Developing ASP.NET MVC 4 Web Applications 온라인 연습
최종 업데이트 시간: 2024년12월12일
당신은 온라인 연습 문제를 통해 Microsoft 70-486 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 70-486 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 255개의 시험 문제와 답을 포함하십시오.
정답:
Explanation:
Advanced Maturity: Authorization as a Service
In the advanced level of maturity for authorization, role storage and management is consolidated and authorization itself is a service available to any solution that is service-enabled.
* The Trusted Subsystems Model
Once authorization is available as an autonomous service, the need for impersonation is eliminated. Instead of assuming the identity of the user, the application uses its own credentials to access services and resources, but it captures the user's identity and passes it as a parameter (or token) to be used for authorization when a request is made. This model is referred to as the trusted subsystem model, because the application acts as a trusted subsystem within the security domain.
정답:
Explanation:
ASP.NET membership is designed to enable you to easily use a number of different membership providers for your ASP.NET applications.
There are two primary reasons for creating a custom membership provider.
* You need to store membership information in a data source that is not supported by the membership providers included with the .NET Framework, such as a FoxPro database, an Oracle database, or other data sources.
* You need to manage membership information using a database schema that is different from the database schema used by the providers that ship with the .NET Framework.
To implement a membership provider, you create a class that inherits the MembershipProvider abstract class from the System.Web.Security namespace.
Incorrect:
Not C: Class ProviderBase
The provider model is intended to encapsulate all or part of the functionality of multiple ASP.NET features, such as membership, profiles, and protected configuration.
References: https://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
정답:
Explanation:
SQL Injection Prevention, Defense Option 1: Prepared Statements (Parameterized Queries) The use of prepared statements (aka parameterized queries) is how all developers should first be taught how to write database queries. They are simple to write, and easier to understand than dynamic queries. Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.
Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.
References:
정답:
Explanation:
Server sessions and cookies can both be configured to secure and they both persist after the users log on.
Incorrect:
Not C: ViewData's life only lasts during current http request.
Not D: TempData is a bucket where you can dump data that is only needed for the following request. That is, anything you put into TempData is discarded after the next request completes.
정답:
정답:
정답:
정답:
Explanation:
Basics of RESTful services:
REST stands for Representational State Transfer, it is a simple stateless architecture that runs over HTTP where each unique URL is representation of some resource. There are four basic design principles which should be followed when creating RESTful service:
* Use HTTP methods (verbs) explicitly and in consistent way to interact with resources (Uniform Interface), i.e. to retrieve a resource use GET, to create a resource use POST, to update a resource use PUT/PATCH, and to remove a resource use DELETE.
Etc.
정답:
정답:
Explanation:
The Manifest Generation and Editing Tool (Mage.exe) is a command-line tool that supports the creation and editing of application and deployment manifests.
Incorrect:
Not B: The Native Image Generator (Ngen.exe) is a tool that improves the performance of managed applications. Ngen.exe creates native images
Not C: Al.exe generates a file with an assembly manifest, not an deployment manifest, from one or more files that are either resource files or Microsoft intermediate language (MSIL) files.
Not D: Resgen.exe, the Resource File Generator, converts text (.txt or .restext) files and XML-based resource format (.resx) files to common language runtime binary (.resources) files that can be embedded in a runtime binary executable or compiled into satellite assemblies.
References: http://www.devcurry.com/2011/02/important-net-framework-40-command-line.html
정답:
Explanation:
Use the Assembly Linker (Al.exe) to compile .resources files into satellite assemblies. Al.exe creates an assembly from the .resources files that you specify. By definition, satellite assemblies can only contain resources. They cannot contain any executable code.
The following Al.exe command creates a satellite assembly for the application MyApp from the file strings.de.resources.
al /t:lib /embed:strings.de.resources /culture:de /out:MyApp.resources.dll References: https://technet.microsoft.com/en-us/library/21a15yht(v=vs.85)
정답:
Explanation:
The HttpRequest.Unvalidated Property provides access to HTTP request values without triggering request validation.
정답:
정답:
Explanation:
Screen is used for computer screens, tablets, smart-phones etc. max-width is the maximum width of the display area, such as a browser window.
References: http://www.w3schools.com/cssref/css3_pr_mediaquery.asp
정답: