What should you recommend?
You are an enterprise application developer. You are performing a peer code review for an entry- level developer. The developer is implementing server-side business objects. The business objects must be accessed and activated by using .NET Framework remoting. In addition, the business objects must meet the following requirements:
Implement an interface for client-side access.
Inherit from a base business object class.
The developer writes the following code segment.
public class UserObject : BaseBizObject, MarshalByRefObject, IUserObject { }
When the developer attempts to compile the code, an error message is received. You need to review the code and recommend a solution. What should you recommend?
Which code segment should you use?
You are developing a server application that will transmit sensitive information on a network. You create an X509Certificate object named certificate and a TcpClient object named client. You need to create an SslStream to communicate by using the Transport Layer Security 1.0 protocol. Which code segment should you use?
What should you do?
You create Microsoft Windows-based applications. You create a component that calls an existing function. The design for the function specifies that it might throw an application-specific exception named InvalidChecksumException, which inherits from System.ApplicationException. The InvalidChecksumException exception is an error that can be handled. But the component cannot handle any other type of error. The component does not have any additional information that can be added to other types of errors. You need to design the component to correctly handle exceptions. You also need to ensure that the exception-handling strategy does not affect performance.
What should you do?
What should you recommend?
You are an enterprise application developer. You create a Microsoft Windows client application that communicates with a business layer component. The business layer component contains the following class, named Utility.
public class Utility {
public Utility(){
}
public void ChangeData(){
}
}
The application must fulfill the following criteria:
Instances of the Utility class must be created only within the business component. The Windows client application must be able to invoke the functions inside the Utility class.
You review the code for the Utility class and decide it requires modification. You need to recommend modifications for the code. What should you recommend?
Which code segment should you use?
You are developing an application that runs by using the credentials of the end user. Only users who are members of the Administrator group get permission to run the application. You write the following security code to protect sensitive data within the application.
bool isAdmin = false;
WindowsBuiltInRole role = WindowsBuiltInRole.Administrator; …
if (!isAdmin)
throw new Exception(“User not permitted”);
You need to add a code segment to this security code to ensure that the application throws an exception if a user is not a member of the Administrator group. Which code segment should you use?
What should you recommend?
You create Microsoft Windows-based applications. You need to evaluate the design concept of an application.
The application must meet the following requirements:
The application relies on the operating system for authentication. The application minimizes the amount of data sent over the network when connecting to the database. The application exposes data access code so that the future Web-based and mobile applications can reuse them.
The application permits users to view and edit data contained in tables from a Microsoft SQL Server 2005 database.
The application controls access to the SQL Server 2005 database at the table level.
The design contains the following elements:
The SQL Server 2005 database uses the Windows Authentication mode. A database schema that grants rights to the users at the table level. A stored procedure in Transact-SQL that accesses the necessary data required by the application. A Web service that uses a pre-defined credential to access the database and run the stored procedures. A Microsoft Windows-based application that impersonates the logged-on user and calls the Web service to retrieve and update the data.
You need to evaluate the design and recommend appropriately.
What should you recommend?
Which approach should you choose?
You are an enterprise application developer. You are creating a component that stores employee details in a Microsoft SQL Server database. The component is implemented as a class. The class includes the public properties ID and Name. The class does not contain static methods. Both the ID field and the Name field are required in the Employee table of the database. Serialized instances of the class can be returned by XML Web services. You need to ensure that the class supports XML serialization. You also need to minimize the possibility of a developer creating a class instance by using partial data. Which approach should you choose?
Which permission class should you use?
You are creating an assembly named Assembly1. Assembly1 contains a public method. The global cache contains a second assembly named Assembly2. You must ensure that the public method is only called from Assembly2. Which permission class should you use?
Which risk should you identify?
You create Microsoft Windows-based applications. You are creating an application to manage projects. Your current customers use Microsoft Windows 2000, Windows XP Professional, and Windows Server 2003, in workgroup and domain settings.
The application must meet the following requirements:
Identify the user for workflow functionality.
Store data in a central location on your companys network.
Permit data to be stored locally for offline access.
Your application relies on Windows domainCbased authentication to identify the user without logging on to the application itself. You decide to use Microsoft SQL Server 2005 as the database engine and save the data locally in XML format for offline access. You need to identify the risks that are related to your design.
Which risk should you identify?
What should you do?
You are an enterprise application developer. You are creating a component that encapsulates database access to an employee table. The component contains a method that retrieves an employee record by using a string input parameter.
You need to respond to error conditions in a way that meets the following requirements:
If the caller passes a variable that fails to reference a string object, the caller receives an error notice.
If the caller fails to respond to the error notice, the error condition forcefully alters the flow of execution.
If the error occurs on the main thread, the application is terminated.
What should you do?