Latest MCPD 70-519 Dumps Real Exam Download 31-40

Ensurepass

QUESTION 31

You are designing an ASP.NET Web application.

You are implementing the ASP.NET membership and profile providers to do the following:

-Support retrieval of user passwords within the ASP.NET Web application.

-Access profile data that is stored in two or more Microsoft SQL Server tables. You need to ensure that the Web application is properly configured to interact with the providers. Which approach should you recommend?

 

A. Use encrypted passwords, and develop a custom profile provider.

B. Use encrypted passwords and the built-in SqlProfileProvider provider.

C. Use hashed passwords, and develop a custom profile provider.

D. Use hashed passwords and the built-in SqlProfileProvider provider.

 

Correct Answer: A

Explanation/Reference:

Correct: If you must be able to retrieve original passwords, encryption provides the best protection possible.

Because the built-in SQL membership provider does not support retrieving users’ original passwords, you must create a custom membership provider.

Incorrect: Hashed passwords are more secure than encrypted passwords. However, you cannot easily reverse hashed passwords.

 

 

QUESTION 32

You need to design a solution for the protection of the pages in the Secured folder. Which approach should you recommend?

 

A. Use Code Access Security.

B. Use the Personalization API.

C. Use Software Restriction Policies.

D. Use the Authorization element of web.config.

 

Correct Answer: D

Explanation/Reference:

ASP.NET Authorization Authorization determines whether an identity should be granted access to a specific resource. http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx

 

clip_image002

Correct Answer: D

Explanation/Reference:

PrincipalPermissionAttribute can be used to declaratively demand that users running your code belong to a specified role or have been authenticated. Use of Unrestricted creates a PrincipalPermission with Authenticated set to true and Name and Role set to null. The scope of the declaration that is allowed depends on the SecurityAction that is used. PrincipalPermissionAttribute cannot be applied at the assembly level. The security information declared by a security attribute is stored in the metadata of the attribute target and is accessed by the system at run time. Security attributes are used only for declarative security. For imperative security, use the corresponding permission class. http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermissionattribute.aspx

 

 

QUESTION 34

You are designing an ASP.NET MVC 2 Web application for a customers extranet site.

You need to allow only requests that originate from the customers intranet IP address range to access the

application, and you must redirect other access requests to the customer s Web site.

Which approach should you recommend?

 

A. Configure the IIS Request Filter module to filter requests.

B. Configure IIS to reject requests from outside the specified IP address range.

C. Configure the IIS URL Rewrite module to redirect requests from outside the specified IP address range to the public Web site.

D. Design the default controller and action to check the IP address and to redirect requests from outside the specified IP address range to the public Web site.

 

Correct Answer: C

Explanation/Reference:

 

 

QUESTION 35

You are designing a user input form that is part of an ASP.NET Web Forms application. You need to ensure that users cannot attack the Web server by submitting invalid data. Which approach should you recommend?

 

A. Install a certificate on the Web server, and force all Web traffic to use SSL.

B. Write an onSubmit JavaScript handler that validates all form input.

C. Write an onSubmit JavaScript handler that URL-encodes all data that is passed to the server.

D. Write an OnClick method for the Submit button that rejects form submissions that contain invalid data.

 

Correct Answer: D

Explanation/Reference:

on the client side only onclick method can be used for validate submited form.

 

 

QUESTION 36

You are designing an ASP.NET Web Forms application that uses a database containing user names and hashed passwords for authentication.

The Web application includes a login form in which users type their user names and passwords.

You need to design a strategy to ensure that the users login credentials cannot be stolen through a man-in-the-middle attack. Which approach should you recommend?

 

A. Install a certificate on the Web server, and force the login form to use SSL.

B. Write an onSubmit JavaScript handler that hashes the password before the password is submitted to the server.

C. Write an OnClickmethod for the Submit button that hashes the password before the password is compared with the password value that is stored in the database.

D. Write an onSubmit JavaScript handler that URL-encodes the password before the password is passed to the server.

 

Correct Answer: A

Explanation/Reference:

need to use SSL

 

 

QUESTION 37

You are designing a testing methodology for an ASP.NET MVC 2 Web application. You have the following application testing requirements:

-Verify that security issues are identified as early within the request as possible.

-Verify that the effectiveness of input corruption is minimized. You need to meet the application testing requirements. Which methodology should you recommend?

 

A. Design tests against the model.

B. Design tests against the controllers.

C. Design tests against the client browser.

D. Design tests against the data access layer.

 

Correct Answer: B

Explanation/Reference:

all security issue need to applied to actions of controller

 

 

QUESTION 38

You are designing a testing methodology for an ASP.NET MVC 2 Web application.

The application has a rich domain model that represents the logic and the data of the business.

A faade over the domain model provides a simplified API that is used by the controllers.

A data access layer beneath the domain model is used by the domain model to handle data storage and

retrieval. You have the following requirements:

-Centralize business rules.

-Directly validate the accuracy of the business rules. You need to design tests against the appropriate layer to meet the requirements. Which layer should you recommend?

 

A. the controllers

B. the domain model

C. the data access layer

D. the domain model faade

 

Correct Answer: B

Explanation/Reference:

 

 

QUESTION 39

You need to design a solution for capturing an exception. Which approach should you recommend?

 

A. Use a Page_Error method.

B. Use a HandleError attribute.

C. Use a customErrors element.

D. Use an Application_Error method.

 

Correct Answer: B

Explanation/Reference:

HandleErrorAttribute Represents an attribute that is used to handle an exception that is thrown by an action method. The HandleErrorAttribute attribute in ASP.NET MVC lets you specify how to handle an exception that is thrown by an action method. By default, when an action method with the HandleErrorAttribute attribute throws any exception, MVC displays the Error view that is located in the ~/Views/Shared folder.

http://msdn.microsoft.com/en-us/library/system.web.mvc.handleerrorattribute.aspx

 

 

QUESTION 40

You need to design an exception-handling strategy for the Web application. Which approach should you recommend?

 

A. Add a customErrors section in the configuration file, with mode=”On” and defaultRedirect=”/error.aspx”.

B. Add a customErrors section in the configuration file, with mode=”RemoteOnly” and defaultRedirect=”/ error.aspx”.

C. Catch all unhandled exceptions in the Page_Error event of each page, send an e-mail message containing the exception details, clear all errors, and redirect the user to a generic error page.

D. Catch all unhandled exceptions in the Application_Error event of the Global.asax file, send an e- mail message containing the exception details, clear all errors, and redirect the user to a generic error page.

 

Correct Answer: DExplanation/Reference:

When both MVC applications and traditional ASP.NET applications encounter an exception that is not handled at the page level, they call the Application_Error method in the Global.asax file. Application_Error is the perfect place for logging information about errors that occur within a production web application so that you can troubleshoot them later.

 

 

Download Latest MCPD 70-519 Real Free Tests , help you to pass exam 100%.