Latest MCTS 70-513 Dumps Real Exam Download 71-80

Ensurepass

QUESTION 71

The endpoint of a Windows Communication Foundation (WCF) service uses basicHttpBinding for its binding.

Your company’s policies have changed to require that messages not be sent in clear text.

You must ensure that all messages are encrypted when traveling across the network. What should you do?

 

A. Set the ProtectionLevelAttribute on the service contract and update the binding attribute in the endpoint element of the configuration file to wsHttpBinding.

B. Set the ProtectionLevelAttribute on the service contract and update the bindingConfiguration attribute in the endpoint element of the configuration file to webHttpBinding.

C. Set the PrincipalPermissionAttribute on the service contract and update the binding attribute in the endpoint element of the configuration file to wsHttpBinding.

D. Set the PrincipalPermissionAttribute on the service contract and update the bindingConflguration attribute in the endpoint element of the configuration file to wsHttpBinding.

 

Correct Answer: A

Explanation/Reference:ProtectionLevel Property

You can set the protection level by applying an appropriate attribute and setting the property.

You can set protection at the service level to affect all parts of every message, or you can set protection at increasingly granular levels, from methods to message parts.

By default, basicHttpBinding has security disabled.

wsHttpBinding Defines a secure, reliable, interoperable binding suitable for non-duplex service contracts.

The binding implements the following specifications: WS-Reliable Messaging for reliability, and WS-Security for message security and authentication. The transport is HTTP, and message encoding is text/XML encoding.

By default, it provides message security using Windows authentication.

How to: Set the ProtectionLevel Property

(http://msdn.microsoft.com/en-us/library/aa347791.aspx)

 

 

QUESTION 72

You are creating a Windows Communication Foundation (WCF) service based on WSHttpBinding.

New audit requirements dictate that callers must be authenticated on every call to ensure that their credentials have not been revoked.

You need to ensure that the service will not cache the security request token. What should you do?

 

A. Apply a ServiceBehavior attribute to the service implementation class with the lnstanceContextMode property set to Single.

B. In the message security configuration, change clientCredentialType from lssuedToken to UserName

C. In the message security configuration, set establishSecurityContext to false.

D. At the end of every operation, call the SessionStateUtility.RaiseSessionEnd method.

 

Correct Answer: C

Explanation/Reference:SecurityPolicyAssertion.EstablishSecurityContext Property

Gets or sets a value indicating whether a secure conversation is established using SecurityContextToken security tokens.

SecurityContextToken Class Represents a security context token, which is a used for signing and/or encrypting SOAP messages.

The RaiseSessionEnd() method is used by a session-state module to execute the Session_OnEnd event defined in the Global.asax file for an ASP.NET application. A session-state module will call the RaiseSessionEnd method when a session has been abandoned, or if the session expires.

SecurityPolicyAssertion.EstablishSecurityContext Property

(http://msdn.microsoft.com/en-us/library/microsoft.web.services3.design.securitypolicyassertion.establishsecuritycontext.aspx)

 

 

QUESTION 73

You have a self-hosted Windows Communication Foundation (WCF) service.

You need to configure the service to provide an X509 certificate during authentication. What should you use to configure the service?

 

A. the Certificate property of the X509CertificatelnitiatorServiceCredential class

B. the SetCertificate method of the X509CertificateInitiatorServiceCredential class

C. the SetCertificate method of the X509CertificateRecipientServiceCredential class

D. the TrustedStoreLocation property of the X509CertificateRecipientServiceCredential class

 

Correct Answer: C

Explanation/Reference:X509CertificateRecipientServiceCredential Defines a certificate used by a service to identify itself. X509CertificateInitiatorServiceCredential Represents the settings used by the service to validate the certificate presented by the clients. It also contains a certificate for the service to use for encrypting                                                                       responses or callbacks for clients when MutualCertificateDuplex message security authentication mode is used. X509CertificateInitiatorClientCredential Defines a certificate used by a client to identify itself.

X509CertificateRecipientServiceCredential.SetCertificate(String)

Specifies the certificate to use for representing the service by specifying the subject distinguished name.

 

 

QUESTION 74

You are creating an ASP.NET web application that hosts several Windows Communication Foundation (WCF) services.

The services have ASP.NET Compatibility Mode enabled. Users authenticate with the Web application by using a cookie-based ASP.NET Forms Authentication model.

You add a service file named Authentication.svc that contains the following code segment:

<%@ ServiceHost Service=”System.Web.ApplicationServices.AuthenticationService”Factory=”System.Web.ApplicationServices.ApplicationServicesHostFactory” %>

You need to ensure that users can access the WCF services without having to re-authenticate. Which two configuration settings should you add? (Each is part of a complete solution. Choose two.)

 

A. In the system web. Extensions scripting/webServices/authenticationService element, set the enabled attribute to true.

B. In the system web. Extensions scripting/webServices/profileService element, set the enabled attribute to true.

C. Add a service endpoint with basicHttpBinding for the contract System.Web.ApplicationServices.AuthenticationService.

D. Add a custom service behavior named AuthenticationService Type Behaviors with a service AuthenticationManager element that has service AuthenticationManagerType set to System.Web.Security.SQL Membership Provider

 

Correct Answer: AC

Explanation/Reference:

AuthenticationService Class Enables access to ASP.NET forms authentication as a Web service.

The AuthenticationService object enables you to authenticate users through a Windows Communication Foundation (WCF) service.

You use the WCF authentication service when you must authenticate users through ASP.NET membership from an application

that is outside the Web application that stores the user credentials.

The application must be able to send and consume message in the SOAP format. Through the AuthenticationService class, you can log users in,

log users out, validate credentials, check authentication status, customize authentication, and set the authentication cookie.

The AuthenticationService class contains four methods that you should access only through a WCF service: the IsLoggedIn,

Login, Logout, and ValidateUser methods. To call these methods, you enable the authentication service on a Web server and then connect a WCF-compatible client application to the Web service.

For information about how to configure the authentication service, see How to: Enable the WCF Authentication Service.

To log users on, you pass the user credentials to the Login method. If the credentials are valid, the AuthenticationService class creates an authentication cookie.

If the authentication cookie has not expired, you know that the user’s credentials have been authenticated and you do not have to validate the credentials again.

(Cookie-less authentication is not available through the AuthenticationService class.)

The AuthenticationService can raise two events: Authenticating and CreatingCookie.

The Authenticating event occurs when the user credentials are being validated.

Create an event handler for the Authenticating event to customize how user credentials are validated.

The CreatingCookie event occurs when the authentication cookie is being set after user credentials have been validated.

Create an event handler for the CreatingCookie event to customize the authentication cookie.

The ValidateUser method checks user credentials for authentication, but it does not return an authentication ticket.

Use ValidateUser when a user has previously logged in and you must check that the credentials are still valid at the start of a new application session.

<system.web.extensions><scripting><webServices> <authenticationService enabled=”true” requireSSL = “true”/></webServices>

</scripting></system.web.extensions><system.serviceModel>

<services>

 <service name=”System.Web.ApplicationServices.AuthenticationService”

behaviorConfiguration=”AuthenticationServiceTypeBehaviors”>

<endpoint contract=”System.Web.ApplicationServices.AuthenticationService”

binding=”basicHttpBinding” bindingConfiguration=”userHttps”

bindingNamespace=”http://asp.net/ApplicationServices/v200″/>

</service>

</services>

<bindings>

<basicHttpBinding>

<binding name=”userHttps”>

<security mode=”Transport” />

</binding>

</basicHttpBinding>

</bindings>

<behaviors>

 <serviceBehaviors>

 <behavior name=”AuthenticationServiceTypeBehaviors”>

<serviceMetadata httpGetEnabled=”true”/>

</behavior>

</serviceBehaviors>

</behaviors>

<serviceHostingEnvironment aspNetCompatibilityEnabled=”true”/>

</system.serviceModel>

Services running in ASP.NET Compatibility mode participate fully in the ASP.NET application pipeline and can make use

of ASP.NET features such as file/URL authorization, session state, and the HttpContext class.

The HttpContext class allows access to cookies, sessions, and other ASP.NET features.

This mode requires that the bindings use the HTTP transport and the service itself must be hosted in IIS.

ASP.NET Compatibility

(http://msdn.microsoft.com/en-us/library/ms752234.aspx)

 

 

QUESTION 75

A self-hosted Windows Communication Foundation (WCF) service uses a secure HTTP binding with a custom principal permission mode. The binding requires users to provide their Windows logon credentials. You need to retrieve the identity of the caller.

What are two possible properties you can use to achieve this goal? (Each correct answer presents a complete solution Choose two)

 

A. Thread.CurrentPrincipal.Identity.Name

B. HttpContext.Current.User.Identity.Name

C. ServiceSecurityContext.Current.PrimaryIdentity.Name

D. OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name

 

Correct Answer: CD

Explanation/Reference:

ServiceSecurityContext.PrimaryIdentity Gets the primary identity associated with the current setting.

The primary identity is obtained from the credentials used to authenticate the current user.

If the credential is an X.509 certificate, the identity is a concatenation of the subject name and the thumbprint (in that order).

The subject name is separated from the thumbprint with a semicolon and a space.

If the subject field of the certificate is null, the primary identity includes just a semicolon, a space, and the thumbprint.

eg:

[OperationContract]public int GetAccountBalance(){

 //Block unauthorized users. SecurityException will return the correct SOAP Fault for this situation.if (!OperationContext.Current.ServiceSecurityContext.WindowsIdentity. IsAuthenticated)throw new SecurityException();

 //Retrieve the data for the current user.return Database.GetBalanceForUser(OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name);}

 

 

QUESTION 76

clip_image002

A. Register a custom Service Authorization Manager that implements Check Access. In this method, use System.Convert.ChangeType to transform the incoming claim set to a WindowsClaimSet type.

B. Apply a PrincipalPermission attribute on the operation with the required claims listed in the Roles property.

C. Within the operation, verify the presence of the required claims in the current AuthorizationContext.

D. Register an AuthorizationPolicy that maps external claims to an internal ClaimSet.

 

Correct Answer: CD

Explanation/Reference:Authorization Policy

(http://msdn.microsoft.com/en-us/library/ms751416.aspx)

Authorization policy

A set of rules for mapping a set of input claims to a set of output claims.

Evaluating authorization policy results in claim sets being added to an evaluation context and subsequently an authorization context.

 

 

QUESTION 77

A Windows Communication Foundation (WCF) service uses a list of application-defined roles for operations.

These roles are stored in a database. You need to authorize calls against the list of roles retrieved from the database.

Which service behavior should you use to authorize the calls?

 

A. <serviceAuthorization principalPermissionMode=”None” roleProviderName=”SqlProvider” />

B. <serviceAuthorization principalPermissionMode=”None” roleProviderName=”SqlProvider” />

C. <serviceAuthorization principalPermissionMode=”None” roleProviderName=”SqlProvider” />

D. <serviceAuthorization principalPermissionMode=”None” roleProviderName=”SqlProvider” />

 

Correct Answer: B

Explanation

Explanation/Reference:

<serviceAuthorization> element .NET Framework 4

Specifies settings that authorize access to service operations

Syntax:

<system.serviceModel><behaviors> <serviceBehaviors> <behavior> <serviceAuthorization>

<serviceAuthorization impersonateCallerForAllOperations=”Boolean”principalPermissionMode=”None/UseWindowsGroups/UseAspNetRoles/Custom”roleProviderName=”String”serviceAuthorizationManagerType=”String” /><authorizationPolicies>

 <add policyType=”String” /></authorizationPolicies></serviceAuthorization>

Remarks

This section contains elements affecting authorization, custom role providers, and impersonation.

The principalPermissionMode attribute specifies the groups of users to use when authorizing use of a protected method.

The default value is UseWindowsGroups and specifies that Windows groups, such as “Administrators” or “Users,”

are searched for an identity trying to access a resource. You can also specify UseAspNetRoles to use a custom role provider

that is configured under the <system.web> element, as shown in the following code.

<system.web> <membership defaultProvider=”SqlProvider” userIsOnlineTimeWindow=”15″>

 <providers>

 <clear />

 <add

name=”SqlProvider”

type=”System.Web.Security.SqlMembershipProvider”

connectionStringName=”SqlConn”

 applicationName=”MembershipProvider”

 enablePasswordRetrieval=”false”

 enablePasswordReset=”false”

 requires

 

 

QUESTIONAndAnswer=”false”

 requiresUniqueEmail=”true”

 passwordFormat=”Hashed” />

 </providers> </membership> <!– Other configuration code not shown.–> </system.web>

The following code shows the roleProviderName used with the principalPermissionMode attribute.

<behaviors> <behavior name=”ServiceBehaviour”> <serviceAuthorization principalPermissionMode =”UseAspNetRoles” roleProviderName =”SqlProvider” />

 </behavior> <!– Other configuration code not shown. –> </behaviors>

 

 

QUESTION 78

A Windows Communication Foundation (WCF) service is required to log all authorization attempts to the Windows Event Log.

You need to configure a behavior and apply it to the service to support this requirement. Which behavior should you configure and apply?

 

A. serviceAuthenticationManager

B. serviceAuthorization

C. serviceCredentials

D. serviceSecurityAudit

 

Correct Answer: D

Explanation/Reference:

<serviceSecurityAudit> Specifies settings that enable auditing of security events during service operations.

<serviceCredentials>                  Specifies the credential to be used in authenticating the service and the client credential validation-related settings.

<serviceAuthorization> Specifies settings that authorize access to service operations

ServiceAuthenticationManager Class Represents a service authentication manager.

<serviceSecurityAudit>

(http://msdn.microsoft.com/en-us/library/ms731694.aspx)

 

 

QUESTION 79

A Windows Communication Foundation (WCF) service only accepts messages that are signed and encrypted.

A client application is not receiving expected responses from the service.

You need to enable logging to verify that the messages from the client are signed and encrypted.

You also need to see what each message looks like before the message body is deserialized into a NET object. What should you do?

 

A. Configure the System.ServiceModel trace source in the system.diagnostics configuration section. In the system.serviceModel configuration, add the following XML segment:

<diagnostics>

<messageLogging logEntireMessage=”true” logMessagesAtServiceLeveI=”true” logMessagesAtTransportLevel=”true” />

</diagnostics>

B. Configure the System.ServiceModel trace source in the system.diagnostics configuration section. In the system.serviceModel configuration, add the following XML segment:

<diagnostics>

<messageLogging logEntireMessage=”true” logMessagesAtServiceLeveI=”true” />

</diagnostics>

C. Configure the System.ServiceModel.MessageLogging trace source in the system.diagnostics configuration section. In the system.serviceModel configuration, add the following XML segment:

<diagnostics>

<messageLogging logEntireMessage=”true” logMessagesAtServiceLeveI=”true” logMessagesAtTransportLevel=”true” />

</diagnostics>

D. Configure the System.ServiceModel.MessageLogging trace source in the system.diagnostics configuration section. In the system.serviceModel configuration, add the following XML segment:

<diagnostics>

<messageLogging logMessagesAtServiceLevel=”true” logMessagesAtTransportLevel=”true” />

</diagnostics>

 

Correct Answer: C

Explanation/Reference:

MessageLoggingElement properties: LogEntireMessage Gets or sets a value that specifies whether the entire message (message header and body) is logged. LogMessagesAtServiceLevel     Gets or sets a value that specifies whether messages are traced at the service level (before encryption and transport-related transforms). LogMessagesAtTransportLevel Gets or sets a value that specifies whether messages are traced at the transport level.

Configuring Message Logging

(http://msdn.microsoft.com/en-us/library/ms730064.aspx)

Example:

<system.diagnostics><sources> <source name=”System.ServiceModel.MessageLogging”>

<listeners>

 <add name=”messages”

type=”System.Diagnostics.XmlWriterTraceListener”

initializeData=”c:logsmessages.svclog” />

</listeners></source></sources></system.diagnostics>

<system.serviceModel><diagnostics>

<messageLogging

logEntireMessage=”true”

logMalformedMessages=”false”

logMessagesAtServiceLevel=”true”

logMessagesAtTransportLevel=”false”

maxMessagesToLog=”3000″

maxSizeOfMessageToLog=”2000″/>

</diagnostics></system.serviceModel>

 

 

QUESTION 80

You want to debug the Windows Communication Foundation (WCF) client and server interaction through message and application tracing.

You need to correlate traces generated on the client and the server.

Which XML segment should you add to the system.diagnostics configuration element in the client and server application configuration file?

 

A.            <sources> <source propagateActivity=”true” name=”System.ServiceModel” switchValue=”Warning, ActivityTracing”><listeners> <add name=”ServiceModelTraceListener” /></listeners>

</source>

</sources>

B.            <sources> <source name=”System.ServiceModel.MessageLogging” switchValue=”Verbose”><listeners> <add name=”ServiceModelTraceListener” /></listeners>

</source>

</sources>

C.            <sources> <source name=”System.ServiceModel.MessageLogging” propagateActivity=”true” switchValue=”Warning, ActivityTracing”><listeners> <add name=”ServiceModelTraceListener” /></listeners>

</source>

</sources>

D.            <sources> <source name=”System.ServiceModel” switchValue=”VerboseActivityTracing”><listeners> <add namee”ServiceModelTraceListener” /></listeners>

</source>

</sources>

 

Correct Answer: A

Explanation/Reference:

Configuring Activity Tracing and Propagation for Correlation

The activityTracing value specified for the switchValue attribute is used to enable activity tracing,

which emits traces for activity boundaries and transfers within endpoints.

When you use certain extensibility features in WCF, you might get a NullReferenceException when activity tracing is enabled.

To fix this problem, check your application’s configuration file and ensure that the switchValue attribute for your trace source is not set to activityTracing.

The propagateActivity attribute indicates whether the activity should be propagated to other endpoints that participate in the message exchange.

By setting this value to true, you can take trace files generated by any two endpoints and observe how a set of traces on one endpoint flowed to a set of traces on another endpoint.

Both propagateActivity and ActivityTracing Boolean values apply to the System.ServiceModel TraceSource.

The ActivityTracing value also applies to any trace source, including WCF or user-defined ones.

You cannot use the propagateActivity attribute with user-defined trace sources.

For user code activity ID propagation, make sure you do not set ServiceModel ActivityTracing, while still having ServiceModel propagateActivity attribute set to true.

Tracing and Message Logging

(http://msdn.microsoft.com/en-us/library/ms751526.aspx)

Configuring Tracing

(http://msdn.microsoft.com/en-us/library/ms733025.aspx)

 

 

Download Latest MCTS 70-513 Real Free Tests , help you to pass exam 100%.