dept.name = ConfigurationManager.AppSettings[\ dept.manager =ConfigurationManager.AppSettings[\ return dept; } }
B. public class deptElement: ConfigurationElement {
protected override void DeserializeElement(XmlReader reader, bool serializeCollectionKey) {Department dept = new Department(); dept.name = reader.GetAttribute(\
dept.manager = reader.GetAttribute(\ } } C. public class deptHandler : IConfigurationSectionHandler { public object Create(object parent, object configContext, System.Xml.XmlNode section) { Department dept = new Department();
dept.name = section.SelectSingleNode(\ dept.manager = section.SelectSingleNode(\ return dept; } }
D. public class deptHandler : IConfigurationSectionHandler { public object Create(object parent, object configContext, System.Xml.XmlNode section) { Department dept = new Department(); dept.name = section.Attributes[\ dept.manager = section.Attributes[\ return dept; } } Answer: C
71.如果你创建了一个名叫Assembly1的程序集,它包含了一个public方法。而在全局高速缓存里包含了另一个程序集叫Assembly2。如果你必须确定那个public方法只能在Assembly2中被调用,则你应该使用下面的哪个权限类。 A. GacIdentityPermission B. PublisherIdentityPermission C. DataProtectionPermission D. StrongNameIdentityPermission Answer: D
72.你创建了一个方法要使用终端用户证书,你需要使用Microsoft Windows groups去授权用户,你添加一个代码段来判断用户是否在本地一个叫Clerk的组里。那么下民的代码片段你会选哪个?
A. WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
For each (IdentityReference grp in currentUser.Groups)
{NTAccount grpAccount = ((NTAccount)grp.Translate(typeof(NTAccount)));
isAuthorized = grpAccount.Value.Equals(Environment.MachineName + @\ if (isAuthorized) break;}
B. WindowsPrincipal currentUser = (WindowsPrincipal)Thread.CurrentPrincipal; isAuthorized = currentUser.IsInRole(\
C. GenericPrincipal currentUser = (GenericPrincipal) Thread.CurrentPrincipal; isAuthorized = currentUser.IsInRole(\
D. WindowsPrincipal currentUser = (WindowsPrincipal)Thread.CurrentPrincipal; isAuthorized = currentUser.IsInRole(Environment.MachineName); Answer: B
73.当你在为一个应用程序域创建一个安全策略的时候,你写下了下面几行代码 PolicyLevel policy = PolicyLevel.CreateAppDomainLevel(); PolicyStatement noTrustStatement = new
PolicyStatement(policy.GetNamedPermissionSet(\
PolicyStatementfullTrustStatement=new
PolicyStatement(policy.GetNamedPermissionSet(\
你需要为这个策略设置代码组以便本地的程序集默认没有任何许可设置,如果程序集来源于一个受信任的区域,则这个策略要授予它足够信任的许可设置。下面的代码片段你选那一个?
A. CodeGroup group1 = new FirstMatchCodeGroup(new ZoneMembershipCondition(SecurityZone.Trusted), fullTrustStatement);
CodeGroup group2 = new UnionCoderoup(new AllMembershipCondition(),noTrustStatement); group1.AddChild(group2);
B. CodeGroup group1 = new FirstMatchCodeGroup(new AllMembershipCondition(),noTrustStatement); CodeGroup group2 = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.Trusted), fullTrustStatement); group1.AddChild(group2);
C. CodeGroup group = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.Trusted), fullTrustStatement);
D. CodeGroup group = new FirstMatchCodeGroup(new AllMembershipCondition(),noTrustStatement);
Answer: B
74.假设你在开发一个方法,它把使用三重DES加密的数据进行解密。这个方法接收以下参数:一个要被解密的的字节数组叫cipherMessage,一个叫做Key的密钥,一个叫iv的初始向量,你需要使用TripleDES相关的类来对信息进行解密,并且它结果放到一个字符串里。那么你会使用那一个代码段呢?
A. TripleDES des = new TripleDESCryptoServiceProvider(); des.BlockSize = cipherMessage.Length;
ICryptoTransform crypto = des.CreateDecryptor(key, iv);
MemoryStream cipherStream = new MemoryStream(cipherMessage); CryptoStream cryptoStream =new CryptoStream(cipherStream, crypto, CryptoStreamMode.Read); string message;
message = new StreamReader(cryptoStream).ReadToEnd(); B. TripleDES des = new TripleDESCryptoServiceProvider(); des.FeedbackSize = cipherMessage.Length;
ICryptoTransform crypto = des.CreateDecryptor(key, iv);
MemoryStream cipherStream = new MemoryStream(cipherMessage); CryptoStream cryptoStream = new CryptoStream(cipherStream, crypto, CryptoStreamMode.Read); string message;
message = new StreamReader(cryptoStream).ReadToEnd(); C. TripleDES des = new TripleDESCryptoServiceProvider(); ICryptoTransform crypto = des.CreateDecryptor();
MemoryStream cipherStream = new MemoryStream(cipherMessage); CryptoStream cryptoStream = new CryptoStream(cipherStream, crypto, CryptoStreamMode.Read); string message;
message = new StreamReader(cryptoStream).ReadToEnd(); D. TripleDES des = new TripleDESCryptoServiceProvider(); ICryptoTransform crypto = des.CreateDecryptor(key, iv);
MemoryStream cipherStream = new MemoryStream(cipherMessage); CryptoStream cryptoStream =new CryptoStream(cipherStream, crypto, CryptoStreamMode.Read); string message;
message = new StreamReader(cryptoStream).ReadToEnd();
Answer: D
75.假设你在写用户验证与授权的代码,用户名,密码规则存储在你应用程序的数据存储处。你需要建立一个用户安全上下文的用户授权检查,比如IsInRole,你写了下面的代码片段:
你需要完成这个代码以实现你的用户安全上下文,那么你会选择下面的哪个代码段? A. GenericIdentity ident = new GenericIdentity(userName);
GenericPrincipal currentUser = new GenericPrincipal(ident, userRolesArray); Thread.CurrentPrincipal = currentUser;
B. WindowsIdentity ident = new WindowsIdentity(userName); WindowsPrincipal currentUser = new WindowsPrincipal(ident); Thread.CurrentPrincipal = currentUser;
C. NTAccount userNTName = new NTAccount(userName); GenericIdentity ident = new GenericIdentity(userNTName.Value);
GenericPrincipal currentUser= new GenericPrincipal(ident, userRolesArray); Thread.CurrentPrincipal = currentUser; D. IntPtr token = IntPtr.Zero;
token = LogonUserUsingInterop(userName, encryptedPassword);
WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(token); Answer: A
76.现在你在开发一个类库,其中某个代码片段需要访问系统的环境变量。
当调用堆栈中处于较高位置的调用方不具有当前实例所指定的权限时你需要强制使用SecurityException异常。你会调用下面哪个方法?
A. set.Demand(); B. set.Assert(); C. set.PermitOnly(); D. set.Deny(); Answer: A
77.假如你现在正在开发一个服务器应用程序。而这个应用程序需要在网络上传递一些敏感信息,你创建了一个X509Certificate类的对象叫做certificate和一个TcpClient的对象叫做client。你需要创建一个SslStream流使用Transport Layer Security 1.0 protocol协议进行通信。
那么你会使用下面的哪个代码片段?
A. SslStream ssl = new SslStream(client.GetStream());
ssl.AuthenticateAsServer(certificate, false, SslProtocols.None, true); B. SslStream ssl = new SslStream(client.GetStream());
ssl.AuthenticateAsServer(certificate, false, SslProtocols.Ssl3, true); C. SslStream ssl = new SslStream(client.GetStream());
ssl.AuthenticateAsServer(certificate, false, SslProtocols.Ssl2, true); D. SslStream ssl = new SslStream(client.GetStream()); ssl.AuthenticateAsServer(certificate, false, SslProtocols.Tls, true); Answer: D
78.假设你现在在写一个方法用以压缩一个字节数组,这个方法定义了一个形式参数叫document,你需要压缩他,那么下面的代码你会选择哪个? A. MemoryStream inStream = new MemoryStream(document);
GZipStream zipStream = new GZipStream(inStream, CompressionMode.Compress); byte[] result = new byte[document.Length]; zipStream.Write(result, 0, result.Length); return result;
B. MemoryStream stream = new MemoryStream(document);
GZipStream zipStream = new GZipStream(stream, CompressionMode.Compress); zipStream.Write(document, 0, document.Length); zipStream.Close(); return stream.ToArray();
C. MemoryStream outStream = new MemoryStream();
GZipStream zipStream = new GZipStream(outStream, CompressionMode.Compress); zipStream.Write(document, 0, document.Length); zipStream.Close(); return outStream.ToArray();
D. MemoryStream inStream = new MemoryStream(document);
GZipStream zipStream = new GZipStream(inStream, CompressionMode.Compress); MemoryStream outStream = new MemoryStream(); int b;
while ((b = zipStream.ReadByte()) != -1) { outStream.WriteByte((byte)b);} return outStream.ToArray();