Q1. DRAG DROP - (Topic 4)
You are developing an ASP.NET MVC application in Visual Studio 2012. The application processes data for a bakery and contains a controller named BagelController.es that has several actions. The GetBagel action is defined in the following code segment.
The GetBagel action is the only action that should be accessed via a URL pattern. Routes
to the other actions in the controller must be suppressed.
The default route must map to HomeController and the Index action.
You need to build the routes.
Which three code segments should you use in sequence? (To answer, move the
appropriate actions from the list of actions to the answer area and arrange them in the
correct order.)
Answer:
Q2. - (Topic 4)
You are developing an ASP.NET MVC application that uses forms authentication to verify that the user is logged in.
Authentication credentials must be encrypted and secure so no user identity is exposed.
You need to ensure that user credentials are persisted after users log on.
Where should you store the credentials? (Each correct answer presents a complete solution. Choose all that apply.)
A. In Session on the server
B. In a cookie stored in the browser
C. In ViewData in the application
D. In TempData on the server
Answer: A,B
Q3. - (Topic 2)
You need to update the routes to ensure that a product is always displayed on the product page.
Which code segment should you use?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Q4. - (Topic 4)
You are developing an ASP.NET MVC application.
The application provides a RESTful API for third-party applications. This API updates the information for a contact by embedding the information in the URL of an HTTP POST.
You need to save the Contact type when third-party applications use the EditContact method.
Which code segment should you use? {Each correct answer presents a complete solution. Choose all that apply.)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B,D
Explanation: Basics of RESTful services:
REST stands for Representational State Transfer, it is a simple stateless architecture that runs over HTTP where each unique URL is representation of some resource. There are four basic design principles which should be followed when creating RESTful service:
* Use HTTP methods (verbs) explicitly and in consistent way to interact with resources
(Uniform Interface), i.e. to retrieve a resource use GET, to create a resource use POST, to
update a resource use PUT/PATCH, and to remove a resource use DELETE.
Etc.
Q5. DRAG DROP - (Topic 4)
You are developing an ASP.NET MVC application that has pages for users who browse the site with Windows Phone 7.
The pages for Windows Phone 7 include the following files:
. _Layout.WP7.cshtml
. Index.WP7.cshtml
You need to update the application so that it renders the customized files correctly to Windows Phone 7 users.
How should you update the Application_Start method? (To answer, drag the appropriate line of code to the correct location or locations. Each line of code may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Q6. - (Topic 4)
You are developing a controller for an ASP.NET MVC application that manages message board postings.
The security protection built in to ASP.NET is preventing users from saving their HTML.
You need to enable users to edit and save their HTML while maintaining existing security protection measures.
Which code segment should you use?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Q7. DRAG DROP - (Topic 1)
You need to implement security according to the business requirements.
How should you modify RunLogController? (To answer, drag the appropriate code segment to the correct location or locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Topic 2, Web Application
Background
You are developing an online shopping web application.
Business Requirements
A user is not required to provide an email address. If a user enters an email
address, it must be verified to be a valid email address.
Information about the first product on the product page must fade out over time to
encourage the user to continue browsing the catalog.
Administrators must be able to edit information about existing customers.
Administrators also must be able to specify a default product on the product page.
Technical Requirements
General:
The web store application is in a load-balanced web farm. The load balancer is not
configured to use server affinity.
The web store application is an ASP.NET MVC application written in Visual Studio
2012.
Products:
The value of the productId property must always be greater than 0.
The Products page for mobile devices must display to mobile users. The Products
page for desktop devices must display to desktop users.
Storage:
The data must be stored in a serialized XML data format.
Serialized objects must be schema-independent.
Exception handling:
Exceptions originating from IIS must display a page with support contact
information.
Some page links expire, and users who access these links encounter 404 errors.
Exceptions must be logged by using the WriteLog method of the Utility class.
Browser and device support:
The application must support image format conversions from .bmp to .jpeg for
mobile devices.
The application must support image format conversions from .bmp to .png for
desktop devices.
Application Structure
Q8. - (Topic 4)
You are developing an ASP.NET MVC application that uses forms authentication. The
application uses SQL queries that display customer order data.
Logs show there have been several malicious attacks against the servers.
You need to prevent all SQL injection attacks from malicious users against the application.
How should you secure the queries?
A. Check the input against patterns seen in the logs and other records.
B. Escape single quotes and apostrophes on all string-based input parameters.
C. Implement parameterization of all input strings.
D. Filter out prohibited words in the input submitted by the users.
Answer: C
Explanation: SQL Injection Prevention, Defense Option 1: Prepared Statements (Parameterized Queries) The use of prepared statements (aka parameterized queries) is how all developers should first be taught how to write database queries. They are simple to write, and easier to understand than dynamic queries. Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.
Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.
Reference: SQL Injection Prevention Cheat Sheet
Q9. - (Topic 2)
You need to implement client-side animations according to the business requirements.
Which line of code should you use? (Each correct answer presents a complete solution. Choose all that apply.)
A. $ ("h1: first") .animate ({ opacity: 0 });
B. $("h1:first").fadeIn(1000);
C. $("h1:first").animate({ opacity: 1 });
D. $("h1:first").fadeOut(1000);
Answer: A,D
Topic 3, Video Transcoding Service
Background
You are developing a video transcoding service. This service is used by customers to upload video files, convert video to other formats, and view the converted files. This service is used by customers all over the world.
Business Requirements
The user-facing portion of the application is an ASP.NET MVC application. It provides an interface for administrators to upload video and schedule transcoding. It also enables administrators and users to download the transcoded videos.
When videos are uploaded, they are populated with metadata used to identify the video. The video metadata is gathered by only one system when the video upload is complete.
Customers require support for Microsoft Internet Explorer 7 and later.
The application contains a header that is visible on every page.
If the logged-on user is an administrator, then the header will contain links to administrative functions. This information is read from a cookie that is set on the server. The administrative links must not be present if an error condition is present.
Technical Requirements
User Experience:
The front-end web application enables a user to view a list of videos.
The main view of the application is the web page that displays the list of videos.
HTML elements other than the list of videos are changed with every request
requiring the page to reload.
Compatibility:
Some customers use browsers that do not support the HTTP DELETE verb.
These browsers send a POST request with an HTTP header of X-Delete when the intended action is to delete.
Transcoding:
The video transcoding occurs on a set of Windows Azure worker roles. The transcoding is performed by a third-party command line tool named transcode.exe. When the tool is installed, an Environment variable named transcode contains the path to the utility. A variable named license contains the license key. The license for the transcoding utility requires that it be unregistered when it is not in use. The transcoding utility requires a significant amount of resources. A maximum of 10 instances of the utility can be running at any one time. If an instance of the role cannot process an additional video, it must not prevent any other roles from processing that video.
. The utility logs errors to a Logs directory under the utilities path.
. A local Azure directory resource named perf is used to capture performance data.
Development:
. Developers must use Microsoft Remote Desktop Protocol (RDP) to view errors generated by the transcode.exe utility.
. An x509 certificate has been created and distributed to the developers for this purpose.
. Developers must be able to use only RDP and not any other administrative functions.
Application Structure
Q10. - (Topic 4)
You are developing an ASP.NET MVC application by using Visual Studio 2012.
The application throws and handles exceptions when it runs.
You need to examine the state of the application when exceptions are thrown.
What should you do?
A. From the Debug menu in Visual Studio 2012, select Exceptions. Enable the Thrown
check box for Common Language Runtime Exceptions.
B. From the Debug menu in Visual Studio 2012, select Exceptions. Disable the User-unhandled check box for Common Language Runtime Exceptions.
C. Add the following code to the web.config file of the application.
<customErrors mode="On" >
<error statusCode="500" redirect="CustomErrors.html" />
</customErrors>
D. Add the following code to the web.config file of the application.
<customErrors mode="On" >
<error statusCode="404" redirect="CustomErrors.html" />
</customErrors>
Answer: A