MCSD 70-310 Advanced XML Web Services Programming Exam Question

Discussion in 'MCSD' started by Greg, Jul 18, 2004.

  1. Greg

    Greg Guest

    Now can someone help me answer this question?



    Northwind Traders is a chain of department stores located around the country. It is setting up a new sales system cashiers will use to accept payments from customers. As a pilot project, you are creating a Windows application to implement a new sales system in one of the stores. You want to use an existing Web Service in this Windows application. You have implemented security and ensured that only the users in the cashiers group and the store manager can access the sales system. Because of certain financial requirements, the sales application also needs to be accessed by Nancy, and accountant at that store. However, the XML Web service is not configured to ensure access control. Which of the following tasks ensure that only authorized users can access XML Web services? (Choose one correct option.)



    A. In the web.config file, insert the following lines of code:

    <authorization> <allow role="Cashiers, Managers"/> <allow users="Nancy"/> <deny users="*"> <deny users="?"></authorization>B. In the web.config file, insert the following lines of code:

    <authorization> <deny users="*"> <allow users="Nancy"/> <allow role="Cashiers, Managers"/> <deny users="?"></authorization>C. In the web.config file, insert the following lines of code:

    <authorization> <allow users="*"> <allow users="Nancy"/> <allow role="Cashiers, Managers"/> <deny users="?"></authorization>D. In the web.config file, insert the following lines of code:

    <authorization> <allow users="?"> <deny users="*"> <allow users="Nancy"/> <allow role="Cashiers, Managers"/></authorization>

    I would have assumed that B was the correct answer, but it looks like they wanted A. Or would A and B do the same thing?
     
    Greg, Jul 18, 2004
    #1
    1. Advertising

  2. >Now can someone help me answer this question?

    yes, don't post in html.

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Jul 18, 2004
    #2
    1. Advertising

  3. From MSDN Library:

    "At run time, the authorization module iterates through the <allow> and <deny> tags until it finds the first access rule that fits a particular user. It then grants or denies access to a URL resource depending on whether the first access rule found is an <allow> or a <deny> rule."

    The key word here is "first". So "B" would deny everyone.
     
    =?Utf-8?B?U2hlbg==?=, Jul 18, 2004
    #3
  4. Greg

    UAError Guest

    "Greg" <> wrote:

    >Now can someone help me answer this question?
    >

    <SNIP>
    >I would have assumed that B was the correct answer, but it looks like they wanted A. Or would A and B do the same thing?


    Set your posting preferences to plain-text!!!

    Northwind Traders is a chain of department stores located
    around the country. It is setting up a new sales system
    cashiers will use to accept payments from customers. As a
    pilot project, you are creating a Windows application to
    implement a new sales system in one of the stores. You want
    to use an existing Web Service in this Windows application.
    You have implemented security and ensured that only the
    users in the cashiers group and the store manager can access
    the sales system. Because of certain financial requirements,
    the sales application also needs to be accessed by Nancy,
    and accountant at that store. However, the XML Web service
    is not configured to ensure access control. Which of the
    following tasks ensure that only authorized users can access
    XML Web services? (Choose one correct option.)

    A. In the web.config file, insert the following lines of
    code:
    <authorization>
    <allow role="Cashiers, Managers"/>
    <allow users="Nancy"/>
    <deny users="*">
    <deny users="?">
    </authorization>

    B. In the web.config file, insert the following lines of
    code:
    <authorization>
    <deny users="*">
    <allow users="Nancy"/>
    <allow role="Cashiers, Managers"/>
    <deny users="?">
    </authorization>

    C. In the web.config file, insert the following lines of
    code:
    <authorization>
    <allow users="*">
    <allow users="Nancy"/>
    <allow role="Cashiers, Managers"/>
    <deny users="?">
    </authorization>

    D. In the web.config file, insert the following lines of
    code:
    <authorization>
    <allow users="?">
    <deny users="*">
    <allow users="Nancy"/>
    <allow role="Cashiers, Managers"/>
    </authorization>

    start digging into the MSDN:

    <authorization> Element
    http://msdn.microsoft.com/library/d...s/cpgenref/html/gngrfauthorizationsection.asp

    <deny> Element
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfdeny.asp

    <allow> Element
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfallow.asp

    <allow role="Cashiers, Managers"/> - Grant the Cashiers and
    Manager roles access
    <allow users="Nancy"/> - Allow user Nancy access
    <deny users="*"> - Deny all users access
    <deny users="?"> - Deny unauthenticated users access
    <allow users="?"> - Allow unauthenticated users access

    also:

    "At run time, the authorization module iterates through the
    <allow> and <deny> tags until it finds the FIRST access rule
    that fits a particular user. It then grants or denies access
    to a URL resource depending on whether the first access rule
    found is an <allow> or a <deny> rule."

    So (A) grants access to the Cashiers and Managers and to
    Nancy while THEN denying access to all other users and
    anonymous users. This is the solution that the question is
    looking for.

    (B) strictly denies all users; the "allows" are in the wrong
    position. We never get to the "allow" rules.

    (C) allows all users right at the beginning; we never get to
    the remaining rules; this is not restrictive enough

    (D) allows unauthenticated users, while denying all other
    users; we certainly do not want this

    Note (doesn't pertain to this question as such): to allow
    only authenticated users you would need a sequence of two
    rules:

    <deny users="?">
    <allow users="*">

    Also keep in mind:

    "The default authorization rule in the Machine.config file
    is <allow users="*"/> so, by default, access is allowed
    unless configured otherwise."
     
    UAError, Jul 18, 2004
    #4
  5. It's been a while but... I seem to remember a question remarkable
    similar to that one when I took one of those exams.

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Jul 18, 2004
    #5
  6. Greg

    Greg Guest

    Get a updated news reader.

    "The Poster Formerly Known as Kline Sphere" <.> wrote in message news:...
    > >Now can someone help me answer this question?

    >
    > yes, don't post in html.
    >
    > Kline Sphere (Chalk) MCNGP #3
     
    Greg, Jul 18, 2004
    #6
  7. Greg

    Greg Guest

    Don't post stupid replies.

    "UAError" <> wrote in message news:...
    > "Greg" <> wrote:
    >
    > >Now can someone help me answer this question?
    > >

    > <SNIP>
    > >I would have assumed that B was the correct answer, but it looks like they wanted A. Or would A and B do the same thing?

    >
    > Set your posting preferences to plain-text!!!
    >
    > Northwind Traders is a chain of department stores located
    > around the country. It is setting up a new sales system
    > cashiers will use to accept payments from customers. As a
    > pilot project, you are creating a Windows application to
    > implement a new sales system in one of the stores. You want
    > to use an existing Web Service in this Windows application.
    > You have implemented security and ensured that only the
    > users in the cashiers group and the store manager can access
    > the sales system. Because of certain financial requirements,
    > the sales application also needs to be accessed by Nancy,
    > and accountant at that store. However, the XML Web service
    > is not configured to ensure access control. Which of the
    > following tasks ensure that only authorized users can access
    > XML Web services? (Choose one correct option.)
    >
    > A. In the web.config file, insert the following lines of
    > code:
    > <authorization>
    > <allow role="Cashiers, Managers"/>
    > <allow users="Nancy"/>
    > <deny users="*">
    > <deny users="?">
    > </authorization>
    >
    > B. In the web.config file, insert the following lines of
    > code:
    > <authorization>
    > <deny users="*">
    > <allow users="Nancy"/>
    > <allow role="Cashiers, Managers"/>
    > <deny users="?">
    > </authorization>
    >
    > C. In the web.config file, insert the following lines of
    > code:
    > <authorization>
    > <allow users="*">
    > <allow users="Nancy"/>
    > <allow role="Cashiers, Managers"/>
    > <deny users="?">
    > </authorization>
    >
    > D. In the web.config file, insert the following lines of
    > code:
    > <authorization>
    > <allow users="?">
    > <deny users="*">
    > <allow users="Nancy"/>
    > <allow role="Cashiers, Managers"/>
    > </authorization>
    >
    > start digging into the MSDN:
    >
    > <authorization> Element
    > http://msdn.microsoft.com/library/d...s/cpgenref/html/gngrfauthorizationsection.asp
    >
    > <deny> Element
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfdeny.asp
    >
    > <allow> Element
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfallow.asp
    >
    > <allow role="Cashiers, Managers"/> - Grant the Cashiers and
    > Manager roles access
    > <allow users="Nancy"/> - Allow user Nancy access
    > <deny users="*"> - Deny all users access
    > <deny users="?"> - Deny unauthenticated users access
    > <allow users="?"> - Allow unauthenticated users access
    >
    > also:
    >
    > "At run time, the authorization module iterates through the
    > <allow> and <deny> tags until it finds the FIRST access rule
    > that fits a particular user. It then grants or denies access
    > to a URL resource depending on whether the first access rule
    > found is an <allow> or a <deny> rule."
    >
    > So (A) grants access to the Cashiers and Managers and to
    > Nancy while THEN denying access to all other users and
    > anonymous users. This is the solution that the question is
    > looking for.
    >
    > (B) strictly denies all users; the "allows" are in the wrong
    > position. We never get to the "allow" rules.
    >
    > (C) allows all users right at the beginning; we never get to
    > the remaining rules; this is not restrictive enough
    >
    > (D) allows unauthenticated users, while denying all other
    > users; we certainly do not want this
    >
    > Note (doesn't pertain to this question as such): to allow
    > only authenticated users you would need a sequence of two
    > rules:
    >
    > <deny users="?">
    > <allow users="*">
    >
    > Also keep in mind:
    >
    > "The default authorization rule in the Machine.config file
    > is <allow users="*"/> so, by default, access is allowed
    > unless configured otherwise."
     
    Greg, Jul 18, 2004
    #7
  8. Greg

    Pollux Guest

    In article <>,
    says...
    > Don't post stupid replies.
    >


    Shouldn't you be in bed already?
     
    Pollux, Jul 18, 2004
    #8
  9. greg, you are an idiot.

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Jul 18, 2004
    #9
  10. greg you are an stupid idiot.

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Jul 18, 2004
    #10
  11. >> Don't post stupid replies.
    >>

    >
    >Shouldn't you be in bed already?


    .... and a good time was had by all....

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Jul 18, 2004
    #11
  12. Greg

    Greg Guest

    That MCNGP designation really shows your intelligence, too. Since your
    newsreader can't support HTML, I'm sure you can understand this now.

    "The Poster Formerly Known as Kline Sphere" <.> wrote in message
    news:...
    > greg you are an stupid idiot.
    >
    > Kline Sphere (Chalk) MCNGP #3
     
    Greg, Jul 18, 2004
    #12
  13. Greg

    Greg Guest

    I should have known better, "The Poster Formerly Known as Kline Sphere".

    "The Poster Formerly Known as Kline Sphere" <.> wrote in message
    news:...
    > greg, you are an idiot.
    >
    > Kline Sphere (Chalk) MCNGP #3
     
    Greg, Jul 18, 2004
    #13
  14. >That MCNGP designation really shows your intelligence, too.

    not as much as my Msc title.

    >Since your
    >newsreader can't support HTML, I'm sure you can understand this now.


    Maybe you should review the purpose of usenet, and in the process
    review rfc822 & rfc1036.

    html posting serves no purpose whatsoever and is only here because of
    abominations such as outlook express.

    BTW, where did you get that question from for which *you* were unable
    to work the answer for yourself? You know the one that seemed, to me
    anyway, to resemble a question from the real exam pool?

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Jul 18, 2004
    #14
  15. >I should have known better, "The Poster Formerly Known as Kline Sphere".

    yes indeed.

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Jul 18, 2004
    #15
  16. Greg

    Pollux Guest

    In article <>, The Poster
    Formerly Known as Kline Sphere <.> says...
    > >That MCNGP designation really shows your intelligence, too.

    >
    > not as much as my Msc title.
    >
    > >Since your
    > >newsreader can't support HTML, I'm sure you can understand this now.

    >
    > Maybe you should review the purpose of usenet, and in the process
    > review rfc822 & rfc1036.
    >
    > html posting serves no purpose whatsoever and is only here because of
    > abominations such as outlook express.
    >
    > BTW, where did you get that question from for which *you* were unable
    > to work the answer for yourself? You know the one that seemed, to me
    > anyway, to resemble a question from the real exam pool?
    >
    > Kline Sphere (Chalk) MCNGP #3
    >



    That and the fact that he had the cheek to criticise UAError who
    actually answered his question and quoted the relevant MSDN sections.
     
    Pollux, Jul 18, 2004
    #16
  17. Greg

    Greg Guest

    Because with a stupid name like that, we know you are a really intelligent
    boy. lol

    "The Poster Formerly Known as Kline Sphere" <.> wrote in message
    news:...
    > >I should have known better, "The Poster Formerly Known as Kline Sphere".

    >
    > yes indeed.
    >
    > Kline Sphere (Chalk) MCNGP #3
     
    Greg, Jul 18, 2004
    #17
  18. Greg

    Greg Guest

    Since you work for Microsoft, you probably write those questions in your
    Chinaman or Paki Enwish.

    "Pollux" <> wrote in message
    news:...
    > In article <>, The Poster
    > Formerly Known as Kline Sphere <.> says...
    > > >That MCNGP designation really shows your intelligence, too.

    > >
    > > not as much as my Msc title.
    > >
    > > >Since your
    > > >newsreader can't support HTML, I'm sure you can understand this now.

    > >
    > > Maybe you should review the purpose of usenet, and in the process
    > > review rfc822 & rfc1036.
    > >
    > > html posting serves no purpose whatsoever and is only here because of
    > > abominations such as outlook express.
    > >
    > > BTW, where did you get that question from for which *you* were unable
    > > to work the answer for yourself? You know the one that seemed, to me
    > > anyway, to resemble a question from the real exam pool?
    > >
    > > Kline Sphere (Chalk) MCNGP #3
    > >

    >
    >
    > That and the fact that he had the cheek to criticise UAError who
    > actually answered his question and quoted the relevant MSDN sections.
     
    Greg, Jul 18, 2004
    #18
  19. Greg

    Pollux Guest

    In article <#>,
    says...
    > Since you work for Microsoft, you probably write those questions in your
    > Chinaman or Paki Enwish.
    >
    > "Pollux" <> wrote in message
    > news:...
    > > In article <>, The Poster
    > > Formerly Known as Kline Sphere <.> says...
    > > > >That MCNGP designation really shows your intelligence, too.
    > > >
    > > > not as much as my Msc title.
    > > >
    > > > >Since your
    > > > >newsreader can't support HTML, I'm sure you can understand this now.
    > > >
    > > > Maybe you should review the purpose of usenet, and in the process
    > > > review rfc822 & rfc1036.
    > > >
    > > > html posting serves no purpose whatsoever and is only here because of
    > > > abominations such as outlook express.
    > > >
    > > > BTW, where did you get that question from for which *you* were unable
    > > > to work the answer for yourself? You know the one that seemed, to me
    > > > anyway, to resemble a question from the real exam pool?
    > > >
    > > > Kline Sphere (Chalk) MCNGP #3
    > > >

    > >
    > >
    > > That and the fact that he had the cheek to criticise UAError who
    > > actually answered his question and quoted the relevant MSDN sections.

    >
    >
    >


    An idiot and a bigot. Very nice.

    I am neither confirming nor denying that I work for Microsoft. Not sure
    where you got the idea though?
     
    Pollux, Jul 18, 2004
    #19
  20. >Because with a stupid name like that, we know you are a really intelligent
    >boy. lol


    you mean you know what a 'kline sphere' is? boy I'm impressed!

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Jul 18, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Greg
    Replies:
    32
    Views:
    1,840
    Daniel Joskovski
    Jul 18, 2004
  2. Greg
    Replies:
    1
    Views:
    657
    The Poster Formerly Known as Kline Sphere
    Jul 17, 2004
  3. Greg
    Replies:
    10
    Views:
    1,107
    The Poster Formerly Known as Kline Sphere
    Jul 21, 2004
  4. SAD
    Replies:
    1
    Views:
    602
    Winged
    Sep 28, 2005
  5. BOGABOGA
    Replies:
    3
    Views:
    624
    BOGABOGA
    Apr 12, 2005
Loading...

Share This Page