Question: You create a method that runs by using the credentials of the end user. You need to use Microsoft Windows groups to authorize the user. You must add a code segment that identifies whether a user is in the local group named Clerk. Which code segment should you use?
WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
foreach(IdentityReference grp in currentUser.Groups) {
NTAccount grpAccount = ((NTAccount)grp.Translate(typeof(NTAccount)));
isAuthorized = grpAccount.Value.Equals(Environment.MachineName + @"\Clerk");
if(isAuthorized)
break;}WindowsPrincipal currentUser = (WindowsPrincipal)Thread.CurrentPrincipal;
isAuthorized = currentUser.IsInRole("Clerk");GenericPrincipal currentUser = (GenericPrincipal)Thread.CurrentPrincipal;
isAuthorized = currentUser.IsInRole("Clerk");WindowsPrincipal currentUser = (WindowsPrincipal)Thread.CurrentPrincipal;
isAuthorized = currentUser.IsInRole(Environment.MachineName);
Correct Answer: 2
Question: You are writing code for user authentication and authorization. The username, password, and roles are stored in your application data store. You need to establish a user security context that will be used for authorization checks such as IsInRole. You write the following code segment to authorize the user.
if (!TestPassword(userName, password))
throw new Exception("could not authenticate user");
String[] userRolesArray = LookupUserRoles(userName);
You need to complete this code so that it establishes the user security context. Which code segment should you use?
GenericIdentity ident = new GenericIdentity(userName);
GenericPrincipal currentUser = new GenericPrincipal(ident, userRolesArray);
Thread.CurrentPrincipal = currentUser;WindowsIdentity ident = new WindowsIdentity(userName);
WindowsPrincipal currentUser = new WindowsPrincipal(ident);
Thread.CurrentPrincipal = currentUser;NTAccount userNTName = new NTAccount(userName);
GenericIdentity ident = new GenericIdentity(userNTName.Value);
GenericPrincipal currentUser = new GenericPrincipal(ident, userRolesArray);
Thread.CurrentPrincipal = currentUser;IntPtr token = IntPtr.Zero;
token = LogonUserUsingInterop(username, encryptedPassword);
WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(token);
Correct Answer: 1
Question: You are developing a method to call a COM component. You need to use declarative security to explicitly request the runtime to perform a full stack walk. You must ensure that all callers have the required level of trust for COM interop before the callers execute your method. Which attribute should you place on the method?
- [SecurityPermission(SecurityAction.Demand,
Flags=SecurityPermissionFlag.UnmanagedCode)] - [SecurityPermission(SecurityAction.LinkDemand,
Flags=SecurityPermissionFlag.UnmanagedCode)] - [SecurityPermission(SecurityAction.Assert,
Flags = SecurityPermissionFlag.UnmanagedCode)] - [SecurityPermission(SecurityAction.Deny,
Flags = SecurityPermissionFlag.UnmanagedCode)]
Correct Answer: 1
Question: You create an application to send a message by e-mail. An SMTP server is available on the local subnet. The SMTP server is named smtp.Company.com. To test the application, you use a source address, me@Company.com, and a target address, you@Company.com. You need to transmit the e-mail message. Which code segment should you use?
MailAddress addrFrom = new MailAddress("me@Company.com", "Me");
MailAddress addrTo = new MailAddress("you@Company.com", "You");
MailMessage message = new MailMessage(addrFrom, addrTo);
message.Subject = "Greetings!";
message.Body = "Test";
message.Dispose();string strSmtpClient = "mstp.Company.com";
string strFrom = "me@Company.com";
string strTo = "you@Company.com";
string strSubject = "Greetings!";
string strBody = "Test";
MailMessage msg = new MailMessage(strFrom, strTo, strSubject, strSmtpClient);MailAddress addrFrom = new MailAddress("me@Company.com");
MailAddress addrTo = new MailAddress("you@Company.com");
MailMessage message = new MailMessage(addrFrom, addrTo);
message.Subject = "Greetings!";
message.Body = "Test";
SmtpClient client = new SmtpClient("smtp.Company.com");
client.Send(message);MailAddress addrFrom = new MailAddress("me@Company.com", "Me");
MailAddress addrTo = new MailAddress("you@Company.com", "You");
MailMessage message = new MailMessage(addrFrom, addrTo);
message.Subject = "Greetings!";
message.Body = "Test";
SocketInformation info = new SocketInformation();
Socket client = new Socket(info);
System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
byte[] msgBytes = enc.GetBytes(message.ToString());
client.Send(msgBytes);
Correct Answer: 3
Question: You need to write a code segment that will create a common language runtime (CLR) unit of isolation within an application. Which code segment should you use?
AppDomainSetup mySetup = AppDomain.CurrentDomain.SetupInformation;
mySetup.ShadowCopyFiles = "true";System.Diagnostics.Process myProcess;
myProcess = new System.Diagnostics.Process();AppDomain domain;
domain = AppDomain.CreateDomain("CompanyDomain"):System.ComponentModel.Component myComponent;
myComponent = new System.ComponentModel.Component();
Correct Answer: 3