The real questions-70-340

When candidate see this title,some are happy,and some had the suspicion to it.it’s normal.I want to tell the happy candidate your feeling is correct.when you have visited pass4sure,you have the same feeling for sure-you have get your 70-340 certification.

this exam named MCSD .NET Implementing Security for Applications with Microsoft Visual C# .NET,the questions numbers of real-exam have only 30.pass4sure provided some free demo for you now.

1.You are an application developer for your company. You are developing a client application that queries a Microsoft SQL Server database. The application uses an unmanaged component to retrieve data from another application, and your application uses that data as part of a SQL query.
In the application code, you use a variable named externalobject to refer to the unmanaged component. A variable named calcval contains an integer value that is calculated by your application. A SqlCommand object named sqlcmd is already defined and associated with an open ADO.NET connection to the SQL Server database.
The application contains the following code segment.

string myquery;
myquery = “INSERT INTO DataStore (ExternalID, CalcValue)”;
myquery += ” VALUES(” + externalobject.LegacyData + “,”;
myquery += calcval.ToString() + “)”;
sqlcmd.CommandText = myquery;
sqlcmd.ExecuteNonQuery();
You need to improve the security of this code segment.
What should you do?
A: Place the code segment within a try-catch block.
B: In the code segment, ensure that the value of externalobject.LegacyData meets the length and type requirements of the SQL Server table.
C: Validate that externalobject.LegacyData contains only expected data and no additional SQL statements.
D: Copy the contents of externalobject.LegacyData into a string variable, and append the string variable to the SQL statement.
Correct Answers:  C
2.You are an application developer for your company. You are developing an ASP.NET Web application. All users in the company use Microsoft Internet Explorer 6.0. A group of users is testing the application. The users report that when an exception occurs, the full exception information is displayed in their Web browsers.
You need to ensure that the full exception information is not displayed when an exception occurs.
What should you do?
A: Require users to use HTTPS to access the application.
B: Trap all exceptions and display a generic error message.
C: Instruct users to enable friendly error messages in Internet Explorer.
D: Obfuscate the compiled assemblies of the application
E: Modify the application’s configuration to disable custom errors.
Correct Answers:  B
3.You are an application developer for your company. You are conducting a code review of an application that was developed by another developer. The code declares a variable named permvalue and a variable named grouplist.
A portion of the application code defines security permissions for the user. The application is designed so that permvalue contains an integer that indicates various permissions within the application, and grouplist contains the name of a user group. The permvalue variable also contains values that indicate other information about the user. The grouplist and permvalue variables are initially populated by other components, which are called by the main application.
The application contains the following code segment. (Line numbers are included for reference only.)
01 switch(grouplist) {
02   case “Admin”:
03   case “Administrator”:
04     permvalue = permvalue | 256;
05     break;
06   case “Reviewer”:
07     permvalue = permvalue | 128;
08     break;
09   case “Manager”:
10     permvalue = permvalue | 64;
11     break;
12 }