MCAD thinking of taking on 70-340

Discussion in 'MCSD' started by Stud Sinister, Oct 28, 2004.

  1. I'm curious about test 70-340. Thus far I've passed the
    three you need to get the MCAD and I'm thinking about
    using 70-340 for the elective.

    It's a relatively new test, though. Anyone experienced
    with it? I've actually read the first version
    of "Writing Secure Code"...
    Stud Sinister, Oct 28, 2004
    #1
    1. Advertising

  2. Stud Sinister

    UAError Guest

    "Stud Sinister" <> wrote:

    >
    >I'm curious about test 70-340. Thus far I've passed the
    >three you need to get the MCAD and I'm thinking about
    >using 70-340 for the elective.
    >
    >It's a relatively new test, though. Anyone experienced
    >with it? I've actually read the first version
    >of "Writing Secure Code"...



    Passed it first time after:

    - Countless trips to the MSDN including MSDN Mag and MSJ
    articles.


    Writing Secure Code, Second Edition
    by Michael Howard, David C. LeBlanc
    Publisher: Microsoft Press; 2 edition (December 4, 2002)
    ISBN: 0735617228
    http://www.amazon.com/exec/obidos/ASIN/0735617228
    http://www.microsoft.com/mspress/books/5957.asp

    "Worked through" Chapters 1 -17 (resulting in 58 pages of
    Arial 9pt notes). Best of the bunch here for establishing
    the need and urgency of "Secure Coding", while also
    underlining how hostile today's environment really is.
    Didn't go any further as I figured that the .NET material
    would be way to thin.



    MCAD/MCSD Self-Paced Training Kit: Implementing Security for
    Applications with Microsoft Visual Basic .NET and Microsoft
    Visual C# .NET (Pro-Certification (Paperback))
    by Anthony Northrup
    Publisher: Microsoft Press; Package edition (September 8,
    2004)
    ISBN: 0735621217
    http://www.amazon.com/exec/obidos/ASIN/0735621217
    http://www.microsoft.com/MSPress/books/7634.asp

    "Worked through" the whole thing (resulting in 87 pages of
    notes). Valuable as a guide to deciphering the 70-340
    "Skills Being Measured".
    "Writing Secure Code" has a superior treatment of general
    security topics - but it also dedicates more volume to the
    topic. Good .NET extension to some topics from "Writing
    Secure Code" - though a bit "thin" in places. Can't be
    relied upon as the "one-and-only" reference for 70-340. It
    totally overlooks Serviced Components/Enterprise Services
    Security.

    The book includes a Readiness Review Suite. Got 77% on the
    first go (ran out of time (90 min) leaving 5 of 60 questions
    unanswered). While some of the questions were real howler's
    it did point out my weak areas in enterprise services (COM+)
    security and security with reference to Forms Authentication
    in ASP.NET. This prompted me to move on to "Building Secure
    Microsoft ASP.NET Applications". Few days later had another
    go at it and got 83% (leaving 1 of 60 questions unanswered
    due to lack of time).



    Building Secure Microsoft ASP.NET Applications
    Publisher: Microsoft Press; 1 edition (January 22, 2003)
    ISBN: 0735618909
    http://www.amazon.com/exec/obidos/ASIN/0735618909
    http://www.microsoft.com/MSPress/books/6501.asp
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp
    http://www.microsoft.com/downloads/...FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E

    Proceeded to "read" chapters 8 through 12 in no particular
    order and reviewed a number of the How-Tos in the back.


    Finally proceeded to attempt the actual exam...


    Casual References:
    ===================

    NET Framework Security
    by Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi
    Martin, Kevin T. Price
    Publisher: Addison-Wesley Pub Co; 1st edition (April 24,
    2002)
    ASIN: 067232184X
    http://www.amazon.com/exec/obidos/ASIN/067232184X
    http://www.awprofessional.com/title/067232184X

    Read the first 8 chapters (only ~100 pages; it has 32
    chapters).

    This was the only reference that I could find that actually
    explains the nitty-gritty of SignedXML class (based on
    XMLDSIG; Chapter 32 Using Cryptography with the .NET
    Framework: Creating and Verifying XML Digital Signatures). I
    had to move on to more "profitable" matters before I could
    finally figure out how to verify DETACHED signed content
    that had been moved to a different URL. I couldn't believe
    that the Training-Kit only showed you how to generate the
    signature but not how to verify it (probably easy as long as
    the signed content isn't relocated - not very useful). I
    didn't find the SignedXML sample code that I found on the
    MSDN all that helpful.

    Used "Chapter 30: Using Cryptography with .NET Framework:
    The Basics" when I ran into some sample code in the
    Readiness Review that asked you outline the steps for
    decrypting a stream encrypted with some sample code using a
    symmetric algorithm. The sample code wrote the KEY (!!!;
    should have been the SALT/entropy value) and the
    initialization vector (IV) to the stream. To make matters
    worse the code wrote the key/IV into the CryptoStream (!!!;
    i.e. forget about decrypting that). That's when I decided
    that I better know how to do the salt/IV thing properly -
    the code in this chapter used an interesting tactic; rather
    than writing the salt/IV to the unencrypted output stream
    and then wrapping the output stream in a CryptoStream, the
    code wrapped the CryptoStream around the data input stream.



    Improving Web Application Security: Threats and
    Countermeasures
    Publisher: Microsoft Press; (September 24, 2003)
    ISBN: 0735618429
    http://www.amazon.com/exec/ASIN/0735618429
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/ThreatCounter.asp
    http://www.microsoft.com/downloads/...AA-AF88-4AA5-88D4-0DEA898C31B9&displaylang=en

    Read the first three chapters and probed randomly into
    various areas of interest or concern.



    COM and .NET Component Services (O'Reilly Windows)
    by Juval Löwy
    Publisher: O'Reilly; 1 edition (September 1, 2001)
    ISBN: 0596001037
    http://www.amazon.com/exec/obidos/ASIN/0596001037
    http://www.oreilly.com/catalog/comdotnetsvs/index.html

    Used this for its more casual treatment of COM+ security and
    its configuration.



    Mastering Regular Expressions, Second Edition
    by Jeffrey E. F. Friedl
    Publisher: O'Reilly; 2 edition (July 15, 2002)
    ISBN: 0596002890
    http://www.amazon.com/exec/obidos/ASIN/0596002890
    http://www.oreilly.com/catalog/regex2/index.html

    Better have this within arms reach when you are chanting
    "Constrain-Reject-Sanitize".



    The .NET Developer's Guide to Windows Security
    by Keith Brown
    Publisher: Addison-Wesley Professional; (September 27, 2004)
    ISBN: 0321228359
    http://www.amazon.com/exec/obidos/ASIN/0321228359
    http://www.awprofessional.com/title/0321228359
    http://pluralsight.com/wiki/default.aspx/Keith.GuideBook.HomePage

    (Note: This title deals with "Windows Security" as it
    concerns the .NET developer, NOT ".NET Security". Look
    forward to "unsatisfied" reviews of readers that couldn't
    make that "subtle" distinction based on the title).
    UAError, Nov 2, 2004
    #2
    1. Advertising

  3. Stud Sinister

    Eric Guest

    Stud Sinister wrote:

    >
    > I'm curious about test 70-340. Thus far I've passed the
    > three you need to get the MCAD and I'm thinking about
    > using 70-340 for the elective.
    >
    > It's a relatively new test, though. Anyone experienced
    > with it? I've actually read the first version
    > of "Writing Secure Code"...


    I think it's best to use an Elective that counts towards MCSD. I don't
    think 70-340 counts towards MCSD, does it?
    Eric, Nov 2, 2004
    #3
  4. Stud Sinister

    Philippe Guest

    It's very likely that it counts toward MCSD

    Cédric
    <Eric> a écrit dans le message de news:
    ...
    > Stud Sinister wrote:
    >
    >>
    >> I'm curious about test 70-340. Thus far I've passed the
    >> three you need to get the MCAD and I'm thinking about
    >> using 70-340 for the elective.
    >>
    >> It's a relatively new test, though. Anyone experienced
    >> with it? I've actually read the first version
    >> of "Writing Secure Code"...

    >
    > I think it's best to use an Elective that counts towards MCSD. I don't
    > think 70-340 counts towards MCSD, does it?
    >
    Philippe, Nov 2, 2004
    #4
  5. Stud Sinister

    UAError Guest

    "Eric" <Eric> wrote:

    >I think it's best to use an Elective that counts towards MCSD. I don't
    >think 70-340 counts towards MCSD, does it?


    I most certainly hope it does.

    From
    http://www.microsoft.com/learning/exams/70-340.asp

    <quote>
    Elective credit toward Microsoft Certified Application
    Developer (MCAD) for Microsoft .NET certification
    Elective credit toward Microsoft Certified Solution
    Developer (MCSD) for Microsoft .NET certification
    </quote>
    UAError, Nov 2, 2004
    #5
  6. Stud Sinister

    Eric Guest

    I see - they added it to the list that already had 70-229:

    http://www.microsoft.com/learning/mcp/mcsd/requirementsdotnet.asp

    I normally consider the 70-229 to be a very good choice because SQL
    Server is very widespread among .NET companies.

    You could take 70-340 instead of 70-229 if you want, but it won't be of
    much value to take both of these.

    Eric
    Eric, Nov 2, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steven C \(Doktersteve\)

    WHY?!? Why am i thinking i need an SLR, and thinking of going 35mm?

    Steven C \(Doktersteve\), Jan 19, 2004, in forum: Digital Photography
    Replies:
    13
    Views:
    569
    Greg Campbell
    Feb 13, 2004
  2. sam
    Replies:
    1
    Views:
    576
  3. norton
    Replies:
    3
    Views:
    286
  4. Guest

    MCAD 70-340

    Guest, May 1, 2005, in forum: MCAD
    Replies:
    1
    Views:
    342
    GoodLuck
    May 4, 2005
  5. tboy81
    Replies:
    1
    Views:
    381
    LarryWestMCSD
    Jun 25, 2007
Loading...

Share This Page