MCSD.NET - 70-330 Exam Question:
Download Questions PDF

Suppose You are an application developer for Company.com. You are developing an application that can
be extended by using custom components. The application uses reflection to dynamically load
and invoke these custom components. In some cases, custom components will originate from a
source that is not fully trusted, such as the Internet.
You need to programmatically restrict the code access security policy under which custom
components run so that custom components do not run with an elevated permission grant.
What are two possible ways to achieve this goal? (Each correct answer presents a complete
solution. Choose two)
A. Create a new application domain and set the security policy level. Run custom components in
this application domain.
B. Use permission class operations to modify the security policy.
C. Implement custom permission classes to protect custom component resources.
D. Programmatically modify the machine-level security policy file after loading a custom
component.

Answer:

A. Create a new application domain and set the security policy level. Run custom components in
this application domain.
B. Use permission class operations to modify the security policy.

Download MCSD.NET - 70-330 Exam Interview Questions And Answers PDF

Previous Question

Next Question

Suppose You are an application developer for your company. You develop library assemblies that are
called by your main applications. These library assemblies access confidential data in the
applications. To ensure that this data is not accessed in an unauthorized and unsafe manner,
users must not be allowed to call the library assemblies from their own applications. You apply a
strong name to all assemblies to support versioning. You need to prevent users from writing
managed applications that make calls to your library assemblies. You need to achieve this goal
while minimizing the impact on response times for applications. What should you do?
A. Use the internal access modifier to declare all classes and structs in each library.
B. Use the protected internal access modifier to declare all classes and structs in each library.
C. Add the following attribute to each class and struct in each library assembly.
<StrongNameIdentityPermission(SecurityAction.Demand, PublicKey:="002400..bda4")>
D. Add the following attribute to each class and struct in each library assembly.
<StrongNameIdentityPermission(SecurityAction.LinkDemand, PublicKey:="002400..bda4")>

Suppose You are
developing an ASP.NET Web application that users in the accounting department will use to
process payroll reports and view payroll reports. The application will use Integrated Windows
authentication to authenticate all users. Because payroll data is confidential only users in the
accounting department will be granted access to the application. All employees in the accounting
department belong to a specific Active Directory group. However, users in the IT department can
add themselves to various Active Directory groups in order to troubleshoot resource access
problems. These IT department users must not be granted access to the ASP.NET Web
application. The following rules can be used to distinguish between users in the accounting
department and users in the IT department:
? All users in the accounting department are members of a group named CompanyAccounting.
? Some users in the IT department are members of the CompanyAccounting group.
All users in the IT department are members of a group named CompanyDomain Admin.
?
? No users in the accounting department are members of the CompanyDomain Admin group.
You need to configure URL authorization for the application by adding an <authorization>
element to the Web.config file in the application root. Which element should you use?
A. <authorization>
<deny roles=?CompanyDomain Admin?/>
<allow roles=?CompanyAccounting?/>
<deny users=?*?/>
</authorization>
B. <authorization>
<allow roles=?CompanyAccounting?/>
<deny roles=?CompanyDomain Admin?/>
<dent users=???/>
<authorization>
C. <authorization>
<deny roles=?Domain Admin?/>
<allow roles=?Accounting?/>
<deny users=?*?/>
</authorization>
D. <authorization>
<allow roles=?Accounting?/>
<deny roles=?Domain Admin?/>
<deny users=???/>
</authorization>