Latest MCTS 70-513 Dumps Real Exam Download 31-40

Ensurepass

QUESTION 31

A Windows Communication Foundation (WCF) client uses the following service contract. (Line numbers are included for reference only.)

01 [ServiceContract]02 public interface IService03 {04 [OperationContract]05 string Operation1();06 [OperationContract]07 string Operation2();08 }

You need to ensure that all calls to Operation1 and Operation2 from the client are encrypted and signed. What should you do?

 

A. Set the ProtectionLevel property in line 01 to EncryptAndSign.

B. Set the ProtectionLevel property in line 04 and line 06 to Sign.

C. Add a SecurityCriticalAttribute ror each operation.

D. Add a SecunitySafeCriticalAttribute for each operation.

 

Correct Answer: A

Explanation

Explanation/Reference:

How to set ProtectionLevel Property

(http://msdn.microsoft.com/en-us/library/aa347791.aspx)

The ProtectionLevel property is found on many different classes, such as the ServiceContractAttribute and the OperationContractAttribute classes.

The property controls how a part (or whole) of a message is protected. To understand the protection level feature, the following basic statements apply:

Three basic levels of protection exist for any part of a message. The property (wherever it occurs) is set to one of the ProtectionLevel enumeration values.

In ascending order of protection, they include:

None

Sign                     The protected part is digitally signed. This ensures detection of any tampering with the protected message part.

EncryptAndSign The message part is encrypted to ensure confidentiality before it is signed.

You can set protection requirements only for application data with this feature.

For example, WS-Addressing headers are infrastructure data and, therefore, are not affected by the ProtectionLevel.

When the security mode is set to Transport, the entire message is protected by the transport mechanism.

Therefore, setting a separate protection level for different parts of a message has no effect.

The ProtectionLevel is a way for the developer to set the minimum level that a binding must comply with.

When a service is deployed, the actual binding specified in configuration may or may not support the minimum level.

For example, by default, the BasicHttpBinding class does not supply security (although it can be enabled).

Therefore, using it with a contract that has any setting other than None will cause an exception to be thrown.

If the service requires that the minimum ProtectionLevel for all messages is Sign, a client (perhaps created by a non-WCF technology)

can encrypt and sign all messages (which is more than the minimum required). In this case, WCF will not throw an exception

because the client has done more than the minimum. Note, however, that WCF applications (services or clients) will not over-secure a message part

if possible but will comply with the minimum level. Also note that when using Transport as the security mode, the transport may over-secure

the message stream because it is inherently unable to secure at a more granular level.

If you set the ProtectionLevel explicitly to either Sign or EncryptAndSign, then you must use a binding with security enabled or an exception will be thrown.

If you select a binding that enables security and you do not set the ProtectionLevel property anywhere on the contract, all application data will be encrypted and signed.

If you select a binding that does not have security enabled (for example, the BasicHttpBinding class has security disabled by default),

and the ProtectionLevel is not explicitly set, then none of the application data will be protected.

If you are using a binding that applies security at the transport level, all application data will be secured according to the capabilities of the transport.

If you use a binding that applies security at the message level, then application data will be secured according to the protection levels set on the contract.

If you do not specify a protection level, then all application data in the messages will be encrypted and signed.

The ProtectionLevel can be set at different scoping levels.

 

 

QUESTION 32

You are creating a Windows Communication Foundation (WCF) service that implements the following service contract.

[ServiceContract]public interface IOrderProcessing{

 [OperationContract]void ApproveOrder(int id);}

You need to ensure that only users with the Manager role can call the ApproveOrder method. What should you do?

 

A. In the method body, check the Rights PosessesProperty property to see if it contains Manager

B. Add a PrincipalPermission attribute to the method and set the Roles property to Manager

C. Add a SecurityPermission attribute to the method and set the SecurityAction to Demand

D. In the method body, create a new instance of WindowsClaimSet. Use the FindClaims method to locate a claimType named Role with a right named Manager

 

Correct Answer: B

Explanation/Reference:

To demand user membership

Open the Windows Communication Foundation (WCF) code file that contains the implemented service contract code.

Apply the PrincipalPermissionAttribute attribute to each method that must be restricted to a specific group.

Set the Action property to Demand and the Role property to the name of the group.

For example:

// Only members of the CalculatorClients group can call this method.

[PrincipalPermission(SecurityAction.Demand, Role = “CalculatorClients”)]

public double Add(double a, double b)

{

 return a + b;}

How to: Restrict Access with the PrincipalPermissionAttribute Class

(http://msdn.microsoft.com/en-us/library/ms731200(v=vs.90).aspx)

 

 

QUESTION 33

You are developing a Windows Communication Foundation (WCF) service. The service needs to access out-of-process resources. You need to ensure that the service accesses these resources on behalf of the originating caller. What should you do?

 

A. Set the value of ServiceSecurityContext.Current.WindowsIdentity.ImpersonationLevel to TokenlmpersonationLevel.Impersonation

B. Set the value of ServiceSecurityContext.Current.Windowsldentity.ImpersonationLevel to TokenlmpersonationLevel.Delegation

C. Set the PrincipalPermissionAttribute on the service contract and update the binding attribute in the endpoint element of the configuration file to wsHttpBinding

D. Set the PnncipalPermissionAttribute on the service contract and update the bindingConfiguration attribute in the endpoint element of the configuration file to wsHttpBinding

 

Correct Answer: B

Explanation/Reference:

Impersonation is a common technique that WCF services use to assume the original caller’s identity in order

to authorize access to service resources (such as files or database tables).

Service resources can be resources that are either local to the service machine or remotely hosted.

Impersonation is used to access resources on the same machine as the service, while delegation is used to access resources that are remotely hosted.

By default, impersonation is disabled and resources are accessed by using the WCF service’s process identity.

Impersonation allows you to access local resources and perform other operations using the authenticated user’s identity

or a specific Windows identity. You can enable impersonation either programmatically or by applying appropriate attributes at operation or service levels.

You can impersonate imperatively or declaratively. Imperative impersonation is performed programmatically at run time and can vary depending

on business logic or other conditions. Declarative impersonation is applied with a static attribute that can be associated with an operation or an entire interface.

In general, you should use imperative impersonation when you need the fine granularity made possible by writing the impersonation logic into your code.

If you do not need such fine granularity, you can use declarative impersonation.

Delegation allows you to use an impersonation token to access network resources. Your ability to use delegation depends

on the authentication mechanism in use and appropriate account configuration.

Delegation and Impersonation with WCF

(http://msdn.microsoft.com/en-us/library/ms730088%28v=VS.90%29.aspx)

 

 

QUESTION 34

clip_image002

 

A. Set the ImpersonateCallerForAllOperations property of the service’s ServiceAuthorizationBehavior to true. Apply an OperationBehavior attribute to OpA and set the Impersonation property to ImpersonationOption.Required. Apply an OperationBehavior attribute to OpB and set the Impersonation property to ImpersonationOption.Allowed.

B. Set the ImpersonateCallerForAllOperations property of the service’s ServiceAuthorizationBehavior to true. Apply an OperationBehavior attribute to OpA and set the Impersonation property to ImpersonationOption.Allowed. Apply an OperationBehavior attribute to OpB and set the Impersonation property to ImpersonationOption.NotAllowed.

C. Set the ImpersonateCallerForAllOperations property of the service’s ServiceAuthorizationBehavior to false. Apply an OperationBehavior attribute to OpA and set the Impersonation property to ImpersonationOption.Allowed. Apply an OperationBehavior attribute to OpB and set the Impersonation property to ImpersonationOption.NotAllowed.

D. Set the ImpersonateCallerForAllOperations property of the service’s ServiceAuthorizationBehavior to false. Apply an OperationBehavior attribute to OpA and set the Impersonation property to lmpersonationOption.Required. Apply an OperationBehavior attribute to OpB and set the Impersonation property to ImpersonationOption.Allowed.

 

Correct Answer: C

Explanation/Reference:

Darth commented that in his opinion this question has no correct answer, ImpersonateCallerForAllOperations should be false, OpA have Required and OpB NotAllowed. However, Option C may satisfy our requirements, if client credentials are available.

A goodon the topic:

http://www.danrigsby.com/blog/index.php/2008/04/17/impersonate-a-clients-identity-in-wcf/

Delegation and Impersonation with WCF

(http://msdn.microsoft.com/en-us/library/ms730088%28v=VS.90%29.aspx)

 

 

QUESTION 35

A Windows Communication Foundation (WCF) service that handles corporate accounting must be changed to comply with government

regulations of auditing and accountability. You need to configure the WCF service to execute under the Windows logged-on identity of the calling application.

What should you do?

 

clip_image004

Correct Answer: A

Explanation/Reference:

// Code to create a ServiceHost not shown.

ServiceAuthorizationBehavior MyServiceAuthoriationBehavior = serviceHost.Description.Behaviors.Find<ServiceAuthorizationBehavior>();

MyServiceAuthoriationBehavior.ImpersonateCallerForAllOperations = true;

Delegation and Impersonation with WCF

(http://msdn.microsoft.com/en-us/library/ms730088%28v=VS.90%29.aspx)

 

 

QUESTION 36

You have a secured Windows Communication Foundation (WCF) service.

You need to track unsuccessful attempts to access the service. What should you do?

 

A. Set the authorizationManagerType attribute of the serviceAuthorization behavior to Message.

B. Set the includeExceptionDetailslnFaults attribute of the serviceDebug behavior to true.

C. Set the Mode attribute of the security configuration element to Message.

D. Set the messageAuthenticationAuditLevel attribute of the serviceSecurityAudit behavior to Failure.

 

Correct Answer: D

Explanation/Reference:<ServiceSecurityAudit>

Specifies settings that enable auditing of security events during service operations.

The AuditLevel is an enumeration with the following members:

Failure : Only failed security-related events are recorded. None : No events are recorded. Success : Only successful security-related events are recorded. SuccessOrFailure : Both failed and successful security-related events are recorded.

<ServiceSecurityAudit>

(http://msdn.microsoft.com/en-us/library/ms731694.aspx)

 

 

QUESTION 37

A Windows Communication Foundation (WCF) solution uses the following contract to share a message across its clients. (Line numbers are included for reference only.)

01 [ServiceContract]

02 public interface ITeamMessageService

03 {

04 [OperationContract]

05 string GetMessage();

07 [OperationContract]

08 void PutMessage(string message);

09 }

The code for the service class is as follows:

10 public class TeamMessageService: ITeamMessageService

11 {

12 Guid key = Guid.NewGuid();

13 string message = “Today’s Message”;

14 public string GetMessage()

15 {

16 return stringFormat(“Message:{0} Key:{1}”,

17 message, key);

18 }

19 public void PutMessage(string message)

20 {

21 this.message = message;

22 }

23 }

The service is self-hosted. The hosting code is as follows:

24 ServiceHost host = new ServiceHost(typeof(TeamMessageService));

25 BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.None):

26 host.AddServiceEndpoint(MyApplication.ITeamMessageService, binding, “http://localhost:12345”);

27 host.Open();

You need to ensure that all clients calling GetMessage will retrieve the same string, even if the message is updated by clients calling PutMessage. What should you do

 

A. Add the following attribute to the TeamMessageService class, before line 10.

[ServiceBehavior(InstanceContextMode = InstanceContextMode.Single)]

B. Add the following attribute to the TeamMessageService class, before line 10.

[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)]

Then change the binding definition on the service at line 25, and on the client to the following

WSHttpBinding binding = new WSHttpBinding(SecurityMode.None);

binding.ReliableSession.Enabled = true;

C. Pass a service instance to the instancing code in line 24, as follows.

ServiceHost host = new ServiceHost(new TeamMessageService());

D. Redefine the message string in line 13, as follows

static string message = “Today’s Message”;

Then change the implementation of PutMessage in lines 19-22 to the following

public void PutMessage(string message)

{

TeamMessageServiceMessage.PutMessage;

}

 

Correct Answer: A

Explanation/Reference:InstanceContextMode Enumeration

(http://msdn.microsoft.com/en-us/library/system.servicemodel.instancecontextmode.aspx)

PerSession A new InstanceContext object is created for each session. PerCall          A new InstanceContext object is created prior to and recycled subsequent to each call. If the channel does not create a session this value behaves as if it were PerCall. Single           Only one InstanceContext object is used for all incoming calls and is not recycled subsequent to the calls. If a service object does not exist, one is created.

 

 

QUESTION 38

A Windows Communication Foundation (WCF) solution exposes the following service over a TCP binding. (Line numbers are included for reference only.)

01 [ServiceContract]

02 [ServiceBehavior(ConcurrencyMode = ConcurrencyMode.Multiple)]

03 public class DataAccessService

04 {

05 [OperationContract]

06 public void PutMessage(string message)

07 {

08 MessageDatabase.PutMessage(message);

09 }

10 [OperationContract]

11 pubic string[] SearchMessages(string search)

12 {

13 return MessageDatabase.SearchMessages(search);

14 }

15 }

MessageDatabase supports a limited number of concurrent executions of its methods.

You need to change the service to allow up to the maximum number of executions of the methods of MessageDatabase.

This should be implemented without preventing customers from connecting to the service. What should you do?

 

A. Change the service behavior as follows.

[ServiceBehavior(ConcurrencyMode = ConcurrencyMode.Multiple, InstanceContextMode = InstanceContextMode.Single)]

B. Change the service behavior as follows.

[ServiceBehavior(ConcurrencyMode = ConcurrencyMode.Single, InstanceContextMode = InstanceContextMode.PerSession)]

C. Add a throttling behavior to the service, and configure the maxConcurrentCalls.

D. Add a throttling behavior to the service, and configure the maxConcurrentSessions.

 

Correct Answer: C

Explanation/Reference:ServiceThrottlingBehavior Class

(http://msdn.microsoft.com/en-us/library/system.servicemodel.description.servicethrottlingbehavior.aspx)

ServiceThrottlingBehavior Properties MaxConcurrentCalls Gets or sets a value that specifies the maximum number of messages actively processing across a ServiceHost. MaxConcurrentInstances Gets or sets a value that specifies the maximum number of InstanceContext objects in the service that can execute at one time. MaxConcurrentSessions Gets or sets a value that specifies the maximum number of sessions a ServiceHost object can accept at one time.

The MaxConcurrentCalls property specifies the maximum number of messages actively processing across a ServiceHost object. Each channel can have one pending message that does not count against the value of MaxConcurrentCalls until begins to process it.

 

 

QUESTION 39

A Windows Communication Foundation (WCF) solution provides a session-based counter. The service is self-hosted. The hosting code is as follows:

ServiceHost host = new ServiceHost(typeof(CounterService));

NetTcpBinding binding1 = new NetTcpBinding(SecurityMode.None);

host.AddServiceEndpoint(“MyApplication.ICounterService”, binding1, “net.tcp://localhost:23456”);

host.Open();

This service is currently exposed over TCP, but needs to be exposed to external clients over HTTP. Therefore, a new service endpoint is created with the following code:

host.AddServiceEndpoint(“MyApplication.ICounterService”, binding2, “http://localhost:12345”);

You need to complete the implementation and ensure that the session-based counter will perform over HTTP as it does over TCP. What should you do?

 

A. Define binding2 as follows:

WS2007HttpBinding binding2 = new WS2007HttpBinding(SecurityMode.None);

Configure binding2 as follows:

binding2.ReliableSession.Enabled = true;

B. Define binding2 as follows:

WSHttpBinding binding2 = new WSHttpBinding(SecurityMode.None);

Add the following behavior to the service implementation:

[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)]

C. Define binding2 as follows:

BasicHttpBinding binding2 = new BasicHttpBinding(BasicHttpSecurityMode.None);

Enable cookies for binding2.

binding2.AllowCookies = true:

D. Define binding2 as follows:

BasicHttpBinding binding2 = new BasicHttpBinding(BasicHttpSecurityMode.None);

Add the following behavior to the service implementation:

[ServiceBehavior(InstanceContexMode = InstanceContextMode.Single)]

 

Correct Answer: A

Explanation/Reference:WS2007HttpBinding Class

(http://msdn.microsoft.com/en-us/library/system.servicemodel.ws2007httpbinding.aspx)

WS2007HttpBinding Class

Represents an interoperable binding that derives from WSHttpBinding and provides support for

the updated versions of the Security, ReliableSession, and TransactionFlow binding elements.

The WS2007HttpBinding class adds a system-provided binding similar to WSHttpBinding but uses

the Organization for the Advancement of Structured Information Standards (OASIS) standard versions of the ReliableSession,

Security, and TransactionFlow protocols. No changes to the object model or default settings are required when using this binding.

 

 

QUESTION 40

A Windows Communication Foundation (WCF) solution uses the following contract:

[ServiceContract(SessionMode=SessionMode.Allowed)]public interface IMyService{

 [OperationContract(IsTerminating=false)]

void Initialize();

[OperationContract(IsInitiating=false)]

void DoSomething();

[OperationContract(IsTerminating=true)]

void Terminate();

}

You need to change this interface so that:

lnitialize is allowed to be called at any time before Terminate is called.

DoSomething is allowed to be called only after Initialize is called, and not allowed to be called after Terminate is called.

Terminate will be allowed to be called only after Initalize is called.

 

A.

Change the ServiceContract attribute of the IMyService interface to the following.

B.

Change the ServiceContract attrbute of the IMyService interface to the following

C.

Change the OperationContract attribute of the Initialize operation to the following.

D.

Change the OperationContract attribute of the Terminate operation to the following

Which two actions should you perform? (Each correct answer presents part of the sdution. Choose two)

[ServiceContract(SessionMode=SessionMode.Required)]

[ServiceContract(SessionMode=SessionMode.Allowed)]

[OperationContract(IsInitiating = true, IsTerminating = false)]

[OperationContract(IsInitiating = false, IsTerminating = true)]

 

Correct Answer: AD

Explanation/Reference:OperationContractAttribute.IsInitiating

Gets or sets a value that indicates whether the method implements an operation that can initiate a session on the server (if such a session exists).

OperationContractAttribute.IsInitiating Property

(http://msdn.microsoft.com/en-us/library/system.servicemodel.operationcontractattribute.isinitiating.aspx)

Example:

The following example is a service that implements a service contract that specifies three methods.

The service requires a session. If a caller’s first call is to any operation other than MethodOne,

the channel is refused and an exception is thrown. When a caller initiates a session by calling MethodOne,

that caller can terminate the communication session at any time by calling MethodThree.

MethodTwo can be called any number of times during a session.

C#

[ServiceContract(SessionMode=SessionMode.Required)]public class InitializeAndTerminateService{

 [OperationContract(IsOneWay=true, IsInitiating=true, IsTerminating=false)]

public void MethodOne()

{

 return;

}

 [OperationContract(IsInitiating=false, IsTerminating=false)]

public int MethodTwo(int x, out int y)

{

 y = 34;

return 0;

}

 [OperationContract(IsOneWay=true, IsInitiating=false, IsTerminating=true)]

public void MethodThree()

{

 return;}}

 

 

 

Download Latest MCTS 70-513 Real Free Tests , help you to pass exam 100%.