Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 4)
You are developing an ASP.NET MVC application to be used on the Internet. The environment uses Active Directory with delegation to access secure resources.
Users must be able to log on to the application to maintain their personal preferences.
You need to use the least amount of development effort to enable users to log on.
What should you do?
A. Enable Forms authentication
B. Enable Windows authentication
C. Generate server SSL certificates and install them in IIS
D. Enable Digest authentication
Answer: B
Explanation: Requirements for Delegation
Delegation relies on Integrated Windows authentication to access resources. There is no limit on the number of computers that you can delegate your account -- you must correctly configure each of them. The Integrated Windows authentication method works only if the following two conditions exist: / You set up your network to use the Kerberos authentication protocol that requires Active Directory. / You set up the computers and accounts on your network as trusted for delegation.
Q2. - (Topic 4)
You are developing an ASP.NET MVC application by using Visual Studio 2012.
The application throws and handles exceptions when it runs.
You need to examine the state of the application when exceptions are thrown.
What should you do?
A. From the Debug menu in Visual Studio 2012, select Exceptions. Enable the Thrown
check box for Common Language Runtime Exceptions.
B. From the Debug menu in Visual Studio 2012, select Exceptions. Disable the User-unhandled check box for Common Language Runtime Exceptions.
C. Add the following code to the web.config file of the application.
<customErrors mode="On" >
<error statusCode="500" redirect="CustomErrors.html" />
</customErrors>
D. Add the following code to the web.config file of the application.
<customErrors mode="On" >
<error statusCode="404" redirect="CustomErrors.html" />
</customErrors>
Answer: A
Q3. - (Topic 2)
You need to ensure that new customers enter a valid email address.
Which code should you use? (Each correct answer presents part of the solution. Choose all that apply.)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A,D
Q4. DRAG DROP - (Topic 4)
You are developing an ASP.NET MVC application in Visual Studio 2012. The application contains sensitive bank account data.
The application contains a helper class named SensitiveData.Helpers.CustomEncryptor.
The application must not display AccountNumber in clear text in any URL.
You need to build the view for the GetAccounts action.
How should you build the view? (To answer, drag the appropriate code segment to the correct location or locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Q5. - (Topic 4)
You are developing an ASP.NET MVC application in Visual Studio 2012. The application supports multiple cultures.
The application contains three resource files in the Resources directory:
ProductDictionary.resx
ProductDictionary.es.resx
ProductDictionary.fr.resx
Each file contains a public resource named Currency with the localized currency symbol.
The application is configured to set the culture based on the client browser settings.
The application contains a controller with the action defined in the following code segment. (Line numbers are included for reference only.)
You need to set ViewBag.LocalizedCurrency to the localized currency contained in the resource files.
Which code segment should you add to the action at line 03?
A. ViewBag.LocaIizedCurrency = Resources.ProductDictionary.Currency;
B. VievBag.LocalizedCurrency = HttpContext.GetGlobalResourceObject("ProductDictionary", "Currency", new System.Globalization.CultureInfo(Men"));
C. VievBag.LocalizedCurrency = HttpContext.GetLocalResourceObject("ProductDictionary", "Currency");
D. ViewBag.LocalizedCurrency = HttpContext.GetGlobalResourceObject("ProductDictionary", "Currency");
Answer: A
Q6. - (Topic 4)
You are developing an ASP.NET MVC application that provides instant messaging capabilities to customers.
You have the following requirements:
Messages must be able to be sent and received simultaneously.
Latency and unnecessary header data must be eliminated.
The application must comply with HTML5 standards.
You need to design the application to meet the requirements.
What should you do?
A. Configure polling from the browser.
B. Implement long-running HTTP requests.
C. Implement WebSockets protocol on the client and the server.
D. Instantiate a MessageChannel object on the client.
Answer: D
Q7. - (Topic 2)
An advertising campaign was recently launched. Some of the ads contain a link to products that no longer exist or have IDs that have changed.
You need to ensure that all product links display a product.
Which code segment should you use to configure the route?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Q8. - (Topic 2)
You need to implement client-side animations according to the business requirements.
Which line of code should you use? (Each correct answer presents a complete solution. Choose all that apply.)
A. $ ("h1: first") .animate ({ opacity: 0 });
B. $("h1:first").fadeIn(1000);
C. $("h1:first").animate({ opacity: 1 });
D. $("h1:first").fadeOut(1000);
Answer: A,D
Topic 3, Video Transcoding Service
Background
You are developing a video transcoding service. This service is used by customers to upload video files, convert video to other formats, and view the converted files. This service is used by customers all over the world.
Business Requirements
The user-facing portion of the application is an ASP.NET MVC application. It provides an interface for administrators to upload video and schedule transcoding. It also enables administrators and users to download the transcoded videos.
When videos are uploaded, they are populated with metadata used to identify the video. The video metadata is gathered by only one system when the video upload is complete.
Customers require support for Microsoft Internet Explorer 7 and later.
The application contains a header that is visible on every page.
If the logged-on user is an administrator, then the header will contain links to administrative functions. This information is read from a cookie that is set on the server. The administrative links must not be present if an error condition is present.
Technical Requirements
User Experience:
The front-end web application enables a user to view a list of videos.
The main view of the application is the web page that displays the list of videos.
HTML elements other than the list of videos are changed with every request
requiring the page to reload.
Compatibility:
Some customers use browsers that do not support the HTTP DELETE verb.
These browsers send a POST request with an HTTP header of X-Delete when the intended action is to delete.
Transcoding:
The video transcoding occurs on a set of Windows Azure worker roles. The transcoding is performed by a third-party command line tool named transcode.exe. When the tool is installed, an Environment variable named transcode contains the path to the utility. A variable named license contains the license key. The license for the transcoding utility requires that it be unregistered when it is not in use. The transcoding utility requires a significant amount of resources. A maximum of 10 instances of the utility can be running at any one time. If an instance of the role cannot process an additional video, it must not prevent any other roles from processing that video.
. The utility logs errors to a Logs directory under the utilities path.
. A local Azure directory resource named perf is used to capture performance data.
Development:
. Developers must use Microsoft Remote Desktop Protocol (RDP) to view errors generated by the transcode.exe utility.
. An x509 certificate has been created and distributed to the developers for this purpose.
. Developers must be able to use only RDP and not any other administrative functions.
Application Structure
Q9. - (Topic 1)
You need to make all of the rows in the table bold in the Views/RunLog/GetLog.cshtml view.
Which code segment should you use?
A. Table > th:last-child { font-weight: bold; }
B. Table+first-child{ font-weight: bold; }
C. Table>tr>th:nth-child{2){font-weight: bold; }
D. Table > tr {font-weight: bold;}
Answer: D
Q10. - (Topic 4)
You are developing an ASP.NET MVC application that uses forms authentication against an Oracle database.
You need to authenticate the users. Which code segment should you use?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
Explanation: When implementing a custom membership provider, you are required to inherit the MembershipProvider abstract class. There are two primary reasons for creating a custom membership provider. You need to store membership information in a data source that is not supported by the membership providers included with the .NET Framework, such as a FoxPro database, an Oracle database, or other data source. You need to manage membership information using a database schema that is different from the database schema used by the providers that ship with the .NET Framework. A common example of this would be membership data that already exists in a SQL Server database for a company or Web site.
Reference: MembershipProvider Class
https://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider(v=vs.110).aspx
Q11. DRAG DROP - (Topic 1)
You need to implement security according to the business requirements.
How should you modify RunLogController? (To answer, drag the appropriate code segment to the correct location or locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Topic 2, Web Application
Background
You are developing an online shopping web application.
Business Requirements
A user is not required to provide an email address. If a user enters an email
address, it must be verified to be a valid email address.
Information about the first product on the product page must fade out over time to
encourage the user to continue browsing the catalog.
Administrators must be able to edit information about existing customers.
Administrators also must be able to specify a default product on the product page.
Technical Requirements
General:
The web store application is in a load-balanced web farm. The load balancer is not
configured to use server affinity.
The web store application is an ASP.NET MVC application written in Visual Studio
2012.
Products:
The value of the productId property must always be greater than 0.
The Products page for mobile devices must display to mobile users. The Products
page for desktop devices must display to desktop users.
Storage:
The data must be stored in a serialized XML data format.
Serialized objects must be schema-independent.
Exception handling:
Exceptions originating from IIS must display a page with support contact
information.
Some page links expire, and users who access these links encounter 404 errors.
Exceptions must be logged by using the WriteLog method of the Utility class.
Browser and device support:
The application must support image format conversions from .bmp to .jpeg for
mobile devices.
The application must support image format conversions from .bmp to .png for
desktop devices.
Application Structure
Q12. - (Topic 4)
You are developing an ASP.NET MVC application that uses forms authentication. The
application uses SQL queries that display customer order data.
Logs show there have been several malicious attacks against the servers.
You need to prevent all SQL injection attacks from malicious users against the application.
How should you secure the queries?
A. Check the input against patterns seen in the logs and other records.
B. Escape single quotes and apostrophes on all string-based input parameters.
C. Implement parameterization of all input strings.
D. Filter out prohibited words in the input submitted by the users.
Answer: C
Explanation: SQL Injection Prevention, Defense Option 1: Prepared Statements (Parameterized Queries) The use of prepared statements (aka parameterized queries) is how all developers should first be taught how to write database queries. They are simple to write, and easier to understand than dynamic queries. Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.
Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.
Reference: SQL Injection Prevention Cheat Sheet
Q13. DRAG DROP - (Topic 4)
You are developing an ASP.NET MVC application in Visual Studio. The application supports multiple cultures.
To set the culture, the application must use the AcceptLanguage header field value sent by the client browser.
You need to ensure that the application can set the culture.
You have the following markup in the web.config file:
Which markup segments should you include in Target 1, Target 2 and Target 3 to complete markup? To answer, drag the appropriate markup segments to the correct targets. Each markup segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q14. HOTSPOT - (Topic 4)
You are developing an ASP.NET MVC application.
Before an action is executed, information about the action must be written to a log. After
results are returned, information about the results also must be written to the log.
You need to log the actions and results.
You have the following code:
Which code segments should you include in Target 1, Target 2 and Target 3 to implement the LogActionFilter class? (To answer, select the appropriate option from the drop-down list in the answer area.)
Answer:
Q15. - (Topic 2)
You are designing a Windows Communication Foundation (WCF) service that uses the Product class.
You need to update the class to meet the storage requirement.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A. Mark the Product class with the DataContract attribute.
B. Mark the public members of the Product class with the DataContractFormat attribute.
C. Mark the Product class with the CollectionDataContract attribute.
D. Mark the public members of the Product class with the DataMember attribute.
Answer: A,D
Explanation: So as of .NET 3.5 SP1, you don't have to add data contract or data member
attributes anymore - if you don't then the data contract serializer will serialize all public
properties on your class, just like the XML serializer would.
HOWEVER: by not adding those attributes, you lose a lot of useful capabilities:
. without [DataContract], you cannot define an XML namespace for your data to live
in . without [DataMember], you cannot serialize non-public properties or fields . without [DataMember], you cannot define an order of serialization (Order=) and the
DCS will serialize all properties alphabetically . without [DataMember], you cannot define a different name for your property (Name=) . without [DataMember], you cannot define things like IsRequired= or other useful attributes . without [DataMember], you cannot leave out certain public properties - all public properties will be serialized by the DCS
Q16. HOTSPOT - (Topic 4)
You are developing an ASP.NET MVC web application that enables users to open Microsoft Excel files.
The current implementation of the ExcelResult class is as follows.
You need to enable users to open Excel files. You have the following code:
Which code segments should you include in Target 1, Target 2 and Target 3 to implement the ExecuteResult method? To answer, select the appropriate option or options in the answer area.
Answer: