70-548
Designing and Developing Windows-Based Applications by
Using the Microsoft .NET Framework
Designing and Developing Windows-Based Applications by
Using the Microsoft .NET Framework
1:
You work as the developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. The configuration and customization of Web Service applications forms part of your responsibilities at Abc .com. Abc .com operates as an information centre for the California Property Title Deeds Office. You are currently busy developing a Microsoft Windows Forms application. This application is intended to allow the California Property Title Deeds Office to perform property deed verifications and renewals for the state of California. The application will be installed at all the California Property Title Deeds Office locations all round California. The application must meet the following requirements:
1. It must negate the possibility of malicious tampering of Property Title deeds data.
2. Users of the application must be authenticated.
The logical design includes the following aspects:
1. Host driver data are to be located on a central server at the California Property Title Deeds Head Quarters.
2. Extensible Markup Language (XML) Web services will be used to access the Property Title data.
3. A Symmetric key will be used to encrypt and decrypt Property Title Deed data at the Web service.
4. A Custom role-based security mechanism will be used to grant access to the application.
You now need to make a decision as to whether the design meets the security requirements.
What conclusion can you draw?
A. The design meets the requirements.
B. The design does not meet the requirements. You should grant access to the application using Active Directory.
C. The design does not meet the requirements. You should encrypt and decrypt data at the application and the Web service.
D. The design does not meet the requirements. You should encrypt and decrypt data at the Web service using asymmetric keys.
Answer: C
Explanation:
You should encrypt and decrypt the property title deed data at both the application and the Web service. If not you would not meet the requirement or negating the malicious tampering of data. The data needs to be transmitted in an unencrypted form when transmitted to and from the application (this provides a window for individuals to tamper with the data. You need to make use of Secure Sockets Layer (SSL) to provide confidentiality and data integrity. And this can be achieved by should encrypt and decrypt the property title deed data at both the application and the Web service. Thus the design does not meet the requirements.
Incorrect answers:
A: This is incorrect since you will still require encrypting and decrypting data at both the application and the Web Service.
B: There is no need to make use of Active Directory to grant access to the application. You can make use of whatever appropriate mechanism provided the credential store is secure.
D: The problem with this option is that the data is not encrypted or signed during transmission.
2:
You work as the Enterprise application developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. The design of applications forms part of your responsibilities at Abc .com. Abc .com operates as a financial institution. You are planning to develop a Microsoft Windows Forms application for Abc .com. This application, when completed will access data in the Abc .com database which is a Microsoft SQL Server 2005 database. The logical design has the following aspects:
1. Every Sunday, at 12:00 A.M. a full database backup must occur.
2. Every 60 minutes on the half hour a transaction log (incremental) backup must occur.
3. Every six hours on the hour a differential database backup must occur.
4. No more than seven tapes will be used to store each backup.
Each backup is expected to require only a single tape, and in the event of a failure there should not be a loss of more than 60 minutes worth of transactions. It is up to you to ensure that the design will provide complete data recovery in the event of a failure. What conclusion can you draw?
A. The design makes provision for complete data recovery.
B. The design does not make provision for complete data recovery. You should rather use only full backups and transaction log backups.
C. The design does not make provision for complete data recovery. You should rather use only full backups.
D. The design does not make provision for complete data recovery. You should rather use only transaction log backups.
Answer: A
Explanation:
This design does indeed make adequate provision for complete data recovery. A full backup consists of complete backups; and a transaction log backup consists of transactions that occurred since the last transaction log backup. A differential backup consists of only the changes that occurred since the last full backup. If a full backup is made at 12:00 A.M. every Sunday, you will require one backup tape. Then you will also require a backup tape for each transaction log backup until 6:00 A.M. when the differential backup occurs. One the differential backup is performed; you can throw away the previous transaction log backups. This way you will not require more than seven tapes.
Incorrect answers:
B: Transaction log backups consist of only the transactions that occurred since the last transaction log backup. And then you would require a new tape every sixty minutes for a whole week. And since you are limited to only seven tapes per day, you cannot make use of only the full backups and transaction log backups.
C: Using only full backups will not allow you to restore data if a failure occurs at any time other than every Sunday at 12:00 A.M. when a full backup is performed.
D: Making use of only transaction log backups will require an infinite supply of tapes and you are only allowed seven tapes.
3:
You work as the Enterprise application developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. The design of applications forms part of your responsibilities at Abc .com. Abc .com operates as a financial institution. As such they are obligated to comply with the legislation governing the financial institutions while protecting the assets of their customers. One of these laws governing financial institutions and the rights of the customers involves the assurance that the risk of hackers tampering with information is negated. Another of these laws states that Abc .com must be able to submit data to the government in case of them auditing all transactions that involves amounts greater than $10,000. You are currently developing an application for Abc .com. This application will allow Abc .com to submit relevant data to the government. This application must thus meet the following requirements:
1. It must prevent malicious users from interpreting the data.
2. It must prevent malicious users from tampering with the data.
Following are the aspects included in the design of the application:
1. Submit data to the government by accessing an Extensible Markup Language (XML) Web service.
2. Encrypt data before transmission by using the government's public key.
It is now up to you to make a decision as to whether the design will meet the data integrity requirement.
What conclusion can you draw?
A. The design meets the data integrity requirement.
B. The design does not meet the data integrity requirement. You should use the Abc .com private key to sign the data.
C. The design does not meet the data integrity requirement. You should use the Abc .com public key to sign the data.
D. The design does not meet the data integrity requirement. You should use the government's public key to sign the data.
Answer: B
Explanation:
The design should make provision for the signing of the data to prevent malicious tampering. When you sign data, you in essence hash the data and encrypt the hash with a private key that is only known to the signer. When the government receives the data, they will decrypt the hash by using the Abc .com public key, rehash the data, and comparing the hash with the decrypted hash. If the two hash values match, then you have proof that the data was not tampered with. Thus the data integrity requirement is not met in this scenario and you should make use of the Abc .com private key to sign the data.
Incorrect answers:
A: This design does not meet with the data integrity requirements.
C: You cannot use the Abc .com public key to sign the data. Encryption makes provision for confidentiality, not data integrity. Furthermore if you encrypt data using a public key, then only the corresponding private key can be used to decrypt the data.
Because the Abc .com private key should only be available to Abc .com, the government will not be able to decrypt the data.
D: You cannot use the government public key to sign the data. Public keys are publicly available and will thus allow malicious users to tamper with the data and then resign it as if the data is still intact and not tampered with.
4:
You work as the Enterprise application developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. The design of applications forms part of your responsibilities at Abc .com. Abc .com offers financial and accounting services to their customers. You are currently developing a Microsoft Windows Forms application for Abc .com. This application will allow users to file their federal and state income taxes. The application will make use of fifty assemblies that will provide the business logic for state income taxes. These assemblies are for the exclusive use of the application, and each assembly will be signed with a strong name. There is currently an existing design that suggests a deployment of the fifty assemblies to the application runtime directory. The new design suggests a deployment of the fifty assemblies to the global assembly cache (GAC). You are now required to make a decision as to whether the new design will offer better performance. What conclusion can you draw?
A. The new design does offer better performance.
B. The new design does not offer better performance. Only shared assemblies should be installed in the GAC.
C. The new design does not offer better performance. The state income tax business logic should be exposed via Extensible Markup Language (XML) Web services.
D. The new design does not offer better performance. Each assembly should be loaded into the application domain of a Microsoft .NET Remoting host application.
Answer: A
Explanation:
When one installs strong-named assemblies in a GAC, then one eliminates the performance overhead required to verify strong-name signatures. Thus this option is correct.
Incorrect answers:
B: Even though the GAC is used mainly as a repository for shared assemblies, you are allowed to install non-shared assemblies that are signed with strong names into the GAC to improve performance.
C: The business logic should not be exposed via XML Web services. This will seriously degrade performance because then there would be a need to serialize and deserialize objects every time a Web service method is invoked.
D: There is no need to load each assembly into the application domain of a .NET Remoting host application as this would degrade performance as then there will be a requirement for marshalling between application domains.
5:
You work as the Enterprise application developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. The design of applications forms part of your responsibilities at Abc .com. Abc .com operates as a financial institution. You are planning to develop the following three Microsoft Windows Forms applications for Abc .com:
1. CashManager
2. CreditManager
3. CustomerCarePro
Each of these applications will be designed to use business logic components, business entity components as well as data access components. Each component will further be specific to an application and each application will be maintained by a different development group. All three applications will be hosted in the same Microsoft Visual Safe database. This design suggests make use of the following Microsoft Visual Studio 2005 projects:
1. Mex.BusinessLogic
2. Mex.BusinessEntity
3. Mex.DataAccess
4. Mex.CashManager
5. Mex.CreditManager
6. Mex.CustomerCarePro
You now need to make a decision as to whether these applications will be maintainable.
What conclusion can you draw?
A. The three applications will be maintainable.
B. The three applications will not be maintainable. The Mex.CashManager, Mex.CreditManager and Mex.CustomerCarePro projects should be consolidated into a single project.
C. The three applications will not be maintainable. The Business logic, Business entities and data access logic should be separated into multiple projects.
D. The three applications will not be maintainable. The Mex.BusinessLogic, Mec.BusinessEntity and Mex.DataAccess projects should be consolidated into a single project.
Answer: C
Explanation:
The three applications do not lend itself to maintainability. The problem is due to the components that are applicable to one application are part of the same projects as components that are applicable to the other two application. This will require the three teams to work with the same projects which make maintenance difficult.
Incorrect answers:
A: This is incorrect since the maintainability requirement will need you to separate the Business logic, Business entities and data access logic into multiple projects
B: The Mex.CashManager, Mex.CreditManager and Mex.CustomerCarePro projects should not be consolidated into a single project. This will require that the three teams will need to work with the same project.
D: The Mex.BusinessLogic, Mec.BusinessEntity and Mex.DataAccess projects should not be consolidated into a single project as this will require that the three teams need to work with the same project.
6:
You work as the Enterprise application developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. The design of applications forms part of your responsibilities at Abc .com. Abc .com offers financial and accounting services to their customers. You are planning on developing a Microsoft Windows Forms application for Abc .com. This application will allow users to file their federal and state income tax returns. The application must make provision for frequent updates to be made easily since the government revises the laws governing tax frequently and often security vulnerabilities are discovered that has to be addressed. Abc .com estimates that approximately 150 million users will make use of the application after it has run for three consecutive years. Currently the design suggests the use of ClickOnce technology that will provide automatic updates from a Web server. You need to make a decision as to whether the design is scalable. What conclusion can you draw?
A. The design is scalable.
B. The design is not scalable. Make use of Windows Installer technology instead.
C. The design is not scalable. Create a Web application instead.
D. The design is not scalable. Implement a Web service to provide the updates.
Answer: A
Explanation:
The design does lend itself to scalability. The ClickOnce type of application allows you to implement horizontal scaling by deploying a Web farm which will also reduce the load on a single Web server.
Incorrect answers:
B: There is no need to make use of Windows Installer technology since the ClickOnce application is scalable. Besides applications using Windows Installer deployment is not able to take full advantage of automatic updates without custom implementation.
C: There is no requirement to create a Web application since the ClickOnce application is deployable to a Web farm, much the same as Web applications.
D: You should not implement a Web service to provide automatic updates because the ClickOnce application does provide scalable automatic updates.
7:
You work as the Enterprise application developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. The design of applications forms part of your responsibilities at Abc .com. Abc .com operates as a department of the Federal Bureau of Investigation. You are planning on developing a Microsoft Windows Forms application for Abc .com. This application will allow for the sharing of information for the FBI and will be deployed to 60 FBI offices nation-wide. The following aspects are included in the design of the application:
1. Making use of Microsoft .NET Remoting to facilitate inter-office communication.
2. Making use of asymmetric encryption to secure transmission messages.
3. Storing the public key in an ASCII text file in the application's runtime directory.
4. Storing the private key in an ASCII text file in the application's runtime directory.
5. Allowing only users of the application to access files that are used by the application.
You now need to change the design to enhance the security of the application.
What should you do?
A. Make use of Distributed Component Object Model (DCOM) and not .NET Remoting for inter-office communication.
B. Store the private key in a binary file that is encrypted with a symmetric key.
C. Store the private key in a key container of a cryptographic storage provider (CSP).
D. Make use of Extensible Markup Language (XML) Web services and not .NET Remoting for inter-office communication.
Answer: C
Explanation:
The private key should be protected and you can do this by storing the key in a key container of a CSP. The key container can be configured to allow only the application to access the private key. If the private key is not protected, then any application running under the same identity as the information sharing application will be able to access the private key in the text file.
Incorrect answers:
A : You should not make use of DCOM to improve security since the problem is related to the physical location of the private key in this case.
B: The private key should not be stored in a binary file that is encrypted with a symmetric key because then any application that runs under the same identity as the information sharing application will be able to access the private key in the text file.
D: You should not make use of Extensible Markup Language (XML) Web services to improve security since the problem is related to the physical location of the private key in this case.
8:
You work as the Enterprise application developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. The design of applications forms part of your responsibilities at Abc .com. You are currently evaluating the physical design of a Microsoft Windows Forms application for Abc .com. This application was designed to access data from a Microsoft SQL Server 2005 database via an Extensible Markup Language (XML) Web service. The application also makes use of Microsoft .Net Remoting to access a digital image device. The physical design is as follows:
1. Host the application on a Terminal server computer named Abc -TS01.
2. Host the database on a server computer named Abc -DB01.
3. Host the Web service on a Web server computer named Abc -SR01.
4. Host the remote components on an application server named Abc -APP01.
You then decide to implement a redundant array of independent disks to provide recoverability in case of failure. To this end you need to make a decision as to where you should implement the RAID solution. What should you do?
A. Use the Abc -APP01 server to implement RAID.
B. Use the Abc -SR01 server to implement RAID.
C. Use the Abc -DB01 server to implement RAID.
D. Use the Abc -TS01 server to implement RAID.
Answer: C
Explanation:
Raid is implemented when multiple disks are used to provide fault tolerance. Thus, if one disk fails, the data can be accessed on other disks. Thus the RAIDS solution should be implemented on Abc -DB01.
Incorrect answers:
A: The RAID solution should not be implemented on Abc -APP01 because it does not store data; it only hosts the remote components that are used to access the digital image device.
B: The RAID solution should not be implemented on Abc -SR01 that is hosting the Web service, since there is no data stored on that server.
D: The Raid solution should not be implemented on Abc -TS01 since it does not store data; it only hosts the Windows Forms application.
9:
You work as the Enterprise application developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. The design of applications forms part of your responsibilities at Abc .com. Abc .com operates as a College of Education. You are planning to develop a Microsoft Windows Forms application for Abc .com. This application will allow the Abc .com educational centers to manage transcripts. The plan is to make use of Microsoft SQL Server 2005 to store the transcripts for the application. The logical design of the application indicates a many-to-many relationship between candidates and examinations. The physical design suggests making use of three tables that are named Candidate, Examination, and CandidateExamination, respectively. These three tables are to be stored in the same database.
Following is a list of the requirements that should be met by the design:
1. Referential integrity between the candidates and the examinations must be maintained by SQL Server.
2. There should be no excessive duplication of data in existence.
You need to make a decision as to whether the design meets these requirements. What conclusion can you draw?
A. The design does meet the requirements.
B. The design does not meet the requirements. The data of the three tables should be consolidated into one table named Transcript in the same database.
C. The design does not meet the requirements. The three tables should be placed in different databases on the same server.
D. The design does not meet the requirements. The data of the three tables should be consolidated into two tables named Candidate and Examination in the same database.
Answer: A
Explanation:
Since it is mentioned that there is a many-to-many relationship between two entities, there is a need for a junction table which only exists to hold data that is unique to the relationship. Because the three tables are located in the same database, you can allow SQL Server to enforce referential integrity between the tables.
Incorrect answers:
B: The three tables should not be consolidated into a single table named Transcript in the same database. This will not prevent the excessive duplication of data.
C: The three tables should not be placed in different databases on the same server. This way SQL Server cannot enforce referential integrity between data in different databases.
D: Though this consolidation of the three tables into two tables named Candidate and Examination in the same database will allow SQL Server to enforce referential integrity, it does not prevent excessive duplication of data because either Examination data would need to be duplicated for each candidate who takes a particular examination, or Candidate data would need to be duplicated for each examination that the candidate takes.
10:
You work as the Enterprise application developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. Your responsibilities at Abc .com include the design and development of applications. All applications should be in a Microsoft Windows Forms environment. Abc .com operates as the Administration department for a College of Education. You are currently designing the user interface for a form in a student management application. The logical design indicates that the content is divided into sections. The number of sections depends on the identity of the logged-on user. However, this number ranges from one to ten. The main purpose of the form is to allow users to manage the following aspects of student applications.
1. Lecturer assignments
2. Educational history
3. Personal information
4. Religious and philosophical information
5. Courses
6. Bursaries
Now you need to implement the form by using the best mechanism to achieve fulfillment of the purpose of the form. What should you do?
A. Add a TabControl control to the form.
Dynamically add TabPage controls based on a user's identity.
Map each TabPage control to a section in the logical design.
B. Add 10 GroupBox controls to the form.
Show or hide a GroupBox control based on a user's identity.
Map each GroupBox control to a section in the logical design.
C. Add a FlowLayoutPanel control to the form.
Add input controls to the FlowLayoutPanel control based on the user's identity.
Map a set of input controls to a section in the logical design.
D. Add 10 PropertyGrid controls to the form.
Show or hide a PropertyGrid control based on the user's identity.
Map each ProeprtyGrid control to a section in the logical design.
Answer: A
Explanation:
A TabControl visually resembles dividers in a notebook when one makes use of TabPage controls. The contents of only one TabPage can be visible at any one time. This makes the TabControl the ideal mechanism to display lots of information that can be grouped together.
Incorrect answers:
B: You should not be adding 10 GroupBox controls to the form. This will result in a situation that when a user is granted access to multiple sections, one would need to display multiple GroupBox controls on the form. This is an adverse effect on the usability of the application and its purpose.
C: When making use of a FlowLayoutPanel and a user is granted access to all section, one would then require displaying all input controls on a single form at the same time.
This renders the application unusable.
D: You should not add 10 PropertyGrid controls to the form because this will result in a situation where a user when granted access to multiple sections, one would be compelled to display multiple PropertyGrid controls on the form. This affects the usability of the application negatively.
11:
You work as the Enterprise application developer at Abc .com. The Abc .com network consists of a single Active Directory domain named Abc .com. All servers in the domain run Windows Server 2003. Your responsibilities at Abc .com include the design and development of applications. All applications should be in a Microsoft Windows Forms environment. Abc .com offers financial and accounting services to their customers. You are currently developing a Microsoft Windows Forms application for Abc .com. This application will allow users to file their federal and state income tax returns. The application must fulfill one requirement: it must provide users with s that will assist them in making a choice in the types of tax forms that they need to file. You need to develop a solution that will meet this requirement. What should you do?
A. You should implement a multiple document interface (MDI) application. Display the appropriate forms based on selections from a context menu.
B. You should implement an application that resembles a tax forms booklet. Display a at the top of each form.
C. You should implement a Wizard-like application. Use the Back and Next buttons to allow users to navigate to the appropriate forms based on user input.
D. You should implement a single document interface (SDI) application. Display the appropriate forms based on selections from a main menu.
Answer: C
Explanation:
With a Wizard-type application you can choose the forms to display based on user input or selections on a previous form. This will eliminate the need to have the user to figure out which tax forms to file.
Incorrect answers:
A: You should not display the appropriate forms in a context menu. This will result in the user being required to invoke the menu and make a menu selection. You cannot effective pose s in menu items and this solution would thus affect the usability of the application in a negative way.
B: Implementing an application that resembles a booklet of tax forms and displaying a at the top of each form will require that the user must visit every form to decide and determine whether he/she is filing the correct tax forms and whether that particular tax form is indeed a requirement.
D: You should not display the appropriate forms in a main menu. This will result in the user being required to invoke the menu and make a menu selection. You cannot effective ask s in menu items and this solution would thus affect the usability of the application in a negative way.
12:
You work as the Enterprise application developer at Abc .com. Your responsibilities at Abc .com include the design and development of applications. All applications should be in a Microsoft Windows Forms environment. You are planning on developing a Microsoft Windows Forms application that, upon completion, must meet the following requirements:
1. It must have the ability to display different types of legal documents.
2. It must make allowance for users to toggle easily between legal documents and other applications' documents.
3. It must run on Microsoft Windows XP Professional computers.
The following aspects are included in the design:
1. Create a single document interface (SDI) application.
2. Allow users to toggle between documents by means of using the Alt + Tab keys.
3. Allow users to toggle between documents by means of using the Windows Task Bar.
You now need to make a decision as to whether the design meets the requirements. What conclusion can you draw?
A. The design meets the requirements.
B. The design does not meet the requirements. You must implement a multiple document interface (MDI) application.
C. The design does not meet the requirements. Users should be allowed to toggle between documents with the Ctrl + Esc keys.
D. The design does not meet the requirements. Users should be allowed to toggle between documents with the Ctrl + Tab keys.
Answer: A
Explanation:
This design adequately meets the requirements. An SDI application contains a Task Bar icon for each instance of the application that is running. This is a common design choice for Windows XP Professional applications. Users can navigate between different open documents using the Alt + Tab keys or the Windows Task Bar.
Incorrect answers:
B: A MDI application does not make for easy navigation of users between documents of different types of applications. The Windows Task Bar does not display documents in an MDO application as separate Task Bar buttons.
C: The Ctrl + Esc key combination is usually used to invoke the Windows Start menu and will thus not allow for easy navigation between documents.
D: The Ctrl + Tab key combination is typically used to toggle between documents in an MDO application. Not in this scenario.
NOTE: Orignal are also available www.exams.ws.
