Q21. DRAG DROP - (Topic 4) 

You are developing an ASP.NET MVC application in Visual Studio 2012. The application processes data for a bakery and contains a controller named BagelController.es that has several actions. The GetBagel action is defined in the following code segment. 

The GetBagel action is the only action that should be accessed via a URL pattern. Routes 

to the other actions in the controller must be suppressed. 

The default route must map to HomeController and the Index action. 

You need to build the routes. 

Which three code segments should you use in sequence? (To answer, move the 

appropriate actions from the list of actions to the answer area and arrange them in the 

correct order.) 

Answer: 


Q22. HOTSPOT - (Topic 3) 

The designer for the website gave you the following image as the design for the page. 

The normal color for the tab is *2da4c2, and the color when the mouse is over the tab is #ffd800. 

The HTML that implements the navigation tab is as follows. 

You need to implement the design. 

What should you do? (To answer, select the appropriate options in the answer area.) 

Answer: 


Q23. - (Topic 4) 

You are developing an ASP.NET MVC application that uses forms authentication. The 

application uses SQL queries that display customer order data. 

Logs show there have been several malicious attacks against the servers. 

You need to prevent all SQL injection attacks from malicious users against the application. 

How should you secure the queries? 

A. Check the input against patterns seen in the logs and other records. 

B. Escape single quotes and apostrophes on all string-based input parameters. 

C. Implement parameterization of all input strings. 

D. Filter out prohibited words in the input submitted by the users. 

Answer:

Explanation: SQL Injection Prevention, Defense Option 1: Prepared Statements (Parameterized Queries) The use of prepared statements (aka parameterized queries) is how all developers should first be taught how to write database queries. They are simple to write, and easier to understand than dynamic queries. Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied. 

Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker. 

Reference: SQL Injection Prevention Cheat Sheet


Q24. DRAG DROP - (Topic 4) 

You are developing an ASP.NET MVC application that authenticates a user by using claims-based authentication. 

The application must: 

. Use Windows Identity Foundation 4.5. 

. Support the Windows Azure Access Control Service. 

You need to implement authentication. 

How should you build the class constructor? (To answer, drag the appropriate code segment to the correct location or locations in the answer area. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.) 

Answer: 


Q25. DRAG DROP - (Topic 4) 

You are building an ASP.NET MVC web application. 

The application will be viewed by users on their mobile phones. 

You need to ensure that the page fits within the horizontal width of the device screens. 

You have the following markup: 

Which markup segments should you include in Target 1, Target 2 and Target 3 to complete the markup? (To answer, drag the appropriate markup segments to the correct targets. Each line of code may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.) 

Answer: 


Q26. - (Topic 2) 

You need to ensure that new customers enter a valid email address. 

Which code should you use? (Each correct answer presents part of the solution. Choose all that apply.) 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer: A,D 


Q27. - (Topic 4) 

You are developing an ASP.NET MVC web application for viewing a list of contacts. The application is designed for devices that support changes in orientation, such as tablets and smartphones. The application displays a grid of contact tiles in portrait mode. 

When the orientation changes to landscape, each tile in the grid expands to include each contact's details. The HTML that creates the tiled interface resembles the following markup. 

The CSS used to style the tiles in landscape mode is as follows. 

If this CSS is omitted, the existing CSS displays the tiles in portrait mode. 

You need to update the landscape-mode CSS to apply only to screens with a width greater than or equal to 500 pixels. 

Which code segment should you use? 

A. @media screen and (width >= 500px) { … } 

B. @media screen and (min-width: 500px) { … } 

C. @media screen(min-width: 500px, max-width: 1000px) { … } 

D. @media resolution(min-width: 500px) { … } 

Answer:

Explanation: http://www.javascriptkit.com/dhtmltutors/cssmediaqueries.shtml 


Q28. DRAG DROP - (Topic 4) 

You are developing an ASP.NET MVC application. The application has a view that displays a list of orders in a multi-select list box. 

You need to enable users to select multiple orders and submit them for processing. 

What should you do? (To answer, drag the appropriate words to the correct targets. Each word may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.) 

Answer: 


Q29. - (Topic 3) 

You need to ensure that all the MVC controllers are secure. 

Which code segment should you use as the body for the CreateController method in AdminVerifierFactory.es? 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer:


Q30. - (Topic 4) 

You are designing a distributed application that runs on the Microsoft Azure platform. 

The application must store a small amount of insecure global information for all users that 

does not change frequently. 

You need to configure the application to meet the requirements. 

Which server-side state management option should you use? Each correct answer presents a complete solution. Choose all that apply. 

A. profile properties of the Microsoft Azure application 

B. Microsoft Azure session state 

C. SQL Database 

D. Microsoft Azure application state 

Answer:

Explanation: In many applications, you want to store and use information that is unique to a user. When a user visits your site, you can use the information you have stored to present the user with a personalized version of your Web application. Personalizing an application requires a number of elements: you must store the information using a unique user identifier, be able to recognize users when they visit again, and then fetch the user information as needed. To simplify your applications, you can use the ASP.NET profile feature, which can perform all of these tasks for you.