1、 question 1You work as the application developer at Cer-T. Cer-T uses Visual Studio.Net 2005 as its application development platform.你在Cer-T做应用程序开发人员,Cer-T使用VS2005作为其应用程序的开发平台You are developing a .Net Framework 2.0 application used to store a type-safe list of names and e-mail addresses.你正在开发一个.Net Framework 2.0应用程序,用来存储一个包含了姓名和电子邮件的类型安全的列表(清单)The list will be populated all at once from the sorted data which means you well not always need to perform insertion or deletion operations on thd data.这个列表会被完全的填充从排序的数据,这就意味着你不需要经常对这些数据完成插入或删除操作。
You are required to choose a data structure that optimizes(优化) memory use and has good performance.请你选择一个数据结构,以便优化内存使用,具有良好的性能What should you do?该如何做?A、 The System.Collections.Generic.SortedList class should be usedB、 The System.Collections.HashTable class should be usedC、 The System.Collections.Generic.SortedDictionary class should be usedD、 The System.Collections.SortedList class should be used点评:SortedList 表示键/值对的集合,这些键值对按键排序并可按照键和索引访问HashTable 表示键/值对的集合,这些键值对根据键的哈希代码进行组织C 该类不存在D 非类型安全的,没有引人泛型。
2、 Question 2You work as an application developer at Cer-T. You have recently created an application that include the code shown below.你在Cer-T做应用程序开发人员最近你创建了一个应用程序,包含如下的代码:public delegate string GetFileContentsDel();public string GetFileContens(){ //Process file and return results}You now need to invoke the GetFileContents method asynchronously(异步).You have to ensure that the code you use to invoke the GetFileContents method will continue to process other user instructions,and displays the results as soon as the GetFileContents method finishes processing. What should you do?现在你需要异步调用GetFileContents方法。
必须确保你的代码在调用GetFileContents方法的同时将继续处理其他用户的指令,并在GetFileContents方法完成处理后显示结果你应该怎么做?A、 Use the following code://创建委托对象并且实例化GetFileContentsDel delAsync=new GetFileContentsDel(GetFileContents);IAsyncResult result=delAsync.BeginInvoke(null,null);while(!resul.IsCompleted){ //Process other user instructions}string strFile=delAsync.EndInvoke(result);B、 Use the following code:GetFileContentsDel delAsync=new GetFileContentsDel(GetFileContents);string strFile=delAsync.Invoke(); //直接调用C、 Use the following code:string strFile=GetFileContents.Invoke();//语法错误D、 Use the following code:GetFileContentsDel delAsync=new GetFileContentsDel(GetFileContents);IAsyncResult result=delAsync.BeginInvoke(null,null);//Process other user instructionsstring strFile=delAsync.EndInvoke(result); 点评:IAsyncResult 包含异步操作的方法的类实现。
对于只有同步方法的对象,只需要定义一个委托,并使用其BeginInvoke和EndInvoke方法就可以了 B、直接调用 C、语法错误 D、与题意不符合,没有状态判断3、 Question 3You work as the application developer at Hi-T. You have created a new service application named App01.App01 must still be deployed into the Hi-T network. A Hi-T network administrator named Rosanne Keith has already created a user ccount for App01. You must configure App01 to run in the context of this new user account.What should you do next?你在Hi-T做应用程序开发人员你已经创建了一个新的服务应用程序命名App01.该服务必须部署在Hi-T的网络中。
Hi-T的一个叫罗萨安娜基思的网络管理员已经创建了App01的用户帐号在新的用户帐号下要运行App01,你必须做一些相应的配置下一步应该做什么?A、 Before Deploying App01,specify the startType property of the ServiceInstaller class.B、 Before delploying App01,specify the Account,Username,and Password properties of the ServiceProcessInstaller class.在部署App01之前,指定账户,用户名和密码的ServiceProcessInstaller类的属性C、 Install the service by using the CONFIG option of the net.exe command-line tool.D、 Install the service by using the installutil.exe command-line tool.点评:4、 Question 4You pass a value-type variable into a procedure as an argument.The procedure changes the variable;however,when the procedure returns,the variable has not changed.What happened?(Choose one.)你在一个方法中传入了一个值类型的变量做参数。
方法里改变了这个变量;而当方法返回时,变量的值并没有被改变这是为什么?(选择一项)A、 The variable was not initialized before it was passed in.该变量在传入的时候没有被初始化B、 Passing a value type into a procedure creates a copy of the data.向方法里传入值类型的变量,实际上是传入了一个数据的副本C、 The variable was redeclared within the procedure level.在方法体中重新申明了这个变量D、 The procedure handled the variable as a reference. 方法按引用处理了该变量点评:考察了数据传参的方式:按值传参和按引用传参5、 Question 5You work as the application developer at Hi-T. You are working on a new application named App01. App01 is configured to perform a series of mathematical calculations.你在Hi-做应用程序开发人员。
正在开发一款新的应用程序,名字叫App01;App01配置为执行一系列的数学计算You create a class named AppClass and create a procedure named AppSP. AppSP must execute on an instance of the class.你创建了一个AppClass的类和一个AppSP的方法该方法必须作为该类的实例运行You must configure the application’s user interface(UI) so that it continues to respond for the duration that calculations are performed.You must write the code segment for calling the AppSP procedure which will accomplish your objective.Choose the code segment which you should use.你必须配置应用程序的用户界面,以便它在进行计算期间能够继续做出响应。
你必须编写用于调用AppSP程序的代码,以实现上述目标选择下面的那段代码可以使用A、 private void AppSP(){….}private void DoWork(){ AppClass myValues=new AppClass(); Thread newThread=new Thread(new ThreadStart(AppSP)); newThread.Start(myValues);}B、 private void AppSP(){…}private void DoWork(){AppClass myValues=new AppClass();ThreadStart delStart=new ThreadStart(AppSP);Thread newThread=new Thread(delStart);if(newThread.IsAlive){ new Thread.Start(myValues);}}C、 private void AppSP(AppClass values){…..}private void DoWork(){AppClass myValues=new AppClass();Application.DoEvents();AppSP(myValues);Application.DoEvents();}D、 private void AppSP(object values){….}private void DoWork(){ AppClass myValues=new AppClass(); Thread newThread=new Thread(new ParameterizedThreadStart(AppSP));}点评:引入线程 ThreadStart 该委托不能带参数 ParameterizedThreadStart 该委托可以带参数6、 question 6You work as the application developer at Cer-T. Cer-T uses Visual Studio.Net2005 as its application development platform. 你在Cer-T做应用程序开发人员。
Cer-T用VS2005作为其开发平台You are developing a .NET Framework 2.0 financial application and are busy developing a module that backs up the critical data on a separate hard drive. 你正在开发一款.net2.0的财务应用程序,并忙于开发一个模块,备份关键数据到一个独立的硬盘驱动器(硬盘)You are required to decide which properties of the DriveInfo class to use and find the type of file system like FAT or NTFS and the drive free space and the user disk quota(配额/指标) should be ignored by the application.你必须决定DriverInfo类使用的参数,找到像FAT或者NTFS类型的文件系统和磁盘的可以空间,并使应用程序忽略用户磁盘的配额。
What should you do?该如何做?A、 Use the DriveFormat and TotalFreeSpace properties of the DriveInfo class.B、 Use the DriveType and AvailableFreeSpace properties of the DriveInfo class.C、 Use the VolumeLabel and TotalSize properties of the DriveInfo classD、 Use the DriveType and TotalSize properties of the DriveInfo class.E、 Use the DriveFormat and AvailableFreeSpace properties of the DriveInfo class.点评:DriverInfo类的常用属性和方法 没有找到指定的属性7、 Question 7You are writing a method for a console application that lists options available to a user based on his group memberships.Which technique should you use?你正在为一个控制台应用程序写一个方法,给一个基于组成员的用户列出可用的选项。
下面哪项技术可以?A、 WindowsPrincipal.IsInRoleB、 WindowsIdentity.IsInRoleC、 Imperative(迫切的) RBS demands(需求)D、 Declarative(声明) RBS demands点评:WindowsPrincipal 允许代码检查Windows用户的Windows组成员身份 WindowsIdentity 表示Windows用户8、 Question 8You are as the application developer at Hi-T. You are working on an application named App01. App01 must be configured to use role-based security and authentication. 你在Hi-做应用程序开发人员正在开发一款App01的应用程序该程序必须配置为使用基于角色安全和身份验证You must develop the code segment which will result in the runtime assigning an unauthenticated principal object to each running thread.你必须开发代码段,这将导致在运行时分配了一个未经验证的主要对象对每个运行的线程。
Choose the code segment which will accomplish the task.选择那段代码可以实现A、 AppDomain domain=AppDomain.CurrentDomain;domain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)B、 AppDomain domain=AppDomain.CurrentDomain;domain.SetThreadPrincipal(new WindowsPrinipal(null));C、 AppDomain domain=AppDomain.CurrentDomain;domain.SetAppDomainPolicy(PolicyLevel.CreateAppDomainLevel());D、 AppDomain domain=AppDomain.CurrentDomain;domain.SetPrincipalPolicy(PrincipalPolicy.UnauthenticatedPrincipal);点评:AppDomain 表示应用程序域,它表示一个应用程序在其中执行的独立环境。
无法继承此类9、 Question 9Given the best answer,which of the following lines of code would reverse(反向/倒转) the security restriction?(Choose all than apply) 给出最好的答案,下面的那个代码行会破坏安全限制?(选择多项)‘VB ‘注释Dim e as EventLogPermission=New EventLogPermission(PermissionState.Unrestricted)PermitOnly//C#EventLogPermission e=new EventLogPermission(PermissionState.Unrestricted);PermitOnly();A、e.RevertPermitOnlyB、CodeAccessPermission.RevertPermitOnlyC、e.RevertAllD、CodeAccessPermission.RevertAllE、e.RevertDenyF、CodeAccessPermission.RevertDeny点评:CodeAccessPermission类 定义了一个所有代码访问权限的底层结构 System.Security.CodeAccessPermission10、 Question 10You work as the application developer at Hi-T. You are working on a new requirement. You have to create a class library that will open the network socket connections to computers on the Hi-T network. 你在Hi-T做应用程序开发员。
在工作上有了新的要求,需要创建一个类库,将打开网络套接字连接上Hi-T的网络The class library must be deployed to the global assembly cache, with full trust granted. To cater for network socket connections being used, you develop this code segment; 该类库必须部署到全局程序集缓存,授予完全信任为配合正在使用的网络套接字连接,你开发如下的代码段:SocketPermission permission=new SocketPermission(PermissionState.Unrestricted);permission.Assert();You discover though that there are certain existing applications which do not have the required permissions to open the network socket connections. You decide to cancel the assertion. Choose the code segment which will accomplish this task.你发现,虽然有一些现有的应用程序不具有所需的权限打开网络套接字连接,你决定取消这一断言,选择代码段将完成这项任务。
A、 CodeAccessPermission.RevertAssert();B、 CodeAccessPermission.RevertDeny();C、 permission.Deny();D、 permission.PermitOnly(); 点评:SocketPermissionC和D不正确B 是对permission.Deny()方法的操作11、 question 11You work as an application developer at Cer-T. You are required to dynamically load assemblies into a custom child application domain. 你在Cer-T做应用程序开发员要求动态的加载程序集到一个自定义的子应用程序域You need to ensure that the assemblies loaded into the child application domain have the same permissions as the applications that are accessed across the local intranet.你必须确保子应用程序域中加载的程序集有整个本地intranet访问的所有应用程序有相同的权限。
What should you do?该如何做?A、 Use the following code to create the child application domain:Evidence childEvidence=new Evidence(new object[]{SecurityZone.Intranet},null);AppDomain.CreateDomain(“ChildDomain”,childEvidence);B、 Use the following code to create the child application domain:AppDomain.CreateDomain(“ChildDomain”,SecurityZone.Intranet);C、 Use the following code to create the child application domain:AppDomain domain=new AppDomain(“ChildDomain”,SecurityZone.Intranet);D、 Use the following code to create the child application domain:Evidence childEvidence=new Evidence(new object[]{SecurityZone.Intranet},null);AppDomain domain=new AppDomain(“ChildDomain”,childEvidence);点评:Evidence(证据) AppDomain:表示应用程序域,它是一个应用程序在其中执行的独立环境。
C和D错误,因为AppDomain的对象是不能通过new创建出来的B 第二个参数的类型不正确SecurityZone是一个枚举,定义与安全策略所使用的安全区域相对应的整数值System.Security) AppDomain.CreateDomain(“字符串”, Evidence对象);参数一:域的友好名称参数二:System.Security.Policy.Evidence12、 Question 12You work as the application developer at Hi-T. You create a code segment which will implement the class named Class01. The code segment is shown here:你在Hi-T在应用程序开发人员你创建了一个将实现Class01类的代码片段如下:MyMethod function.public class Class01{public int MyMethod(int arg){ return arg;}}You want the Class01.MyMethod function to be dynamically called from a separate class within the assembly.你希望Class01.MyMethod方法是动态的从本程序集内的另外一个类中调用。
Choose the code segment which you should use to accomplish the task..选择能够完成上述任务的代码段A、 Class01 myClass=new Class01();Type t=typeof(Class01);MethodInfo m=t.GetMethod(“MyMethod”);int i=(int)m.Invoke(this,new object[]{1});B、 Class01 myClass=new Class01();Type t=typeof(Class01);MethodInfo m=t.GetMethod(“MyMethod”);int i=(int)m.Invoke(myClass,new object[]{1});C、 Class01 myClass=new Class01();Type t=typeof(Class01);MethodInfo m=t.GetMethod(“Class01.MyMethod”);int i=(int)m.Invoke(myClass,new object[]{1});D、 Type t=Type.GetType(“Class01”);MethodInfo m=t.GetMethod(“MyMethod”);int i=(int)m.Invoke(this,new object[]{1});点评:反射A和D不正确,因为在另外一个类中通过反射读取Class01中MyMethod的方法。
Invoke的第一个参数是要反射的类的实例C不正确,GetMethod(“方法名”),不需要加类名的限定符13、 Question 13You work as the application developer at Hi-T. You are working on an existing application and must load a new assembly into this application. You must write the code segment that will require the common language runtime(CLR) to grant the assembly a permission set,as though the assembly was loaded from the local intranet zone.You must ensure that the default evidence for the assembly is overridden and must create the evidence collection.你在Hi-T做应用程序开发人员。
你正在开发一个现有的应用程序,而且必须加载一个新的程序集到该程序中虽然这个程序集加载自本地intranet,你必须编写代码段使得公共语言运行时(CLR)授权给程序集一个权限集你必须确保给程序集提供的默认证据被重写,并且创建一个新的证据集Choose the code segment which will accomplish this task.A、 Evidence evidence=new Evidence(Assembly.GetExecutingAssembly().Evidence);GetExecutingAssembly()获取当前执行代码的程序集Evidence获取此程序集的证据B、 Evidence evidence=new Evidence();evidence.AddAssembly(new Zone(SecurityZone.Intranet));将指定的程序集证据添加到程序集C、 Evidence evidence=new Evidence();evidence.AddHost(new Zone(SecurityZone.Intranet));将主机提供的指定证据添加到程序集D、 Evidence evidence=new Evidence(AppDomain.CurrentDomain.Evidence);点评:定义组成对安全策略决策的输入的一组信息,无法继承此类。
System.Security.PolicyEvidence是一个集合,它持有一组表示证据的对象该类有两个与证据源(主机证据和程序集证据)对于的集合Host evidence由主机提供;Assembly evidence是程序集本身的一部分A和D都是获得当前程序集的证据集,与题意不符合B14、 Question 14You are creating a front-end interface to a back-end database that stores user names and groups within the database itself. The user database is very simple,storing only user names and group memberships. You want to be able to use imperative and declarative RBS demands within your application based on the custom user database.Which of the following classes meets your requirements and would be most efficient to implement?(Choose all that apply)你正在创建一个前端界面后端数据库,用于存储用户名和组在数据库中。
用户数据库非常简单,只存储用户名和组成员你希望在自定义用户数据库的应用程序基础上使用命令声明远程Blob存储命令下面那些类满足你的要求并能有效的实现?(选择多项)A、 GenericIdentityB、 GenericPrincipalC、 IIdentityD、 IPrincipal点评:System.Security.Principal.GenericIdentity 表示一般用户System.Security.Principal.GenericPrincipalSystem.Security.Principal.IIdentitySystem.Security.Principal.IPrincipal15、 Question 15You work as the application developer at Hi-T. You are creating a new code segment which is to be used for user authentication(认证) and authorization(授权) purposes. The current application data store already stores the username,password, and roles. You must establish the user security context, which should be used for the authorization checks like IsInRole. To authorize the user, you have started developing the following code segment;你在Hi-T做应用程序开发人员。
你正在创建一个新的代码段将被用于用户认证和授权的目的(用途)当前应用程序的数据存储已经存储了用户名、密码和角色你必须营造一个安全的用户环境,将被用于类似IsInRole的授权检查对授权用户,你已经开始开发如下的代码段:if(!TestPassword(username,password)) Throw new Exception(“user not authenticated”);String[]userRolesArray=LookupUserRoles(userName);(判断该用户名和密码是否是认证用户如果不是就抛出一个异常;否则读取该用户的角色复制该一个字符串数组)From the options below,choose the code which will make the code segment complete.从下面的选项中,选择正确的代码:A、 GenericIdentity ident=new GenericIdentity(userName);GenericPrincipal currentUser=new GenericPrincipal(ident,userRolesArray);Thread.CurrentPrincipal=currentUser;B、 WindowsIdentity ident=new WindowsIdentity(userName);WindowsPrincipal currentUser=new WindowsPrincipal(ident);Thread.CurrentPrincipal=currentUser;C、 NTAccount userNTName=new NTAccount(userName);GenericIdentity ident=new GenericIdentity(userNTName.Value);GenericPrincipal currentUser=new GenericPrincipal(ident,userRolesArray);Thread.CurrentPrincipal=currentUser;D、 IntPtr token=IntPtr.Zero;Token=LogonUserUsingInterop(username,encryptedPassword);WindowsImpersonationContext ctx=WindowsIdentity.Impersonate(token);点评:GenericIdentity GenericPrincipal WindowsIdentity(System.Security.Principal) NTAcount 用户或组的账户类16、 Question 16You work as an application developer at Cer-T. Cer-Tech.Com has asked you to create an application that copies file content from one file on a client computer named XXYYinc-WS007 to a new file an a server named Server01.你在Cer-T做应用程序开发人员。
Cer-T让你实现一个应用程序:复制文件内容从客户端机器(XXYYinc-WS007)的一个文件到服务器端(Server01)的新文件The method displayed in the following exhibit is included in the new application; you have to ensure that the application copies all permissions on the original(原始) file to the new file. You should alse make sure that the new file does not inherit(继承) its permissions from the destination(目的地) directory on Server01. What should you do?下面展示的方法包含在新的应用程序中;你必须确保应用程序复制所有原始文件权限到新文件你还必须确保新文件不继承服务器端Server01目标目录的权限A、 Add the following code to the copy method:file2.SetAccessControl(file1.GetAccessControl());B、 Add the following code to the copy method:FileSecurity aci=file1.GetAccessControl();aci.SetAccessRuleProtection(true,true);//第一个参数:true防止被继承;false允许继承//第二个参数:true保留继承的访问规则;false不保留继承的访问规则file2.SetAccessControl(aci);C、 Add the following code to the copy method:file2.SetAccessControl(file1.GetAccessControl(),false);D、 Add the following code to the copy method:FileSecurity aci=file1.GetAccessControl();aci.SetAccessRuleProtection(true,false);file2.SetAccessControl(aci);点评:FileSecurity 表示文件的访问控制和审核安全System.Security.AccessControl.FileSecurityC参数不正确;A没有设置;D设置错误17、 Question 17You work as the application developer at Hi-T. You want to modify the current security settings of a file named Data.xml, as follows:你在Hi-T做应用程序开发人员。
你要修改当前名为Data.xml文件的安全设置如下:1. You must preserve all existing inherited access rules. 你必须保留所有现有的继承的访问规则2. You must prevent the access rules from inheriting future modifications.你必须防止日后修改继承的访问规则Choose the code segment which will accomplish the task.选择能够实现任务的代码A、 FileSecurity security=new FileSecurity(“Data.xml”,AccessControlSections.All);security.SetAccessRuleProtection(true,true);File.SetAccessControl(“Data.xml”,security);B、 FileSecurity security=new FileSecurity();security.SetAccessRuleProtection(true,true);File.SetAccessControl(“Data.xml”,security);C、 FileSecurity security=File.GetAccessControl(“Data.xml”);security.SetAccessRuleProtection(true,true);D、 FileSecurity security=File.GetAccessControl(“Data.xml”);security.SetAuditRuleProtection(true,true);File.SetAccessControl(“Data.xml”,security);点评:FileSecurityAccessControlSections(枚举) 指定要保存或加载安全性说明符的那些部分。
18、 Question 18You work as an application developer at Cer-T. You are currently creating an application that requires role-based security. You are planning to utilize(利用/采用) a database to store the user accounts and group membership data. You need to ensure that users are able to log on and off. You alse need to ensure that the application you have created tracks the user accounts of thess users, and restrict or allow access to code based on their group membership. You need to achieve this objective with as little developer effort as possible.What should you do to implement role-based security?你在Cer-T做应用程序开发人员。
当前你正在创建一个基于角色安全的应用程序计划采用数据库存储用户账户和组成员数据。
