MCSD .NET Implementing Security for Applications with Microsoft Visual C# .NET : 70-340 Exam

Exam Number/Code: 70-340
Exam Name: MCSD .NET Implementing Security for Applications with Microsoft Visual C# .NET
VUE Code: 70-340
Questions Type: Multiple choice,
Real Exam Question Numbers: 30 questions
Exam Language(s): English

“MCSD .NET Implementing Security for Applications with Microsoft Visual C# .NET”, also known as 70-340 exam, is a Microsoft certification.
Preparing for the 70-340 exam? Searching 70-340 Test Questions, 70-340 Practice Exam, 70-340 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 90 questions to your 70-340 Exam preparation. In the 70-340 exam resources, you will cover every field and category in MCSD.NET helping to ready you for your successful Microsoft Certification

Candidates for this exam work on an application development team in a software development environment that uses Microsoft Visual Studio .NET 2003. Candidates have at least three years of experience developing n-tier applications and at least one year of experience using Visual Studio .NET 2003, including ASP.NET and ADO.NET. Candidates have experience developing both Web-based and Microsoft Windows-based applications from start to finish.
Exam News
Exam 70-340 became available June 28, 2004.

• This exam is scheduled to retire in March 2009
• This exam is available at 40 percent off retail price until it retires

Audience profile
Candidates for this exam work on an application development team in a software development environment that uses Microsoft Visual Studio .NET 2003. Candidates have at least three years of experience developing n-tier applications and at least one year of experience using Visual Studio .NET 2003, including ASP.NET and ADO.NET. Candidates have experience developing both Web-based and Microsoft Windows-based applications from start to finish.

Credit toward certification
When you pass the Implementing Security for Applications with Microsoft Visual C# .NET exam, you achieve Microsoft Certified Professional status.

• Learn about Microsoft Certified Professional status

You also earn credit toward the following certifications:

• Elective credit toward Microsoft Certified Application Developer (MCAD) for Microsoft .NET certification

• Elective credit toward Microsoft Certified Solution Developer (MCSD) for Microsoft .NET certification

Preparation tools and resources
To help you prepare for this exam, Microsoft Learning recommends that you have hands-on experience with the product and that you use the following training resources. These training resources do not necessarily cover all of the topics listed in the “Skills measured” section.

Classroom training
• Course 2350: Developing and Deploying Secure Microsoft .NET Framework Applications

• Course 2840: Implementing Security for Applications

Microsoft Press and self-paced training products
• MCAD/MCSD Self-Paced Training Kit: Implementing Security for Applications with Microsoft Visual Basic .NET and Microsoft Visual C# .NET (ISBN: 9780735621213)

• Writing Secure Code, Second Edition (ISBN: 9780735617223)

• Improving Web Application Security: Threats and Countermeasures

Microsoft certified practice tests
• MeasureUp: Visit the MeasureUp Web site to take a practice test.

• Self Test Software: Visit the Self Test Software Web site to take a practice test.

Microsoft online resources
• Microsoft Learning Community: Join newsgroups and visit community forums to connect with peers for suggestions on training resources and advice on your certification path and studies.

• TechNet: Designed for IT professionals, this site includes how-to instructions, best practices, downloads, technical resources, newsgroups, and chats.

• MSDN: Designed for developers, the Microsoft Developer Network (MSDN) features code samples, technical articles, downloads, newsgroups, and chats.

Skills measured
This certification exam measures your ability to implement code by using methods to minimize security risks and take advantage of the security functionality built into the .NET Framework. Before taking the exam, you should be proficient in the job skills listed in the following matrix. The matrix shows which Official Microsoft Learning Products may help you reach competency in the skills being tested in the exam.

KEY: = The course provides a general introductory overview of this task. You will need to supplement the course with additional work = The course includes some material to prepare you for this task. You will need to supplement the course with additional work = The course includes material to prepare you for this task
Skills measured by Exam 70-340 Course 2350 Course 2840
Developing Applications by Using Security Best Practices
Develop code under a least privilege account within the development environment.

• Configure the Microsoft .NET development environment and operating system.

• Select the appropriate privileges.

Develop code that runs under a least privilege account at run time.

• Develop code to run under a least privilege account that does not have administrator privileges.

• Use least privilege for access to resources such as the file system, registry entries, and databases.

Analyze security implications of calling unknown code. Third-party components include .NET components, legacy COM components, ActiveX controls, Win32 DLLs, and Web services.

• Write code to verify that the identity of a COM component matches the identity expected.

• Validate that data to and from third-party components conforms to the expected size, format, and type.

• Test for integrity of data after transmission.

• Evaluate unmanaged code.

Write code that addresses failures in a manner that does not compromise security.

• Write code that defaults to a permission set that is more secure than the permission set that existed before the errors or issues occurred.

• Create error messages that do not compromise security.

Develop code that includes security measures in each tier of the solution, also known as defense in depth.

Implement application functionality to apply defaults that minimize security threats.

Write code to prevent canonicalization problems.

• Create canonical references for resources.

• Validate that a reference is canonical.

Validate external input at every boundary level to prevent security problems.

• Write code to test strings by using regular expressions.

• Write code to test the size of data.

• Write code to prevent SQL injection and cross-site scripting.

Developing .NET Applications That Include Security Enhancements
Implement security by using application domains.

Implement authentication.

• Implement a custom authentication mechanism in a Windows Forms application.

• Implement an appropriate Web application or Web service authentication mechanism to accommodate specific application security requirements.

• Implement functionality by consuming authenticated user information such as the IPrincipal, Membership, and Identity components of the .NET base class library.

Write authorization code.

• Programmatically control access to functionality and data by using user information such as user identity, group membership, and other custom user information.

• Control access to Web applications by using URL authorization.

• Programmatically control access to functionality and data by using identities or criteria that are independent of user identity.

Sign data by using certificates.

Implement data protection.

• Use .NET cryptographic techniques.

• Encrypt and decrypt data by using symmetric and asymmetric cryptographic functions.

• Compute hashes by using cryptographic functions.

• Write code to create cryptographically random numbers for cryptographic functions.

• Protect data in files and folders by creating, modifying, and deleting discretionary access control list (DACL) or security access control list (SACL) entries.

Free PassGuide Practice Engine Demo Download Pass4sure offers free demos for each certification exam, including all IT vendors. You can check out the testing engine software, or pdf file question quality and usability of our practice exams before you decide to buy it. We are the only one site that offers demos for almost all IT certification exams.If you want to try p4s exam practice engine demo. http://demo.passguide.com/download

• Encrypt and decrypt data by using the Data Protection API (DPAPI).

Implement security for an application or shared library by using .NET code access security.

• Demand a code access permission such as FileIOPermission.

• Group code access permissions into a permission set.

• Override code access security checks.

• Protect a resource in a library.

• Specify the permission requests of an application.

• Customize code access security.

Access remote functionality in a manner that minimizes security risks.

• Use Web Services Enhancements (WSE) for Microsoft .NET, such as WS-Security and WS-Interoperability.

• Configure .NET Remote for security.

Configuring Application Security by Using the Microsoft .NET Framework and Operating System Tools
Work with .NET security policies. Tools include the .NET Framework Configuration tool and the Code Access Security Policy tool.

Analyze the code access permissions of an assembly by using the Permissions View tool.

Configure security by using IIS and ASP.NET.

• Understand the security implications of impersonation.

• Configure ASP.NET impersonation.

• Configure Web folder permissions.

• Set appropriate permissions on Web application files.

• Configure a Web page or Web service to use SSL/TLS.

Stabilizing and Releasing Applications in a Manner That Minimizes Security Risks
Perform unit testing on applications and components to identify security vulnerabilities.

Release applications in a manner that minimizes security risks.

• Evaluate when to sign an assembly.

• Implement delayed signing.

• Create a strong named assembly.

• Configure security settings by using the .NET Framework Configuration tool and the Code Access Security Policy tool at deployment.
QUESTION 1:

You are an application developer for Certkiller .com. You develop library assemblies that are called by your main applications. These library assemblies access
confidential data in the applications. To ensure that this data is not accessed in an unauthorized and unsafe manner, users must not be allowed to call the library assemblies from their own applications. You apply a strong name to all assemblies
to support versioning.
You need to prevent users from writing managed applications that make calls to
your library assemblies. You need to achieve this goal while minimizing the impact on response times for applications.
What should you do?

A. Use the internal access modifier to declare all classes and structures in each library.
B. Use the protected internal access modifier to declare all classes and structures in each library.
C. Add the following attribute to each class and structure in each library assembly:

D. Add the following attribute to each class and structure in each library assembly:

Answer: C Explanation:
StrongNameIdentityPermission Class
Defines the identity permission for strong names. This class cannot be inherited.
For a list of all members of this type, see StrongNameIdentityPermission Members. System.Object
System.Security.CodeAccessPermission
System.Security.Permissions.StrongNameIdentityPermission

NotInheritable Public Class StrongNameIdentityPermission
Inherits CodeAccessPermission
Remarks
Use StrongNameIdentityPermission to achieve versioning and naming protection by confirming that the calling code is in a particular strong-named code assembly.
A strong name identity is based on a cryptographic public key called a blob optionally combined with the name and version of a specific assembly. The key defines a unique namespace and provides strong verification that the name is genuine, because the definition of the name must be in an assembly signed by the corresponding private key. Note that the validity of the strong name key is not dependent on a trust relationship or any certificate necessarily being issued for the key.
Note Full demands for StrongNameIdentityPermission succeed only if all the assemblies

in the stack have the correct evidence to satisfy the demand. Link demands using
StrongNameIdentityPermissionAttribute succeed if only the immediate caller has the correct evidence.
Demands
You can use the security demand call declaratively or imperatively to specify the permissions that direct or indirect callers must have to access your library. Direct callers explicitly call static or instance methods of your library, while indirect callers call static
or instance methods of another library that calls your library. When you use a demand, any application that includes your code will execute only if all direct and indirect
callers have the permissions that the demand specifies. Demands are particularly
useful in situations in which your class library uses protected resources that you do not want to be accessed by untrusted code. Demands can be placed in code using either imperative or declarative syntax.
Note that most classes in the .NET Framework already have demands associated with them, so you do not need to make an additional demand whenever you use a class that accesses a protected resource.
Link Demands
A link demand causes a security check during just-in-time compilation and checks only the immediate caller of your code. Linking occurs when your code is bound to a type reference, including function pointer references and method calls. If the caller does not have sufficient permission to link to your code, the link is not allowed and a runtime
exception is thrown when the code is loaded and run. Link demands can be overridden in classes that inherit from your code.
Just-in-Time compilation
Languages in the .NET Framework compile to Microsoft Intermediate Language (IL)
ready for the JiT (Just-in-Time) compiler to turn them into native code when the program
is installed or first run. The runtime engine pulls in uncompiled functions for compilation on the fly as required.

The following example shows how to demand that the calling code has StrongNameIdentityPermission at link time. Code will only execute if signed with a strong name using the private key counterpart of the specified public key
"00240000048000009400000006020000002400005253413100040000010" &
_"00100538a4a19382e9429cf516dcf1399facdccca092a06442efaf9ecaca33457be26ee0"
&
_"073c6bde51fe0873666a62459581669b510ae1e84bef6bcb1aff7957237279d8b7e0e25b"
&
_"71ad39df36845b7db60382c8eb73f289823578d33c09e48d0d2f90ed4541e1438008142e"
& _"f714bfe604c41a4957a4f6e6ab36b9715ec57625904c6")> Public Class SampleClass
Restrict Unauthorized Code
By using .NET Framework code access security – specifically, code identity demands – you can limit the assemblies that can access your data access classes and methods.
For example, if you only want code written by your company or a specific development organization to be able to use your data access components, use a StrongNameIdentityPermission and demand that calling assemblies have a strong name with a specified public key, as shown in the following code fragment:
using System.Security.Permissions;
. . .
pass4sure 70-340
Questions and Answers : 90 questions Expected Date: October 22nd , 2008 Price: $129.99 $89.99 Pre-Buy price: $62.99 Save $27

Free download:pass4sure mcsd 70-340 v2.83
Free download:testking mcsd 70-340 v2.83

PassGuide provides high-quality test materials, for example, Cisco CCNA CCNP CCIE, Comptia A + NETWORK + Security +, Juniper jncia, jncis, Vmware VCP-410,certification practice exams and so on.We are committed to give full refund to candidates if they fail the exam with use of our products.And we are confident to make such a guarantee. Buy Best Practice Exam,high-quality ,100% Guarantee ,Pls contact me,Mail:Sales@passguide.com

P4S Free Downloads

Type	Exam Braindumps	New Questions & Answers	Latest Updated	Available link
	All Pass4sure's Exam Pack	858	1 days ago	Download Free Testing Engines

PassGuide Braindumps-Free Test king Help You Quick Pass Any it Certifications Exams

Click links: www.testking.la/braindumps/free/down/crack/all/testking