best approach?
8.
A. Use the FileResult action result to initiate the file download.
9.
Correct: The FileResult property was designed for this need.
10.
B. Convert the
application to an encoded string and provide it for download through the ContentResult.
11.
C. Create a view or partial view that
contains an action link to a route in which the user can download the file.
12.
D. Create an email containing a link to a
route from which the user can download the file.
*******************************************************************************
13.
3. You have been tasked with modernizing
an application created in ASP 3.0. Part of one of the pages contains HTML that
comes as a string from a third-party application as part of a service call that
populates part of a form. The same form contains input values for your
application. You need to support the same business process as the original
application, but you also want to use some MVC features. What is the approach?
14.
A. Create a single model containing
information from your local application. Use strongly-typed binding as much as
possible and manually match the rest of the fields.
15.
B. Create a single model for the local
input fields and the service call input, and use ToValueProvider to map
the entire object.
16.
C. Create a single model. Use weakly-typed
binding for the form fields, and the HTML provided by the third-party
application.
D. Create a model that contains only your fields and strongly bind the
fields to the model. Create a second model that maps to the fields in the
imported HTML and bind to that model using ToValueProvider.
Correct: The key is separating your
data input fields from the provided input fields. You can strongly-bind to
yours because you have full control over the relationship between your model
and your view, and can then use the ToValueProvider to merge the other
model that is tied to the provided input fields.
3.4
1. You are developing an ASP.NET MVC
application. You have a set of requirements to create a help section for remote
users. Your typical help scheme is help/desktop or help/mobile, so logically
this section should be help/remote. The change board wants the links in the
application to point to the default support site. Which code segment would you
use?
2. A. routes.MapRoute( name: “Default”,
url: “{controller}/{action}/{id}”, defaults: new { controller = “Home”, action
= “Index”, id = UrlParameter.Optional });
3.
4.
5.
B. routes.MapRoute( “remote”, “help/remote”, new {
controller = “support”, action = “Index” });Correct: This is how you
add an additional route and point to a different controller.
6.
C. routes.MapRoute( “remote”, “help”, new
{ controller = “support”, action = “Index” });
7.
D. routes.MapRoute( “remote”,
“remote/help”, new { controller = “support”, action = “Index” });
************************************************************************************
8.
2. You are developing an ASP.NET MVC
application. You noticed a bug on the DVD controller of the application. You
want to ignore the DVD pages until the bug is fixed. What should you do?
9.
A. Add route.SetItem(route.Count,
“dvd/”); to the RegisterRoute method.
10.
B. Add route.IgnoreRoute(“dvd/”); to the RegisterRoute
method.
11.
Correct: IgnoreRoute is the correct statement to use.
12.
C. Add route.Insert(route.Count,“dvd/”);
to the RegisterRoute method.
13.
D. Add route.Remove(“dvd/”); to the
RegisterRoute method.
**********************************************************************************
14.
3. You are the lead developer on a team
that has been working on a large website for months, and several controllers
are getting unwieldy. You do not have that problem with views and models
because most of your communications are through AJAX to display snippets of
information on the UI. What changes can best help you solve your problem?
(Choose all that apply.)
15.
A. Create partial classes for the controllers that have AJAX
functionality to create a set of Controller.Ajax.cs files. Put the
AJAX-specific functionality in those files.
16.
Correct: Creating partial classes offers some relief to the problem that you are
experiencing, although not as much as a more-functional separation such as
offered by areas. You do not have to make any UI changes, however.
17.
B. Create an area called AJAX. Move all
controllers, models, and views into the area.
18.
C. Create an area called AJAX. Move the specific AJAX
functionality into the Controllers directory and leave the Views and Models
directories empty.
19.
Correct: Your best move is to separate the AJAX components into an area. You
would have to change all the calls to it, but you would achieve complete separation
of concern for AJAX calls.
20.
D. Create a new ASP.NET MVC 4 application
project. Move the AJAX functionality into that so that it will be more
responsive.
21.
3.5
1. Your application manages the sale
of expensive well-drilling equipment. Your IT director wants you to add
functionality that sends an email to a customer’s sales account manager
whenever someone from your client company logs in to the system. What is an
appropriate solution?
2. A. Override the AuthorizeAttribute
and apply it to the login action. Run the base method first to handle the
authentication and then evaluate the status of the request. If the user is a
customer, send the email.
3. B. Create a custom action filter
that is globally defined and overrides the OnActionExecuting method.
This action filter evaluates the status of the user and sends the email if it
is a customer.
4. C. Override the AuthorizeAttribute
that is applied to the login action, check for the user’s authentication
status, and determine whether it is a customer prior to sending it to the base
authentication method.
5.
D. Create an action filter that overrides the OnActionExecuted method
and apply it to the login action. This action filter evaluates the status of
the user and sends the email if it is a customer.
6.
Correct: This is be applied only because the user is leaving the login section
of the application, at which point you also know whether they have been
authenticated
*****************************************************************************************
7. You work for a financial services
company that deals with many small brokers. Your executives want to be able to
run a report that details all the actions taken by the brokers on the site as a
form of auditing and protection. Neither the application nor system currently
stores this kind of information. Which of the following are viable solutions?
(Choose all that apply.)
8.
A. Create a globally applied custom action filter that implements the OnActionExecuting
method. Have it store the user, the URL, and the forms collection.
9.
Correct: Creating a globally applied action filter enables you to save the state
of every action taken by the user while logged in to your site.
10.
B. Create a globally applied custom action
filter that implements the OnActionExecuting method. Have it store the
user, the URL, and the forms collection.
11.
C. Create a globally applied custom action filter that
implements the OnActionExecuted method. Set the AllowMultiple parameter
to false in the filter. Have it store the user, the URL, and the forms
collection.
12.
Correct: By creating a globally applied action
filter you have ensured that every action taken by the user will be logged
13.
D. Override the AuthorizeAttribute and
have it store the user, the URL, and the forms collection.
************************************************************************************
14.
3. You are adding the capability for users
to customize their site’s display colors. You are required to provide a slider
that enables users to change each RGB element. What can you do to ensure that
this gets treated in the model and stored in the database as a single RGB
color? (Choose all that apply.)
15.
A. Strongly bind the sliders to their own
individual fields in the model. Ensure that the model unit for color only
implements the GET, where you write code that concatenates the values.
16.
B. Create a custom model binder that knows to look for the
three values and how to put them together to get the single color.
17.
Correct: This solution works because it combines the three discrete values into
a single object on the model.
18.
C. Add the three different elements to the
model and ensure that your update statement to the database correctly joins
the elements to get the appropriate color.
19.
D. Create a custom model binder that evaluates the entire
color customization process and binds the entire model rather than just
managing a subset of the information
20.
Correct: Although it takes more work, using an approach of creating a model
binder for the entire object, rather than just a part, successfully manages the
need to have it in the model and in the database.
3.6
1. You are working on a AJAX-heavy
site, and your script files are separated in your solution by function. You
have already implemented minification and bundling, but you are still getting
reports of poor performance when users try to access your pages. You cannot
replicate the problem locally. What additional steps can you take and still provide
the same user experience?
2. A. Compress all scripts locally and
have the users download the compressed files rather than the uncompressed
files.
3. B. Turn IIS compression on, turn on
the option to compress dynamic pages, and set the minimum file size to 0 so
that every file served will be compressed.
4.
C. Turn IIS compression on, disable dynamic page compression, and set the
minimum file size to the size of your smallest bundled script file
5.
Correct: This is an appropriate next step to try to compress the script and
style files being sent to the client.
6. D. There is nothing more to do
without redesigning the site.
*********************************************************************************************
7. You want to implement bundling
and minification in your site. What are some of the potential problems you need
to be aware of? (Choose all that apply.)
8. A. None; there is no condition in
which this is a poor decision.
9.
B. You need to be sure you do not bundle too many scripts together because
you cannot take advantage of concurrent downloads if only one or two files are
being downloaded.
10.
Correct: Bundling every script into a single large file might decrease the
effectiveness of concurrent downloading.
11. C. You should bundle and minimize
scripts and CSS files together for maximum effectiveness.
12.
D. Not bundling logically linked scripts together can have a negative
effect on performance.
13.
Correct: Not separating scripts logically might lead to the user downloading
scripts that will never be used. Although the download experience is maximized,
it does not make sense to download unused scripts.
*********************************************************************************************
14. Your U.S.-based company recently
opened an office in England. Staff members have been making lots of sales
calls, which have generated an increase in visits to the company’s websites.
Much of the activity involves downloading sales sheets, product descriptions,
and other sales support information currently stored in PDFs. There have been
some performance-related complaints from remote sales staff, but no local users
have noticed any problems. Which of the following are potential solutions?
(Choose all that apply.)
15. A. Bundle and minify the PDF files
to ensure that there is no wasted space.
16.
B. Write an action result that takes a file name and returns a compressed
version of the file for download.
17.
Correct: This solution causes more work on the client side to open and view the
compressed content, but it provides a more responsive user experience
18.
19.
C. Sign on with a CDN with nodes in North America and Europe
and use it to serve files and other static content to sales support staff.
20.
Correct: Moving the part of the site most
affected by the new usage closer to the users increases their download speed
and thus their perceived performance.
21.
D. Add two additional servers and create a
server farm to serve your content.
22.
4.1
1. Your application has an
intermittent issue, based on the user’s path through the application, in which
the application seems to stop running. Even when running in debug mode, the
application calls a web service and then stops. The application locks and the
call never returns, thus the user’s request is never completed and eventually
times out. What performance or profiling tool will provide the most pertinent
information about your application?
2. A. CPU sampling in the Performance
Wizard
3. B. Memory allocation in the
Performance Wizard
4.
C. Resource contention data in the Performance Wizard
5.
Correct: Thread and resource profiling will give some understanding of what kind
of actions are taking place that will cause a resource or thread to be blocked
6. D. Tracing from the System.Diagnostics
namespace that logs the times of web service call and web service return
7. E. The Health Monitoring tool, for
capturing security information related to the interaction with the web service
**************************************************************************************
8. You inherited a working
application that began as a proof of concept but was eventually adopted as a
production application without being refactored. Many new requirements need to
be added. As part of your initial analysis, you notice a lot of problems with
bad data. Which solutions will help remediate this issue? (Choose all that
apply.)
9. A. Running the Performance Wizard to
sample CPU usage
10.
B. Adding code contracts to ensure that the input parameters have expected
values
11.
Correct: Preconditional code contracts ensure that incorrect information is not
submitted to a method. This helps eliminate the possibility of bad data
12.
C. Adding code contracts to ensure that the return values meet specific
criteria
13.
Correct: Postconditional code contracts ensure that incorrect information is not
returned from a method. This helps eliminate the possibility of bad data.
14.
D. Adding code contracts to ensure that objects do not become invalid
during process
15.
Correct: Invariant code contracts ensure that objects do not get to an invalid
state. This helps eliminate the possibility of bad data.
16. E. Running the Visual Studio
profiler to analyze application flow
***********************************************************************************
17. You are helping a client estimate
the effort involved in adding comprehensive monitoring to an enterprise-level
ASP.NET MVC application. Which of the following are useful considerations while
building the estimate? (Choose all that apply.)
18.
A. Adding health monitoring involves many choices. An evaluation will have
to be performed to determine which monitors will be of real use.
19.
Correct: Adding health monitors is an easy task. Determining which options provide
the information you need will be time-consuming because of the number of
choices.
20.
B. Adding generic logging can be done as part of the rework. After the
logging pattern has been established, you can add logging as part of any new
work and as part of the refactoring process.
21.
Correct: Generic logging is a useful addition and can be added as items are
refactored; it is not an all-or-nothing type of work.
22. C. Adding tracing must be done
completely and comprehensively before it can be of any use. There is no point
in implementing tracing in a single part of the application if you are not
going to refactor the application.
23. D. Creating a data collection set in
Performance Monitor will provide all the needed information and can be set up
in a few minutes.
24.
4.2
1. You are re-creating an
application that was originally built with ASP 2.0. You need to break the
monolithic application into a traditional three-tier application. One of the
requirements is that database errors must be displayed in the UI. Which
solution will present enough information to the user so they can notify the
appropriate person of a problem, but not allow the user to gain information
about the design of the database?
2. A. Add a first chance exception
handler and log the information in the error.
3.
B. Add a generic database-layer exception handler to the business layer,
and pass appropriate error information to the UI layer for display in a custom
error page.
4.
Correct: The business layer is the appropriate place to manage data layer exceptions.
By repackaging it and sending it up to the user layer, you can maintain
separation of concerns and meet the requirement to display information to the
user. This will also enable you to log the information as necessary to support
debugging.
5. C. Add specific database exception
handlers in the business layer and log the information into the database for
further review.
6. D. Let the errors pass through the
business layer to the UI layer where they can be handled as specific errors and
presented as appropriate in the UI.
*******************************************************************************************
7. What is an advantage to using
first chance exception notification?
8. A. The ability to capture and handle
all exceptions that occur within the application in one place
9. B. The ability to log an exception
after it is handled by its appropriate error handling code
10.
C. The ability to log an exception before it is touched by any other error
handler
11.
Correct: The first chance exception handler enables you to examine an exception
and take some action before it is touched by any other handler.
12. D. The ability to forward an
exception to an error handler based on the type of exception that was thrown
********************************************************************************************
13. Using custom error pages provides
a lot of flexibility to an application because it allows for a consistent user
experience even when the application has a problem. To take full advantage of
this flexibility, you need to be able to create the pages and configure the
application to use these pages. What code will provide custom error pages for
404 errors and general exceptions?A.
14.
<system.web>
<customErrors mode=”RemoteOnly” defaultRedirect=”Error/GeneralException”>
<error statusCode=”404” redirect=”ErrorController.Status404” />
</customErrors></system.web>
B.
<system.web>
<customErrors mode=”RemoteOnly” defaultRedirect=”Error/GeneralException”>
<error statusCode=”404” redirect=”Error/Status404” />
</customErrors> </system.web> <system.webServer>
<httpErrors errorMode=”Detailed” /> </system.webServer>
Correct: This example shows the 404
error status and it sets the default error handler to the server error action.
C.
<system.web> <customErrors
mode=”RemoteOnly”> <error statusCode=”404” redirect=”Error/Status404”
/> <error statusCode=”GeneralException” redirect=”Error/GeneralException”
/> </customErrors> </system.web> <system.webServer>
<httpErrors errorMode=”Detailed” /> </system.webServer>
D.
<system.web>
<customErrors mode=”LocalOnly” defaultRedirect=”Error/GeneralException”>
<error statusCode=”404” redirect=”Error/Status404” />
</customErrors> </system.web> <system.webServer>
<httpErrors errorMode=”Detailed” /> </system.webServer>
4.3
1. You are under contract with a
large company that is starting to implement a TDD approach. As part of the
long-term support for this effort, the company needs you to complete several
unit tests. As you review the current code base, you find good tests for the
model, but no tests for anything other than the model. Which of the following
is the best approach to complete the unit tests?
2. A. Create a new directory in the
unit test project for the controller- and action-specific tests. Create a unit
test file for each controller. Inside that file, have one or more tests for
only the controller action methods.
3. B. Add a new file to the unit test
project called ControllerTests. Put all tests for all the controllers and the
actions in the file.
4. C. Create a new directory in the
unit test project for the controller- and action-specific tests. Create a unit
test file for each action you are going to test.
5.
D. Create a new directory in the unit test project for the controller- and
action-specific tests. Create a unit test file for each controller. Inside that
file have one or more tests for all methods in the controller, regardless of
whether they are an action or not.
6.
Correct: This solution provides for testing actions and nonactions as well as a
good split of the tests per file.
****************************************************************************************
7. Your ASP.NET MVC web application
has just been released to a group of pilot users. The users are reporting
periods of extreme performance degradation. You did not encounter performance
issues during development or the quality assurance phase. What can you do in
your development environment to understand what is occurring in the production
environment?
8.
A. Create a set
of unit tests that repeatedly test certain parts of the application. Run them
continuously over a period of time to ensure that the application works as
expected.
9.
B. Create a set of web tests that exercise
the application. Set a run load of 50 percent of your pilot users and run them
in a constant load testing process to validate the application’s behavior.
10.
C. Create a set of web tests that exercise the application.
Using a step approach, start with a minimal number of users and increase to the
total number of users in the pilot program.
11.
Correct: Starting from a midlevel count of users and then increasing to the
total number of possible numbers should give you an idea of what is happening
during the day-to-day running of the application in production
12.
D. Create a set of web tests that exercise
the application. Using a goal-based approach, set the process to run to 75
percent CPU utilization. When you reach that point, compare the results with
the number of users in the pilot program.
*************************************************************************************
13.
3. You support hardware purchasing for an
ASP.NET MVC application in your company. The application is finished, and the
development team knows the number of intended users. Which approach will give
the team the best understanding of the application’s hardware needs?
14.
A. Create several web tests that exercise
all parts of the application, including all static pages. Run these tests in a
constant load at various levels to see the effect on performance.
15.
B. Create several web tests that exercise
all parts of the application, including all static pages. Run these tests in a
step approach up to the maximum expected number of users. This will give you an
idea of the load one server can handle.
16.
C. Create several web tests that exercise all parts of the
application, including all static pages. Run these tests in a goal-based
approach in which the percent of CPU usage and percent of memory usage metrics
are set to the company standard maximums. Evaluate how many users it takes to
reach the maximum levels.
17.
Correct: This approach will give them an
objective analysis of the amount of users a server can manage at a particular
level of memory or CPU usage.
18.
D. Create several web tests that exercise
only the dynamic parts of the application, ignoring all static content. Run
these tests in a goal-based approach in which the percent of CPU usage and
percent of memory usage metrics are set to the company standard maximums.
Evaluate how many users it takes to reach these maximum levels.
4.4
1. You will be deploying your
application in Windows Azure. You know that you need to include logging, but
you have some concerns. What diagnostic capabilities can Windows Azure
support? (Choose all that apply.)
2.
A. The capability to turn on and off different aspects of the Windows
Azure diagnostics through configuration changes
3. Correct: You can control the diagnostics setting through configuration within
your Windows Azure–hosted application.
4.
B. The capability to retain logs from your custom logging solution on a
Windows Azure storage account
5.
Correct: Although the Windows Azure VMs get recycled when the role restarts,
saving the logs to the Windows Azure storage system outside of your VM would
ensure that they are available.
6. C. The capability to retain logs
from your custom logging solution when written to a local store
7.
D. The capability to send entries to the Windows Azure diagnostics system
from within your application
8. Correct: You can treat the Windows Azure diagnostics system
like a traditional logging tool by writing messages to the system.
**********************************************************************************
9. What do you need to do to use
IntelliTrace from within Windows Azure? (Choose all that apply.)
10. A. Publish the solution from any
version of Visual Studio Professional 2012 or higher.
11.
B. Select the Enable IntelliTrace check box before publishing the
solution.
12.
Correct: When publishing the projects, you can configure the process to deploy
in debug mode with IntelliTrace enabled.
13. C. Ensure that you made all
configuration changes in the Web.config file that will turn on IntelliTrace.
14. D. Download and view the
IntelliTrace logs through a web browser.
15.
E. Download and view the IntelliTrace logs through Visual Studio Ultimate
2012
16.
Correct: You can view the IntelliTrace logs through Visual Studio after
download.
*******************************************************************************************
17. You want to configure Windows
Azure diagnostics. Where do you configure the specific Performance Monitors
you want to have run in support of your application?
18. A. ServiceDefinition.csdef
19. B. ServiceConfiguration.cscfg
20.
C. Diagnostics.wadcfg
21.
Correct: You configure specific monitors that will run in your application in
the Diagnostics.wadcfg file.
22. D. Web.config
5.1
1. What type of authentication
accepts login credentials that will be checked against the domain or local
server and are sent in a hashed format?
2. A. Basic authentication
3.
B. Digest authentication
4.
Correct: Digest authentication is a challenge-response–based authentication
method to ensure that user credentials are not sent over the network in clear
text.
5. C. Forms authentication
6. D. Windows authentication
*************************************************************************************
7. Forms authentication enables you
to write code to validate user credentials. After it is complete, you can
register the authentication cookies for use throughout the user’s visit by
using which of the following?
8.
A. FormsAuthentication.SetAuthCookie
9.
Correct: FormsAuthentication.SetAuthCookie registers the authentication token in
the cookie for use in future requests.
10. B. FormsAuthenticationCookie = new
FormsAuthenicationCookie();
11. C. FormsAuthentication.ClearAuthCookie
12. D. MembershipProvider.User =
********************************************************************************************
13. What default attributes or inline
checks would you use to create an accepted-list scenario in ASP.NET MVC 4?
(Choose all that apply.)
14.
A. Authorize attribute
15.
Correct: AuthorizeAttribute can be put on controllers
and actions to require authorization
16. B. RequireHttps attribute
17. C. WebSecurity.IsAuthenticated
18.
D. AllowAnonymous attribute
19.
Correct: AllowAnonymous can be put on controllers
and actions to enable unauthorized users access.
*************************************************************************************
20. What interfaces or classes should
be implemented or inherited when creating custom authentication that is based
on a non-Windows, third-party provider? (Choose all that apply.)
21. A. ActiveDirectoryMembershipProvider
22.
B. IIdentity
23.
Correct: IIdentity describes the user that was authenticated.
24. C. SqlMembershipProvider
25.
D. IPrincipal
26.
Correct: IPrincipal provides the security context of the user on whose
behalf the code is running.
***************************************************************************************
27. What kind of helper methods does WebSecurity
provide? (Choose all that apply.)
28.
A. Login
29.
Login is one of the methods provided by the WebSecurity helper.
30.
B. ResetPassword
31.
Correct: ResetPassword is one of the methods
provided by the WebSecurity helper.
32.
C. CreateAccount
33.
Correct: CreateAccount is one of the methods
provided by the WebSecurity helper.
34.
D. ChangePassword
35.
Correct: ChangePassword is one of the methods
provided by the WebSecurity helper.
36.
E. DeleteAccount
5.2
1. What attribute or code snippet
within a controller enables a role named Admin to access actions or code
blocks after the check-in code?
2. A. RoleProvider.GetRolesForUser(“Admin”)
3.
B. [Authorize(Roles=”Admin”)]
4.
Correct: The Authorize attribute handles authorization on a controller
and/or action basis by using the Roles= qualifier
5. C. RoleProvider.IsUserInRole(User.Name)
6. D. [AuthorizeAttribute(Roles=”Admin”)]
*******************************************************************************************
7. Which methods help the RoleProvider
determine whether a user is assigned a role or set of roles? (Choose all
that apply.
8. A. GetRoles
9.
B. GetRolesForUser
10.
Correct: GetRolesForUser gets a list of roles for a
user.
11.
C. IsUserInRole
12.
Correct: IsUserInRole returns a Boolean on whether a particular user has
a role.
13. D. FindUsersInRole
*********************************************************************************************
1. Why should you create a custom
role provider? (Choose all that apply.)
2.
A. To use a data source not regularly supported
3.
Correct: Because traditional providers work only on SQL Server, accessing a
different data provider such as MySQL would require a custom provider.
4. B. To use the SimpleRoleProvider
5.
C. To use a database design different than .NET provides
6.
Correct: Using a different database design would require that you create a
custom provider
7. D. To provide a special
configuration file entry
8.
5.3
1. Windows Azure ACS allows for
federated identification from outside agencies such as a Microsoft account or
Facebook. Which entity issues the final token that your application will
accept for access?
2. A. The outside agency
3. B. Your application
4. C. Your network firewall
5.
D. Windows Azure ACS
6.
Correct: ACS reads the token provided by the identity providers and creates a
token that your application understands and accepts.
******************************************************************************************
7. WIF enables you to create a
custom token. To be able to use the token, you must create a custom token
handler by overriding which of the following?
8. A. SecurityToken
9.
B. SecurityTokenHandler
10.
Correct: SecurityTokenHandler is the appropriate class to
override for creating a custom token handler
11. C. SWTToken
12. D. Saml2SecurityTokenHandler
**************************************************************************************
13. WIF adds the concepts of claims
to which of the following? (Choose all that apply.)
14.
A. IIdentity
15.
Correct: The class implementing the IIdentity interface contains claims
information
16.
B. IPrincipal
17.
Correct: The class implementing the IPrincipal interface contains claims
information
18. C. User
19. D. MembershipProvider
20.
5.4
1. What class handles the actual
data encryption?
2. A. RijndaelManaged
3. B. RSACryptoServiceProvider
4.
C. CryptoStream
5.
Correct: CryptoStream provides access to an encrypted stream.
6. D. RSAKeyInfo
**************************************************************************************
1. What are digital signatures used
for? (Choose all that apply.)
2. A. Encryption
3.
B. Authentication
4.
Correct: Authentication is a reason for digital signing because it uniquely
defines the party signing the data.
5.
C. Nonrepudiation
6.
Correct: Nonrepudiation is a reason for digital signing because it uniquely
defines the party signing the data and shows that it had to be the original
party that submitted the data.
7.
D. Authorization
8. Correct: Authorization can be determined after the
individual is uniquely defined.
9. E. Hashing
*************************************************************************************
10. How do you encrypt the <connectionStrings>
section of the Web.config file?
11. A. aspnet_regiis -pe
“ConnectionStrings” -app “/MachineDPAPI” -prov “RsaProtectedConfigurationProvider”
12.
Correct: This is the proper way to encrypt the <connectionStrings>
setting of the Web.config file.
13. B. aspnet_regiis -pe
“Web.Config”-app “/MachineDPAPI” -prov “RsaProtectedConfigurationProvider”
14. C. aspnet_regiis -pd “ConnectionStrings”
-app “/MachineDPAPI” -prov “RsaProtectedConfigurationProvider”
15.
D. aspnet_regiis -pd “Web.Config” -app “/MachineDPAPI” -prov
“RsaProtectedConfigurationProvider”
5.5
1. What roles does a CA play in a
PKI? (Choose all that apply.)
2. A. Serves the certificate for the
web server
3.
B. Validates the company or individual purchasing the certificate
4.
Correct: The CA validates the company or individual
5.
6.
C. Signs the certificate as authentic
7.
Correct: The CA signs the certificate.
8. D. Provides the Domain Name System
(DNS) connections between the client and server
*********************************************************************************
9. What are the primary differences
between the AntiXSS Library and the default .NET Framework? (Choose all that
apply.)
10. A. The AntiXSS Library takes a
blocked-list approach, whereas the .NET Framework takes an accepted-list
approach.
11.
B. The AntiXSS Library has be modified to realize performance gains.
12.
Correct: The AntiXSS Library is more performant than the traditional .NET
Framework.
13.
C. The AntiXSS Library takes an accepted-list approach, whereas the .NET
Framework takes a blocked-list approach.
14.
Correct: AntiXSS takes an accepted-list approach, which means only those characters
that have been approved are allowed through.
15.
D. The AntiXSS Library offers enhanced globalization capabilities.
16.
Correct: AntiXSS was designed to allow additional support for globalization
****************************************************************************************
17. A SQL injection attack occurs
when an application allows input submitted by the client to be run as part of a
SQL command. What actions should a developer take to ensure that this doesn’t
happen? (Choose all that apply.)
18. A. Use Entity SQL because it does
not suffer from the same risk.
19.
B. Use SQLParameters to submit the parameters.
20.
Correct: Using SQLParameters is the best way to manage
this risk.
21.
C. Use Linq-to-Entities to access the database,
22.
Correct: Linq-to-Entities uses an object model as access into the data layer, so
the risk is mitigated.
23.
D. Filter out
keywords and symbols.