70-486 Real Exam Dumps Questions and answers 31-40

Get Full Version of the Exam
http://www.EnsurePass.com/70-486.html

Question No.31

You are preparing for the deployment of an ASP.NET MVC application. You need to generate a deployment manifest. Which command-line tool should you use?

A.

Mage.exe

B.

Ngen.exe

C.

ALexe

D.

Resgen.exe

Answer: A

Explanation/Reference: Explanation/Reference: Explanation:

The Manifest Generation and Editing Tool (Mage.exe) is a command-line tool that supports the creation and editing of application and deployment manifests.

Incorrect:

Not B: The Native Image Generator (Ngen.exe) is a tool that improves the performance of managed applications. Ngen.exe creates native images Not C: Al.exe generates a file with an assembly manifest, not an deployment manifest, from one or more files that are either resource files or Microsoft intermediate language (MSIL) files. Not D: Resgen.exe, the Resource File Generator, converts text (.txt or .restext) files and XML- based resource format (.resx) files to common language runtime binary (.resources) files that can be embedded in a runtime binary executable or compiled into satellite assemblies.

References: http://www.devcurry.com/2011/02/important-net-framework-40-command-line.html

Question No.32

You are developing an ASP.NET MVC application.

The application provides a RESTful API for third-party applications. This API updates the information for a contact by embedding the information in the URL of an HTTP POST.

You need to save the Contact type when third-party applications use the EditContact method. Which code segment should you use? (Each correct answer presents a complete solution.

Choose all that apply.)

image

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Answer: BC

Explanation/Reference: Explanation/Reference: Explanation:

Basics of RESTful services:

REST stands for Representational State Transfer, it is a simple stateless architecture that runs over HTTP where each unique URL is representation of some resource. There are four basic design principles which should be followed when creating RESTful service:

Use HTTP methods (verbs) explicitly and in consistent way to interact with resources (Uniform Interface), i.e. to retrieve a resource use GET, to create a resource use POST, to update a resource use PUT/PATCH, and to remove a resource use DELETE.

Etc.

Question No.33

You are designing a data-oriented application that features a variety of storage schemas. The application object model must be mapped to the various storage schemas. You need to enable developers to manipulate the data. Which ADO.NET data access strategy should you use? (Each correct answer presents a complete solution. Choose all that apply.)

A.

LINQ to SQL

B.

Entity Framework

C.

DataAdapter

D.

DataReader

Answer: ABC

Question No.34

You are developing an ASP.NET MVC application that provides instant messaging capabilities to customers.

You have the following requirements:

Messages must be able to be sent and received simultaneously.

image

Latency and unnecessary header data must be eliminated.

image

The application must comply with HTML5 standards.

image

You need to design the application to meet the requirements. What should you do?

A.

Configure polling from the browser.

B.

Implement long-running HTTP requests.

C.

Implement WebSockets protocol on the client and the server.

D.

Instantiate a MessageChannel object on the client.

Answer: D

Question No.35

You are developing an ASP.NET MVC application that uses forms authentication to verify that the user is logged in. Authentication credentials must be encrypted and secure so no user identity is exposed. You need to ensure that user credentials are persisted after users log on. Where should you store the credentials? (Each correct answer presents a complete solution. Choose all that apply.)

A.

In Session on the server

B.

In a cookie stored in the browser

C.

In ViewData in the application

D.

In TempData on the server

Answer: AB

Question No.36

You are developing an ASP.NET MVC application that uses forms authentication. The application uses SQL queries that display customer order data. Logs show there have been several malicious attacks against the servers. You need to prevent all SQL injection attacks from malicious users against the application. How should you secure the queries?

A.

Check the input against patterns seen in the logs and other records.

B.

Escape single quotes and apostrophes on all string-based input parameters.

C.

Implement parameterization of all input strings.

D.

Filter out prohibited words in the input submitted by the users.

Answer: C

Explanation/Reference: Explanation/Reference: Explanation:

SQL Injection Prevention, Defense Option 1: Prepared Statements (Parameterized Queries) The use of prepared statements (aka parameterized queries) is how all developers should first be taught how to write database queries. They are simple to write, and easier to understand than dynamic queries. Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.

Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.

Reference:

SQL Injection Prevention Cheat Sheet

Question No.37

You are developing an ASP.NET MVC application that uses forms authentication against a third- party database.

You need to authenticate the users. Which code segment should you use?

image

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Answer: D

Explanation/Reference: Explanation/Reference: Explanation:

ASP.NET membership is designed to enable you to easily use a number of different membership providers for your ASP.NET applications.

There are two primary reasons for creating a custom membership provider. You need to store membership information in a data source that is not supported by the membership providers included with the .NET Framework, such as a FoxPro database, an Oracle database, or other data sources.

You need to manage membership information using a database schema that is different from the database schema used by the providers that ship with the .NET Framework.

To implement a membership provider, you create a class that inherits the MembershipProvider abstract class from the System.Web.Security namespace.

Incorrect:

Not C: Class ProviderBase

The provider model is intended to encapsulate all or part of the functionality of multiple ASP.NET features, such as membership, profiles, and protected configuration.

References: https://msdn.microsoft.com/en-us/library/f1kyba5e.aspx

Question No.38

You are designing an enterprise-level Windows Communication Foundation (WCF) application. User accounts will migrate from the existing system. The new system must be able to scale to accommodate the increasing load. You need to ensure that the application can handle large- scale role changes. What should you use for authorization? (Each correct answer presents a complete solution. Choose all that apply.)

A.

Resource-based trusted subsystem model

B.

Identity-based approach

C.

Role-based approach

D.

Resource-based impersonation/delegation model

Answer: BC

Explanation/Reference: Explanation/Reference: Explanation:

Advanced Maturity: Authorization as a Service In the advanced level of maturity for authorization, role storage and management is consolidated and authorization itself is a service available to any solution that is service- enabled.

image

The Trusted Subsystems Model

Once authorization is available as an autonomous service, the need for impersonation is eliminated. Instead of assuming the identity of the user, the application uses its own credentials to access services and resources, but it captures the user#39;s identity and passes it as a parameter (or token) to be used for authorization when a request is made. This model is referred to as the trusted subsystem model, because the application acts as a trusted subsystem within the security

domain.

Question No.39

You are developing an ASP.NET MVC application to be used on the Internet. The environment uses Active Directory with delegation to access secure resources. Users must be able to log on to the application to maintain their personal preferences. You need to use the least amount of development effort to enable users to log on. What should you do?

A.

Enable Forms authentication

B.

Enable Windows authentication

C.

Generate server SSL certificates and install them in IIS

D.

Enable Digest authentication

Answer: B

Explanation/Reference: Explanation/Reference: Explanation:

Requirements for Delegation

Delegation relies on Integrated Windows authentication to access resources. There is no limit on the number of computers that you can delegate your account – you must correctly configure each of them. The Integrated Windows authentication method works only if the following two conditions exist:

You set up your network to use the Kerberos authentication protocol that requires Active Directory.

You set up the computers and accounts on your network as trusted for delegation.

Question No.40

You are developing a controller for an ASP.NET MVC application that manages message board postings. The security protection built in to ASP.NET is preventing users from saving their HTML. You need to enable users to edit and save their HTML while maintaining existing security protection measures. Which code segment should you use?

image

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Answer: B

Get Full Version of 70-486 Dumps

Tagged

Leave a Reply

Your email address will not be published. Required fields are marked *