Sawaal
  • Home/
  • Searching for intranet.

 Searching for "intranet."

Q:

You plan to deploy your ASP.NET application over XYZ’s intranet. The application uses data retrieved from a Microsoft SQL Server database. You want to use SQL Server connection pooling to optimize performance. You also need to protect confidential data stored on the server while minimizing administrative costs.

 

You need to configure security for your application. What should you do?

A) Use Microsoft Windows authentication in the application. Enable impersonation for users to access the SQL Server database from your application. B) Use Microsoft Windows authentication in the application. Use a single Windows account for users to access the SQL Server database from your application.
C) Use form-based authentication in the application. Use the system administrator (sa) SQL Server login for users to access the SQL Server database from your application. D) Use form-based authentication in the application. Assign each user a separate SQL Server login to use to access the SQL Server database from your application.
 
Answer & Explanation Answer: B) Use Microsoft Windows authentication in the application. Use a single Windows account for users to access the SQL Server database from your application.

Explanation:

We should only use one account to access the SQL Server database. This ensures that connection pooling is optimized.

 

Incorrect Answers:

A: We should only use a single account to access the SQL Server database.

C: Form-based authentication is less secure. Furthermore, running as the System Administrator with the sa login would compromise security.

D: Form-based authentication is less secure. Furthermore, creating a separate SQL Server login for each user is a daunting administrative task.

Report Error

View Answer Report Error Discuss

Filed Under: MCSD-Microsoft Certified Solutions Developer

Q:

You create an assembly by using Visual Studio .NET. The assembly is responsible for writing and reading order entry information to and from an XML data file. The assembly also writes and reads values to and from the Windows registry while it is being consumed.

 

The assembly will be distributed to client computers by using your company, XYZ, intranet. All client computers are configured to implement the default .NET security policy.

 

You need to implement security in the assembly. What should you do?

A) Implement declarative security and execute the permission demand to allow access to the file system and Windows registry. B) Implement declarative security and execute the minimum permission request to allow access to the file system and Windows registry.
C) Implement imperative security and execute the permission demand to allow access to the file system and Windows registry. D) Implement imperative security and execute the minimum permission request to allow access to the file system and Windows registry.
 
Answer & Explanation Answer: B) Implement declarative security and execute the minimum permission request to allow access to the file system and Windows registry.

Explanation:

You can use declarative code access security to request permissions for the entire assembly. SecurityAction flags that can be specified in an assembly-wide directive. When SecurityAction.RequestMinimum is specified, it makes a request to the common language runtime to be granted the requested permission. If the requested permission is not granted by the security policy, the assembly will not execute. A  Security Action.RequestOptional is similar, but the assembly will still run even if the requested permission is not granted. Specifying security Action. RequestRefuse requests that the assembly be denied the specified permission.

 

You must use the Assembly (assembly) directive when specifying these actions as follows: 

 

Option A:

There are only three Security actionAttributes targets for an assembly: RequestMinimumAssembly, RequestOptionalAssembly, and RequestRefuseAssembly. 

 

 Option C, D:

Imperative security does not work well to configure security for an entire assembly. In imperative security, permission to execute is demanded at run time.

Report Error

View Answer Report Error Discuss

Filed Under: MCAD - Microsoft Certified Application Developer