You want to create a role to meet these requirements： 1. The role is to be protected from unauthorized usage. 2. The password of the role is not to be embedded in the application source code or stored in a table. method would you use to restrict enabling

第1题：

You are developing an application that uses role-based security. The prinicipal policy of the application domain is configured during startup with the following code：AppDomain.CurrentDomain.SetPrincipalPolicy（PrincipalPolicy.WindowsPrincipal）；  You need to restrict access to one of the methods in your application so that only members of the local Administrators group can call the method. Which attribute should you place on the method？（）

• A、 [PrincipalPermission （SecurityAction.Demand， Name = @"BUILTIN/Administrators"）]
• B、 [PrincipalPermission （SecurityAction.Demand， Role = @"BUILTIN/Administrators"）]
• C、 [PrincipalPermission （SecurityAction.Assert， Name = @"BUILTIN/Administrators"）]
• D、 [PrincipalPermission （SecurityAction.Assert， Role = @"BUILTIN/Administrators"）]

第2题：

On the Junos Pulse Access Control Service, you have created a role called Secret that you only want to provide to users who present a certificate.Using the admin GUI, which two features would you configure to satisfy this requirement?（）

• A、Sign-in Policy
• B、Role Mapping Rule
• C、Role Restrictions
• D、Trusted Server CA

第3题：

You are designing a Windows Azure application.  The application includes two web roles and three instances of a worker role.  The web roles will send requests to the worker role through one or more Windows Azure Queues. You have the following requirements：   - Ensure that each request is processed exactly one time.   - Minimize the idle time of each worker role instance. - Maximize the reliability of request processing.   You need to recommend a queue design for sending requests to the worker role.  What should you recommend？（）

• A、 Create a single queue.  Send requests on the single queue.
• B、 Create a queue for each web role.  Send requests on all queues at the same time.
• C、 Create a queue for each workerrole instance.  Send requests on each worker queue in a round robin.
• D、 Create a queue for each combination of web roles and worker role instances.  Send requests to all worker role instances based on the sending web role.

第4题：

You want to create a role to meet these requirements：  1：The role is to be protected from unauthorized usage.  2：The password of the role is not to be embedded in the application source code or stored in a table.  Which method would you use to restrict enabling of such roles（）

• A、Create the role with global authentication.
• B、Create the role with external authentication.
• C、Create the role as a secure application role.
• D、Create the role as a password-protected role.
• E、Create a role and use Fine-Grained Access Control （FGAC） to secure the role.

第5题：

You are designing a Windows Azure web application that does not use ASP.NET.   The application requires a standalone Win32 interpreter.  You need to recommend an approach for allowing access to the interpreter.  What should you recommend？（）

• A、 Use a web role.  Configure the interpreter as an ISAPI filter.
• B、 Use a web role.  Configure a FastCGI handler for the interpreter and set the path to the interpreter.
• C、 Use a worker role with an internal endpoint.  Enable native code execution.
• D、 Use a worker role with an external endpoint.  Configure a FastCGI handler for the interpreter and set the path to the root.

第6题：

You have an Exchange Server 2010 organization.You need to use Role Based Access Control （RBAC） to provide a user the ability to manage recipients in a specific organizational unit （OU）.  What should you do first？（）

• A、Create a new direct role assignment.
• B、Create a new management role assignment policy.
• C、Create a new management scope.
• D、Modify the default management scope.

第7题：

You are adatabase developer. You develop atask management application that connect stoa SQLServer 2008 database named TaskDB.Users logon to the application by using a SQLServer login. The application contains amodule named Task that assigns tasks tousers. Information about the setasks is stored in the Tasks table of the TaskDB data base. The Tasks table contains multiple columns. These include the Close Dateand Estimated Timecolumns. The application must meet the following security requirements: Users assigned toad atabase role named User 1 canupd ate all task information columns except the Close Date and the Estimated Time columns in the Tasks table. Administrative users assigned toad atabase role named Task_Admin canupd ateall task information in the Tasks table.You needto design a strategy to meet the security requirements. Which two actions should you perform?（）

• A、Add the Task_Admin role to thedb_accessadmin fixed database role.
• B、Grant Update permissions on the Tasks table to the Task_Admin role.
• C、Grant Update  permissions on  the  Tasks table to  the  User  1  role foreach  column  except the  Close  Dateand Estimated  Time columns.
• D、Createan  INSTEAD OF trigger  on  the  Tasks Table. Use theIs_Member function  toprevent the  User  1  role from updating the Close  Date and Estimated  Time columns.

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

You have the following requirements：   - Ensure that the business tier can be updated without affecting the application tier.   - Use the minimum role instance size that meets or exceeds the current server specifications.    You need to recommend a topology for hosting the application in Windows Azure.  What should you recommend？（）

• A、 Deploy the application tier and the business tier to one role with two Medium instances.
• B、 Deploy the application tier and the business tier to one role with two Large instances.
• C、 Deploy the application tier role to a Medium instance.  Deploy the business tier role to a medium instance.
• D、 Deploy the application tier role to a Large instance.  Deploy the business tier role to a Large instance.

第14题：

You work as an application developer at Contoso.com. You use Microsoft .NET Framework 3.5 and Microsoft ADO.NET to develop an application. The user name and password that is kept by the connection string is stored directly in the code of the application. You want to make sure that the password in the connection string is as protected.   What should you do？ （）

• A、 Add the connection string to the Settings.settings file.
• B、 Add connection string to the Web.config file and use protected configuration.
• C、 Use the TRUE setting in the Persist Security Info keyword.
• D、 Use the FALSE setting in the Persist Security Info keyword

第15题：

You want to restrict access to a role based on the client machine from which the user is accessing the network.Which two role restrictions accomplish this goal? （）

• A、user name
• B、password length
• C、certificate
• D、Host Checker

第16题：

Examine the code：   CREATE ROLE readonly IDENTIFIES USING app.chk_readwrite ； CREATE ROLE readwrite IDENTIFIED USING app.chk_readwrite ；   CREATE OR REPLACE PROCEDURE app.chk_readwrite  AUTHID CURRENT_USER IS  ipchk STRING（30）；  BEGIN  IF sys_context（‘USERENV’，’ISDBA’）=’TRUE’  THEN DBMS_SESSION.SET_ROLE‘READWRITE’） ；  ELSE DBMS_SESSION.SET_ROLE（‘READONLY’） ；  END； /   Which three statements correctly describe the Secure Application role definition？（）

• A、No user or application has to remember or hide a password. 
• B、It prevents everyone except a true DBA session from acquiring the READWRITE role. 
• C、app.chk_readwrite is called whenever a user tries to access rows protected by the READONLY or READWRITE label. 
• D、app.chk_readwrite is called by users or applications when they want to enable the READONLY or READWRITE role.

第17题：

You are designing the placement of the PDC emulator role to meet the business and technical requirements. In which location should you place the PDC emulator role?（）

• A、Los Angeles
• B、Paris
• C、Sydney
• D、Lisbon
• E、Barcelona 

第18题：

You are designing a Windows Azure application that will use a worker role. The worker role will create temporary files.  You need to recommend an approach for creating the temporary files that minimizes storage transactions.  What should you recommend？（）

• A、 Create the files on a Windows Azure Drive.
• B、 Create the files in Windows Azure local storage.
• C、 Create the files in Windows Azure Storage page blobs.
• D、 Create the files in Windows Azure Storage block blobs.

第19题：

第20题：

第21题：

第22题：

第23题：