Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCSD > MCSD 70-310 Creating and Consuming .NET Remoting Objects Exam Question

Reply
Thread Tools

MCSD 70-310 Creating and Consuming .NET Remoting Objects Exam Question

 
 
Greg
Guest
Posts: n/a
 
      07-13-2004
I have a sample question:

You are creating a .NET remoting application for hosting on an IIS server.
You need to restrict the resources a remote object can access on a computer.
You implement ____ to control the resources a remote object can access on a
computer. (Choose one correct option)


1.. Role-base security
2.. SSL security
3.. Code Access security
4.. HttpChannel Web Security
What is the correct answer and why?


 
Reply With Quote
 
 
 
 
Sunny
Guest
Posts: n/a
 
      07-13-2004
Hi Greg,


In article <(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed)
says...
> I have a sample question:
>
> You are creating a .NET remoting application for hosting on an IIS server.
> You need to restrict the resources a remote object can access on a computer.
> You implement ____ to control the resources a remote object can access on a
> computer. (Choose one correct option)
>
>
> 1.. Role-base security
> 2.. SSL security
> 3.. Code Access security
> 4.. HttpChannel Web Security
> What is the correct answer and why?
>
>
>


I do not think that the question is very clear, but I'll bet on Role-
base security. IIS hosted objects are running as ASPNET user by default,
or if impersonated, with some other user's rights. And what a user can
do with machine resources is controlled by this users rights. I.e. role-
based security is the most right answer in my view.

Sunny
 
Reply With Quote
 
 
 
 
Eric
Guest
Posts: n/a
 
      07-13-2004
Sunny wrote:

> I do not think that the question is very clear, but I'll bet on Role-
> base security. IIS hosted objects are running as ASPNET user by
> default, or if impersonated, with some other user's rights.


Remoting objects don't log in

Since it's hosted in IIS, and uses HTTP, I would go with SSL.

Eric
 
Reply With Quote
 
Sunny
Guest
Posts: n/a
 
      07-13-2004
In article <#(E-Mail Removed)>, "Eric" <Eric>
says...
> Sunny wrote:
>
> > I do not think that the question is very clear, but I'll bet on Role-
> > base security. IIS hosted objects are running as ASPNET user by
> > default, or if impersonated, with some other user's rights.

>
> Remoting objects don't log in
>
> Since it's hosted in IIS, and uses HTTP, I would go with SSL.
>
> Eric
>



They are running with the rights of the process in which they are
hosted. This is aspnet for asp.net processes.

SSL is only encryption, it does nothing to do with the rights a process
has over resources.

Sunny
 
Reply With Quote
 
Ken Kolda
Guest
Posts: n/a
 
      07-13-2004
I agree with Sunny that this is pretty vaguely worded... it says you want to
"restrict the resources a remote object can access" -- it doesn't say
anything about whether that's based on the identity of the user invoking the
object's methods. So, to me, that implies code access security (i.e.
independent of identity). But, since the server is in control of what
objects get remoted, it would seem silly to remote an object that could
perform operations you don't want to allow.

So, I'd probably go with #4, HttpChannel security, because this is what
allows the client to pass to the server the identity info with the object's
method calls. But, I would think you'd use this in conjunction with
role-based security on the server side.

Ken


"Sunny" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Greg,
>
>
> In article <(E-Mail Removed)>, (E-Mail Removed)
> says...
> > I have a sample question:
> >
> > You are creating a .NET remoting application for hosting on an IIS

server.
> > You need to restrict the resources a remote object can access on a

computer.
> > You implement ____ to control the resources a remote object can access

on a
> > computer. (Choose one correct option)
> >
> >
> > 1.. Role-base security
> > 2.. SSL security
> > 3.. Code Access security
> > 4.. HttpChannel Web Security
> > What is the correct answer and why?
> >
> >
> >

>
> I do not think that the question is very clear, but I'll bet on Role-
> base security. IIS hosted objects are running as ASPNET user by default,
> or if impersonated, with some other user's rights. And what a user can
> do with machine resources is controlled by this users rights. I.e. role-
> based security is the most right answer in my view.
>
> Sunny



 
Reply With Quote
 
Eric
Guest
Posts: n/a
 
      07-13-2004
Sunny wrote:

> SSL is only encryption, it does nothing to do with the rights a
> process has over resources.


That leaves us with CAS.

Eric
 
Reply With Quote
 
Greg
Guest
Posts: n/a
 
      07-14-2004
Well, this question was from the Practice Exam of the Microsoft official study guide Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and Microsoft Visual C# .NET for exam 70-310.

But apparently 3 Code Access security is the correct answer. The study guide says You can use code-access security to secure remote objects. But the study guide also mentions that If you host remote objects in IIS, you can use the security feature of IIS and SSL to secure remote objects. IIS hosting provides SSL, which allows you to secure messages sent to or received from remote objects. In addition, you can use Integrated Windows Authentication or Kerberos to secure the remote objects hosted in IIS.

So go figure.

"Ken Kolda" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> I agree with Sunny that this is pretty vaguely worded... it says you want to
> "restrict the resources a remote object can access" -- it doesn't say
> anything about whether that's based on the identity of the user invoking the
> object's methods. So, to me, that implies code access security (i.e.
> independent of identity). But, since the server is in control of what
> objects get remoted, it would seem silly to remote an object that could
> perform operations you don't want to allow.
>
> So, I'd probably go with #4, HttpChannel security, because this is what
> allows the client to pass to the server the identity info with the object's
> method calls. But, I would think you'd use this in conjunction with
> role-based security on the server side.
>
> Ken
>
>
> "Sunny" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi Greg,
> >
> >
> > In article <(E-Mail Removed)>, (E-Mail Removed)
> > says...
> > > I have a sample question:
> > >
> > > You are creating a .NET remoting application for hosting on an IIS

> server.
> > > You need to restrict the resources a remote object can access on a

> computer.
> > > You implement ____ to control the resources a remote object can access

> on a
> > > computer. (Choose one correct option)
> > >
> > >
> > > 1.. Role-base security
> > > 2.. SSL security
> > > 3.. Code Access security
> > > 4.. HttpChannel Web Security
> > > What is the correct answer and why?
> > >
> > >
> > >

> >
> > I do not think that the question is very clear, but I'll bet on Role-
> > base security. IIS hosted objects are running as ASPNET user by default,
> > or if impersonated, with some other user's rights. And what a user can
> > do with machine resources is controlled by this users rights. I.e. role-
> > based security is the most right answer in my view.
> >
> > Sunny

>
>

 
Reply With Quote
 
Bob Grommes
Guest
Posts: n/a
 
      07-14-2004
This is exactly why I think certification exams and the whole cottage industry surrounding them are a load of cr*p.

In the first place it's a fallacy to suppose that you can accurately gauge software development skill by asking a bunch of multiple-choice questions. I'd rather have someone working for me that would flunk an exam for lack of having memorized a bunch of sterile facts, but who has common sense, good problem-solving skills, and knows how to RTFM, STFW, or pick up the blasted reference books next to his or her desk when confronted with something new or obscure.

Add to this sloppily worded questions with indifferent editing, like the example under consideration here, and you have yourself a real mess. Nothing infuriates me more than someone making judgments about my skills based on prose like this, that can't even clearly frame the question. Time and again you find yourself thinking, not "what is the correct answer"? But rather, "I wonder what they're fishing for?" A testee should never have to read the test author's mind!

I am acquainted with how this stuff is developed; as a former seminar developer / instructor, I've been offered writing assignments through intermediary contractors for MSFT tests. I have three words to describe this process, at least the parts of it I've witnessed: Pa thet ic.

--Bob
"Greg" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
Well, this question was from the Practice Exam of the Microsoft official study guide Developing XML Web Services and Server Components with Microsoft Visual Basic .NET and Microsoft Visual C# .NET for exam 70-310.

But apparently 3 Code Access security is the correct answer. The study guide says You can use code-access security to secure remote objects. But the study guide also mentions that If you host remote objects in IIS, you can use the security feature of IIS and SSL to secure remote objects. IIS hosting provides SSL, which allows you to secure messages sent to or received from remote objects. In addition, you can use Integrated Windows Authentication or Kerberos to secure the remote objects hosted in IIS.

So go figure.

"Ken Kolda" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> I agree with Sunny that this is pretty vaguely worded... it says you want to
> "restrict the resources a remote object can access" -- it doesn't say
> anything about whether that's based on the identity of the user invoking the
> object's methods. So, to me, that implies code access security (i.e.
> independent of identity). But, since the server is in control of what
> objects get remoted, it would seem silly to remote an object that could
> perform operations you don't want to allow.
>
> So, I'd probably go with #4, HttpChannel security, because this is what
> allows the client to pass to the server the identity info with the object's
> method calls. But, I would think you'd use this in conjunction with
> role-based security on the server side.
>
> Ken
>
>
> "Sunny" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi Greg,
> >
> >
> > In article <(E-Mail Removed)>, (E-Mail Removed)
> > says...
> > > I have a sample question:
> > >
> > > You are creating a .NET remoting application for hosting on an IIS

> server.
> > > You need to restrict the resources a remote object can access on a

> computer.
> > > You implement ____ to control the resources a remote object can access

> on a
> > > computer. (Choose one correct option)
> > >
> > >
> > > 1.. Role-base security
> > > 2.. SSL security
> > > 3.. Code Access security
> > > 4.. HttpChannel Web Security
> > > What is the correct answer and why?
> > >
> > >
> > >

> >
> > I do not think that the question is very clear, but I'll bet on Role-
> > base security. IIS hosted objects are running as ASPNET user by default,
> > or if impersonated, with some other user's rights. And what a user can
> > do with machine resources is controlled by this users rights. I.e. role-
> > based security is the most right answer in my view.
> >
> > Sunny


 
Reply With Quote
 
Sunny
Guest
Posts: n/a
 
      07-14-2004
Yes, as we can see

Still the question is not very clear.

Sunny

In article <(E-Mail Removed)>, "Eric" <Eric> says...
> Sunny wrote:
>
> > SSL is only encryption, it does nothing to do with the rights a
> > process has over resources.

>
> That leaves us with CAS.
>
> Eric
>

 
Reply With Quote
 
Eric
Guest
Posts: n/a
 
      07-14-2004
Greg wrote:

> Well, this question was from the Practice Exam of the Microsoft
> official study guide


That explains why the question is weakly-worded.

I took the 70-320 test, and I don't remember anything worded so vaguely.

Eric
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
Another MCSD 70-310 Creating and Consuming .NET Remoting Objects Exam Question Greg MCSD 10 07-21-2004 04:58 PM
MCSD 70-310 Creating and Consuming XML Web Services Exam Question Greg MCSD 1 07-17-2004 02:32 PM



Advertisments