Topic 1, Olympic Marathon
Background
You are developing an ASP.NET MVC application in Visual Studio 2012 that will be used by Olympic marathon runners to log data about training runs.
Business Requirements
The application stores date, distance, and duration information about a user’s training runs. The user can view, insert, edit, and delete records.
The application must be optimized for accessibility.
All times must be displayed in the user’s local time.
Technical Requirements
Data Access:
Database access is handled by a public class named RunnerLog.DataAccess.RunnerLogDb All data retrieval must be done by HTTP GET and all data updates must be done by HTTP POST.
Layout:
All pages in the application use a master layout file named ViewsShared_Layout.cshtml.
Models:
The application uses the ModelsLogModel.cs model.
Views:
All views in the application use the Razor view engine.
Four views located in ViewsRunLog are named:
– CalculatePace.cshtml
– EditLog.cshtml
– GetLog.cshtml
– InsertLog.cshtml
The application also contains a ViewsHomeIndex.cshtml view.
Controllers:
The application contains a ControllersRunLogController.cs controller.
Images:
A stopwatch.png image is located in the Images folder.
Videos:
A map of a runner’s path is available when a user views a run log. The map is implemented as an Adobe Flash application and video. The browser should display the video natively if possible, using H264, Ogg, or WebM formats, in that order. If the video cannot be displayed, then the Flash application should be used.
Security:
You have the following security requirements:
– The application is configured to use forms authentication.
– Users must be logged on to insert runner data. -Users must be members of the Admin role to edit or delete runner data.
– There are no security requirements for viewing runner data.
– You need to protect the application against cross-site request forgery.
– Passwords are hashed by using the SHA1 algorithm.
RunnerLog.Providers.RunLogRoleProvider.cs contains a custom role provider.
Relevant portions of the application files follow. (Line numbers are included for reference only.)
Application Structure
DRAG DROP
You need to implement the ViewsRunLog_CalculatePace.cshtml partial view from ViewsRunlog GetLog.cshtml to display the runner’s average mile pace.
How should you implement the view? (To answer, drag the appropriate code segments to the correct location or locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
DRAG DROP
You need to implement security according to the business requirements.
How should you modify RunLogController? (To answer, drag the appropriate code segment to the correct location or locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
You need to make the "Distance" header of the table bold in the Views/RunLog/GetLog.cshtml view.
Which code segment should you use?
- A . table>tr{ font-weight: bold; }
- B . table>th:last-child{ font-weight: bold; }
- C . table+first-child{ font-weight: bold; }
- D . table>tr>th:nth-child (2) { font-weight: bold; }
You need to extend the edit functionality of RunLogController.
Which code segment should you use?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
HOTSPOT
You need to implement the map of the runners’ paths.
How should you build the video viewer? (To answer, select the appropriate options in the answer area.)
HOTSPOT
You need to ensure that only valid parameters are passed to the EditLog action.
How should you build the route? (To answer, select the appropriate options in the answer area.)
DRAG DROP
You need to ensure that the application uses RunLogRoleProvider custom role provider.
How should you modify the web.config file? (To answer, drag the appropriate line of code to the correct location or locations. Each line of code may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
DRAG DROP
You need to ensure that only valid parameters are passed to the EditLog action.
How should you build the route? (To answer, drag the appropriate code segments to the correct location or locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
If the canvas element is supported by the client browser, the application must display "London 2012" in the footer as text formatted by JavaScript at the end of the _Layout.cshtml file.
You need to modify the layout to ensure that "London 2012" is displayed as either formatted text or as plain text, depending on what the client browser supports.
Which code segment should you add?
- A . <canvas id="myFooter">
@(Request,Browser.JavaApplets ? new HtmlString("London 2012") : null)
</canvas> - B . <canvas id="myFooter">London 2012</canvas>
- C . <canvas id="myCanvas">London 2012</canvas>
- D . <canvas id="myCanvas"></canvas> <p>London 2012</p>
You need to add an action to RunLogController to validate the users’ passwords.
Which code segment should you use?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
You need to make all of the rows in the table bold in the Views/RunLog/GetLog.cshtml view.
Which code segment should you use?
- A . Table > th:last-child { font-weight: bold; }
- B . Table+first-child{ font-weight: bold; }
- C . Table>tr>th:nth-child{2){font-weight: bold; }
- D . Table > tr {font-weight: bold;}
You need to display the "miles" unit description after the distance in the GetLog view.
Which line of code should you use to replace line GL21? (Each correct answer presents a complete solution. Choose all that apply.)
- A . @log.Distance miles
- B . @Htrml.DisplayFor(model => log.Distance) miles
- C . @log.Distance.ToString() @Html.TextArea("miles")
- D . @Html.DisplayFor(model => log.Distance.ToString() + " miles")
DRAG DROP
You need to implement security according to the business requirements.
You have the following code:
Which code segments should you include in Target 1, Target 2, Target 3 and Target 4 to modify RunLogController? To answer, drag the appropriate code segment to the correct targets. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation:
The RunLog/Views/InsertLog.cshtml view must display the /Images/stopwatch.png image and the “Insert Run Data” header text below the image.
The view should resemble the exhibit. (Click the Exhibit button.)
The application must display the image above the field set.
You need to add the HTML code to /Runlog/Views/InsertLog.cshtml to display the image and header text.
Which code segment should you use?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
D
Explanation:
<div style="background-image: url(../images/test-background.gif); height: 200px; width: 400px; border: 1px solid black;">Example of a DIV element with a background image:</div>
<div style="background-image: url(../images/test-background.gif); height: 200px; width: 400px; border: 1px solid black;"> </div>
Reference: DIV BACKGROUND-IMAGE in the STYLE element
http://www.w3.org/WAI/UA/TS/html401/cp0301/0301-CSS-DIV-BACKGROUND-IMAGE.html
The date of the run must be displayed in ViewsRunlogGetLog.cshtml. The timestamp must not be displayed.
You need to display the date of the run according to the business requirements.
Which code segment should you use?
- A . @Html.DisplayFor(model => log.ShortDate)
- B . @log.RunDate.ToString()
- C . @log.RunDate.ToShortDateString()
- D . @Html.DisplayFor(model => log.RunDate)
A
Explanation:
The log file has the ShortDate function which is defined as:
Return RunDate.ToLocalTime().ToShortDateString();
This meets the requirement.
Note:
Scenario:
* The application uses the ModelsLogModel.cs model.
* The Html.DisplayFor method is typically used to display values from the object that is exposed by the Model property.
The DisplayExtensions.DisplayFor<TModel, TValue> method (HtmlHelper<TModel>, Expression<Func<TModel, TValue>>)
Returns HTML markup for each property in the object that is represented by the Expression expression.
Incorrect:
Not D: The RunDate attribute is defined as DateTime, but the timestamp (the time of day), should not be displayed.
References:
https://msdn.microsoft.com/en-us/library/system.web.mvc.html.displayextensions.displayfor(v=vs.118).aspx
DRAG DROP
You need to implement the security requirements for the solution.
You have the following code:
Which code segments should you include in Targe1, Target 2, Target 3 and Target 4 to modify RunLogController? To answer, drag the appropriate code segment to the correct targets. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
Target 1: [Authorize]
Target 2: [AllowAnonymous]
There are no security requirements for viewing runner data. Therefore, [AllowAnonyous] is required.
Target 3: [Authorize (Roles = “Admin”)]
Users must be members of the Admin role to edit or delete runner data.
Target 4: [Authorize (Roles = “Admin”)]
Users must be members of the Admin role to edit or delete runner data.
You have the following security requirements:
References: https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-2.1
Topic 2, Web Application
Background
You are developing an online shopping web application.
Business Requirements
– A user is not required to provide an email address. If a user enters an email address, it must be verified to be a valid email address.
– Information about the first product on the product page must fade out over time to encourage the user to continue browsing the catalog.
– Administrators must be able to edit information about existing customers.
– Administrators also must be able to specify a default product on the product page.
Technical Requirements
General:
– The web store application is in a load-balanced web farm. The load balancer is not configured to use server affinity.
– The web store application is an ASP.NET MVC application written in Visual Studio 2012.
Products:
– The value of the productId property must always be greater than 0.
– The Products page for mobile devices must display to mobile users. The Products page for desktop devices must display to desktop users.
Storage:
– The data must be stored in a serialized XML data format. -Serialized objects must be schema-independent.
Exception handling:
– Exceptions originating from IIS must display a page with support contact information. -Some page links expire, and users who access these links encounter 404 errors. -Exceptions must be logged by using the WriteLog method of the Utility class.
Browser and device support:
– The application must support image format conversions from .bmp to .jpeg for mobile devices.
– The application must support image format conversions from .bmp to .png for desktop devices.
Application Structure
You need to ensure that new customers enter a valid email address.
Which code should you use? (Each correct answer presents part of the solution. Choose all that
apply.)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
You are designing a Windows Communication Foundation (WCF) service that uses the Product class.
You need to update the class to meet the storage requirement.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
- A . Mark the Product class with the DataContract attribute.
- B . Mark the public members of the Product class with the DataContractFormat attribute.
- C . Mark the Product class with the CollectionDataContract attribute.
- D . Mark the public members of the Product class with the DataMember attribute.
A,D
Explanation:
So as of .NET 3.5 SP1, you don’t have to add data contract or data member attributes anymore – if you don’t then the data contract serializer will serialize all public properties on your class, just like the XML serializer would. HOWEVER: by not adding those attributes, you lose a lot of useful capabilities:
You need to implement the requirements for handling IIS errors.
What should you do?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
You need to add a method to the ProductController class to meet the exception handling requirements for logging.
Which code segment should you use?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
An advertising campaign was recently launched. Some of the ads contain a link to products that no longer exist or have IDs that have changed.
You need to ensure that all product links display a product.
Which code segment should you use to configure the route?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
You need to modify the application to meet the productId requirement.
What should you do?
- A . Modify the RegisterGlobalFilters method of the Global.asax.cs file as follows.
Contract.Assume<ArgumentException>(productId != 0); - B . Modify the GetDealPrice method of ProductController as follows.
Contract.Requires<ArgumentException>(productId > 0); - C . Modify the RegisterGlobalFilters method of the Global.asax.cs file as follows.
Contract.Requires<ArgumentException>(productId > 0); - D . Modify the GetDealPrice method of ProductController as follows.
Contract.Assume<ArgumentException>(productId > 0);
B
Explanation:
The Contract.Requires(Of TException) method specifies a precondition contract for the enclosing method or property, and throws an exception if the condition for the contract fails.
Syntax:
‘Declaration
Public Shared Sub Requires(Of TException As Exception) ( _ condition As Boolean _)
Type Parameters
TException
The exception to throw if the condition is false.
Parameters
condition
Type: System.Boolean
The conditional expression to test.
Reference: Contract.Requires(Of TException) Method (Boolean)
You need to implement the business requirements for managing customer data.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
- A . Add a class named Customer-Controller to the Controllers folder. Then add a method named Edit to the class.
- B . Create a new controller named Administration in the Controllers folder. Add an action named EditCustomer to the controller.
- C . Add a folder named Customer to the Views folder. Then create a view inside this folder named Edit.aspx.
- D . Create a new folder named EditCustomer to the Views folder. In the new folder, create a new file named Administration.aspx.
When users attempt to retrieve a product from the product page, a run-time exception occurs if the product does not exist.
You need to route the exception to the CustomException.aspx page.
Which method should you add to MvcApplication?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
You updated the web.config file with the HTTP run-time value required to display an alternative version of the site.
You need to ensure that the correct page displays to the users.
Which code segment should you use to update the controller?
- A . If (Request.IsTabletDevice)
- B . If (Request.Browser.IsBrowser("Mobile"))
- C . If (Request.UserAgent["Tablet"])
- D . If (Request.Browser.IsMobileDevice)
You need to implement client-side animations according to the business requirements.
Which line of code should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . $("body h1:nth-child(1)").fadeIn(1000);
- B . $("body h1:nth-child(1)")-fadeOut(1000);
- C . $("body h2:nth-child(1)").animate({ opacity: 0 });
- D . $("body h1:nth-child(1)").animate({ opacity: 1 });
You need to implement client-side animations according to the business requirements.
Which line of code should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . $ ("h1: first") .animate ({ opacity: 0 });
- B . $("h1:first").fadeIn(1000);
- C . $("h1:first").animate({ opacity: 1 });
- D . $("h1:first").fadeOut(1000);
You need to configure session storage in the web.config file to meet the technical requirements for scalability.
Which SessionState mode should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . StateServer
- B . InProc
- C . AutoDetect
- D . SqlServer
You need to update the routes to ensure that a product is always displayed on the product page.
Which code segment should you use?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
The GetDealPrice method must be called by using Ajax.
You need to get the price of a product by using the GetDealPrice method of the ProductController.
Which code segment should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
HOTSPOT
You need to implement the mobile device support requirements.
How should you build the ProcessRequest method? (To answer, select the appropriate options in the answer area.)
You need to modify the application to meet the productId requirement.
Which code segment should you use?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
C
Explanation:
Scenario: The value of the productId property must always be greater than 0.
Note: The Contract.Requires(Of TException) method specifies a precondition contract for the enclosing method or property, and throws an exception if the condition for the contract fails.
Syntax:
‘Declaration
Public Shared Sub Requires(Of TException As Exception) ( _ condition As Boolean _)
Type Parameters
TException
The exception to throw if the condition is false.
Parameters
condition
Type: System.Boolean
The conditional expression to test.
Reference: Contract.Requires(Of TException) Method (Boolean)
You need to implement the business requirements for managing customer data.
What should you do? Each correct answer presents part of the solution. Choose all that apply.
- A . Add a folder named Customer to the Views folder. Then create a view inside this folder named Edit.aspx.
- B . Add a folder named EditCustomer to the Views folder. Then create a view inside this folder named Catalog.aspx.
- C . Add a class named CustomerController to the Controllers folder. Then add a method named Edit to the class.
- D . Add a class named Catalog to the Controllers folder. Then add a method named EditCustomer to the class.
A,C
Explanation:
From scenario: One of the business requirements, is that administrators must be able to edit information about existing customers.
When users attempt to retrieve a product from the product page, a run-time exception occurs if the product does not exist. You need to route the exception to the CustomException.aspx page.
Which method should you add to MvcApplication?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
You updated the web.config file with the HTTP run-time value required to display an alternative version of the site.
You need to ensure that the correct page displays to the users.
Which code segment should you use to update the controller?
- A . If (Request.IsTabletDevice)
- B . If (Request.Browser.IsBrowser("Mobile"))
- C . If (Request.UserAgent["Tablet"])
- D . If (Request.Browser.IsMobileDevice)
You need to implement client-side animations according to the business requirements.
Which line of code should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . $("body h1:nth-child(1)").fadeIn(1000);
- B . $("body h1:nth-child(1)").fadeOut(1000);
- C . $("body h1:nth-child(1)").animate({ opacity: 0 });
- D . $("body h1:nth-child(1)").animate({ opacity: 1 });
B,C
Explanation:
From scenario: Information about the first product on the product page must fade out over time to encourage the user to continue browsing the catalog.
You need to implement client-side animations according to the business requirements.
Which line of code should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . $ ("h1: first") .animate ({ opacity: 0 });
- B . $("h1:first").fadeIn(1000);
- C . $("h1:first").animate({ opacity: 1 });
- D . $("h1:first").fadeOut(1000);
A,D
Explanation:
From scenario: Information about the first product on the product page must fade out over time to encourage the user to continue browsing the catalog.
You need to configure session storage in the web.config file to meet the technical requirements for scalability.
Which SessionState mode should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . StateServer
- B . InProc
- C . AutoDetect
- D . SqlServer
A,D
Explanation:
ASP.NET session state supports several different storage options for session data. Each option is identified by a value in the SessionStateMode enumeration.
The following list describes the available session state modes:
* StateServer mode, which stores session state in a separate process called the ASP.NET state service. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.
* SQLServer mode stores session state in a SQL Server database. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.
* InProc mode, which stores session state in memory on the Web server. This is the default.
* Custom mode, which enables you to specify a custom storage provider.
* Off mode, which disables session state.
References: https://msdn.microsoft.com/en-us/library/ms178586.aspx
You need to update the routes to ensure that a product is always displayed on the product page.
Which code segment should you use?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
The GetDealPrice method must be called by using Ajax.
You need to get the price of a product by using the GetDealPrice method of the ProductController.
Which code segment should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
HOTSPOT
You need to implement the mobile device support requirements.
How should you build the ProcessRequest method? (To answer, select the appropriate options in the answer area.)
HOTSPOT
You need to implement the mobile device support requirements.
How should you build the ProcessRequest method? (To answer, select the appropriate options in the answer area.)
You need to ensure that developers can connect to a Windows Azure role by using RDP.
What should you do?
- A . Export a certificate without a private key. Upload the .cer file to the Management Certificates section on the Azure Management Portal.
- B . Export a certificate with a private key. Upload the .pfx file to the Management Certificates section on the Azure Management Portal.
- C . Export a certificate without a private key. Upload the .cer file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
- D . Export a certificate with a private key. Upload the .pfx file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
Customers download videos by using HTTP clients that support various content encodings. You need to configure caching on the DownloadVideo action to maximize performance.
Which attribute should you add?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
- E . Option E
You need to ensure that all the MVC controllers are secure.
Which code segment should you use as the body for the CreateController method in AdminVerifierFactory.es?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
You are creating a new authentication system that uses an HTTP header value.
The existing authentication system must continue to operate normally.
You need to implement the custom authentication.
What should you do? (Each correct answer presents a complete solution. Choose all that apply.)
- A . Create a class derived from ActionResult and check for a valid HTTP header value in the ExecuteResult method. Change all actions to return this new class.
- B . Create an HttpHandler to check for a valid HTTP header value in the ProcessRequest method.
- C . Create an HttpModule and check for a valid HTTP header value in the AuthenticateRequest event.
- D . Create a class derived from AuthorizeAttribute and check for a valid HTTP header value in the AuthorizeCore method. Change usages of the existing AuthorizeAttribute to use the new class.
HOTSPOT
The designer for the website gave you the following image as the design for the page.
The normal color for the tab is *2da4c2, and the color when the mouse is over the tab is #ffd800.
The HTML that implements the navigation tab is as follows.
You need to implement the design.
What should you do? (To answer, select the appropriate options in the answer area.)
You need to maximize performance of video delivery.
Which code segment should you use as the body of the GetVideoStream function in the Video-Controller class?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
The transcode.exe utility activates its license online when it is installed.
You need to ensure that the registration of the transcode utility is handled as specified in its license.
Which method should you add to the TranscodeWorkerRole class?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
DRAG DROP
You need to ensure that the transcode.exe utility is installed before the worker role starts.
How should you implement the startup task? (To answer, drag the appropriate values to the correct element or attribute. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
You need to ensure that all customers can delete videos regardless of their browser capability.
Which code segment should you use as the body of the SendAsync method in the DeleteHandler class?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Customers download videos by using HTTP clients that support various content encodings. You need to configure caching on the DownloadVideo action to maximize performance.
Which attribute should you add?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
- E . Option E
DRAG DROP
You need to ensure that the transcode.exe utility is installed before the worker role starts.
You have the following markup:
Which markup segments should you include in Target 1, Target 2, Target 3, Target 4 and Target 5 to implement the startup task? To answer, drag the appropriate markup segments to the correct targets. Each markup segments may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
You need to ensure that all the MVC controllers are secure.
Which code segment should you use as the body for the CreateController method in AdminVerifierFactory.cs?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
You need to ensure that developers can connect to a Microsoft Azure role by using RDP.
What should you do?
- A . Export a certificate with a private key. Upload the .pfx file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
- B . Export a certificate with a private key. Upload the .pfx file to the Management Certificates section on the Azure Management Portal.
- C . Export a certificate without a private key. Upload the .cer file to the Management Certificates section on the Azure Management Portal.
- D . Export a certificate without a private key. Upload the .cer file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
A
Explanation:
In case you don’t want to use the RDP certificate created by Windows Azure Tools and want to use a custom certificate instead, the following steps will guide you. These steps can also be used in case package is not being published from Visual Studio rather it is being built locally, saved in either Local Machine’s Drive or Windows Azure Blob Storage and subsequently published from there.
Here are the steps which are required to get pass the publishing error which you might be running into. You would need to upload the Certificate with Private Key to the portal (when Visual Studio is used this is done in the background).
Detailed steps.
You need to ensure that developers can connect to a Microsoft Azure role by using RDP.
What should you do?
- A . Export a certificate with a private key. Upload the .pfx file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
- B . Export a certificate with a private key. Upload the .pfx file to the Management Certificates section on the Azure Management Portal.
- C . Export a certificate without a private key. Upload the .cer file to the Management Certificates section on the Azure Management Portal.
- D . Export a certificate without a private key. Upload the .cer file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
A
Explanation:
In case you don’t want to use the RDP certificate created by Windows Azure Tools and want to use a custom certificate instead, the following steps will guide you. These steps can also be used in case package is not being published from Visual Studio rather it is being built locally, saved in either Local Machine’s Drive or Windows Azure Blob Storage and subsequently published from there.
Here are the steps which are required to get pass the publishing error which you might be running into. You would need to upload the Certificate with Private Key to the portal (when Visual Studio is used this is done in the background).
Detailed steps.
You need to ensure that developers can connect to a Microsoft Azure role by using RDP.
What should you do?
- A . Export a certificate with a private key. Upload the .pfx file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
- B . Export a certificate with a private key. Upload the .pfx file to the Management Certificates section on the Azure Management Portal.
- C . Export a certificate without a private key. Upload the .cer file to the Management Certificates section on the Azure Management Portal.
- D . Export a certificate without a private key. Upload the .cer file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
A
Explanation:
In case you don’t want to use the RDP certificate created by Windows Azure Tools and want to use a custom certificate instead, the following steps will guide you. These steps can also be used in case package is not being published from Visual Studio rather it is being built locally, saved in either Local Machine’s Drive or Windows Azure Blob Storage and subsequently published from there.
Here are the steps which are required to get pass the publishing error which you might be running into. You would need to upload the Certificate with Private Key to the portal (when Visual Studio is used this is done in the background).
Detailed steps.
You need to ensure that developers can connect to a Microsoft Azure role by using RDP.
What should you do?
- A . Export a certificate with a private key. Upload the .pfx file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
- B . Export a certificate with a private key. Upload the .pfx file to the Management Certificates section on the Azure Management Portal.
- C . Export a certificate without a private key. Upload the .cer file to the Management Certificates section on the Azure Management Portal.
- D . Export a certificate without a private key. Upload the .cer file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
A
Explanation:
In case you don’t want to use the RDP certificate created by Windows Azure Tools and want to use a custom certificate instead, the following steps will guide you. These steps can also be used in case package is not being published from Visual Studio rather it is being built locally, saved in either Local Machine’s Drive or Windows Azure Blob Storage and subsequently published from there.
Here are the steps which are required to get pass the publishing error which you might be running into. You would need to upload the Certificate with Private Key to the portal (when Visual Studio is used this is done in the background).
Detailed steps.
You need to ensure that developers can connect to a Microsoft Azure role by using RDP.
What should you do?
- A . Export a certificate with a private key. Upload the .pfx file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
- B . Export a certificate with a private key. Upload the .pfx file to the Management Certificates section on the Azure Management Portal.
- C . Export a certificate without a private key. Upload the .cer file to the Management Certificates section on the Azure Management Portal.
- D . Export a certificate without a private key. Upload the .cer file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
A
Explanation:
In case you don’t want to use the RDP certificate created by Windows Azure Tools and want to use a custom certificate instead, the following steps will guide you. These steps can also be used in case package is not being published from Visual Studio rather it is being built locally, saved in either Local Machine’s Drive or Windows Azure Blob Storage and subsequently published from there.
Here are the steps which are required to get pass the publishing error which you might be running into. You would need to upload the Certificate with Private Key to the portal (when Visual Studio is used this is done in the background).
Detailed steps.
You need to ensure that developers can connect to a Microsoft Azure role by using RDP.
What should you do?
- A . Export a certificate with a private key. Upload the .pfx file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
- B . Export a certificate with a private key. Upload the .pfx file to the Management Certificates section on the Azure Management Portal.
- C . Export a certificate without a private key. Upload the .cer file to the Management Certificates section on the Azure Management Portal.
- D . Export a certificate without a private key. Upload the .cer file to the Certificates section under the TranscodeWorkerRole hosted service on the Azure Management Portal.
A
Explanation:
In case you don’t want to use the RDP certificate created by Windows Azure Tools and want to use a custom certificate instead, the following steps will guide you. These steps can also be used in case package is not being published from Visual Studio rather it is being built locally, saved in either Local Machine’s Drive or Windows Azure Blob Storage and subsequently published from there.
Here are the steps which are required to get pass the publishing error which you might be running into. You would need to upload the Certificate with Private Key to the portal (when Visual Studio is used this is done in the background).
Detailed steps.
You need to secure the administrative functions for all MVC controllers.
Which code segment should you use as the body for the CreateController method in AdminVerifierFactory.cs?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
D
Explanation:
The MemberInfo.CustomAttributes property gets a collection that contains this member’s custom attributes.
The Any() statement will either return null or a collection of matched custom attributes. If it matches one or more, the controller is secure, otherwise an exception is thrown.
From scenario: The application contains a header that is visible on every page. If the logged-on user is an administrator, then the header will contain links to administrative functions. This information is read from a cookie that is set on the server. The administrative links must not be present if an error condition is present.
Incorrect:
Not B: controller.GetType().Attributes will not return custom attributes.
References: https://msdn.microsoft.com/enus/library/system.reflection.memberinfo.customattributes(v=vs.110).aspx
Topic 4, Mixed Questions
You are developing an ASP.NET MVC application that uses forms authentication. The user database contains a user named LibraryAdmin.
You have the following requirements:
You need to implement the controller to meet the requirements.
Which code segment should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
DRAG DROP
You are developing an ASP.NET MVC application that takes customer orders.
Orders are restricted to customers with IP addresses based in the United States.
You need to implement a custom route handler.
How should you implement the route handler? (To answer, drag the appropriate line of code to the correct location or locations. Each line of code may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Explanation:
References: http://msdn.microsoft.com/enus/library/system.web.routing.iroutehandler.gethttphandler.aspx
You are designing an HTML5 website.
You need to design the interface to make the content of the web page viewable in all types of browsers, including voice recognition software, screen readers, and reading pens.
What should you do? (Each correct answer presents a complete solution. Choose all that apply.)
- A . Annotate HTML5 content elements with Accessible Rich Internet Application (ARIA) attributes.
- B . Convert HTML5 forms to XForms.
- C . Ensure that HTML5 content elements have valid and descriptive names.
- D . Use HTML5 semantic markup elements to enhance the pages.
- E . Use Resource Description Framework (RDF) to describe content elements throughout the entire page.
A,C,D
Explanation:
A: The aria-describedby property may be used to attach descriptive information to one or more elements through the use of an id reference list. The id reference list contains one or more unique element ids.
References: https://www.w3.org/TR/WCAG20-TECHS/ARIA1.html
DRAG DROP
DRAG DROP You are developing an ASP.NET MVC web application in Visual Studio 2012.
The application has a model named ReservationLocation that contains properties named City and State.
The view that displays reservations has a single text box named loc for entering the location information. The location is entered as city, state.
There are action methods that have ReservationLocation as a parameter type.
You need to ensure that the City and State properties are correctly populated.
How should you implement model binding for the ReservationLocation type? (To answer, drag the appropriate code segment to the correct location or locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
You are developing an ASP.NET MVC web application in Visual Studio 2012. The application requires several thousand content files. All content is hosted on the same IIS instance as the application.
You detect performance issues when the application starts. You need to resolve the performance issues.
What should you do?
- A . Implement HTTP caching in the ASP.NET MVC controllers.
- B . Combine the content files by using ASP.NET MVC bundling.
- C . Install a second IIS instance.
- D . Move the content to a Windows Azure CDN.
B
Explanation:
Bundling is a new feature in ASP.NET 4.5 that makes it easy to combine or bundle multiple files into a single file. You can create CSS, JavaScript and other bundles. Fewer files means fewer HTTP requests and that can improve first page load performance.
References: https://www.asp.net/mvc/overview/performance/bundling-and-minification
You are developing an ASP.NET MVC application in Visual Studio 2012. The application supports multiple cultures.
The application contains three resource files in the Resources directory:
Each file contains a public resource named Title with localized translation. The application is configured to set the culture based on the client browser settings.
The application contains a controller with the action defined in the following code segment. (Line numbers are included for reference only.)
You need to set ViewBag.Title to the localized title contained in the resource files.
Which code segment should you add to the action at line 03?
- A . ViewBag.Title = HttpContext.GetGlobalResourceObuect("MyDictionary", "Title");
- B . ViewBag.Title = HttpContext.GetGlobalResourceObject("MyDictionary", "Title",new System.Globalization.CultureInfo("en"));
- C . ViewBag.Title = Resources.MyDictionary.Title;
- D . ViewBag.Title = HttpContext.GetLocalResourceObject("MyDictionary", "Title");
C
Explanation:
Only the Resources class is used.
You are testing an ASP.NET application. The test plan requires that tests run against the application’s business layer. You need to use the test project template that meets this requirement.
Which template should you use?
- A . Web Test Project
- B . Load Test Project
- C . Unit Test Project
- D . Coded Test Project
You are authoring unit tests.
The unit tests must test code that consumes sealed classes.
You need to create, maintain, and inject dependencies in the unit tests.
Which isolation method should you use?
- A . T4 text templates and code generation
- B . Stub types
- C . Shim types
- D . Hard-coded implementation
C
Explanation:
Shim types are one of two technologies that the Microsoft Fakes Framework uses to let you easily isolate components under test from the environment. Shims divert calls to specific methods to code that you write as part of your test. Many methods return different results dependent on external conditions, but a shim is under the control of your test and can return consistent results at every call. This makes your tests much easier to write.
References: http://msdn.microsoft.com/en-us/library/hh549176.aspx
You are developing an ASP.NET MVC web application that includes the following method.
You need to test the AccountBalance method.
Which unit test should you use?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
C
Explanation:
All unit tests require the [TestMethod] attribute. The Assert.AreEqual method verifies that specified values are equal.
Incorrect: Not D: All unit tests require the [TestMethod] attribute.
References: http://msdn.microsoft.com/enus/library/microsoft.visualstudio.testtools.unittesting.assert.areequal(v=vs.110).aspx
You are developing an ASP.NET MVC application by using Visual Studio 2012.
The application throws and handles exceptions when it runs.
You need to examine the state of the application when exceptions are thrown.
What should you do?
- A . From the Debug menu in Visual Studio 2012, select Exceptions. Enable the Thrown check box for Common Language Runtime Exceptions.
- B . From the Debug menu in Visual Studio 2012, select Exceptions. Disable the User-unhandled check box for Common Language Runtime Exceptions.
- C . Add the following code to the web.config file of the application.<customErrors mode="On" ><error statusCode="500" redirect="CustomErrors.html" /></customErrors>
- D . Add the following code to the web.config file of the application.<customErrors mode="On" ><error statusCode="404" redirect="CustomErrors.html" /></customErrors>
A
Explanation:
Configuring the debugger to break for first chance exceptions
To change when the debugger breaks, go to Debug->Exceptions…
When you first open this window you will see that there is a tree grid with one column and checkboxes.
* Break when Thrown. This includes a default list of exceptions known by the debugger, grouped by category.
Note: The possible exceptions that could break from this list is determined by the runtime you are debugging. For example, if you are using managed-only debugging then the debugger will never break for C++, Win32 Exceptions, etc. even if they are configured to break when thrown.
* Checkboxes. If you check the box for a category, then the debugger will break for all First Chance Exceptions while debugging. If you don’t want to enable all First Chance Exceptions, you can find the specific exception types that you wish to configure by using the search box.
You are developing an ASP.NET MVC news aggregation application that will be deployed to servers on multiple networks.
The application must be compatible with multiple browsers. A user can search the website for news articles. You must track the page number that the user is viewing in search results.
You need to program the location for storing state information about the user’s search.
What should you do?
- A . Store search results and page index in Session.
- B . Use Application state to store search terms and page index.
- C . Use QueryString to store search terms and page index.
- D . Store search results and page index in TempData
You are developing an ASP.NET MVC application. The application is deployed in a web farm and is accessed by many users.
The application must handle web server failures gracefully. The servers in the farm must share the state information.
You need to persist the application state during the session.
What should you implement?
- A . A state server
- B . Cookieless sessions
- C . A web garden on the web servers
- D . An InProc session
A
Explanation:
ASP.NET session state service provides a somewhat slower service than the in-process variant as we need to make calls to a remote server. All session data is stored in memory so shutting down the state machine will wipe out all session data as well.
Incorrect: Not D: The InProc option is particularly dangerous in a web farm environment. For example imagine one farm machine which stores the session state but not the other. Subsequent web requests from the same user may not read the correct session state.
References: https://dotnetcodr.com/2013/07/01/web-farms-in-net-and-iis-part-5-session-statemanagement/
You are developing an ASP.NET MVC application that displays stock market information. The stock market information updates frequently and must be displayed in real-time. You need to eliminate unnecessary header data, minimize latency, and transmit data over a full-
duplex connection.
What should you do?
- A . Implement long-running HTTP requests.
- B . Instantiate a MessageChannel object on the client.
- C . Implement WebSockets protocol on the client and the server.
- D . Configure polling from the browser.
You are designing a distributed application that runs on the Windows Azure platform.
The application must store a small amount of insecure global information that does not change frequently.
You need to configure the application to meet the requirements.
Which server-side state management option should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . Windows Azure application state
- B . SQL Azure
- C . Profile properties of the Windows Azure application
- D . Windows Azure session state
B
Explanation:
SQL Database provides a relational database management system for Windows Azure and is based on SQL Server technology. With a SQL Database instance, you can easily provision and deploy relational database solutions to the cloud, and take advantage of a distributed data center that provides enterprise-class availability, scalability, and security with the benefits of built-in data protection and self-healing.
Incorrect: Not A: Application State does not exist in Azure. Not C: Profile properties stores personal, not global, information. Not D: Session state is not global. Session states handles user information such as cookies, hidden fields, and query strings are some client-side options to tracking user state
DRAG DROP
You are developing an ASP.NET MVC application that has pages for users who browse the site with Windows Phone 7.
The pages for Windows Phone 7 include the following files:
You need to update the application so that it renders the customized files correctly to Windows
Phone 7 users.
How should you update the Application_Start method? (To answer, drag the appropriate line of code to the correct location or locations. Each line of code may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Explanation:
http://techbrij.com/1013/display-mode-mobile-tablet-tv-aspnet-mvc
You are developing an ASP.NET MVC web application for viewing a list of contacts. The application is designed for devices that support changes in orientation, such as tablets and smartphones. The application displays a grid of contact tiles in portrait mode.
When the orientation changes to landscape, each tile in the grid expands to include each contact’s details. The HTML that creates the tiled interface resembles the following markup.
The CSS used to style the tiles in landscape mode is as follows.
If this CSS is omitted, the existing CSS displays the tiles in portrait mode. You need to update the landscape-mode CSS to apply only to screens with a width greater than or equal to 500 pixels.
Which code segment should you use?
- A . @media screen and (width >= 500px) {…}
- B . @media screen and (min-width: 500px) {…}
- C . @media screen(min-width: 500px, max-width: 1000px) {…}
- D . @media resolution(min-width: 500px) {…}
B
Explanation:
http://www.javascriptkit.com/dhtmltutors/cssmediaqueries.shtml
You are developing an ASP.NET MVC application. You need to authenticate clients by using NT LAN Manager (NTLM).
Which authentication method should you implement?
- A . Basic
- B . Windows
- C . Forms
- D . Kerberos
B
Explanation:
References: http://msdn.microsoft.com/en-us/library/aa292114(v=vs.71).aspx
DRAG DROP
You are developing an ASP.NET MVC application in Visual Studio 2012. The application contains sensitive bank account data.
The application contains a helper class named SensitiveData.Helpers.CustomEncryptor.
The application must not display AccountNumber in clear text in any URL.
You need to build the view for the GetAccounts action.
How should you build the view? (To answer, drag the appropriate code segment to the correct location or locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
You are developing an ASP.NET MVC application. The application must allow users to enter JavaScript in a feedback text box only. You need to disable request validation.
What should you do?
- A . Apply and set the CausesClientSideValidation attribute on the text box to FALSE.
- B . Apply and set the ValidateInput attribute on the text box to FALSE.
- C . Use the HttpRequest.Unvalidated property to read the unvalidated form value.
- D . Use the HttpRequest.Form property to read the unvalidated form value.
C
Explanation:
The HttpRequest.Unvalidated property gets the HTTP request values without triggering request validation.
Request validation checks for HTML markup and script that might indicate a potential cross-site scripting attack. By default, all values are checked using request validation and if any values contain markup or script, ASP.NET throws an HttpRequestValidationException exception. Use this method if you anticipate that the request will contain markup (for example, you are allowing users to post content that contains markup) and you want to get the raw value of a request.
References: https://msdn.microsoft.com/en-us/library/system.web.httprequest.unvalidated.aspx
You are developing an ASP.NET MVC application that will be deployed on a web farm.
Passwords must be stored in the web.config file and must not be readable or in a format that is easily decodable You need to encrypt the passwords that are stored in the web.config file.
Which command-line tool should you use?
- A . Aspnet_regiis.exe
- B . Ngen.exe
- C . Aspnet_merge.exe
- D . EdmGen.exe
A
Explanation:
References: http://msdn.microsoft.com/en-us/library/zhhddkxy(v=vs.100).aspx
HOTSPOT
HOTSPOT
You are developing an ASP.NET MVC application that authenticates a user by using claims-based authentication.
The application must:
You need to implement authentication.
How should you build the class constructor? (To answer, select the appropriate option from the drop-down list in the answer area.)
Explanation:
http://garvincasimir.wordpress.com/2012/04/05/tutorial-mvc-application-using-azure-acs-andforms-authentication-part-1/
HOTSPOT
HOTSPOT You are developing an ASP.NET MVC application.
You need to store membership information in a Microsoft SQL Server database.
How should you configure the membership provider? (To answer, select the appropriate options in the answer area.)
Explanation:
References: http://msdn.microsoft.com/enus/library/system.web.security.sqlmembershipprovider.aspx
You are designing a distributed application.
The application must store a small amount of insecure global information that does not change frequently.
You need to configure the application to meet the requirements.
Which server-side state management option should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . Application state
- B . Session state
- C . Database support
- D . Profile properties
You are developing an ASP.NET MVC application. The application is deployed in a web farm and is accessed by many users.
The application must handle web server failures gracefully. The servers in the farm must share the short-term state information.
You need to persist the application state during the session.
What should you implement?
- A . ASP.NET session state
- B . A local database
- C . A state server
- D . Profile properties
C
Explanation:
ASP.NET session state service provides a somewhat slower service than the in-process variant as we need to make calls to a remote server. All session data is stored in memory so shutting down the state machine will wipe out all session data as well.
References: https://dotnetcodr.com/2013/07/01/web-farms-in-net-and-iis-part-5-session-statemanagement/
You are developing an ASP.NET MVC application that will be deployed to servers on multiple networks.
The application must be compatible with multiple browsers. You must track the page number that the user is viewing in search results.
You need to program the location for storing state information.
Where should you persist state information?
- A . Session
- B . QueryString
- C . Application
- D . TempData
HOTSPOT
HOTSPOT You are developing an ASP.NET MVC web application that enables users to open Microsoft Excel files.
The current implementation of the ExcelResult class is as follows.
You need to enable users to open Excel files.
How should you implement the ExecuteResult method? (To answer, select the appropriate options in the answer area.)
You are designing an HTML5 website.
You need to design the interface such that the content is viewable in all types of browsers, including screen readers.
What should you do? (Each correct answer presents a complete solution. Choose all that apply.)
- A . Ensure that content elements have valid and descriptive names.
- B . Use Resource Description Framework (RDF) to describe content elements.
- C . Convert HTML forms to XForms.
- D . Use HTML5 semantic markup elements.
- E . Annotate content elements with Accessible Rich Internet Application (ARIA) attributes.
You are developing an ASP.NET MVC application in Visual Studio 2012. The application supports multiple cultures.
The application contains three resource files in the Resources directory:
Each file contains a public resource named Currency with the localized currency symbol. The application is configured to set the culture based on the client browser settings.
The application contains a controller with the action defined in the following code segment. (Line numbers are included for reference only.)
You need to set ViewBag.LocalizedCurrency to the localized currency contained in the resource files.
Which code segment should you add to the action at line 03?
- A . ViewBag.LocaIizedCurrency = Resources.ProductDictionary.Currency;
- B . VievBag.LocalizedCurrency = HttpContext.GetGlobalResourceObject("ProductDictionary", "Currency", new System.Globalization.CultureInfo(Men"));
- C . VievBag.LocalizedCurrency = HttpContext.GetLocalResourceObject("ProductDictionary", "Currency");
- D . ViewBag.LocalizedCurrency = HttpContext.GetGlobalResourceObject("ProductDictionary",
"Currency");
A
Explanation:
Only the Resources class is used.
DRAG DROP
You are developing an ASP.NET MVC application that authenticates a user by using claims-based authentication.
The application must:
You need to implement authentication.
How should you build the class constructor? (To answer, drag the appropriate code segment to the correct location or locations in the answer area. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Explanation:
Similar example:
For Box 1, see line 15.
For Box 2, see line 22.
For Box 3, see line 22.
For Box 4, see line 26.
using System;
02 using System.Collections.Generic;
03 using System.Linq;
04 using System.Web;
05 using Microsoft.IdentityModel.Claims;
06
07 namespace MVC3MixedAuthenticationSample.Models
08 {
09 public class IdentityClaim
10 {
11 private string _identityProvider;
12 private string _identityValue;
13 public const string ACSProviderClaim ="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider";
14
15 public IdentityClaim(IClaimsIdentity identity)
16 {
17
18 if (identity != null)
19 {
20 foreach (var claim in identity.Claims)
21 {
22 if (claim.ClaimType == ClaimTypes.NameIdentifier)
23 {
24 _identityValue = claim.Value;
25 }
26 if (claim.ClaimType == ACSProviderClaim)
27 {
28 _identityProvider = claim.Value;
29 }
30
31 }
32 }
33
34 }
You are developing an ASP.NET MVC application that will be deployed on a web farm.
Passwords must be stored in the web.config file and must not be readable or in a format that is easily decodable. You need to encrypt the passwords that are stored in the web.config file.
Which command-line tool should you use?
- A . Aspnet_regiis.exe
- B . Aspnet_regbrowsers.exe
- C . Aspnet_setreg.exe
- D . Aspnet_compiler.exe
A
Explanation:
References: http://msdn.microsoft.com/en-us/library/zhhddkxy(v=vs.100).aspx
You are developing an ASP.NET MVC web application that includes the following method.
You need to test the GoldMined method.
Which unit test should you use?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
You are developing an ASP.NET MVC application by using Visual Studio 2012.
The application throws and handles exceptions when it runs.
You need to examine the state of the application when exceptions are thrown.
What should you do?
- A . From the Debug menu in Visual Studio 2012, select Exceptions. Enable the Thrown check box for Common Language Runtime Exceptions.
- B . From the DEBUG menu in Visual Studio 2012, select Attach to Process. Select the IIS process.
- C . From the Debug menu in Visual Studio 2012, select Exceptions. Disable the User-unhandled check box for Common Language Runtime Exceptions.
- D . From the TOOLS menu in Visual Studio 2012, click Customize. Click the Command tab and select Debug.
A
Explanation:
Configuring the debugger to break for first chance exceptions
To change when the debugger breaks, go to Debug->Exceptions…
When you first open this window you will see that there is a tree grid with one column and checkboxes.
* Break when Thrown. This includes a default list of exceptions known by the debugger, grouped by category.
Note: The possible exceptions that could break from this list is determined by the runtime you are debugging. For example, if you are using managed-only debugging then the debugger will never break for C++, Win32 Exceptions, etc. even if they are configured to break when thrown.
* Checkboxes. If you check the box for a category, then the debugger will break for all First Chance Exceptions while debugging. If you don’t want to enable all First Chance Exceptions, you can find the specific exception types that you wish to configure by using the search box.
References:
HOTSPOT
You are developing an ASP.NET MVC application that has pages for users who browse the site with Windows Phone 7.
The pages for Windows Phone 7 include the following files:
You need to update the application so that it renders the customized files correctly to Windows Phone 7 users.
You have the following code:
How should you update the Application_Start method? (To answer, select the appropriate option from the drop-down list in the answer area.)
You are developing an ASP.NET MVC web application for viewing a photo album. The application is designed for devices that support changes in orientation, such as tablets and smartphones. The application displays a grid of photos in portrait mode.
When the orientation changes to landscape, each tile in the grid expands to include a description. The HTML that creates the gallery interface resembles the following markup.
If this CSS is omitted, the existing CSS displays the tiles in landscape mode.
You need to update the portrait mode CSS to apply only to screens with a width less than 500 pixels.
Which code segment should you use?
- A . @media resolution(max-width: 500px) {. . .}
- B . @media screen(min-width: Opx, max-width: 500px) {. . .}
- C . @media screen and (width <= 500px) {. . .}
- D . @media screen and (max-width: 500px) {. . .}
D
Explanation:
Screen is used for computer screens, tablets, smart-phones etc. max-width is the maximum width of the display area, such as a browser window.
References: http://www.w3schools.com/cssref/css3_pr_mediaquery.asp
You are designing a distributed banking application that handles multiple customers. A user may log on to the site to perform activities such as checking balances, performing transactions, and other activities that must be done securely.
The application must store secure information that is specific to an individual user. The data must be automatically and securely purged when the user logs off.
You need to save transient information in a secure data store.
Which data store should you use?
- A . NET session state
- B . NET profile properties
- C . NET application state
- D . Shared database
You are developing an ASP.NET MVC application. The application must allow users to enter HTML in a feedback text box only. You need to disable request validation.
What should you do?
- A . Use the HttpRequest.Form property to read the unvalidated form value.
- B . Apply and set the Validatelnput attribute on the controller action to FALSE.
- C . Use the HttpRequest.Unvalidated property to read the unvalidated form value.
- D . Apply and set the CausesValidation attribute on the controller action to FALSE.
C
Explanation:
The HttpRequest.Unvalidated Property provides access to HTTP request values without triggering request validation.
You are developing an ASP.NET MVC application that supports multiple cultures and multiple languages. The application will be sold to international customers.
The ASP.NET MVC application must store localized content in satellite assemblies for multiple languages.
You need to generate the satellite assemblies during an automated build.
Which tool should you use?
- A . Gacutil.exe
- B . Al.exe
- C . Ildasm.exe
- D . nasm.exe
B
Explanation:
Use the Assembly Linker (Al.exe) to compile .resources files into satellite assemblies. Al.exe creates an assembly from the .resources files that you specify. By definition, satellite assemblies can only contain resources. They cannot contain any executable code.
The following Al.exe command creates a satellite assembly for the application MyApp from the file strings.de.resources.
al /t:lib /embed:strings.de.resources /culture:de /out:MyApp.resources.dll References: https://technet.microsoft.com/en-us/library/21a15yht(v=vs.85)
You are preparing for the deployment of an ASP.NET MVC application. You need to generate a deployment manifest.
Which command-line tool should you use?
- A . Mage.exe
- B . Ngen.exe
- C . ALexe
- D . Resgen.exe
A
Explanation:
The Manifest Generation and Editing Tool (Mage.exe) is a command-line tool that supports the creation and editing of application and deployment manifests.
Incorrect:
Not B: The Native Image Generator (Ngen.exe) is a tool that improves the performance of managed applications. Ngen.exe creates native images
Not C: Al.exe generates a file with an assembly manifest, not an deployment manifest, from one or more files that are either resource files or Microsoft intermediate language (MSIL) files.
Not D: Resgen.exe, the Resource File Generator, converts text (.txt or .restext) files and XML-based resource format (.resx) files to common language runtime binary (.resources) files that can be embedded in a runtime binary executable or compiled into satellite assemblies.
References: http://www.devcurry.com/2011/02/important-net-framework-40-command-line.html
DRAG DROP
You are developing an ASP.NET MVC application. The application has a view that displays a list of orders in a multi-select list box.
You need to enable users to select multiple orders and submit them for processing.
What should you do? (To answer, drag the appropriate words to the correct targets. Each word may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
You are developing an ASP.NET MVC application.
The application provides a RESTful API for third-party applications. This API updates the information for a contact by embedding the information in the URL of an HTTP POST. You need to save the Contact type when third-party applications use the EditContact method.
Which code segment should you use? {Each correct answer presents a complete solution. Choose all that apply.)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
B,C
Explanation:
Basics of RESTful services:
REST stands for Representational State Transfer, it is a simple stateless architecture that runs over HTTP where each unique URL is representation of some resource. There are four basic design principles which should be followed when creating RESTful service:
* Use HTTP methods (verbs) explicitly and in consistent way to interact with resources (Uniform Interface), i.e. to retrieve a resource use GET, to create a resource use POST, to update a resource use PUT/PATCH, and to remove a resource use DELETE.
Etc.
HOTSPOT
HOTSPOT
You are optimizing an Internet-facing website for search engine optimization.
You are reading a Site Analysis Report from the SEO Toolkit. The report returns warnings that indicate the website HTML lacks key information necessary for search engine indexing.
You need to improve the optimization of the site.
What should you do? (To answer, select the appropriate option from the drop-down list in the answer area.)
You are designing a data-oriented application that features a variety of storage schemas. The application object model must be mapped to the various storage schemas.
You need to enable developers to manipulate the data.
Which ADO.NET data access strategy should you use? (Each correct answer presents a complete solution. Choose all that apply.)
- A . LINQ to SQL
- B . Entity Framework
- C . DataAdapter
- D . DataReader
You are developing an ASP.NET MVC application that provides instant messaging capabilities to customers.
You have the following requirements:
You need to design the application to meet the requirements.
What should you do?
- A . Configure polling from the browser.
- B . Implement long-running HTTP requests.
- C . Implement WebSockets protocol on the client and the server.
- D . Instantiate a MessageChannel object on the client.
You are developing an ASP.NET MVC application that uses forms authentication to verify that the user is logged in.
Authentication credentials must be encrypted and secure so no user identity is exposed.
You need to ensure that user credentials are persisted after users log on.
Where should you store the credentials? (Each correct answer presents a complete solution. Choose all that apply.)
- A . In Session on the server
- B . In a cookie stored in the browser
- C . In ViewData in the application
- D . In TempData on the server
A,B
Explanation:
Server sessions and cookies can both be configured to secure and they both persist after the users log on.
Incorrect:
Not C: ViewData’s life only lasts during current http request.
Not D: TempData is a bucket where you can dump data that is only needed for the following request. That is, anything you put into TempData is discarded after the next request completes.
You are developing an ASP.NET MVC application that uses forms authentication. The application uses SQL queries that display customer order data.
Logs show there have been several malicious attacks against the servers.
You need to prevent all SQL injection attacks from malicious users against the application.
How should you secure the queries?
- A . Check the input against patterns seen in the logs and other records.
- B . Escape single quotes and apostrophes on all string-based input parameters.
- C . Implement parameterization of all input strings.
- D . Filter out prohibited words in the input submitted by the users.
C
Explanation:
SQL Injection Prevention, Defense Option 1: Prepared Statements (Parameterized Queries) The use of prepared statements (aka parameterized queries) is how all developers should first be taught how to write database queries. They are simple to write, and easier to understand than dynamic queries. Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.
Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.
References:
You are developing an ASP.NET MVC application that uses forms authentication against a third-party database.
You need to authenticate the users.
Which code segment should you use?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
D
Explanation:
ASP.NET membership is designed to enable you to easily use a number of different membership providers for your ASP.NET applications.
There are two primary reasons for creating a custom membership provider.
* You need to store membership information in a data source that is not supported by the membership providers included with the .NET Framework, such as a FoxPro database, an Oracle database, or other data sources.
* You need to manage membership information using a database schema that is different from the database schema used by the providers that ship with the .NET Framework.
To implement a membership provider, you create a class that inherits the MembershipProvider abstract class from the System.Web.Security namespace.
Incorrect:
Not C: Class ProviderBase
The provider model is intended to encapsulate all or part of the functionality of multiple ASP.NET features, such as membership, profiles, and protected configuration.
References: https://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
You are designing an enterprise-level Windows Communication Foundation (WCF) application. User accounts will migrate from the existing system. The new system must be able to scale to accommodate the increasing load.
You need to ensure that the application can handle large-scale role changes.
What should you use for authorization? (Each correct answer presents a complete solution. Choose all that apply.)
- A . Resource-based trusted subsystem model
- B . Identity-based approach
- C . Role-based approach
- D . Resource-based impersonation/delegation model
B,C
Explanation:
Advanced Maturity: Authorization as a Service
In the advanced level of maturity for authorization, role storage and management is consolidated and authorization itself is a service available to any solution that is service-enabled.
* The Trusted Subsystems Model
Once authorization is available as an autonomous service, the need for impersonation is eliminated. Instead of assuming the identity of the user, the application uses its own credentials to access services and resources, but it captures the user’s identity and passes it as a parameter (or token) to be used for authorization when a request is made. This model is referred to as the trusted subsystem model, because the application acts as a trusted subsystem within the security domain.