MCSD.NET - 70-340 Exam Question:

Download Job Interview Questions and Answers PDF

Suppose You create a Web Forms application to track
employee expense report information. Information is entered by each user and stored in a
Microsoft SQL Server database. The application uses Integrated Windows authentication with
impersonation enabled to communicate with the database. All users are assigned to the
DataReader role and the DataWriter role in SQL Server.
The employee expense report form contains client-side validation scripts and additional server
controls. This form is ViewState enabled. All employee expense reports must be approved by the
accounting department by using a separate form in the application before payment is made.
You need to unit exam the security of the application.
What should you do?
A. Copy the ViewState information to a text file and attempt to decrypt it.
B. Exam the application from the hosting computer and from the client computers.
C. Create your own page that mimics the approved page and submit that page to the server.
D. Sign on as a user in the accounting department and verify that you can approve expense
reports.

MCSD.NET - 70-340 Exam Interview Question
MCSD.NET - 70-340 Exam Interview Question

Answer:

C. Create your own page that mimics the approved page and submit that page to the server.

Download MCSD.NET - 70-340 Exam Interview Questions And Answers PDF

Previous QuestionNext Question
Suppose You are an application developer for your company. You are conducting a code review of a
Windows Forms application that was developed by another developer. The application
includes a function named Logon(), which validates a users logon credentials. The function
displays a dialog box for the user to enter the users credentials, and the function validates those
credentials by using a database.
The function returns a value of 0 if the users password is incorrect, a value of 1 if the users user
ID is incorrect, and a value of 2 if both are correct. Users should receive access to the application
only if the function returns a value of 2. A function named EndApp() is used to exit the application.
The application must display a message to the user, depending on the result of the Logon()
function.
The application contains the following code segment.
int logonresult = Logon();
switch(logonresult) {
case 0:
MessageBox.Show("User name is OK, password incorrect.");
break;
case 1:
MessageBox.Show("User name is incorrect.");
break;
default:
MessageBox.Show("Welcome!");
break;
}
if(logonresult != 2) {
EndApp();
}
You need to improve the security of this code segment while maintaining its funtionality. You
decide to replace the existing code segment.
Which code segment should you use?
A. if(Logon() != 2) {
Console.WriteLine("Logon error.");
EndApp();
}
B. if(Logon() != 2) {
Console.WriteLine("Logon error.");
EndApp();
}
else {
MessageBox.Show("Welcome!");
}
C. int logonresult = Logon();
switch(logonresult) {
case 0:
MessageBox.Show("User name is OK, password incorrect.");
EndApp();
break;
case 1:
MessageBox.Show("User name is incorrect.");
EndApp();
break;
default:
MessageBox.Show("Welcome!");
break;
}
D. int logonresult = Logon();
if(logonresult == 2) {
MessageBox.Show("Welcome!");
}
else {
MessageBox.Show("User name or password was incorrect.");
EndApp();
}
Suppose You are developing a Windows-based
payroll application that will be used by all payroll administrators in the company. The application
has a single executable file that uses a separate assembly to modify payroll data.
You need to design security for your application to ensure that the assembly cannot be called by
unauthenticated and unauthorized users.
What should you do?
A. Run the application by using a user account that has access to the application directory.
B. Modify the application to validate all user-entered data.
C. Modify the application to authenticate and authorize user access within each assembly as it is
called.
D. Modify the application to authenticate and authorize user access when each user runs the
executable file.
E. Set the folder-level permissions to the executable file by using directory security.