image1 image2 image3 image4 image5 image6 image7


Microsoft Certified Solutions Developer (MCSD) Certification exam Dumps

1.       You are designing an application in which a section of the main page will be populated by content from a third-party provider. You do not have control over the responsive­ness of the client or how much information will be returned with each request. The call is to a RESTful service and will return the information formatted in Extensible Markup Language (XML). What is the best way to implement this application?
2.        A. Design a model that handles the data call to populate the model. Create a partial view containing only this display area and put an asynchronous service call that returns this model in the partial view controller.
3.       Correct: Because you do not have control over the responsiveness of the third-party provider and you do not know how much data might be returned from each call, you should wrap the call in the asynchronous framework. Providing the data in a strongly-typed model gives it more flexibility than working with the raw XML on the client side.
4.       B. Put a synchronous service call into the main page controller.
5.       C. Create a partial view containing only this display area and put a synchronous ser­vice call in the partial view controller.
6.       D. Create a partial view containing only this display area and put an asynchronous service call in the partial view controller.
  1. You have been given requirements for a dashboard page that will contain summary information from your order processing system in a single display table. However, this summarization needs to be done by combining data requests from the order system, the shipping system, and the accounting system. The dashboard page will be the only place you use this combined data. What is the best way to implement this require­ment?
  3. A. Make the various data requests and compile the information in the controller for display.
  4. B. Create an individual model for each of the data requests, and then create a view-specific model that calls those models and merges the data.
11.    Correct: You will have a better chance of code reuse if you break down the separate calls into their own models and then create another model to pull them together and compile them.
  1. C. Create a model for the summary data and handle the various data requests within that model as well as the merging of the data.
  2. D. Create an individual model for each of the data requests and then merge the data on the client side for display.
  1. A significant change has been requested in an application maintained within your company. The application is a classic ASP application that uses custom Open Database Connectivity (ODBC) drivers to connect to a relational data repository on a mainframe computer. The CIO decided that the company needs to replace this 30-year-old sys­tem. The team that worked on the original project is made up of developers who have never worked with an object-oriented approach before. Which approaches would be the best to use when designing your initial schema in Entity Framework? (Choose all that apply.)
  2. A. Create your own custom design because it’s too much work to manage an inexpe­rienced staff.
  3. B. Use Code First.
  4. C. Use Model First.
18.    Correct: The use of the Entity Designer as an integral component in the Model First approach will help unfamiliar users to walk through the process
  1. D. Use Database First.
20.    Correct: There is already a working relational database for the application, although it is in a system that will be replaced. A port of the design should be considered.
  1. You are designing an application that allows employees to change their human resources (HR) information, such as next of kin and direct deposit information. The re­quirements state
  2. that the application should talk directly to the HR systems’ database. However, at a recent company meeting, the CFO announced that the company will be converting to a new HR system over the next two years. They will take an additional year to move employees to the new system, one department at a time. How will this affect your design?
  3. A. It won’t; the requirements state that the application should talk directly to the HR systems’ database.
24.    B. You should ensure your naming convention for the database as clearly as possible so you can rework your data calls with minimal changes.
25.    C. You should implement the Repository pattern with the current HR system being the first repository that is built. When the second system comes online, you imple­ment that data access using the same pattern.
26.    Correct: Using the Repository pattern will give you a level of abstraction into the data layer. When you create the second data access component for the new HR system, you can then differentiate on a user or departmental level which imple­mentation to use.
27.    D. You should map the model directly to the database calls, anticipating that you will have to change the model as the new system rolls out.  


1.       You are developing an application. One requirement is that part of your data access layer needs to be available to a third party, that wants to get this information from a REST URL in XML. Your company does not have experience with web services, but you have several websites running ASP.NET MVC 4. How could you design and provide these new services? (Choose all that apply.)
2.                   A. Task an individual on staff to learn WCF, and have this individual develop and de­ploy these new services using WCF.
3.                   B. Use the Web API to create REST services using ApiController in which the serializa­tion type is defined by the Accepts property of the browser.
4.                   Correct: Using the Web API is a straightforward way to present REST services.
5.                   C. Build a basic ASP.NET MVC 4 project in which the view simply passes through the information provided by the controller, and the controller manages the code for serializing the response.
6.                   Correct: Using ASP.NET MVC is another way to create a controller that will return XML.
7.                   D. Create an ASP.NET ASMX services file to get, serialize, and return the data.
8.       How could you traditionally consume an ASMX web service from your application? (Choose all that apply.)
9.                   A. Generate a proxy by selecting Add Reference In Visual Studio.
10.                B. Create an HttpService and connect using Get(URL).
11.                Correct: HttpService.Get gets the output of a REST service.
12.                C. Generate a proxy by selecting Add A Service Reference in Visual Studio.
13.                Correct: Visual Studio creates a proxy for you from the WSDL at the site you select.
14.                D. Create a WCF proxy class.

15.    What are examples of hybrid applications using Windows Azure? (Choose all that apply.)
16.                 A. An application where the local network hosts the IIS server while the database is being run from the corporate IT office
17.                B. An application where Windows Azure is used to host the IIS process, and Windows Azure SQL is used to store the data
18.                C. An application where the IIS process is run on a local web server, whereas the data is stored in Windows Azure SQL
19.                Correct: Part of the application is being run in the Windows Azure environment; the other part is being run in the corporate network environment.
20.                D. An application where the web part of the application is run on Windows Azure, whereas the confidential data is stored in the company’s network 
21.                Correct: Part of the application is being run in the Windows Azure environment; the other part is being run in the corporate network environment


1.                   What occurs if an unhandled error is fired on a startup task?
2.                   A. The startup role consumes the error during its load; if there is no event handler configured, it is set to Handled as the task completes.
3.                   B. The startup is cancelled and the role does not start.
4.                   Correct: The task will stop processing and return a non-zero value.
5.                   C. The OnStop method automatically runs.
6.                   D. The startup task goes to the lowest security setting and continues to run, if possible.
7.       AppCmd.exe is an application that helps you work with which objects? (Choose all that apply.)
8.                   A. Site
9.                   Correct: AppCmd.exe enables the configuration of virtual sites.
10.                B. Users
11.                C. Config
12.                Correct: AppCmd.exe supports the administration of general configuration sections.
13.                D. App
14.                Correct: AppCmd.exe manages the support of applications.
1.       Which of the following are valid reasons for overriding the Run method? (Choose all that apply.)
2.                   A. Creating and starting a messaging service that will work in parallel with the Web role to manage queued messages
3.                   Correct: Creating and running an application in parallel is what the Run method was designed to allow.
4.                   B. Creating an always-running service that periodically makes HTTP calls to other websites to determine their availability
5.                   Correct: The polling service is a good example of an activity in which the Run method enables a process to work independently of the main role
6.                   C. Managing error handling for the application
7.                   D. Starting and supporting a logging application for use by the Worker role
8.                   Correct: Creating and running an application in parallel is what the Run method was designed to allow.

1.                   You are designing an ASP.NET MVC 4 application that uses an Oracle database for persistence. What session configuration choices enable you to deploy your application on a web farm? (Choose all that apply.)
2.                   A. InProc
3.                   B. SQLServer
4.                   C. StateServer
5.                   Correct: Using a shared state server across the web farm is an available option. Using a state server designates one server to maintain state for all the servers that connect to it.
6.                   D. Custom session provider
7.                   Correct: A custom session provider enables you to maintain state as necessary by doing the work in your custom code. It is generally used when you try to use a dif­ferent RDBMS system or when you do not want to use the default session database design.
1.       You are creating an ASP.NET MVC 4 web application that will be accessed by a large number of traditional consumers. If you need to be able to access state information on the client side in JavaScript/jQuery, where can you store it? (Choose all that apply.)
2.                   A. localStorage
3.                   B. QueryString
4.                   Correct: Query string information is available across all browsers and is usable on both the client and server.
5.                   C. ViewState
6.                   D. Cookies
7.                   Correct: Cookies can be stored for a period of time on the client and be read from either client- or server-side operations.
8.       As you design a sessionless state management system, what do you need to ensure that your application manages? (Choose all that apply.)
9.                   A. Access to the state management system, whether it is a database, a web service, or other type of system
10.                Correct: Your application needs to manage whatever information might be re­quired to access the state management system.
11.                B. The HTTP headers
12.                C. The session setting within the Web.config file
13.                D. An identifier used by the server to identify the request
14.                Correct: Your application needs to manage the passing of the identifier between requests.


1.       You are designing a work order management application for a mid-size repair com­pany. The application will be used by repair personnel in the field on their laptops with wireless phone connections. The connections are slow, and the laptops are several years out of date. There will never be more than 15 users at any one time, and rarely more than 2 concurrent users. What kind of caching will give the repair personnel a better user experience? (Choose all that apply.)
2.                   A. Page output caching
3.                   Correct: Page output caching will cache content at the client side to eliminate some of the required downloads. It is useful in a limited bandwidth environment. It can also be used in donut hole and donut caching scenarios for partial client-side caching.
4.                   B. Application caching
5.                   C. Data caching
6.                   D. HTTP caching
7.                   Correct: HTTP caching will help response time even though there is not much a developer needs to do to implement the caching.
8.       You are creating a solution in which the majority of the application is dynamic, but some areas can be cached for a long time. What kind of approach would you take? (Choose all that apply.)
9.                   A. Data caching
10.                B. Donut hole caching
11.                Correct: Donut hole caching provides the ability to cache parts of each page.
12.                C. Donut caching
13.                Correct: Donut caching is another approach that gives the ability to cache parts of the application.
14.                D. Windows AppFabric caching
15.   You are adding a reporting vertical to an enterprise application. Many of the reports will be run every morning by a set of users. Some of the reports will be identical as every member of a team will get the same report sometime in the morning. What kind of caching will provide an improvement in performance? (Choose all that apply.)
16.                A. Data caching
17.                Correct: Data caching with the appropriate timeout will enable the data needed for the reports to be stored so that the call to the database is not necessary.
18.                B. Page output caching with a duration of two minutes
19.                C. Page output caching with a duration of four hours
20.                Correct: A page output caching of four hours caches the output of the report for the whole morning and should eliminate the need for the report to be run a second time.
21.                D. Windows AppFabric caching
22.                Correct: AppFabric caching acts much like data caching to eliminate the need for additional calls to the database to generate the reports.

1.       What is the technique in which the client sends a request to the server, and the server holds the response until it either times out or has information to send to the client is?
2.                   A. HTTP polling
3.       B. HTTP long polling
4.                   Correct: In HTTP long polling, the client sends a request to the server, and the server holds it open until it either has something to return to the client or the con­nection times out.
5.                   C. WebSockets
6.                   D. HTTP request-response
7.       You are building an application in which you want to display updated information to a website every 15 minutes. What are efficient ways to manage the update? (Choose all that apply.)
8.                   A. WebSockets
9.                   Correct: WebSockets can be used to pass information between the client and server.
10.                B. HTTP polling with 1-minute intervals
11.                C. HTTP long polling
12.                D. HTTP polling with 15-minute intervals
13.                Correct: HTTP polling with 15-minute intervals is a valid way to get the informa­tion within the required time frame.
14.    What is the first request sent to start HTTP polling?
15.                A. HTTP DELETE
16.                B. HTTP GET
17.                Correct: The first request to open a WebSocket connection is a standard HTTP GET. After the request is received, the browser sends a separate upgrade request
18.                C. HTTP CONNECT
19.                D. Upgrade request

1.       In an HTTP module, can you redirect the request to a different handler than is in the routing table? If so, what event would you handle?
2.                   A. Yes, and you handle the PostAuthorizeRequest event.
3.                   B. No, after the request starts into the process, it either continues through to the mapped handler or throws an error.
4.                   C. Yes, and you handle the MapRequestHandler event.
5.                   Correct: You handle the mapping of the request in the MapRequestHandler.
6.                   D. Yes, and you handle the ReleaseRequestState event.
7.       When you are creating a custom handler, what is the parameter being passed into the ProcessRequest method?
8.                   A. object, EventArgs
9.                   B. HttpApplication
10.                C. HttpContext
11.                Correct: The ProcessRequest method takes the HttpContext parameter.
12.                D. Object
13.   What is the best way to intercept every request for an image on your site and ensure that a watermark is added to the image?
14.                A. An HTTP module handling the AuthorizeRequest event
15.                B. A custom HTTP handler set to handle .htm and .html pages
16.                C. A custom HTTP handler configured to serve .png and .jpg files
17.                Correct: Intercepting every request for .jpg and .png files is the easiest way to consistently add watermarks to the images.
18.                D. An HTTP module handling the PostRequestHandlerExecute event

1.       Layout.cshtml and Site.Master are the two default template pages in ASP.NET MVC. Which of the following scenarios would best be solved using a single layout or master template? (Choose all that apply.)
2.                   A. Your application has a requirement to display a menu section that changes based on the area of the application the user is visiting.
3.       Correct: Adding logic to the master page to determine the menu design enables your application to display a menu section that changes based on the area of the application the user is visiting.
4.       B. Each content area on your page needs a header that displays the company’s branded color and contains the first 40 characters of the content area’s content followed by an ellipsis.
5.                   C. You have created a set of styles, each in a different style sheet. The styles need to be available to every page in the application.
6.       Correct: Referencing all style pages in a single place, the layout page, is an appropriate use.
7.       D. Your application has three different default page designs: two rows of information, two columns of information, and three columns of information.
1.       You are designing a web application. You want to create a certain look and feel while reusing styles across pages as much as possible. How should you handle styles?
2.       A. Use only one or two styles throughout your application to simplify maintenance.
3.       B. Use a specific (unique) style for every element.
4.                   C. Use general styles for common elements and specific styles for elements that are unique.
5.       Correct: You should use general styles as much as possible. Achieving a certain look and feel means that you might have to create some specific styles, however.
6.       D. Use inline styling.
7.       What are compelling reasons to switch from static web content to dynamic web con­tent? (Choose all that apply.)
8.       A. The ability to substitute a new image for the company logo
9.                   B. The ability to display information from a database
10.    Correct: Displaying data from a database is an ideal reason to use a dynamic website.
11.    C. The ability to link to other pages outside of your application
12.                D. The ability to display information pertaining to the current user
13.    Correct: Personalization, or displaying information about the user on-screen, is an example of dynamic content.

being submitted to the server. Which code segment should you choose?
A. <div class=”editor-label”> @Html.LabelFor(model => model.ProductName)</div><div class=”editor-field”> @Html.EditorFor(model => model.ProductName)</div>
B. <div class=”editor-label”> @Html.LabelFor(model => model.ProductName)</div><div class=”editor-field”> @Html.ValidationMessageFor (model => model.ProductName)</div>
C. <div class=”editor-field”> @Html.EditorFor(model => model.ProductName) @Html.ValidationMessageFor(model => model.ProductName)</div>
Correct: @Html.EditorFor, in combination with @Html.ValidationMessageFor, are used for client-side validation.
D. <div class=”editor-label”> @Html.LabelFor(model => model.ProductName)</div>
1.       Your team is building an application and you are reviewing the functional specifica­tions. Your team must include a stockticker in the UI that displays the company’s stock price every 15 minutes, and include the capability to do partial saves of base objects as users step through a data entry wizard. You want to use the same approach for both requirements to make it easier to add functionality and maintain it going forward. What approach should you use?
2.        A. Use JavaScript to refresh the page every 15 minutes and to manage whether wiz­ard buttons are enabled or disabled.
3.                   B. Use AJAX to make asynchronous calls to the server on a timer for the stock price and to automatically save the base objects as the user navigates through the wizard.
4.       Correct: The best way to solve this issue is to use AJAX to do asynchronous calls to check the stock price as well as manage the save process through the wizard.
5.       C. Use jQuery to refresh the page every 15 minutes and to manage whether wizard buttons are enabled or disabled.
6.       D. Use data validation annotations on the model to ensure that the stock price is vali­dated every 15 minutes and that the client saves the base object information after every wizard step.
7.       In which of the following scenarios should you include validation? (Choose all that apply.)
8.                   A. You have an online diary with two form fields, a title, and a large subject box. A title is not required, and the subject content is stored in a database column with no maximum size.
9.       Correct: You should build in validation to check that at least one field has been populated before saving an entry.
10.                B. The web application you maintain has an area that serves as a pass-through to another company’s web services. The form contains personal information, such as address and phone number, and is used to set up a profile on the company’s retirement partner website. The partner has never given you any instructions as to what is or is not required to be sent to them.
11.    Correct: Although the partner company has not provided any requirements, your company is responsible for data entry and therefore should ensure that the data passing through the application meets some minimum criteria.
12.                C. Your application is a long wizard that college students use to apply for financial aid. They do not have access to the application until they are already logged on to the system so the application knows who they are. Most students will log on many times to finish the application, so any field might or might not be completed at any time.
13.    Correct: The application has many entry fields so it is difficult to predict when an entry hits a valid stage. However, you already know you have constraints on the data being input because of the size of the database columns in which you will be storing them. A MaxLength validator on each field would help ensure that there is no loss of data.
14.                D. You are developing a simple form that helps home brewers keep track of their process. The form provides two input fields: Date/time and ph level. The Date/ time box needs to be an ordinary text box because people around the world might enter the date differently, in a way that is meaningful to them. The ph level can be either a numeric value or a text description.
15.    Correct: Although either field in the form can be anything, they should have a maximum length limit imposed so the data does not exceed the size of the database column they will be stored in. You should also validate that neither field is empty.

1.       You are creating an ASP.NET MVC web application. Within the application, you have created a partial view for contact email and phone number. Which code segment should you use to display the partial view on the main page?
2.       A. <div class=”float-right”> <section id=”contact”> @Html.ActionLink(“ContactPartial”) </section></div>
3.                   B. <div class=”float-right”> <section id=”contact”> @Html.Partial(“ContactPartial”) </section></div>
4.                   Correct: @Html.Partial loads a partial view.
C. <div class=”float-right”> <section id=”contact”> @RenderPage(“ContactPartial”) </section></div>
D. <div class=”float-right”> <section id=”contact “> @RenderBody() </section></div>
2. You are creating an ASP.NET MVC web application. The application accepts phone number input through the application’s form. When viewing the source from a brows­er, you find the following code:
PhoneNumber: <input id=”phoneNumber” name=”phoneNumber” size=”10” type=”text” value=”” /><br />
What Razor syntax code segment was used?
A. PhoneNumber: <input id=”phoneNumber” name=”phoneNumber” size=”10” type=”text” value=”3125551212” /><br />
B. <div class=”editor-field”> @Html.EditorFor(model => model.PhoneNumber) </div>
C. PhoneNumber: @Html.TextBox(“phoneNumber”, Request[“phoneNumber”], new { @placeholder = “3125551212”})<br />
D. PhoneNumber: @Html.TextBox(“phoneNumber”, Request[“phoneNumber”], new { size = 10 })<br />
Correct: This is the proper way to limit the size of a certain field that is being bound to the model.
1.       You are modifying an ASP.NET MVC web application and you have created a new mas­ter layout page named _Layout.WindowsPhone.cshtml. You want to use that layout in a new view. Which code segment do you use?
2.       A. @Html.ActionLink(“_Layout.WindowsPhone.cshtml”);
3.                   B. Layout=”~/Views/Shared/_Layout.WindowsPhone.cshtml”;
4.       Correct: Layout=”” loads the layout file to be used with that view.
5.       C. Layout=”Layout.WindowsPhone.cshtml”;
6.       D. @Html.Partial(“_Layout.WindowsPhone.cshtml”);


1.       You want to support the Internet Explorer, Firefox, and Opera web browsers in your application. Which vendor-specific extensions do you need to include with CSS3 prop­erties? (Choose all that apply.)
2.       A. -webkit-
3.                   B. -ms-
4.       Correct: The -ms- prefix is used for Internet Explorer.
5.                   C. -o-
6.       Correct: The -o- prefix is used for the Opera browser.
7.       D. -hp-
8.                   E. -moz-
9.       Correct: The -moz- prefix is used for Mozilla Firefox.
10.    What are common methods for detecting the type of browser running on a client? (Choose all that apply.)
11.                A. Use JavaScript to query for the userAgent header.
12.    Correct: Using JavaScript to query the userAgent gives you information about the type of browser being used by the client.
13.    B. Use the window.addEventListener method.
14.    C. Use the viewport <meta> tag.
15.                D. Use the DisplayMode provider.
16.    Correct: The display mode provider performs some of the analysis of the HTTP request to try and determine what kind of browser made the request.
1.       You are creating a different view for each of several different browsers/devices, such as Home.iemobile.cshtml and Home.IPad.cshtml. What is the best way to implement it so your application knows to look for the specific views? A. Use the viewport <meta> tag.
2.                   B. Add a new DisplayModeProvider for each of the special view types you want to support.
3.       Correct: Adding a DisplayModeProvider for each type of special view, such as IEMobile or IPad, informs the framework to use those views where the context condition is fulfilled.
4.       C. Put logic into each action to select the appropriate view based on information in the request.
5.       D. You don’t have to do anything. The framework automatically handles browser/de­vice detection by reading the new extensions on the views.

1.       You are creating an ASP.NET MVC web application, and you decide to create a new layout for mobile devices with relatively small screens. Which @media query should you create or modify to accomplish the task? (Choose all that apply.)
2.                   A. @media (max-width:768px)
3.       Correct: This allows for devices with a maximum width of 768 pixels.
4.                   B. @media (max-width:478px) and (orientation:portrait)
5.       Correct: This allows for devices with a maximum width of 478 pixels in portrait view, such as tablets.
6.       C. @media (min-width:768px) and (orientation:portrait)
7.       D. @media (min-width:1200px)
8.       You are modifying an existing ASP.NET MVC web application to incorporate mobile access. What should you do to ensure that mobile devices view mobile-only pages? (Choose all that apply.
9.                   A. Run the Install-Package jQuery.Mobile.MVC command using the Package Manager console.
10.    Correct: This installs all the necessary mobile packages.
11.    B. Create a _Layout.Mobile.cshtml master layout page.
12.    C. Create additional views with .Mobile, such as Index.Mobile.cshtml.
13.                D. Create additional views with .Mobile, such as Index.Mobile.cshtml as well as a _Layout.Mobile.cshtml master layout page.
14.    Correct: All mobile views and mobile master layout ensure that the page will load accordingly.
15.    You are modifying an ASP.NET MVC web application for a client. The client requires that the application must be viewable on Android devices in a UI format native to the device. What should you do? (Choose all that apply.)
16.    A. Run the Install-Package jQuery.Mobile.MVC command using the Package Manager console.
17.    B. Create a viewport and use @media queries to make styles that are specific for Android.
18.                C. Create corresponding mobile views for the project targeted toward Android.
19.    Correct: Additional views must be created or ported to fit the smaller layout.
20.    D. Modify the Web.config file in Shared views in the project to add in support for other browsers.

1.       You have been asked by the marketing department to help improve your company’s ranking in search engine results. They are particularly concerned about a section of the site that is highly interactive, with extensive mouse-over color, background, and text changes. Without looking at the code, what is the most likely reason for ranking low in search engine results?
2.       A. Unclosed HTML tags
3.                   B. Content hidden in JavaScript tags
4.       Correct: Text revealed by mouse-overs not being picked up by search engine crawlers indicates that content is being skipped.
5.       C. Broken links
6.       D. Excessive number of images
7.       You have been asked by a company to evaluate its web application as a user. The com­pany wants you to review the website from outside its network and identify areas that might be problematic. You have been asked to consider SEO and accessibility. Which tools would be helpful for your review? (Choose all that apply.)
8.       A. IIS SEO Toolkit
9.                   B. Internet Explorer F12 tools
10.    Correct: The Internet Explorer F12 tool enables you view HTML and CSS code, which can help you detect structural problems or errors that might affect acces­sibility or SEO.
11.    C. IIS Logging tab
12.    D. Bing Webmaster Toolkit
13.    Your company has joined an industry accessibility group and you are a member. As one of your responsibilities, you have been asked to estimate the time it would take to modify your corporate site for accessibility. What should you consider to properly estimate the required time? (Choose all that apply.)
14.    A. The amount of text in the website
15.                B. The level of current usage of HTML helpers in your views
16.    Correct: Because ASP.NET MVC 3 HTML helpers are not ARIA compliant, you need to write custom HTML helpers or use a different process to create HTML forms.
17.    C. The numbers of controllers in the application
18.                D. The complexity of your data entry forms
19.    Correct: Because many of the problems with accessibility are related to giving context to content, complex forms need a thorough review to ensure that labels and section context are provided for every element on the page.

1.       You are globalizing an application and are compiling a list of items that need to be translated. Which items should be included on the list? (Choose all that apply.)
2.                   A. Images that are used as part of the menu structure
3.       Correct: Images that are being used for menus likely have text displayed on them. That text should be localized, and extra sets of buttons might have to be created.
4.       B. The company logo
5.       C. Server error-logging messages
6.                   D. Button tooltips
7.       Correct: Tooltips are supposed to give extra contextual help about the item the mouse hovers over. It is important to get them translated.
8.       You are creating an ASP.NET MVC website and you want to replace a <h2>hello</h2> tag within the view with custom resources you have created. What should you use?
9.                   A. <h2>@mvcapp.Resources.Home.Index.Heading</h2>
10.    Correct: This is the correct way to insert resources into a view.
11.    B. <h2 div=”resource”>Hello</h2>
12.    C. <h2 class=”resource”>Hello</h2>
13.    D. <h2>@mvcapp.Resources.Home.Index.Heading Hello</h2>
14.    You are developing an ASP.NET MVC application and you need to create satellite as­semblies from resource files. What code should you use?
15.    A. mage.exe /n: /
16.    B. WinRes.exe /t: /culture:de-DE
17.    C. Lc.exe
18.                D. al.exe /t:lib / /culture:de-DE / resources.dll
19.    Correct: Assembly Linker generates modules or resource files.

1.       You have a set of requirements that expects a particular action to be accessed only through HTTPS by an authenticated user. What is the best way to meet these requirements?
2.                   A. Use the Authorize attribute before the RequireHttps filter.
3.                   B. Use the RequireHttps attribute before the Authorize filter.
4.       Correct: It filters out those users not on an SSL connection before performing the more resource-intensive authentication check.
5.       C. Use a custom action filter that combines the check for HTTPS and the check for authentication into a single filter.
6.       D. Use Authorize alone; you do not need to use RequireHttps separately if you already have Authorize, because using Authorize implies the use of HTTPS
7.       You have written a shareware application and want to sell it on your personal website. You are considering various approaches for distributing the application after users purchase it. Which of the following is the best approach?
8.                   A. Use the FileResult action result to initiate the file download.
9.                   Correct: The FileResult property was designed for this need.
10.                B. Convert the application to an encoded string and provide it for download through the ContentResult.
11.                C. Create a view or partial view that contains an action link to a route in which the user can download the file.
12.                D. Create an email containing a link to a route from which the user can download the file.
13.                3. You have been tasked with modernizing an application created in ASP 3.0. Part of one of the pages contains HTML that comes as a string from a third-party application as part of a service call that populates part of a form. The same form contains input val­ues for your application. You need to support the same business process as the original application, but you also want to use some MVC features. What is the approach?
14.                A. Create a single model containing information from your local application. Use strongly-typed binding as much as possible and manually match the rest of the fields.
15.                B. Create a single model for the local input fields and the service call input, and use ToValueProvider to map the entire object.
16.                C. Create a single model. Use weakly-typed binding for the form fields, and the HTML provided by the third-party application.
D. Create a model that contains only your fields and strongly bind the fields to the model. Create a second model that maps to the fields in the imported HTML and bind to that model using ToValueProvider.
Correct: The key is separating your data input fields from the provided input fields. You can strongly-bind to yours because you have full control over the rela­tionship between your model and your view, and can then use the ToValueProvider to merge the other model that is tied to the provided input fields.


1.       You are developing an ASP.NET MVC application. You have a set of requirements to create a help section for remote users. Your typical help scheme is help/desktop or help/mobile, so logically this section should be help/remote. The change board wants the links in the application to point to the default support site. Which code segment would you use?
2.       A. routes.MapRoute( name: “Default”, url: “{controller}/{action}/{id}”, defaults: new { controller = “Home”, action = “Index”, id = UrlParameter.Optional });
5.                   B. routes.MapRoute( “remote”, “help/remote”, new { controller = “support”, action = “Index” });Correct: This is how you add an additional route and point to a different controller.
6.                   C. routes.MapRoute( “remote”, “help”, new { controller = “support”, action = “Index” });
7.                   D. routes.MapRoute( “remote”, “remote/help”, new { controller = “support”, action = “Index” });
8.                   2. You are developing an ASP.NET MVC application. You noticed a bug on the DVD controller of the application. You want to ignore the DVD pages until the bug is fixed. What should you do?
9.                   A. Add route.SetItem(route.Count, “dvd/”); to the RegisterRoute method.
10.                B. Add route.IgnoreRoute(“dvd/”); to the RegisterRoute method.
11.                Correct: IgnoreRoute is the correct statement to use.
12.                C. Add route.Insert(route.Count,“dvd/”); to the RegisterRoute method.
13.                D. Add route.Remove(“dvd/”); to the RegisterRoute method.
14.                3. You are the lead developer on a team that has been working on a large website for months, and several controllers are getting unwieldy. You do not have that problem with views and models because most of your communications are through AJAX to display snippets of information on the UI. What changes can best help you solve your problem? (Choose all that apply.)
15.                A. Create partial classes for the controllers that have AJAX functionality to create a set of Controller.Ajax.cs files. Put the AJAX-specific functionality in those files.
16.                Correct: Creating partial classes offers some relief to the problem that you are ex­periencing, although not as much as a more-functional separation such as offered by areas. You do not have to make any UI changes, however.
17.                B. Create an area called AJAX. Move all controllers, models, and views into the area.
18.                C. Create an area called AJAX. Move the specific AJAX functionality into the Control­lers directory and leave the Views and Models directories empty.
19.                Correct: Your best move is to separate the AJAX components into an area. You would have to change all the calls to it, but you would achieve complete separa­tion of concern for AJAX calls.
20.                D. Create a new ASP.NET MVC 4 application project. Move the AJAX functionality into that so that it will be more responsive.

1.       Your application manages the sale of expensive well-drilling equipment. Your IT direc­tor wants you to add functionality that sends an email to a customer’s sales account manager whenever someone from your client company logs in to the system. What is an appropriate solution?
2.       A. Override the AuthorizeAttribute and apply it to the login action. Run the base method first to handle the authentication and then evaluate the status of the request. If the user is a customer, send the email.
3.       B. Create a custom action filter that is globally defined and overrides the OnActionExecuting method. This action filter evaluates the status of the user and sends the email if it is a customer.
4.       C. Override the AuthorizeAttribute that is applied to the login action, check for the user’s authentication status, and determine whether it is a customer prior to send­ing it to the base authentication method.
5.                   D. Create an action filter that overrides the OnActionExecuted method and apply it to the login action. This action filter evaluates the status of the user and sends the email if it is a customer.
6.       Correct: This is be applied only because the user is leaving the login section of the application, at which point you also know whether they have been authenticated
7.       You work for a financial services company that deals with many small brokers. Your ex­ecutives want to be able to run a report that details all the actions taken by the brokers on the site as a form of auditing and protection. Neither the application nor system currently stores this kind of information. Which of the following are viable solutions? (Choose all that apply.)
8.                   A. Create a globally applied custom action filter that implements the OnActionExecuting method. Have it store the user, the URL, and the forms collection.
9.                   Correct: Creating a globally applied action filter enables you to save the state of every action taken by the user while logged in to your site.
10.                B. Create a globally applied custom action filter that implements the OnActionExecuting method. Have it store the user, the URL, and the forms collection.
11.                C. Create a globally applied custom action filter that implements the OnActionExecuted method. Set the AllowMultiple parameter to false in the filter. Have it store the user, the URL, and the forms collection.
12.                Correct: By creating a globally applied action filter you have ensured that every action taken by the user will be logged
13.                D. Override the AuthorizeAttribute and have it store the user, the URL, and the forms collection.
14.                3. You are adding the capability for users to customize their site’s display colors. You are required to provide a slider that enables users to change each RGB element. What can you do to ensure that this gets treated in the model and stored in the database as a single RGB color? (Choose all that apply.)
15.                A. Strongly bind the sliders to their own individual fields in the model. Ensure that the model unit for color only implements the GET, where you write code that concat­enates the values.
16.                B. Create a custom model binder that knows to look for the three values and how to put them together to get the single color.
17.                Correct: This solution works because it combines the three discrete values into a single object on the model.
18.                C. Add the three different elements to the model and ensure that your update state­ment to the database correctly joins the elements to get the appropriate color.
19.                D. Create a custom model binder that evaluates the entire color customization process and binds the entire model rather than just managing a subset of the information
20.                Correct: Although it takes more work, using an approach of creating a model binder for the entire object, rather than just a part, successfully manages the need to have it in the model and in the database.

1.       You are working on a AJAX-heavy site, and your script files are separated in your solu­tion by function. You have already implemented minification and bundling, but you are still getting reports of poor performance when users try to access your pages. You can­not replicate the problem locally. What additional steps can you take and still provide the same user experience?
2.       A. Compress all scripts locally and have the users download the compressed files rather than the uncompressed files.
3.       B. Turn IIS compression on, turn on the option to compress dynamic pages, and set the minimum file size to 0 so that every file served will be compressed.
4.                   C. Turn IIS compression on, disable dynamic page compression, and set the minimum file size to the size of your smallest bundled script file
5.       Correct: This is an appropriate next step to try to compress the script and style files being sent to the client.
6.       D. There is nothing more to do without redesigning the site.
7.       You want to implement bundling and minification in your site. What are some of the potential problems you need to be aware of? (Choose all that apply.)
8.       A. None; there is no condition in which this is a poor decision.
9.                   B. You need to be sure you do not bundle too many scripts together because you cannot take advantage of concurrent downloads if only one or two files are being downloaded.
10.    Correct: Bundling every script into a single large file might decrease the effective­ness of concurrent downloading.
11.    C. You should bundle and minimize scripts and CSS files together for maximum effectiveness.
12.                D. Not bundling logically linked scripts together can have a negative effect on performance.
13.                Correct: Not separating scripts logically might lead to the user downloading scripts that will never be used. Although the download experience is maximized, it does not make sense to download unused scripts.
14.    Your U.S.-based company recently opened an office in England. Staff members have been making lots of sales calls, which have generated an increase in visits to the company’s websites. Much of the activity involves downloading sales sheets, product descriptions, and other sales support information currently stored in PDFs. There have been some performance-related complaints from remote sales staff, but no local users have noticed any problems. Which of the following are potential solutions? (Choose all that apply.)
15.    A. Bundle and minify the PDF files to ensure that there is no wasted space.
16.                B. Write an action result that takes a file name and returns a compressed version of the file for download.
17.    Correct: This solution causes more work on the client side to open and view the compressed content, but it provides a more responsive user experience
19.                C. Sign on with a CDN with nodes in North America and Europe and use it to serve files and other static content to sales support staff.
20.                Correct: Moving the part of the site most affected by the new usage closer to the users increases their download speed and thus their perceived performance.
21.                D. Add two additional servers and create a server farm to serve your content.

1.       Your application has an intermittent issue, based on the user’s path through the ap­plication, in which the application seems to stop running. Even when running in debug mode, the application calls a web service and then stops. The application locks and the call never returns, thus the user’s request is never completed and eventually times out. What performance or profiling tool will provide the most pertinent information about your application?
2.       A. CPU sampling in the Performance Wizard
3.       B. Memory allocation in the Performance Wizard
4.                   C. Resource contention data in the Performance Wizard
5.       Correct: Thread and resource profiling will give some understanding of what kind of actions are taking place that will cause a resource or thread to be blocked
6.       D. Tracing from the System.Diagnostics namespace that logs the times of web service call and web service return
7.       E. The Health Monitoring tool, for capturing security information related to the inter­action with the web service
8.       You inherited a working application that began as a proof of concept but was eventu­ally adopted as a production application without being refactored. Many new require­ments need to be added. As part of your initial analysis, you notice a lot of problems with bad data. Which solutions will help remediate this issue? (Choose all that apply.)
9.       A. Running the Performance Wizard to sample CPU usage
10.                B. Adding code contracts to ensure that the input parameters have expected values
11.    Correct: Preconditional code contracts ensure that incorrect information is not submitted to a method. This helps eliminate the possibility of bad data
12.                C. Adding code contracts to ensure that the return values meet specific criteria
13.    Correct: Postconditional code contracts ensure that incorrect information is not returned from a method. This helps eliminate the possibility of bad data.
14.                D. Adding code contracts to ensure that objects do not become invalid during process
15.    Correct: Invariant code contracts ensure that objects do not get to an invalid state. This helps eliminate the possibility of bad data.
16.    E. Running the Visual Studio profiler to analyze application flow
17.    You are helping a client estimate the effort involved in adding comprehensive moni­toring to an enterprise-level ASP.NET MVC application. Which of the following are useful considerations while building the estimate? (Choose all that apply.)
18.                A. Adding health monitoring involves many choices. An evaluation will have to be performed to determine which monitors will be of real use.
19.    Correct: Adding health monitors is an easy task. Determining which options pro­vide the information you need will be time-consuming because of the number of choices.
20.                B. Adding generic logging can be done as part of the rework. After the logging pat­tern has been established, you can add logging as part of any new work and as part of the refactoring process.
21.    Correct: Generic logging is a useful addition and can be added as items are refac­tored; it is not an all-or-nothing type of work.
22.    C. Adding tracing must be done completely and comprehensively before it can be of any use. There is no point in implementing tracing in a single part of the applica­tion if you are not going to refactor the application.
23.    D. Creating a data collection set in Performance Monitor will provide all the needed information and can be set up in a few minutes.

1.       You are re-creating an application that was originally built with ASP 2.0. You need to break the monolithic application into a traditional three-tier application. One of the requirements is that database errors must be displayed in the UI. Which solution will present enough information to the user so they can notify the appropriate person of a problem, but not allow the user to gain information about the design of the database?
2.       A. Add a first chance exception handler and log the information in the error.
3.                   B. Add a generic database-layer exception handler to the business layer, and pass ap­propriate error information to the UI layer for display in a custom error page.
4.       Correct: The business layer is the appropriate place to manage data layer excep­tions. By repackaging it and sending it up to the user layer, you can maintain separation of concerns and meet the requirement to display information to the user. This will also enable you to log the information as necessary to support de­bugging.
5.       C. Add specific database exception handlers in the business layer and log the infor­mation into the database for further review.
6.       D. Let the errors pass through the business layer to the UI layer where they can be handled as specific errors and presented as appropriate in the UI.
7.       What is an advantage to using first chance exception notification?
8.       A. The ability to capture and handle all exceptions that occur within the application in one place
9.       B. The ability to log an exception after it is handled by its appropriate error handling code
10.                C. The ability to log an exception before it is touched by any other error handler
11.    Correct: The first chance exception handler enables you to examine an exception and take some action before it is touched by any other handler.
12.    D. The ability to forward an exception to an error handler based on the type of ex­ception that was thrown
13.    Using custom error pages provides a lot of flexibility to an application because it allows for a consistent user experience even when the application has a problem. To take full advantage of this flexibility, you need to be able to create the pages and configure the application to use these pages. What code will provide custom error pages for 404 er­rors and general exceptions?A.
<system.web> <customErrors mode=”RemoteOnly” defaultRedirect=”Error/GeneralException”> <error statusCode=”404” redirect=”ErrorController.Status404” /> </customErrors></system.web>

<system.web> <customErrors mode=”RemoteOnly” defaultRedirect=”Error/GeneralException”> <error statusCode=”404” redirect=”Error/Status404” /> </customErrors> </system.web> <system.webServer> <httpErrors errorMode=”Detailed” /> </system.webServer>
Correct: This example shows the 404 error status and it sets the default error han­dler to the server error action.

<system.web> <customErrors mode=”RemoteOnly”> <error statusCode=”404” redirect=”Error/Status404” /> <error statusCode=”GeneralException” redirect=”Error/GeneralException” /> </customErrors> </system.web> <system.webServer> <httpErrors errorMode=”Detailed” /> </system.webServer>

<system.web> <customErrors mode=”LocalOnly” defaultRedirect=”Error/GeneralException”> <error statusCode=”404” redirect=”Error/Status404” /> </customErrors> </system.web> <system.webServer> <httpErrors errorMode=”Detailed” /> </system.webServer>

1.       You are under contract with a large company that is starting to implement a TDD approach. As part of the long-term support for this effort, the company needs you to complete several unit tests. As you review the current code base, you find good tests for the model, but no tests for anything other than the model. Which of the following is the best approach to complete the unit tests?
2.       A. Create a new directory in the unit test project for the controller- and action-specific tests. Create a unit test file for each controller. Inside that file, have one or more tests for only the controller action methods.
3.       B. Add a new file to the unit test project called ControllerTests. Put all tests for all the controllers and the actions in the file.
4.       C. Create a new directory in the unit test project for the controller- and action-specific tests. Create a unit test file for each action you are going to test.
5.                   D. Create a new directory in the unit test project for the controller- and action-specific tests. Create a unit test file for each controller. Inside that file have one or more tests for all methods in the controller, regardless of whether they are an action or not.
6.       Correct: This solution provides for testing actions and nonactions as well as a good split of the tests per file.
7.       Your ASP.NET MVC web application has just been released to a group of pilot users. The users are reporting periods of extreme performance degradation. You did not en­counter performance issues during development or the quality assurance phase. What can you do in your development environment to understand what is occurring in the production environment?
8.                   A. Create a set of unit tests that repeatedly test certain parts of the application. Run them continuously over a period of time to ensure that the application works as expected.
9.                   B. Create a set of web tests that exercise the application. Set a run load of 50 percent of your pilot users and run them in a constant load testing process to validate the application’s behavior.
10.                C. Create a set of web tests that exercise the application. Using a step approach, start with a minimal number of users and increase to the total number of users in the pilot program.
11.                Correct: Starting from a midlevel count of users and then increasing to the total number of possible numbers should give you an idea of what is happening during the day-to-day running of the application in production  
12.                D. Create a set of web tests that exercise the application. Using a goal-based ap­proach, set the process to run to 75 percent CPU utilization. When you reach that point, compare the results with the number of users in the pilot program.
13.                3. You support hardware purchasing for an ASP.NET MVC application in your company. The application is finished, and the development team knows the number of intended users. Which approach will give the team the best understanding of the application’s hardware needs?
14.                A. Create several web tests that exercise all parts of the application, including all static pages. Run these tests in a constant load at various levels to see the effect on performance.
15.                B. Create several web tests that exercise all parts of the application, including all static pages. Run these tests in a step approach up to the maximum expected number of users. This will give you an idea of the load one server can handle.
16.                C. Create several web tests that exercise all parts of the application, including all static pages. Run these tests in a goal-based approach in which the percent of CPU usage and percent of memory usage metrics are set to the company standard maximums. Evaluate how many users it takes to reach the maximum levels.
17.                Correct: This approach will give them an objective analysis of the amount of users a server can manage at a particular level of memory or CPU usage.
18.                D. Create several web tests that exercise only the dynamic parts of the application, ignoring all static content. Run these tests in a goal-based approach in which the percent of CPU usage and percent of memory usage metrics are set to the company standard maximums. Evaluate how many users it takes to reach these maximum levels.

1.       You will be deploying your application in Windows Azure. You know that you need to include logging, but you have some concerns. What diagnostic capabilities can Win­dows Azure support? (Choose all that apply.)
2.                   A. The capability to turn on and off different aspects of the Windows Azure diagnos­tics through configuration changes
3.       Correct: You can control the diagnostics setting through configuration within your Windows Azure–hosted application.
4.                   B. The capability to retain logs from your custom logging solution on a Windows Azure storage account
5.       Correct: Although the Windows Azure VMs get recycled when the role restarts, saving the logs to the Windows Azure storage system outside of your VM would ensure that they are available.
6.       C. The capability to retain logs from your custom logging solution when written to a local store
7.                   D. The capability to send entries to the Windows Azure diagnostics system from within your application
8.       Correct: You can treat the Windows Azure diagnostics system like a traditional logging tool by writing messages to the system.
9.       What do you need to do to use IntelliTrace from within Windows Azure? (Choose all that apply.)
10.    A. Publish the solution from any version of Visual Studio Professional 2012 or higher.
11.                B. Select the Enable IntelliTrace check box before publishing the solution.
12.    Correct: When publishing the projects, you can configure the process to deploy in debug mode with IntelliTrace enabled.
13.    C. Ensure that you made all configuration changes in the Web.config file that will turn on IntelliTrace.
14.    D. Download and view the IntelliTrace logs through a web browser.
15.                E. Download and view the IntelliTrace logs through Visual Studio Ultimate 2012
16.    Correct: You can view the IntelliTrace logs through Visual Studio after download.
17.    You want to configure Windows Azure diagnostics. Where do you configure the spe­cific Performance Monitors you want to have run in support of your application?
18.    A. ServiceDefinition.csdef
19.    B. ServiceConfiguration.cscfg
20.                C. Diagnostics.wadcfg
21.                Correct: You configure specific monitors that will run in your application in the Diagnostics.wadcfg file.
22.    D. Web.config


1.       What type of authentication accepts login credentials that will be checked against the domain or local server and are sent in a hashed format?
2.       A. Basic authentication
3.                   B. Digest authentication
4.       Correct: Digest authentication is a challenge-response–based authentication method to ensure that user credentials are not sent over the network in clear text.
5.       C. Forms authentication
6.       D. Windows authentication
7.       Forms authentication enables you to write code to validate user credentials. After it is complete, you can register the authentication cookies for use throughout the user’s visit by using which of the following?
8.                   A. FormsAuthentication.SetAuthCookie
9.       Correct: FormsAuthentication.SetAuthCookie registers the authentication token in the cookie for use in future requests.
10.    B. FormsAuthenticationCookie = new FormsAuthenicationCookie();
11.    C. FormsAuthentication.ClearAuthCookie
12.    D. MembershipProvider.User =
13.    What default attributes or inline checks would you use to create an accepted-list scenario in ASP.NET MVC 4? (Choose all that apply.)
14.                 A. Authorize attribute
15.    Correct: AuthorizeAttribute can be put on controllers and actions to require au­thorization
16.    B. RequireHttps attribute
17.    C. WebSecurity.IsAuthenticated
18.                D. AllowAnonymous attribute
19.    Correct: AllowAnonymous can be put on controllers and actions to enable unau­thorized users access.
20.    What interfaces or classes should be implemented or inherited when creating custom authentication that is based on a non-Windows, third-party provider? (Choose all that apply.)
21.     A. ActiveDirectoryMembershipProvider
22.                B. IIdentity
23.    Correct: IIdentity describes the user that was authenticated.
24.    C. SqlMembershipProvider
25.                D. IPrincipal
26.    Correct: IPrincipal provides the security context of the user on whose behalf the code is running.
27.    What kind of helper methods does WebSecurity provide? (Choose all that apply.)
28.                A. Login
29.    Login is one of the methods provided by the WebSecurity helper.
30.                B. ResetPassword
31.    Correct: ResetPassword is one of the methods provided by the WebSecurity helper.
32.                C. CreateAccount
33.    Correct: CreateAccount is one of the methods provided by the WebSecurity helper.
34.                D. ChangePassword
35.    Correct: ChangePassword is one of the methods provided by the WebSecurity helper.
36.    E. DeleteAccount

1.       What attribute or code snippet within a controller enables a role named Admin to ac­cess actions or code blocks after the check-in code?
2.       A. RoleProvider.GetRolesForUser(“Admin”)
3.                   B. [Authorize(Roles=Admin)]
4.       Correct: The Authorize attribute handles authorization on a controller and/or action basis by using the Roles= qualifier
5.       C. RoleProvider.IsUserInRole(User.Name)
6.       D. [AuthorizeAttribute(Roles=Admin)]
7.       Which methods help the RoleProvider determine whether a user is assigned a role or set of roles? (Choose all that apply.
8.       A. GetRoles
9.                   B. GetRolesForUser
10.    Correct: GetRolesForUser gets a list of roles for a user.
11.                C. IsUserInRole
12.    Correct: IsUserInRole returns a Boolean on whether a particular user has a role.
13.    D. FindUsersInRole
1.       Why should you create a custom role provider? (Choose all that apply.)
2.                   A. To use a data source not regularly supported
3.       Correct: Because traditional providers work only on SQL Server, accessing a differ­ent data provider such as MySQL would require a custom provider.
4.       B. To use the SimpleRoleProvider
5.                   C. To use a database design different than .NET provides
6.       Correct: Using a different database design would require that you create a custom provider
7.       D. To provide a special configuration file entry

1.       Windows Azure ACS allows for federated identification from outside agencies such as a Microsoft account or Facebook. Which entity issues the final token that your applica­tion will accept for access?
2.       A. The outside agency
3.       B. Your application
4.       C. Your network firewall
5.                   D. Windows Azure ACS
6.                   Correct: ACS reads the token provided by the identity providers and creates a token that your application understands and accepts.
7.       WIF enables you to create a custom token. To be able to use the token, you must cre­ate a custom token handler by overriding which of the following?
8.       A. SecurityToken
9.                   B. SecurityTokenHandler
10.    Correct: SecurityTokenHandler is the appropriate class to override for creating a custom token handler
11.    C. SWTToken
12.    D. Saml2SecurityTokenHandler
13.    WIF adds the concepts of claims to which of the following? (Choose all that apply.)
14.                A. IIdentity
15.    Correct: The class implementing the IIdentity interface contains claims information
16.                B. IPrincipal
17.    Correct: The class implementing the IPrincipal interface contains claims information
18.    C. User
19.    D. MembershipProvider

1.       What class handles the actual data encryption?
2.       A. RijndaelManaged
3.       B. RSACryptoServiceProvider
4.                   C. CryptoStream
5.       Correct: CryptoStream provides access to an encrypted stream.
6.       D. RSAKeyInfo

1.       What are digital signatures used for? (Choose all that apply.)
2.       A. Encryption
3.                   B. Authentication
4.       Correct: Authentication is a reason for digital signing because it uniquely defines the party signing the data.
5.                   C. Nonrepudiation
6.       Correct: Nonrepudiation is a reason for digital signing because it uniquely defines the party signing the data and shows that it had to be the original party that sub­mitted the data.
7.                   D. Authorization
8.       Correct: Authorization can be determined after the individual is uniquely defined.
9.       E. Hashing
10.    How do you encrypt the <connectionStrings> section of the Web.config file?
11.    A. aspnet_regiis -pe “ConnectionStrings” -app “/MachineDPAPI” -prov “RsaProtectedConfigurationProvider”
12.    Correct: This is the proper way to encrypt the <connectionStrings> setting of the Web.config file.
13.    B. aspnet_regiis -pe “Web.Config”-app “/MachineDPAPI” -prov “RsaProtectedConfigurationProvider”
14.    C. aspnet_regiis -pd “ConnectionStrings” -app “/MachineDPAPI” -prov “RsaProtectedConfigurationProvider”
15.    D. aspnet_regiis -pd “Web.Config” -app “/MachineDPAPI” -prov “RsaProtectedConfigurationProvider”

1.       What roles does a CA play in a PKI? (Choose all that apply.)
2.       A. Serves the certificate for the web server
3.                   B. Validates the company or individual purchasing the certificate
4.                   Correct: The CA validates the company or individual
6.                   C. Signs the certificate as authentic
7.       Correct: The CA signs the certificate.
8.       D. Provides the Domain Name System (DNS) connections between the client and server
9.       What are the primary differences between the AntiXSS Library and the default .NET Framework? (Choose all that apply.)
10.    A. The AntiXSS Library takes a blocked-list approach, whereas the .NET Framework takes an accepted-list approach.
11.                B. The AntiXSS Library has be modified to realize performance gains.
12.    Correct: The AntiXSS Library is more performant than the traditional .NET Framework.
13.                C. The AntiXSS Library takes an accepted-list approach, whereas the .NET Framework takes a blocked-list approach.
14.    Correct: AntiXSS takes an accepted-list approach, which means only those charac­ters that have been approved are allowed through.
15.                D. The AntiXSS Library offers enhanced globalization capabilities.
16.                Correct: AntiXSS was designed to allow additional support for globalization
17.    A SQL injection attack occurs when an application allows input submitted by the client to be run as part of a SQL command. What actions should a developer take to ensure that this doesn’t happen? (Choose all that apply.)
18.    A. Use Entity SQL because it does not suffer from the same risk.
19.                B. Use SQLParameters to submit the parameters.
20.    Correct: Using SQLParameters is the best way to manage this risk.
21.                C. Use Linq-to-Entities to access the database,
22.    Correct: Linq-to-Entities uses an object model as access into the data layer, so the risk is mitigated.
23.    D. Filter out keywords and symbols.

Share this: