MCSD.NET - 70-330 Exam Question:

Download Questions PDF

Suppose You are
developing an ASP.NET Web application that users in the accounting department will use to
process payroll reports and view payroll reports. The application will use Integrated Windows
authentication to authenticate all users. Because payroll data is confidential only users in the
accounting department will be granted access to the application. All employees in the accounting
department belong to a specific Active Directory group. However, users in the IT department can
add themselves to various Active Directory groups in order to troubleshoot resource access
problems. These IT department users must not be granted access to the ASP.NET Web
application. The following rules can be used to distinguish between users in the accounting
department and users in the IT department:
? All users in the accounting department are members of a group named CompanyAccounting.
? Some users in the IT department are members of the CompanyAccounting group.
All users in the IT department are members of a group named CompanyDomain Admin.
?
? No users in the accounting department are members of the CompanyDomain Admin group.
You need to configure URL authorization for the application by adding an <authorization>
element to the Web.config file in the application root. Which element should you use?
A. <authorization>
<deny roles=?CompanyDomain Admin?/>
<allow roles=?CompanyAccounting?/>
<deny users=?*?/>
</authorization>
B. <authorization>
<allow roles=?CompanyAccounting?/>
<deny roles=?CompanyDomain Admin?/>
<dent users=???/>
<authorization>
C. <authorization>
<deny roles=?Domain Admin?/>
<allow roles=?Accounting?/>
<deny users=?*?/>
</authorization>
D. <authorization>
<allow roles=?Accounting?/>
<deny roles=?Domain Admin?/>
<deny users=???/>
</authorization>