70-486 - Developing ASP - NET MVC Web Applications - Gold Tests - 1 PDF

4/7/2019 70-486: Developing ASP.
NET MVC Web Applications : Gold Tests | Udemy
  (/) 
(/cart/)
70-486: Developing ASP.NET MVC Web Applications : Gold Test 1 -

Results
 Return to review
Attempt 1 All knowledge areas  All questions 
Question 1: Skipped
You are responsible for con guring an Azure worker role for your team's application.
Before a new instance of the worker role becomes available, a license key value must be
added to the registry.
You have already created a batch le named SetLicense.cmd and a registry le called
SetLicense.reg. Both les have been added to the appropriate project in Visual Studio. The
batch le contains the necessary commands for importing the registry key.
What should you do? (Choose all that apply.)
In the WorkerRole element of the Service De nition le, add the following
con guration:
1 <Runtime executionContext ="elevated" />
Change the Copy to output Directory property for SetLicense.cmd and

(Correct)
SetLicense.reg to "Copy Always."
In the Run method of the worker role, add the following code:
1 Process.Start("SetLicense.cmd");
https://www.udemy.com/draft/1823402/learn/quiz/4474324/result/138013642#questions 1/85
4/7/2019 70-486: Developing ASP.NET MVC Web Applications : Gold Tests | Udemy
In the WorkerRole element of the Service De nition le, add the following
con guration:
1 <Startup>
(Correct)
2 <Task commandLine="SetLicense.cmd" executionContext="elevated" t
3 </Task>
4 </Startup>
Explanation
You should add the following con guration: The Service De nition le has support for
executing one or more startup tasks. Adding a task element that calls the SetLicense.cmd
batch le with executionContext set to elevated will cause the registry entry to be added. You
should also change the Copy to output Directory property for SetLicense.cmd and
SetLicense.reg to "Copy Always." to ensure that the SetLicense.cmd le and SetLicense.reg le
are deployed with the application. Calling Process.Start("SetLicense.cmd") does not meet the
requirement of adding the license key before the worker role instance becomes available and
would also require the entire role to run with an elevated execution context. Unnecessarily
running the instance with an elevated execution context is a violation of least privilege.
References: How to con gure and run startup tasks for a cloud service
(https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-startup-tasks);
WorkerRole Schema (https://msdn.microsoft.com/library/azure/gg557552.aspx);
Question 2: Skipped
Please refer to the Case Study on the given link to answer the question that follows
Link to Case Study 2: http://certifyme.io/70-486_CS2/index.html
QUESTION
The fourth column in Views\Community\List.cshtml shows a link that displays the number
of properties associated with a particular community. When users click the link, it should
invoke an action in the PropertyController class to display a list of all properties associated
with the community.
You need to de ne the action method in the PropertyController class.
Which method declaration should you use?
public IView PropertiesByCommunity(int communityId = 0)
public ActionResult List(int communityId = 0) (Correct)
public void ListProperty(int id = 0)
public bool Property(int id = 0)
Explanation
You should use the following method declaration: public ActionResult List(int communityId =
0) Action methods that display views must return a ViewResult instance or a primitive value.
ViewResult is derived from ActionResult, so you can use ActionResult as the return value for an
action method. The fourth column in Views\Community\List.cshtml uses the following code:
@Html.ActionLink(item.Properties.Count.ToString(), "List", "Property", new { communityId =
item.Id }, null) The rst parameter of the Html.ActionLink method represents the text for the
link. The second parameter speci es the action name. The third parameter speci es the
controller name without the "Controller" su x. Finally, the last parameter speci es the action
parameters. The link here uses the action name List. Therefore, you should create a method
named List in the PropertyController class. Alternatively, you can apply the ActionName
attribute to a method and specify its action name as List. You should not use the following
method declaration: public void ListProperty(int id = 0) The name of the method must match
the name of the action speci ed in the call to Html.ActionLink. Otherwise, you need to apply
the ActionName attribute to the ListProperty method and specify List as the action name. Also,
the method must include a parameter named communityId because that parameter name is
speci ed in the call to Html.ActionLink. Finally, the method must return a ViewResult instance.
You should not use the following method declaration: public IView PropertiesByCommunity(int
communityId = 0) The name of the method must match the name of the action speci ed in the
call to Html.ActionLink. Otherwise, you need to apply the ActionName attribute to the
PropertiesByCommunity method and specify List as the action name. Also, the method must
return a ViewResult instance. You should use the following method declaration: public bool
Property(int id = 0) The name of the method must match the name of the action speci ed in
the call to Html.ActionLink. Otherwise, you need to apply the ActionName attribute to the
Property method and specify List as the action name. Also, the method must include a
parameter named communityId because that parameter name is speci ed in the call to
Html.ActionLink. Finally, the method must return a ViewResult instance. References: Overview
of ASP.NET Core MVC (https://docs.microsoft.com/en-us/aspnet/core/mvc/overview?
view=aspnetcore-2.1); ASP.NET Routing (https://msdn.microsoft.com/en-
us/library/cc668201.aspx); Controller.View Method (https://msdn.microsoft.com/en-
us/library/dd460331.aspx); ActionNameAttribute Class (https://docs.microsoft.com/en-
us/dotnet/api/microsoft.aspnetcore.mvc.actionnameattribute?view=aspnetcore-2.1);
Controllers and Action Methods in ASP.NET MVC Applications (https://msdn.microsoft.com/cs-
cz/library/dd410269(v=vs.100).aspx); Views and UI Rendering in ASP.NET MVC Applications
(https://msdn.microsoft.com/cs-cz/library/dd410123(v=vs.100).aspx);
Question 3: Skipped
You are developing the functionality in a warehouse inventory management application

that will allow employees to view detailed information about each available part.
You have already added a view called Details.cshtml in the Views/Product folder. You need
to add a controller and action so that the view will be rendered when the user navigates to
a product.
Create a public action method called Details on the controller. (Correct)
Create a controller class called Product in the Controllers folder.
Create a protected action method called Details on the controller.
Create a controller class called ProductController in the Controllers

(Correct)
folder.
Explanation
You should create a controller class called ProductController in the Controllers folder and then
create a public action method called Details on the controller. By convention, ASP.NET MVC
expects each controller name to have a Controller su x. Each public method in the controller
is considered to be an action in ASP.NET MVC. You should not create a controller class called
Product in the Controllers folder .Omission of the "Controller" su x on the controller name
deviates from the convention set forth by the ASP.NET MVC framework. The controller will not
be registered to service requests that match the product route pattern. You should not create
a protected action method called Details on the controller. An action method in a controller
that is marked as protected will not be registered to service requests that match the
Product/Details route. References: Controllers and Action Methods in ASP.NET MVC
Applications (https://docs.microsoft.com/en-us/previous-versions/aspnet/web-
frameworks/dd410269(v=vs.100)); Views and UI Rendering in ASP.NET MVC Applications
(https://docs.microsoft.com/en-us/previous-versions/aspnet/web-
frameworks/dd410123(v=vs.100));
Question 4: Skipped
A page in an ASP.NET MVC razor application contains the following markup:
1 @model List<Udemy.Models.ExamModel>
2 <table>
3 <tr>
4 <th>Exam Number</th>
5 <th>Exam Title</th>
6 <th>Publish Date</th>
7 </tr>
8 @foreach (var exam in Model)
9 {
10 <tr>
11 <td>@Html.DisplayFor(model => exam.ExamNumber)</td>
12 <td>@Html.DisplayFor(model => exam.ExamTitle)</td>
13 <td>@Html.DisplayFor(model => exam.PublishDate)</td>
14 </tr>
15 }
16 </table>
The markup displays a tabular list of exams. You need to ensure that the rst cell of each
exam row is set to bold font.
Which CSS markup should you use?
tr: rst-child { font-weight: bold; }
tr+td { font-weight: bold; }
tr>td { font-weight: bold; }
td:nth-child(1) { font-weight: bold; } (Correct)
Explanation
You should use the following markup: td:nth-child(1) { font-weight: bold; } The nth-child
selector allows you to select a speci c element that is the nth child of its parent element. The
value in parenthesis represents the speci c child element to which the rule applies. In this
scenario, td:nth-child(1) selects the rst td element of its parent element. This markup applies
to the rst cell of each data row in this scenario. You should not use the following markup:
tr: rst-child { font-weight: bold; } The tr: rst-child selector allows you to select all tr elements
that are the rst child of their parent elements. This markup applies to the header row in this
scenario. You should not use the following markup: tr>td { font-weight: bold; } This applies to
all td elements that are children of tr elements. All cells would be in bold font. You should not
use the following markup: tr+td { font-weight: bold; } This applies to td elements that are
siblings of tr elements. No cells would be in bold font because there are no td elements that
are siblings of tr elements. References: Pseudo-classes (https://developer.mozilla.org/en-

US/docs/Web/CSS/Pseudo-classes); Combinators and groups of selectors
(https://developer.mozilla.org/en-
US/docs/Learn/CSS/Introduction_to_CSS/Combinators_and_multiple_selectors);
Question 5: Skipped
You create an ASP.NET web application that allows technical support engineers to chat
with customers. All customers use Internet Explorer 10 or later. When an engineer sends a
message, your application must immediately respond by displaying the message on a page
in the user's browser.
You need to choose an appropriate technology. The technology you choose should use
bidirectional communication and be the most responsive.
Which technology should you use? (More than one answer choice may be correct. Choose
the BEST answer.)
Web Socket application programming interface (API) (Correct)
Asynchronous JavaScript and XML (AJAX)
Windows Push Noti cation Services (WNS)
Representational State Transfer (REST)
Explanation
You should use the Web Sockets API. This API supports bidirectional communication between
a web application and a browser. You should not use AJAX. AJAX does not support bidirectional
communication. You can implement a polling solution to continuously issue HTTP GET
requests for new message. However, this is not the best solution because of the latency
requirement. You should not use REST. REST does not provide bidirectional support between a
client browser and a web server. You should not use WNS. This technology allows you to send
push noti cations to Windows Store apps, not ASP.NET web applications. References: The
WebSocket API (https://docs.microsoft.com/en-us/previous-versions/windows/internet-
explorer/ie-developer/dev-guides/hh673567(v=vs.85)); Web APIs
(https://developer.mozilla.org/en-US/docs/Web/API); Service Station - An Introduction To
RESTful Services With WCF (https://msdn.microsoft.com/en-us/magazine/dd315413.aspx);
Windows Push Noti cation Services (WNS) overview (https://docs.microsoft.com/en-
us/windows/uwp/design/shell/tiles-and-noti cations/windows-push-noti cation-services--wns-

-overview);
Question 6: Skipped
You are designing the user interface for a photo sharing website. The Razor view syntax is
shown in the exhibit.
You would like the Enable Premium Features option in the list to stand out from the other
options.
You need to create CSS that will apply a bold font to this option alone.
Which CSS should you use?
.options div: rst-child > li:last-child { font-weight: bold; }
#options div:nth-child(0) li:nth-child(3) { font-weight: bold; }
#options div: rst-of-type > ul > li:last-of-type { font-weight: bold; } (Correct)
#options div: rst-child > li:last-child { font-weight: bold; }
.options div:nth-child(0) li:nth-child(3) { font-weight: bold; }
#options li:last-child { font-weight: bold; }
Explanation
You should use the following: #options div: rst-of-type > ul > li:last-of-type { font-weight: bold;
} The CSS selector will apply a bold font weight to Enable Premium Features. You should not
use the following: #options li:last-child { font-weight: bold; } The CSS selector will apply a bold
font weight to Enable Premium Features and Contact Us. You should not use the following:
#options div:nth-child(0) li:nth-child(3) { font-weight: bold; } This CSS selector will not apply a
bold font to any item. The nth-child pseudo-class uses 1-based ordinals. You should not use
the following: .options div:nth-child(0) li:nth-child(3) { font-weight: bold; } This CSS selector will
not apply a bold font to any item. The nth-child pseudo-class uses 1-based ordinals and
matches elements with a class of options instead of elements with id equal to options. You
should not use the following: #options div: rst-child > li:last-child { font-weight: bold; } This
CSS selector will not apply a bold font to any item. There are no li elements that are direct
descendants of the rst child div under elements with id equal to options. You should not use
the following: .options div: rst-child > li:last-child { font-weight: bold; } This CSS selector will
not apply a bold font to any item. There are no li elements that are direct descendants of the
rst child div under elements with an options class applied. References: Selectors Level 4
(https://www.w3.org/TR/selectors/); structural pseudo-classes
(https://www.w3.org/TR/selectors/#structural-pseudos);
Question 7: Skipped
You are developing an application that will use Forms Authentication. Although viewing
most of the member-facing page requires the user to sign in, the registration and
password reset features must not require authentication.
You have constrained all of the controller actions that do not require authentication to the
Account controller.
Which attribute should you add to the Account controller so that all users can access the
features in the Account controller?
[Authorize(Users = "All")]
[Authorize(Users = "*")]
[Authorize(Users = "None", Roles = "None")]
[Authorize(Users = "*", Roles = "*")]
[Authorize(Roles = "All")]
[Authorize(Roles = "*")]
[AllowAnonymous] (Correct)
Explanation
You should use the AllowAnonymous attribute on the Account controller. This attribute will
allow anonymous users to access all of the actions in the controller. Each of the other options
uses the Authorize attribute. This attribute only allows access if the user name is speci ed in
the Users string or if the user's roles match one or more of the roles de ned in the Roles
string. References: AuthorizeAttribute Class (https://docs.microsoft.com/en-
us/dotnet/api/microsoft.aspnetcore.authorization.authorizeattribute?view=aspnetcore-2.1);
AllowAnonymousAttribute Class (https://docs.microsoft.com/en-
us/dotnet/api/microsoft.aspnetcore.authorization.allowanonymousattribute?
view=aspnetcore-2.1);
Question 8: Skipped
You deploy a web application to an Azure Web role. An unmanaged executable named
Migrate.exe exists in the application's bin directory.
You need to ensure that Migrate.exe runs when the role starts but before the application
begins processing requests.
What should you do?
Add this markup to the WebRole element in the service de nition le:
1 <Startup>
2 <Task commandLine="Migrate.exe" taskType="simple"/> (Correct)
3 </Startup>
Add this code to the Session_Start method in the application's Global.asax le:
1 Process process = new Process();
2 Process.StartInfo.FileName = "Migrate.exe";
3 Process.Start();
Add this code to the Application_Start method in the application's Global.asax le:
1 AppDomain.CurrentDomain.ExecuteAssembly("Migrate.exe");
Add this markup to the system.web section in the web.con g le:

1 <compilation assemblyPostProcessorType="BeforeAppStart">
2 <assemblies>
3 <add assembly="Migrate.exe"/>
4 </assemblies>
5 </compilation>
Explanation
You should add this markup to the WebRole element in the service de nition le: This markup
allows you to de ne a startup task for an Azure role. Whenever the role starts, the executable
or script represented by the commandLine attribute of the Task element runs. You should not
add this code to the Session_Start method in the application's Global.asax le: Process process
= new Process(); Process.StartInfo.FileName = "Migrate.exe"; Process.Start(); The Session_Start
method is not invoked until the rst user accesses the application. You should not add this
code to the Application_Start method in the application's Global.asax le:
AppDomain.CurrentDomain.ExecuteAssembly("Migrate.exe"); This code attempts to load an
assembly into the current application domain. However, you cannot load unmanaged
executables into an application domain. You should not add this markup to the system.web
section in the web.con g le: The compilation element allows you to specify how ASP.NET
compiles assemblies associated with an application. It does not allow you to start a task when
an Azure role starts. References: How to con gure and run startup tasks for a cloud service
(https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-startup-tasks);
AppDomain.ExecuteAssembly Method (String) (https://msdn.microsoft.com/en-
us/library/sxx9f4c2(v=vs.110).aspx); RoleEntryPoint.OnStart Method ()
(https://msdn.microsoft.com/en-
us/library/microsoft.windowsazure.serviceruntime.roleentrypoint.onstart.aspx); compilation
Element (ASP.NET Settings Schema) (https://msdn.microsoft.com/en-
us/library/s10awwz0(v=vs.100).aspx);
Question 9: Skipped
QUESTION
You need to ensure that _Layout.cshtml is used as the master page for all content pages.
Which code segment should you insert at line VS02?
1 VirtualPath = "~/Views/Shared/_Layout.cshtml";
1 @Html.RenderPartial("~/Views/Shared/_Layout.cshtml");
1 Layout = "~/Views/Shared/_Layout.cshtml"; (Correct)
1 @RenderSection("~/Views/Shared/_Layout.cshtml");
Explanation
You should use the following code segment: Layout = "~/Views/Shared/_Layout.cshtml"; The
Layout property speci es the master page, or layout page, for a content page. You should not
use the following code segment: VirtualPath = "~/Views/Shared/_Layout.cshtml"; The
VirtualPath property speci es the virtual path of the current page. It does not allow you to set
the master page. You should not use the following code segment:
@RenderSection("~/Views/Shared/_Layout.cshtml"); The RenderSection method allows you to
render a named section of a content page. A section is de ned by the @section syntax. This
method does not allow you to set the master page. You should not use the following code
segment: @Html.RenderPartial("~/Views/Shared/_Layout.cshtml"); The Html.RenderPartial
method allows you to render partial markup on a page. It does not allow you to set the master
page. You should not use the following code segment: Layout = "_Layout"; You must set the
Layout property to the path of the master page, including the le extension. You should not
use the following code segment: @RenderSection("_Layout"); The RenderSection method
allows you to render a named section of a content page. A section is de ned by the @section
syntax. This method does not allow you to set the master page. References: Creating a
Consistent Layout in ASP.NET Web Pages (Razor) Sites (https://docs.microsoft.com/en-
us/aspnet/web-pages/overview/ui-layouts-and-themes/3-creating-a-consistent-look);
Question 10: Skipped
You are designing the website layout for an upcoming 5k charity run. The HTML and CSS is
currently written as follows:
HTML
1 < div class = "wrapper" >

2 < div class = "block small-block red" > 5 < /div>
3 <div class="block small-block blue"> k </div >
4 < div class = "block large-block green" > Charity Run < /div>
5 </div >
CSS
1 .wrapper {
2 width: 300 px;
3 margin: 80 px auto;
4 }
5
6 .block {
7 font - size: 60 px;
8 color: #fff;
9 padding: 5 px;
10 margin: 0 px 5 px 5 px 0 px;
11 }
12
13 .small - block {
14 width: 100 px;
15 height: 100 px;
16 text - align: center;
17 line - height: 100 px;
18 float: left;
19 }
20
21 .large - block {}
22
23 .red {
24 background - color: red;
25 }
26
27 .blue {
28 background - color: #569FFF;
29 }
30
31 .green {
32 background-color: # 38 D836;
33 }
When you view the layout in a browser, the 5 and k divs overlap the Charity Run div. You
must adjust the CSS so that the Charity Run div appears below the 5 and k divs, as pictured
in the exhibit.
What CSS do you add to the large-block class declaration?
padding-top: 100px;
clear: right;
clear: left; (Correct)
display: block;
Explanation
You should use the following: clear: left; This will clear the left oat that was set in the small-
block class. You should not use the following: clear: right; This will clear the right oat, but you
need to clear the left oat. You should not use the following: display: block; The div is already a
block style element so this will not help. You should not use the following: padding-top: 100px;
This will push the large-block div down, but it will not clear the oat. As a result, the large-block
div will still appear behind the small-block divs. References: CSS/Properties/ oat
(https://www.w3.org/wiki/CSS/Properties/ oat); CSS/Properties/clear
(https://www.w3.org/wiki/CSS/Properties/clear);
You are designing a web application that uses a WCF service. The service exposes
endpoints that are able to communicate with ASMX-based web services.
You need to use a binding that meets these criteria by default.
Which binding should you use?
MsmqIntegrationBinding
BasicHttpBinding (Correct)
NetHttpBinding
WSFederationHttpBinding
Explanation
You should use BasicHttpBinding. BasicHttpBinding is the binding that WCF can use to expose
endpoints that are able to communicate with ASMX-based Web services and clients. It
conforms to WS-I Basic Pro le 1.1. WSFederationHttpBinding does not meet the conditions.
This is a secure and interoperable binding that supports federated security.
MsmqIntegrationBinding maps Microsoft Message Queuing messages to WCF messages.
NetHttpBinding is a binding that is used for consuming HTTP or WebSocket services that uses
binary encoding by default. References: WCF and ASP.NET Web API
(https://docs.microsoft.com/en-us/dotnet/framework/wcf/wcf-and-aspnet-web-api);
You are developing an application for a healthcare organization. You need to convert
existing ASP.NET code to ASP.NET MVC 5. You need to convert the code shown in the
exhibit.
What should you do with the code?
Convert it to a custom control.
Convert it to a partial view. (Correct)
Create an empty view and add a reference to the control.
Convert it to a controller.
Explanation
You should convert the code to a partial view. The code in the exhibit represents registering a
user control. The control can be re-used in multiple pages within the application. This is a
good example of a partial view. The Razor view engine will display it the same as a full view,
but without including the html and head tags. In an MVC application, the model represents the
data model that gets sent to the view. The view is what the user sees, and the controller
handles the incoming requests, executes application logic, and handles user interaction.
Because the control in the exhibit is a reusable component for a list picker, it cannot be
converted to a controller. In addition, views can reference other partial views. But it does not
reference ASP.NET Web forms custom and user controls. Even if the code in the exhibit was
converted to a custom control, it cannot be referenced by the MVC view. References: How to:
Create an ASP.NET User Control (https://msdn.microsoft.com/en-
us/library/26db8ysc(v=vs.85).aspx); Adding a View (https://docs.microsoft.com/en-
us/aspnet/mvc/overview/getting-started/introduction/adding-a-view);
QUESTION
You need to meet the technical requirement for unhandled exceptions.
What should you use?
Diagnostic tracing
ASP.NET tracing
Health monitoring (Correct)
IntelliTrace
Explanation
You should enable health monitoring. You can con gure health monitoring to send an e-mail
whenever unhandled exceptions occur. It does not require you to write custom code. You
should not enable IntelliTrace. This feature allows Visual Studio to record events while an
application is running. You can replay the events in a debugging session to determine exactly
where an application fails. You cannot use IntelliTrace to automatically send e-mails when
unhandled exceptions occur. You should not enable ASP.NET tracing. This requires you to
write custom code to catch unhandled exceptions and send an e-mail when they occur. You
should not enable diagnostic tracing. This requires you to write custom code to catch
unhandled exceptions and send an e-mail when they occur. References: ASP.NET Health
Monitoring Overview (https://msdn.microsoft.com/library/bb398933.ASPX); IntelliTrace -
Debugging Applications with IntelliTrace (https://msdn.microsoft.com/en-
us/magazine/ee336126.aspx); ASP.NET Tracing Overview (https://msdn.microsoft.com/en-
us/library/sfbfw58f.aspx);
You create an ASP.NET Web application that accesses the latest exams from a web service
at http://www.udemy.com/GetExams. The service is hosted on a separate but trusted
domain. It returns data similar to the following:
1 [{"Vendor" : "Microsoft",
2 "Exams" :
3 [{"Number":"70-486", "Link":"www.udemy.com/70-486"},
4 {"Number":"70-487", "Link":"www.udemy.com/70-487"}]},
5 {"Vendor" : "BCD Train",
6 "Exams" :
7 [{"Number":"12-300", "Link":"www.bcdtrain.com/300"},
8 {"Number":"12-400", "Link":"www.bcdtrain.com/400"}]}]
The service can also return the previous data in the form of a function call as follows:
1 Callback([{"Vendor" : "Microsoft",
2 "Exams" : [{"Number":"70-486", "Link":"www.udemy.com/70-486"}]}]);
The Callback function's name is based on a query string parameter named Callback that is
passed to the service. You want to use jQuery to call the web service, and then call a
function named ProcessExams when the data is returned.
You need to write code to accomplish your goal.
Which code segment should you use?
1 $.getJSON('http://www.udemy.com/GetExams',
2 function(exams) {
3 ProcessExams(exams);
4 });
1 $.post('http://www.udemy.com/GetExams',
2 function(exams) {
4 });
1 $.ajax({
2 url: "http://www.udemy.com/GetExams",
3 dataType: "jsonp",
4 success: function(data) { (Correct)
6 }
7 });
1 $.get('http://www.udemy.com/GetExams',
2 function(exams) {
4 });
Explanation
You should use the following code segment: $.ajax({url:"http://www.udemy.com/GetExams",
dataType:"jsonp", success:function(exams) { ProcessExams(exams); }}); The ajax function
performs an Asynchronous JavaScript and XML (AJAX) request to the service. However, when a
service is in a di erent domain from the application, most modern web browsers do not call
client-script to inject data into a page for security reasons. Jsonp is a protocol that dynamically
creates a script tag and a function on the page to serve as a callback for the data being
returned from a service. For example, assume the following data is returned:
{"SomeProperty":"SomeValue"} Web browsers do not allow client-script to inject that data into
the page for security reasons since the data could be anything, such as a script that posts a
client cookie to some malicious site. Web services that utilize Jsonp transform the returned
data into the following: Callback({"SomeProperty":"SomeValue"}); jQuery determines the
Callback function's name. jQuery then executes the callback function, allowing you to access
the data, parse it, verify it, and inject it into the page if necessary. You should not use the
following code segment: $.getJSON('http://www.udemy.com/GetExams', function(exams) {
ProcessExams(exams); }); Although you can use the getJSON function, you must specify jsonp
as the data type since it allows you to access web services across domains. The getJSON
function issues an HTTP GET request that returns JavaScript Object Notation (JSON) data. You
should not use the following code segment: $.post('http://www.udemy.com/GetExams',
function(exams) { ProcessExams(exams); }); Although you can use the post function, you must
specify jsonp as the data type since it allows you to access web services across domains. The
post function issues an HTTP POST request. You should not use the following code segment:
$.get('http://www.udemy.com/GetExams', function(exams) { ProcessExams(exams); });
Although you can use the get function, you must specify jsonp as the data type since it allows
you to access web services across domains. The get function issues an HTTP GET request.
References: Category: Ajax (http://api.jquery.com/category/ajax/); jQuery.getJSON()
(http://api.jquery.com/jQuery.getJSON/); jQuery.ajax() (http://api.jquery.com/jQuery.ajax/);
jQuery.post() (http://api.jquery.com/jQuery.post/); jQuery.get()
(http://api.jquery.com/jQuery.get/);
Question 15: Incorrect
QUESTION
You need to determine the minimum number of controllers and actions for the
application.
How many controllers and actions do you need?
One controller with one action
Two controllers with one action each
 Two controllers with two actions each (Incorrect)
One controller with two actions (Correct)
Explanation
You need a minimum of one controller with two actions. In this scenario, you have two views.
One view allows users to view a list of videos. The other view allows users to watch a single
video. Each view should correspond with an action, and a single controller can contain
multiple actions. You should not use two controllers with one action each. In general, you
should use one controller per area of concern. In this scenario, the only area of concern is
videos. References: ASP.NET MVC Overview (https://docs.microsoft.com/en-us/previous-
versions/aspnet/web-frameworks/dd381412(v=vs.108)); ASP.NET Routing
(https://msdn.microsoft.com/en-us/library/cc668201.aspx);
You have an on-premise application that must broadcast one-way messages to ve Azure
Worker role instances. You have decided to use the Azure Service Bus for sending the
messages from the on-premise application to the Azure Worker roles.
Which Service Bus Relay Binding should you use?
WebHttpRelayBinding
BasicHttpRelayBinding
NetEventRelayBinding (Correct)
NetTcpRelayBinding
Explanation
You should use NetEventRelayBinding. The NetEventRelayBinding allows for publishers to
broadcast one-way messages to multiple subscribers using the Azure Service Bus. You should
not use BasicHttpRelayBinding. The BasicHttpRelayBinding is used to communicate with
services that adhere to the WS-I Basic Pro le 1.1. It is comparable to the WCF
BasicHttpBinding. You should not use NetTcpRelayBinding. The NetTcpRelayBinding is an
e cient bi-directional binding. Relayed and Hybrid connection modes are supported. The
relayed connection mode routes all tra c through the service bus with no direct connection
between the client and the service. The hybrid connection mode begins the connection in
relay mode and then attempts to switch to a direct connection if possible. It is comparable to
the WCF NetTcpBinding. You should not use WebHttpRelayBinding. The WebHttpRelayBinding
is used to expose a REST-style endpoint to clients. It is comparable to the WCF
WebHttpBinding. References: NetEventRelayBinding Class (https://docs.microsoft.com/en-
us/dotnet/api/microsoft.servicebus.neteventrelaybinding?view=azure-dotnet);
You are creating an ASP.NET web application. You want to cache a page in the application
for four minutes. A di erent version of the cached page must exist for every distinct set of
query string parameters passed to the page.
You need to declare the OutputCache directive for the page.
Which directive should you use?
<%@ OutputCache Duration="240" VaryByControl="Any" %>
<%@ OutputCache Duration="240" VaryByParam="None" %>
<%@ OutputCache Duration="240" VaryByParam="*" %> (Correct)
<%@ OutputCache Duration="240" VaryByControl="All" %>
Explanation
You should use the following page directive: <%@ OutputCache Duration="240"
VaryByParam="*" %> The Duration attribute of the OutputCache page directive speci es the
number of seconds that a page or user control should be cached. In this scenario, you should
set the value to 240 because the page must be cached for four minutes. The VaryByParam
attribute speci es the query string or HTTP POST parameters that create di erent versions of
the cached page. An asterisk (*) indicates that every distinct combination of query string
parameter values or HTTP POST parameter values should create a di erent cached version of
the page. You should not use the following page directive: <%@ OutputCache Duration="240"
VaryByParam="None" %> The VaryByParam attribute is set to None, causing a single version
of the cached page to exist, regardless of the query string parameter values passed to the
page. You should not use the following page directive: <%@ OutputCache Duration="240"
VaryByControl="Any" %> The VaryByControl attribute allows you to specify a list of control IDs
for controls whose values should be used to generate di erent versions of a cached page. In
this scenario, you need to generate di erent versions of the cached page based on query
string parameter values, not control values. You should not use the following page directive:
<%@ OutputCache Duration="240" VaryByControl="All" %> The VaryByControl attribute allows
you to specify a list of control IDs for controls that should be used to generate di erent
versions of a cached page. References: How to: Set the Cacheability of an ASP.NET Page
Declaratively (https://msdn.microsoft.com/en-us/library/zd1ysf1y.aspx); Caching Multiple
Versions of a Page (https://msdn.microsoft.com/en-us/library/xadzbzd6.aspx);
Question 18: Correct
QUESTION
You make appropriate changes to the de nition of the WatermarkIconWriter class so that
it can be used as a route handler.
You need to ensure that the ProcessRequest method of the WatermarkIconWriter class is
called when users request les from the images subfolder.
1 RouteTable.Routes.RouteExistingFiles = false;
2
3 RouteTable.Routes.MapPageRoute(null, "WatermarkIconWriter", "images/{name}")
1 RouteTable.Routes.RouteExistingFiles = true;
2
3 RouteTable.Routes.MapRoute("WatermarkIconWriter", "images/{name}");
 1 WatermarkIconWriter writer = new WatermarkIconWriter();

2
3 Route imageRoute = new Route("images/{name}", writer);
4
(Correct)
5 RouteTable.Routes.RouteExistingFiles = true;
6
7 RouteTable.Routes.Add("image", imageRoute);
1 WatermarkIconWriter writer = new WatermarkIconWriter();

2
3 Route imageRoute = new Route("images/{name}", writer);
4
5 RouteTable.Routes.RouteExistingFiles = false;
6
7 RouteTable.Routes.Add("image", imageRoute);
Explanation
You should use the following code segment: WatermarkIconWriter writer = new
WatermarkIconWriter(); Route imageRoute = new Route("images/{name}", writer);
RouteTable.Routes.RouteExistingFiles = true; RouteTable.Routes.Add("image", imageRoute);
This code rst instantiates the WatermarkIconWriter class. The code then creates a new Route
instance, passing to it the URL pattern as the rst parameter and the WatermarkIconWriter
instance as the second parameter. Note that the WatermarkIconWriter class must implement
IRouteHandler to be passed as the second parameter to the Route constructor. Next the code
sets the RouteExistingFiles property of the RouteCollection class to true. This is necessary
because by default ASP.NET Routing does not process physical les in the routing pipeline.
Finally, the code adds the route to the route table. (Note that you may also need to set the
runAllManagedModulesForAllRequests attribute of the modules element to true in
Web.con g. By default, static les like .jpg and .htm are not processed by the ASP.NET request
pipeline.) You should not use the following code segment: WatermarkIconWriter writer = new
WatermarkIconWriter(); Route imageRoute = new Route("images/{name}", writer);
RouteTable.Routes.RouteExistingFiles = false; RouteTable.Routes.Add("image", imageRoute);
This code sets the RouteExistingFiles property to false. This is the default value, which
prevents physical les from being processed by ASP.NET Routing. You should not use the
following code segment: RouteTable.Routes.RouteExistingFiles = true;
RouteTable.Routes.MapRoute("WatermarkIconWriter", "images/{name}"); This code calls the
MapRoute method. This method is used by the ASP.NET MVC route handler. The rst
parameter of the MapRoute method speci es a distinct name of the route. In this scenario,
you are using a custom route. Therefore, you must call the Add method of the RouteCollection
class. You should not use the following code segment: RouteTable.Routes.RouteExistingFiles =
false; RouteTable.Routes.MapPageRoute(null, "WatermarkIconWriter", "images/{name}"); This
code calls the MapPageRoute method. The MapPageRoute method allows you to specify a
page to handle a speci c URL pattern. In this scenario, you are using a custom route handler.
Therefore, you must call the Add method of the RouteCollection class. Also, this code sets the
RouteExistingFiles property to false. This is the default value, which prevents physical les
from being processed by ASP.NET Routing. References: ASP.NET Routing
(https://msdn.microsoft.com/en-us/library/cc668201.aspx);
You have inherited an application that uses Forms Authentication. You are performing a
security audit and you need to ensure that the application is not vulnerable to session
hijacking.
The forms element in the web.con g le for the application has the following values:
1 <forms loginUrl="~/Account/Login"
2 timeout="2880"
3 protection="None"
4 cookieless="UseUri"
5 requireSSL="false" />
You need to provide the most secure con guration.
 Change the requireSSL attribute to true. (Correct)
 Change the protection attribute to All. (Correct)
Change the protection attribute to Encrypt.
 Change the cookieless attribute to UseCookies. (Correct)
Explanation
You should change the requireSSL attribute to true, change the protection attribute to All, and
change the cookieless attribute to UseCookies. When a user submits their credentials, it is
crucial that the posted data is encrypted. If the data is not encrypted, the credentials could be
stolen through network tra c eavesdropping. Requiring an SSL connection ensures that SSL
will be used. The UseCookies option is important because the alternative places the
authentication information in the URL. With the authentication data in the URL, the user's
session is vulnerable to attack even with the use of SSL. Setting the protection attribute to All
will cause Forms Authentication to issue encrypted and cryptographically signed cookies.
Doing this prevents attackers from viewing the data stored in the cookie and also prevents
tampering. If you set the attribute to Encrypt, it will not prevent tampering. References: forms
Element for authentication (ASP.NET Settings Schema) (https://msdn.microsoft.com/en-
us/library/1d3t3c61(v=vs.100).aspx); ASP.NET Forms Authentication Overview
(https://msdn.microsoft.com/en-us/library/7t6b43z4.aspx);
QUESTION
You need to ensure that the table header row in Views\Community\List.cshtml is set to
bold font.
1 th:nth-child(1) { font-weight: bold; }
 1 th { font-weight: bold; }
(Correct)
1 th:nth-child(0) { font-weight: bold; }
1 table+th { font-weight: bold; }
Explanation
You should use the following markup: th { font-weight: bold; } This rule applies to all th (table
header) elements. You should not use the following markup: th:nth-child(0) { font-weight: bold;
} The nth-child selector allows you to select a speci c element that is the nth child of its parent
element. The value in parenthesis represents the index of the speci c child element to which
the rule applies. The index is one-based. Therefore, th:nth-child(0) is invalid. You should not
use the following markup: table+th { font-weight: bold; } This applies to th elements that are
siblings of table elements. No rows would be in bold font because there are no th elements
that are siblings of table elements. You should not use the following markup: th:nth-child(1) {
font-weight: bold; } The nth-child selector allows you to select a speci c element that is the nth
child of its parent element. The value in parenthesis represents the one-based index of the
speci c child element to which the rule applies. In this scenario, th:nth-child(1) selects the rst
th element of its parent element, which is the table element. This markup applies to the rst
cell of each table header row. References: Pseudo-classes (https://developer.mozilla.org/en-
US/docs/Web/CSS/Pseudo-classes); Combinators and groups of selectors
(https://developer.mozilla.org/en-
US/docs/Learn/CSS/Introduction_to_CSS/Combinators_and_multiple_selectors);
You create a chat service at ws://chat.udemy.com that allows users to chat with support
personnel on a web page. The web page supports HTML5 and contains the following
markup and script:
1 <script type="text/javascript">
2 function writeMessage(message) {
3 var p = document.createElement("p");
4 p.style.wordWrap = "break-word";
5 p.innerHTML = message; output.appendChild(p);
6 }
7 <script>
8 <div id="chatDiv"></div>
When a message is received from support personnel, you need to call the writeMessage
function with the message that is received.
 1 worker = new Worker("ws://chat.udemy.com");

2 worker.addEventListener("onmessage", function(msg) {
3 writeMessage(msg.source); (Incorrect)
4 });
1 socket = new WebSocket("ws://chat.udemy.com");

2 socket.onmessage = function(msg) {
3 writeMessage(msg.data); (Correct)
4 };
1 worker = new Worker("ws://chat.udemy.com");

2 worker.onmessage = function(msg) {
3 writeMessage(msg.data);
4 };

2 socket.addEventListener("onmessage", function(msg) {
3 writeMessage(msg.source);
4 });
Explanation
You should use the following code segment: socket = new WebSocket("ws://chat.udemy.com");
socket.onmessage = function(msg) { writeMessage(msg.data); }; This code handles the
message event of the WebSocket object. In this scenario, the chat service is implemented as a
WebSocket host, which is identi ed by the ws URL scheme. The message event is raised when
a message is sent from the server to the browser. The data property of the event argument
contains the message that is sent from the server. You should not use the following code
segment: worker = new Worker("ws://chat.udemy.com"); worker.onmessage = function(msg) {
writeMessage(msg.data); }; The Worker object represents a web worker. A web worker allows
you to spawn a background script from a user interface thread, allowing the background script
to run without blocking the user interface thread. In this scenario, you need to use the
WebSocket object. You should not use the following code segment: socket = new
WebSocket("ws://chat.udemy.com"); socket.addEventListener("onmessage", function(msg) {
writeMessage(msg.source); }); This code uses the addEventListener function to register an
event handler for an event named onmessage. When you use addEventListener, you should
not specify the "on" pre x for an event name. Also, this code calls the writeMessage function
with the source property of the event argument instead of the data property. The source
property identi es the Document Object Model (DOM) element that raised an event. You
should not use the following code segment: worker = new Worker("ws://chat.udemy.com");
worker.addEventListener("onmessage", function(msg) { writeMessage(msg.source); }); First,
this code uses the Worker object, which represents a web worker. A web worker allows you to
spawn a background script from a user interface thread, allowing the background script to run
without blocking the user interface thread. Second, this code uses the addEventListener
function to register an event handler for an event named onmessage. When you use
addEventListener, you should not specify the "on" pre x for an event name. Third, this code
calls the writeMessage function with the source property of the event argument instead of the
data property. The source property identi es the Document Object Model (DOM) element that
raised an event. References: WebSocket (https://developer.mozilla.org/en-
US/docs/Web/API/WebSocket); HTML Living Standard
(https://html.spec.whatwg.org/multipage/comms.html); Web Workers
(https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers);
You are part of a team developing a large ASP.NET web site. You are using AppCache for
data caching. You are presented with the manifest le shown in the exhibit.
Based on the manifest, which le will be cached?
scripts/angular.min.js
styles/patients/visits.css
scripts/thirdparty/animate.js
 images/unavailable.png (Correct)
Explanation
All the les and directories listed in the CACHE section and the fallback resources in the
FALLBACK section of the manifest will be cached. The FALLBACK section speci es a resource
lename or directory and a fallback if the resource is unavailable. Because
images/unavailable.png is the fallback, it must be cached. The le scripts/angular.min.js will
not be cached. Only the scripts/reference directory is cached, not the scripts directory.
Because angular.min.js is not listed in the CACHE section and its parent directory is not
cached, the le is not cached. The same applies to scripts/thirdparty/animate.js. Since the
thirdparty directory is not cached, animate.js is not cached either. Although content.css is
cached, styles/patients/visits.css is not. The patients folder under the styles folder is not
cached. References: Application Cache API ("AppCache") (https://technet.microsoft.com/en-
us/windows/hh673545(v=vs.60));
You create an ASP.NET MVC application. You create the following controller class:
1 public class InvoiceController : Controller
2 {
3 public ActionResult List()
4 {
5 return View();
6 }
7 }
Only authenticated users must be able to invoke the List method. If an unauthenticated
user attempts to invoke the List method, the user must be redirected to the logon page.
You need to apply the appropriate attribute to the List method.
Which attribute should you apply to the method?
SecureMethod
SecurityRole
 Authorize (Correct)
PrincipalPermission
Explanation
You should apply the Authorize attribute to the List method. The Authorize attribute restricts a
controller action to only authenticated users, speci c users, or users who are members of
speci c roles. You should not apply the SecureMethod attribute to the method. Enterprise
Services uses this attribute to ensure that method calls are made through an interface. You
should not apply the SecurityRole attribute to the method. Enterprise Services uses this
attribute to add roles to a COM+ application. You should not apply the PrincipalPermission
attribute to the method. Although you can use this attribute to restrict access to the method,
an authenticated user will receive an exception rather than be redirected to the application's
logon page. References: AuthorizeAttribute Class (https://docs.microsoft.com/en-
SecureMethodAttribute Class (https://msdn.microsoft.com/en-
us/library/system.enterpriseservices.securemethodattribute.aspx); SecurityRoleAttribute Class
us/library/system.enterpriseservices.securityroleattribute.aspx); PrincipalPermissionAttribute
Class (https://msdn.microsoft.com/en-
us/library/system.security.permissions.principalpermissionattribute.aspx);
You are implementing an ASP.NET page that allows users to design basic two-dimensional
shapes. A shape is represented by a Shape class in your application's code. As users change
the dimensions of a shape, your page sends a post back to the server to recalculate the
shape's area and perimeter.
You want to use the ViewState object to save a Shape instance across page postbacks.
Which attribute should you apply to the Shape class?
 Serializable (Correct)
CLSCompliant
DataObject
ContractClass
Explanation
You should ensure that the Shape class is serializable by applying the Serializable attribute to
the class. If the class is not serializable, it cannot be stored in a page's view state, which is
represented by the server-side ViewState object. A page's view state is stored as an encrypted
string in a hidden input eld and written to the browser. When a page posts back to the
server, the data in the hidden input eld is used to repopulate the server-side ViewState
object. You should not apply the CLSCompliant attribute to the class. This attribute indicates
that a type is common language speci cation (CLS)-compliant. This has no e ect on the ability
to store instances of a type in the ViewState object. You should not apply the ContractClass
attribute to the class. This attribute allows you to designate a separate class that supplies the
code contracts for an interface. This has no e ect on the ability to store instances of a type in
the ViewState object. You should not apply the DataObject attribute to the class. This attribute
indicates that a class can be bound to an ObjectDataSource control. It has no e ect on the
ability to store instances of a type in the ViewState object. References: Understanding ASP.NET
View State (https://msdn.microsoft.com/en-us/library/ms972976.aspx); SerializableAttribute
Class (https://msdn.microsoft.com/en-us/library/system.serializableattribute(v=vs.110).aspx);
Code Contracts (https://docs.microsoft.com/en-us/dotnet/framework/debug-trace-
pro le/code-contracts); CLSCompliantAttribute Class (https://msdn.microsoft.com/en-
us/library/system.clscompliantattribute(v=vs.110).aspx); DataObjectAttribute Class
us/library/system.componentmodel.dataobjectattribute(v=vs.110).aspx);
You are completing the development of a ticket purchasing system for a popular concert
venue. You anticipate very heavy tra c on the event status page of the site as tickets
become available for purchase. The action method is de ned below (line numbers are
included for reference purposes only):
1 01 [HttpGet]
2 02
3 03 public ActionResult Status(string id)
4 04 {
5 05
6 06 }
To conserve resources, you must ensure that the output from this view is cached for one
minute. You must also ensure that the output is not cached in the browser or on any proxy
servers.
Which attribute parameters should you add to line 02?
[OutputCache(Duration = 60, VaryByParam = "*", Location = "Any")]
[OutputCache(Duration = 1, VaryByParam = "id", Location = "Server")]
[OutputCache(Duration = 60, VaryByParam = "*", Location = "Downstream")]
 [OutputCache(Duration = 60, VaryByParam = "*", Location = "Server")] (Correct)
[OutputCache(Duration = 1, VaryByParam = "id", Location = "Any")]
[OutputCache(Duration = 1, VaryByParam = "id", Location = "Downstream")]
Explanation
You should use: [OutputCache(Duration = 60, VaryByParam = "*", Location = "Server")] By
applying this attribute to the Status controller action, the view output will be cached for 60
seconds. VaryByParam="*" will ensure that a unique version of the output will be cached for
each distinct id value. Location = "Server" will ensure that the output is only cached on the
server and not on any downstream device. You should not use: [OutputCache(Duration = 1,
VaryByParam = "id", Location = "Server")] [OutputCache(Duration = 1, VaryByParam = "id",
Location = "Downstream")] [OutputCache(Duration = 60, VaryByParam = "*", Location =
"Downstream")] [OutputCache(Duration = 1, VaryByParam = "id", Location = "Any")]
[OutputCache(Duration = 60, VaryByParam = "*", Location = "Any")] With Duration set to 1, the
view output would only be cached for one second. With Location set to Downsteam, the
output will be cached on any proxy devices excluding the origin server. With Location set to
Any, the output can be cached on the client, any proxy servers, and on the origin server.
References: Improving Performance with Output Caching (C#) (https://docs.microsoft.com/en-
us/aspnet/mvc/overview/older-versions-1/controllers-and-routing/improving-performance-
with-output-caching-cs);
QUESTION
You create the following controller class:
1 public class VideoController : Controller

2 {
3 }
You need to create the action that allows users to watch videos.
Which code segment should you add to the class?
1 public void WatchVideo(int id)

2 {
3 var video = VideoShare.Models.Video.AllVideos.SingleOrDefault(v => v.Id ==
4 View(video);
5 }
 1 public ActionResult Watch(int id)

2 {
3 var video = VideoShare.Models.Video.AllVideos.SingleOrDefault( (Correct)
4 return View(video);
5 }
1 [ActionName("Watch")]
2 public void WatchVideo(int id)
3 {
4 View(id);
5 }
1 [ActionName("Watch")]
2 public ActionResult Watch(int id)
3 {
4 return View(id);
5 }
Explanation
You should use the following code segment: public ActionResult Watch(int id) { var video =
VideoShare.Models.Video.AllVideos.SingleOrDefault(v => v.Id == id); return View(video); }
Action methods that display views must return a ViewResult instance. ViewResult is derived
from ActionResult, so you can use ActionResult as the return value for an action method. This
code rst nds the video that matches the speci ed ID. It then calls the View method, passing
to it the found Video instance. This works because the Watch view uses the Video class as its
model, as shown in this code segment from line WA01: @model VideoShare.Models.Video You
should not use the following code segment: public void WatchVideo(int id) { var video =
VideoShare.Models.Video.AllVideos.SingleOrDefault(v => v.Id == id); View(video); } This code
uses void as the return type. Therefore, nothing is rendered in the browser. Also, either the
name of the method must be Watch, or you must apply the ActionName attribute and set its
parameter to Watch. The reason the action name must be set to Watch is due to LI11:
@Html.ActionLink(video.Title, "Watch", new { id=video.Id }); The second parameter to the
Html.ActionLink method speci es the name of the action. You should not use the following
code segment: [ActionName("Watch")] public ActionResult Watch(int id) { return View(id); } This
code passes the ID of the video to the View method. Because the Watch view does not use an
integer as its model, an exception gets thrown when the view is rendered. This code uses the
ActionName attribute to specify the name of the action. This is not necessary when the action
name matches the method name. By default, MVC uses the name of the method as the action
name. You should not use the following code segment: [ActionName("Watch")] public void
WatchVideo(int id) { View(id); } First, this code uses void as the return type. Therefore, nothing
is rendered in the browser. Second, this code passes the ID of the video to the View method.
However, the Watch view expects a model of type Video. This code uses the ActionName
attribute to specify the name of the action. Because the name of the method is WatchVideo,
the ActionName attribute is necessary to set the name of the action to Watch. The reason the
action name must be set to Watch is due to LI11: @Html.ActionLink(video.Title, "Watch", new {
id=video.Id }); The second parameter to the Html.ActionLink method speci es the name of the
action. References: ASP.NET MVC Overview (https://docs.microsoft.com/en-
us/aspnet/mvc/overview/older-versions-1/overview/asp-net-mvc-overview); ASP.NET Routing
(https://msdn.microsoft.com/en-us/library/cc668201.aspx); Controller.View Method
(https://msdn.microsoft.com/en-us/library/dd460331.aspx); ActionNameAttribute Class
(https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.actionnameattribute?
view=aspnetcore-2.1); Controllers and Action Methods in ASP.NET MVC Applications
frameworks/dd410269(v=vs.100)); Views and UI Rendering in ASP.NET MVC Applications
Your team is adding OWIN forms authentication to an existing ASP.NET application.

Another developer writes the following code segment:
1 public async bool Register(string userName, string password)

2 {
3 var userManager = new UserManager<IdentityUser>(new UserStore<IdentityUser>());
4 var user = new IdentityUser{ UserName=userName };
5 var result = await userManager.CreateAsync(user, password);
6 return result.Succeeded;
7 }
You need to modify the Web.con g le to ensure that this code successfully saves the
registered user.
Which con guration should you use?
 1 <connectionStrings>
2 <add name="DefaultConnection" connectionString="Data Source=
3 AttachDbFilename=|DataDirectory|\WebFormsIdentity.mdf;
4 Initial Catalog=WebFormsIdentity;Integrated Security=True" (Correct)
5 providerName="System.Data.SqlClient" />
6 </connectionStrings>
1 <system.webServer>
2 <modules>
3 <add name="WebFormsIdentity" type="Microsoft.AspNet.Identity.Identit
4 Version=1.0.0.0" />
5 </modules>
6 </system.webServer>
1 <appSettings>
2 <add key="EnableAspNetIdentity" value="true" />
3 <add key="UseDefaultIdentityStore" value="true" />
4 </appSettings>
1 <authentication mode="Forms" />

2 <identity impersonate="false" />
Explanation
You should use the following con guration: This con guration de nes an Entity Framework
connection string named DefaultConnection. When you create an instance of UserStore by
using the default constructor, it searches the Web.con g le for an Entity Framework
connection string named DefaultConnection. The UserStore class is the Entity Framework
implementation of IUserStore, which is an interface that represents the backend data store for
users. You should not use the following con guration: This con guration enables ASP.NET
forms authentication and disables impersonation. Impersonation allows a web application to
run under the context of the user whose access token is passed from IIS to ASP.NET. In this
scenario, you are implementing OWIN forms authentication, not ASP.NET forms
authentication. You should not use the following con guration: ASP.NET Identity does not use
con guration in the appSettings section to function. You should not use the following
con guration: This con guration attempts to register an HTTP module implemented in the
IdentityExtensions class. However, this class does not implement IHttpModule, which is
required for a class to be registered as an HTTP module. References: Adding ASP.NET Identity
to an Empty or Existing Web Forms Project (https://docs.microsoft.com/en-
us/aspnet/identity/overview/getting-started/adding-aspnet-identity-to-an-empty-or-existing-
web-forms-project); Introduction to ASP.NET Identity (https://docs.microsoft.com/en-
us/aspnet/identity/overview/getting-started/introduction-to-aspnet-identity); Understanding
OWIN Forms authentication in MVC 5
(https://blogs.msdn.microsoft.com/webdev/2013/07/03/understanding-owin-forms-
authentication-in-mvc-5/); ASP.NET Forms Authentication Overview
(https://msdn.microsoft.com/en-us/library/7t6b43z4.aspx); ASP.NET Impersonation
(https://msdn.microsoft.com/en-us/library/xh507fc5(v=vs.100).aspx);
QUESTION
You are implementing localization for the application. You create a le named Strings.resx
in the App_GlobalResources folder of the project. The le is shown in the exhibit.
You need to ensure that the resource values are used when you display community data
on the Views\Community\List.cshtml page.
What should you do?
Apply the Display attribute to each property in the CommunityMetadata

(Correct)
class.
Replace each call to Html.DisplayNameFor with Html.DisplayFor in List.cshtml.
Replace each call to Html.DisplayNameFor with Html.Display in List.cshtml.
 Apply the DisplayName attribute to each property in the

(Incorrect)
CommunityMetadata class.
Explanation
You should add the following markup as a child of the video element: Training video
(Training.webm) The HTML5 video element supports automatic browser feature detection. If
the browser does not natively support the video element or the video format, the markup
between the open and closing video tags gets rendered. You should not add the following
markup as a child of the video element: @Html.RenderPartial("Training video
(Training.webm)"); The Html.RenderPartial method allows you to render partial markup from
another page on the current page. You should not add the following markup to the
Training.cshtml page: The Html.ActionLink method allows you to render a link to a controller
action. The rst parameter speci es the text of the link. The second parameter speci es the
name of the controller action. You should not add the following markup to the Training.cshtml
page: The Html.RenderPartial method allows you to render partial markup from another page
on the current page. References: DisplayExtensions Class (https://docs.microsoft.com/en-
us/previous-versions/aspnet/web-frameworks/ee292033(v=vs.118));
You need to troubleshoot a problem with an application that is hosted on an Azure Web
role. You would like to connect directly to the services using the Remote Desktop Protocol
(RDP).
What are the requirements for establishing an RDP connection to your service? (Each
correct answer presents part of the solution. Choose all that apply.)
You must import the RemoteForwarder module on the service de nition le for each
service that should allow an RDP connection.
 You must use Azure Active Directory in order for the instance to
(Incorrect)
authenticate and authorize the RDP session.
 You must use a password protected certi cate when connecting to the
(Correct)
service using RDP.
 You must import the RemoteAccess module on the service de nition le

(Correct)
for each service that will allow an RDP connection.
The services must be Windows Virtual machine instances and not Web or Worker Role
instances.
Explanation
You must use a password protected certi cate when connecting to the service using RDP. You
must also import the RemoteAccess module on the service de nition le for each service that
should allow an RDP connection. The services are not required to be a speci c type. You are
permitted to establish RDP connections to Web and Worker roles alike. You are not required
to use Azure Active Directory for the instance to authenticate and authorize the RDP session.
You must not import the RemoteForwarder module on the service de nition le for each
service that will allow an RDP connection. You must pick one role that will forward the tra c
to the other instances. References: Enable Remote Desktop Connection for a Role in Azure
Cloud Services using Visual Studio (https://docs.microsoft.com/en-gb/azure/cloud-
services/cloud-services-role-enable-remote-desktop-visual-studio); Enable Remote Desktop
Connection for a Role in Azure Cloud Services (https://docs.microsoft.com/en-gb/azure/cloud-
services/cloud-services-role-enable-remote-desktop-new-portal);
You create an Azure worker role service. When the role is stopping, you must execute a
process named Cleanup.exe before the role is actually stopped.
You need to add a method to the role.
1 public override void OnStop() {

2 try {
3 Process.Start("Cleanup.exe");
4 } catch { // Omitted } }
 1 public async override void OnStop() {

2 try {
3 Task task = new Task(() => Process.Start("Cleanup.e (Incorrect)
4 task.Wait();
1 public override void OnStop() {

2 try {
3 Process.Start("Cleanup.exe").WaitForExit(); (Correct)
4 base.OnStop();
1 public async override void OnStop() {

2 try {
3 base.OnStop();
4 Process.Start("Cleanup.exe");
Explanation
You should use the following code segment: public override void OnStop() { try {
Process.Start("Cleanup.exe").WaitForExit(); base.OnStop(); } catch { // Omitted } } The OnStop
method is called when a role is being stopped. Within the body of the method, you should rst
call the Start method of the Process class to start the Cleanup.exe process. The Start method
returns a Process instance. You should call the WaitForExit method of that instance to block
the current thread until the Cleanup.exe process completes. Finally, you should call the base
OnStop method to notify Azure that your role-cleanup functionality is complete. You should
not use the following code segment: public async override void OnStop() { try { Task task = new
Task(() => Process.Start("Cleanup.exe")); task.Wait(); } catch { // Omitted } } This code does not
call the base OnStop method. Also, it does not wait until the Cleanup.exe process completes.
To do so, you must call the WaitForExit method of the Process class. You should not use the
following code segment: public override void OnStop() { try { Process.Start("Cleanup.exe"); }
catch { // Omitted } } This code does not call the WaitForExit method of the Process class. Also,
it does not call the base OnStop method. You should not use the following code segment:
public async override void OnStop() { try { base.OnStop(); Process.Start("Cleanup.exe"); } catch
{ // Omitted } } This code calls the base OnStop method before it starts the Cleanup.exe
process. This might stop the role before the Cleanup.exe process has a chance to start.
References: RoleEntryPoint.OnStop Method () (https://msdn.microsoft.com/en-
us/library/microsoft.windowsazure.serviceruntime.roleentrypoint.onstop.aspx);
QUESTION
You need to con gure the authentication element in the Web.con g le.
<authentication mode="None"/> (Correct)
<authentication mode="Passport"/>
<authentication mode="Windows"/>
 <authentication mode="Forms"/> (Incorrect)
Explanation
You should use the following con guration: This disables ASP.NET authentication for the
application, which is necessary for the application to use the claims-based security token
service. You should not use the following con guration: This con gures the application to use
Windows authentication. However, in this scenario, the application uses a claims-based
security token service that accepts client certi cates. You should not use the following
con guration: This con gures the application to use forms authentication, which displays a
login page for the user to enter credentials. However, in this scenario, the application uses a
claims-based security token service that accepts client certi cates. You should not use the
following con guration: This con gures the application to use Microsoft authentication, which
uses a separate hosted service to collect user credentials and send back a token. However, in
this scenario, the application uses a claims-based security token service that accepts client
certi cates. References: ASP.NET Authentication (https://msdn.microsoft.com/en-
us/library/eeyk640h.aspx); Federated Identity - Passive Authentication for ASP.NET with WIF
(https://msdn.microsoft.com/en-us/magazine/ 872350.aspx);
You are creating an ASP.NET MVC application, and you need to leverage the new HTML5
elements.
You need to ensure that optional content can be open or closed using a standard widget.
Which element should you use?
<details> (Correct)
 <aside> (Incorrect)
<article>
<summary>
Explanation
Because the details element is intended for additional information that can be collapsed, it is a
good t for this scenario. It is used in conjunction with the summary element. The article tag
de nes an article in the document and the content cannot be open or closed (unless you add
functionality to support it). The aside element is intended for supplemental information such
as a sidebar or an advertisement. Although the summary element is used with the details
element, it displays a visible heading for collapsible information. References: HTML5 Semantic
Elements (https://www.w3schools.com/htmL/html5_semantic_elements.asp);
QUESTION
You need to ensure that the List content is embedded in the Layout page when the List
page is displayed to the user.
Which code segment should you insert at line LY10?
@RenderSection("body")
@Scripts.Render("List.cshtml")
 @RenderPage("List.cshtml", null); (Incorrect)
@Scripts.Url("List.cshtml")
@RenderBody() (Correct)
Explanation
You should use the following code segment: @RenderBody() This renders the content page
within a layout page. The layout page is analogous to a master page in an ASP.NET web forms
application. You should not use the following code segment: @Scripts.Render("List.cshtml")
The Render method of the Scripts class allows you to render
You create an ASP.NET application that authenticates Active Directory domain users. You
provide a custom login page that allows users to enter their credentials.
You need to choose an authentication method for the application.
Which authentication method should you use? (More than one answer choice may be
correct. Choose the BEST answer.)
None
 Forms (Correct)
Federated
Windows
Explanation
You should use Forms authentication because you provide a custom login page for users. You
can use Active Directory application programming interface (API) calls to authenticate the
users. You should not use Federated authentication. This authentication method allows users
to authenticate with one domain and access services hosted on another domain. You should
not set the authentication mode to None. This indicates that no authentication mechanism
should be used. To use a custom login page, you should set the authentication mode to
Forms. You should not use Windows authentication. You cannot use a custom login page with
Windows authentication without writing a custom HTTP module. References: ASP.NET
Authentication (https://msdn.microsoft.com/en-us/library/eeyk640h.aspx); Federated Identity -
Passive Authentication for ASP.NET with WIF (https://msdn.microsoft.com/en-
us/magazine/ 872350.aspx);

You create a chat service at ws://chat.udemy.com that allows users to chat with support
personnel on a web page. The web page supports HTML5 and contains the following
function to send a message from the user to the service:
1 function sendMessage(message) {
2 }
You need to implement the function.

2 socket.send(message); (Correct)
1 worker = new Worker("ws://chat.udemy.com");

2 worker.postMessage(message, "send");
 1 worker = new Worker("ws://chat.udemy.com");

2 worker.postMessage(message); (Incorrect)
1 socket = new WebSocket("ws://chat.udemy.com", message);

2 socket.send();
Explanation
You should use the following code segment: socket = new WebSocket("ws://chat.udemy.com");
socket.send(message); In this scenario, the chat service is implemented as a WebSocket host,
which is identi ed by the ws URL scheme. The send method of the WebSocket object allows
you to send a message from the browser to the service. You should not use the following code
segment: socket = new WebSocket("ws://chat.udemy.com", message); socket.send(); You must
specify the message to be sent as a parameter to the send method. You should not use the
following code segment: worker = new Worker("ws://chat.udemy.com");
worker.postMessage(message); The Worker object represents a web worker. A web worker
allows you to spawn a background script from a user interface thread, allowing the
background script to run without blocking the user interface thread. In this scenario, you need
to use the WebSocket object. You should not use the following code segment: worker = new
Worker("ws://chat.udemy.com"); worker.postMessage(message, "send"); The Worker object
represents a web worker. A web worker allows you to spawn a background script from a user
interface thread, allowing the background script to run without blocking the user interface
thread. In this scenario, you need to use the WebSocket object. References: WebSocket
(https://developer.mozilla.org/en-US/docs/Web/API/WebSocket); HTML Living Standard
(https://html.spec.whatwg.org/multipage/comms.html); Web Workers
(https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-
developer/dev-guides/hh673568(v=vs.85));
QUESTION
You need to ensure that the link to the video is displayed for users whose browser does
not support playing the video natively.
What should you do?
Modify line WA03 by adding the following attribute:

1 src="~/VideoService.asmx?Id=@Model.Id"
Add the following markup between lines WA04 and WA05:

1 <a href="~/VideoService.asmx?Id=@Model.Id" /> (Correct)
 Add the following markup between lines WA04 and WA05:

1 @Html.ActionLink("~/VideoService.asmx?Id={0}", "Id"); (Incorrect)
Modify line WA03 by adding the following attribute:

1 title="~/VideoService.asmx?Id=@Model.Id"
Explanation
You should add the following markup between lines WA04 and WA05: The video element is an
HTML5 semantic element that displays video natively. It allows multiple child source elements
and one additional content element. Each source element typically speci es a di erent
encoding. It attempts to play each source element in succession until it nds one that the
browser supports, and it uses the additional content element as a fallback if the browser does
not support any of the source elements. You should not modify line WA03 by adding the
following attribute: src="~/VideoService.asmx?Id=@Model.Id" The src attribute does not allow
the video element to display a link. The src attribute works the same as the child source
elements. The video element evaluates the src attribute rst. You should not add the following
markup between lines WA04 and WA05: @Html.ActionLink("~/VideoService.asmx?
Id=@Model.Id", ""); The Html.ActionLink method allows you to display a link to a controller
action. The rst parameter speci es the user-friendly text for the link. The second parameter
speci es the name of the controller action. In this markup, the action is empty. You should not
modify line WA03 by adding the following attribute: title="~/VideoService.asmx?Id=@Model.Id"
The title attribute speci es the tool tip for an element. References: (~/VideoService.asmx?
Id=@Model.Id){video}: The Video Embed element (https://developer.mozilla.org/en-
US/docs/Web/HTML/Element/video); title (https://developer.mozilla.org/en-
US/docs/Web/HTML/Global_attributes/title); LinkExtensions.ActionLink Method
You create an ASP.NET application that you plan to deploy to an Azure web role. You
enable Azure diagnostics. Your application contains the following code:
1 private void ValidateCard(string cardNumber, string cardType)

2 {
3 Trace.Assert(cardNumber.Length == 16, "A card number was not 16 characters.");
4 }
You need to con gure the application so that a message is written to the Application event
log if the length of the rst parameter of the ValidateCard method is not 16 characters in
length.
Which markup should you add to the Web.con g le?
1 <system.diagnostics>
2 <trace>
3 <listeners>
4 <add type="Microsoft.WindowsAzure.Diagnostics.Diagno
5 Version=1.0.0.0,
6 Culture=neutral,
7 PublicKeyToken=31bf3856ad364e35" (Correct)
8 name="AzureDiagnostics">
9 <filter type="" />
10 </add>
11 </listeners>
12 </trace>
13 </system.diagnostics>
1 <healthMonitoring enabled="true">
2 <providers>
3 <add name="ApplicationLog"
4 type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListe
5 Microsoft.WindowsAzure.Diagnostics,
6 Version=1.0.0.0,
7 Culture=neutral,
8 PublicKeyToken=31bf3856ad364e35" />
9 </providers>
10 </healthMonitoring>
1 <system.diagnostics>
2 <sources>
3 <source name="Application" switchName="Trace"
4 switchType="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTra
5 Microsoft.WindowsAzure.Diagnostics,
6 Version=1.0.0.0,
7 Culture=neutral,
8 PublicKeyToken=31bf3856ad364e35">
9 </sources>
10 </system.diagnostics>
 1 <system.webServer>
2 <tracing>
3 <traceProviderDefinitions>
4 <add name="Microsoft.WindowsAzure.Diagnostics.Diagn
5 Version=1.0.0.0,
6 Culture=neutral, (Incorrect)
7 PublicKeyToken=31bf3856ad364e35" />
8 </traceProviderDefinitions>
9 </tracing>
10 </system.webServer>
Explanation
You should use the following markup: This markup creates a trace listener. All trace messages
are sent to listeners that are de ned. The Trace.Assert method writes a trace message if the
expression speci ed in the rst parameter evaluates to false. The message written is
represented by the second parameter. To log trace messages to the Application log in Azure,
you should use the DiagnosticMonitorTraceListener class as the trace listener. You should not
use the following markup: This markup con gures health monitoring. Health monitoring
allows you to map events to providers, with each provider writing to a speci c log. You should
not use the following markup: The sources element allows you to de ne trace sources. You
can associate listeners with trace sources, allowing some trace messages to be sent to
di erent listeners from others. However, this con guration does not de ne any listeners.
Therefore, messages are not written to the Azure Application log. You should not use the
following markup: The tracing element of the system.webServer section allows you to
con gure tracing for failed requests. It does not log messages created by the Trace.Assert
method. References: Trace the ow of a Cloud Services application with Azure Diagnostics
(https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-dotnet-diagnostics-
trace- ow); ASP.NET Health Monitoring Overview
(https://msdn.microsoft.com/library/bb398933.ASPX); TraceSource Class
(https://msdn.microsoft.com/en-us/library/system.diagnostics.tracesource(v=vs.110).aspx);
Tracing {tracing} (https://docs.microsoft.com/en-
us/iis/con guration/system.webServer/tracing/);
QUESTION
You need to save the last watched movie.
The value of the movie ID to save is 100. Which code segment should you use?
1 HttpCookie cookie = new HttpCookie("LastWatchedMovie");

2 cookie.Value = 100;
3 cookie.Expires = DateTime.Now.AddDays(10);
4 Request.Cookies.Add(cookie);
 1 Response.Cookies["LastWatchedMovie"].Value = "100";
2 Response.Cookies["LastWatchedMovie"].Expires = DateTime.Now.AddD (Correct)
1 HttpContext context = HttpContext.Current;

2 context.Application.Set("LastWatchedMovie", 100);
3 context.Response.Expires = 10;
1 HttpContext context = HttpContext.Current;

2 context.Items.Add("LastWatchedMovie", 100);
3 context.Response.Expires = 10;
Explanation
You should store the data in a cookie. Cookies can be stored in the browser's memory or in a
persistent le on the user's computer. Persistent cookies are accessible after a user closes the
browser. When a user watches a video, the application can save the video identi er to a
persistent cookie. When the user visits the site again, the application can read data from the
cookie and automatically redirect the user to the video. To store the data in a cookie, you
should use the following code segment: Response.Cookies["LastWatchedMovie"].Value =
"100"; Response.Cookies["LastWatchedMovie"].Expires = DateTime.Now.AddDays(10); The rst
statement sets the value of a cookie named LastWatchedMovie to 100. The second code
statement sets that cookie's expiration date to 10 days from now. You should not use the
following code segment: HttpCookie cookie = new HttpCookie("LastWatchedMovie");
cookie.Value = 100; cookie.Expires = DateTime.Now.AddDays(10);
Request.Cookies.Add(cookie); This code correctly creates a new cookie, but it attempts to add
the cookie to the Request object. When saving cookies to a user's browser, you should use the
Response object. The Request object allows you to read existing cookies. You should not use
the following code segment: HttpContext context = HttpContext.Current;
context.Items.Add("LastWatchedMovie", 100); context.Response.Expires = 10; This code stores
data in the HTTP context. Data stored in the HTTP context is available for the duration of a
single request. You should not use the following code segment: HttpContext context =
HttpContext.Current; context.Application.Set("LastWatchedMovie", 100);
context.Response.Expires = 10; This code stores data in application state. Application state
maintains the same values for all users. References: ASP.NET State Management Overview
(https://msdn.microsoft.com/en-us/library/75x4ha6s.ASPX);
You are hosting an ASP.NET MVC web application in an Azure worker role and need to
con gure Windows Azure diagnostics 1.3 to gather telemetry data.
You are utilizing Azure SDK 2.8.1. You need to implement Azure diagnostics 1.3.
Which le should you download from your subscription?
ServiceDe nition.csdef
WadCon g.xsd (Correct)
 Diagnostics.wadcfg (Incorrect)
Web.con g
Explanation
You should download the WadCon g.xsd le. This le contains the schema for Windows Azure
Diagnostics that can be used to con gure the telemetry you want to collect. The le is
downloaded using: Get-AzureServiceAvailableExtension -ExtensionName 'PaaSDiagnostics' -
ProviderNamespace 'Microsoft.Azure.Diagnostics').PublicCon gurationSchema | Out-File -
Encoding utf8 -FilePath 'WadCon g.xsd' Visual Studio is then used to apply this schema to a
con guration le. You should not download and con gure the ServiceDe nition.csdef le. This
le can be used to con gure diagnostics in a project but does not allow you to choose what
telemetry to collect. You should not download and con gure the Web.con g le. This le is a
part of the application and is not used to control Azure diagnostics. You should not download
and con gure the Diagnostics.wadcfg le. On releases of the Azure SDK prior to version 2.5.1,
this would have been the correct le to download. Since version 2.5.1, this is no longer the
recommended approach. References: Enabling Azure Diagnostics in Azure Cloud Services
(https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-dotnet-diagnostics);
Use the Azure Diagnostics Con guration File in Azure SDK 2.4 and earlier
(https://msdn.microsoft.com/en-us/library/azure/hh411551.aspx);
QUESTION
You need to meet the technical requirement for eavesdropping.
Which security feature should you use?
 Secure Sockets Layer (SSL) (Correct)
Anti-forgery tokens
Symmetric encryption
HTTP request validation
Explanation
You should use Secure Sockets Layer (SSL). SSL prevents eavesdropping by encrypting the
communication between the client and server. It uses asymmetric encryption to help eliminate
the ability for the communication to be compromised. You should not enable HTTP request
validation to prevent eavesdropping. Request validation helps prevent cross-site scripting
(XSS) attacks. You should not use an anti-forgery token. This helps prevent replay attacks, but
it does not prevent eavesdropping. You should not use symmetric encryption. This relies on
shared keys to encrypt and decrypt data. If a hacker obtains the shared key, the hacker can
decrypt the encrypted videos. References: Chapter 12: Security
(https://docs.microsoft.com/en-us/previous-versions/msp-n-p/hh404095(v=pandp.10));
QUESTION
The WatermarkIconWriter class creates the watermark on a video icon when it is displayed.
Which two interfaces should the class implement? (Each correct answer presents part of
the solution. Choose two.)
IRouteHandler (Correct)
 IHttpHandler (Correct)
 IHttpModule (Incorrect)
IRouteConstraint
Explanation
You should implement IHttpHandler. This interface represents an HTTP handler. HTTP
handlers are endpoints that process HTTP requests. In this scenario, the HTTP handler can
overlay the image with a watermark by using the Graphics class. You should also implement
IRouteHandler. This interface represents a route handler. Route handlers map URL patterns to
HTTP handlers. This way, whenever requests to les in the images subfolder are made, this
route handler handles the request by passing it to the HTTP handler, which in turn writes the
watermark on the image. Note that you must associate a route with the route handler and add
it to the route table. You should not implement IHttpModule. This interface represents an
HTTP module. HTTP modules do not represent endpoints for resources. Instead, they have
access to the HTTP pipeline, allowing them to inspect incoming requests and outgoing
responses. You should not implement IRouteConstraint. This interface represents a route
constraint. A route constraint helps specify how a URL pattern matches a route. References:
ASP.NET Routing (https://msdn.microsoft.com/en-us/library/cc668201.aspx); Walkthrough:
Creating and Registering a Custom HTTP Module (https://msdn.microsoft.com/en-
us/library/ms227673.aspx);
You are using WebSockets to send image data from various security cameras to application
users. In response to the client sending a "VIDEO X" command string, where X is the unique
camera number, you will return the most recent image data from the camera. The image
data will be rendered in the client's browser.
You will use SendAsync and ReceiveAsync to manage communications.
What should you do? (Each correct answer presents part of the solution. Choose two.)
Create an ArraySegment with a byte array containing the command string and use
SendAsync with the WebSocketMessageType set to Text.
 Create an ArraySegment with a byte array containing the camera image

(Correct)
data and use SendAsync with the WebSocketMessageType set to Binary.
Use the WebSocketReceiveResult returned by ReceiveAsync and check

that the WebSocketMessageType is Text. Then convert the ArraySegment (Correct)
bytes to a string and interpret the command.
 Use the WebSocketReceiveResult returned by ReceiveAsync and check

that the WebSocketMessageType is Binary. Then read the camera image (Incorrect)
data from the ArraySegment.
Explanation
You should use the WebSocketReceiveResult returned by ReceiveAsync and check that the
WebSocketMessageType is Text, then convert the ArraySegment bytes to a string and interpret
the command. Next, you should create an ArraySegment with a byte array containing the
camera image data and use SendAsync with the WebSocketMessageType set to Binary. You
should not use the WebSocketReceiveResult returned by ReceiveAsync and check that the
WebSocketMessageType is Binary, then read the camera image data from the ArraySegment.
ReceiveAsync that is called in response to the client sending a message to the application. The
client will be sending a string, so the WebSocketMessageType will be Text. Additionally, the
camera image data will not come from the client. You should not create an ArraySegment with
a byte array containing the command string and use SendAsync with the
WebSocketMessageType set to Text. You must send the camera image data to the client and
the WebSocketMessageType should be set to Binary. References: The WebSocket API
developer/dev-guides/hh673567(v=vs.85)); WebSocket Class (https://msdn.microsoft.com/en-
us/library/system.net.websockets.websocket(v=vs.110).aspx);
You are creating an ASP.NET application that must be supported by all browsers. The
application displays a paged list of products. You need to store the user's current product
page number so that it is accessible across requests.
Where should you store the current page number?
 Cookie (Incorrect)
Query string (Correct)
HTTP context
Application state
Explanation
You should store the page number in a query string. Query strings are supported by all
browsers because they are appended to the URL. You should not store the page number in a
cookie. Not all browsers support cookies. Also, users can disable cookies in their browsers.
You should not use HTTP context. Data stored in the HTTP context is available for the duration
of a single request. You should not use application state. Application state maintains the same
values for all users. References: ASP.NET State Management Overview
(https://msdn.microsoft.com/en-us/library/75x4ha6s.ASPX);
You create an ASP.NET AJAX page that uses a custom jQuery component. When the
component is loaded, all of its dependencies must be loaded automatically.
You need to call a function to accomplish your goal.
Which function should you call?
Sys.loadScripts
Sys.registerScripts
Sys.de neScripts
 Sys.require (Correct)
Explanation
You should call the Sys.require function. It allows you to specify a component to be loaded in
the current page. The component's dependencies are automatically loaded. You should not
call Sys.loadScripts. It allows you to specify a component to be loaded in parallel. Its
dependencies are not loaded automatically. You should not call Sys.registerScripts. It allows
you to notify the Script Loader when a component is loaded. It does not allow you to
automatically load script dependencies. You should not call Sys.de neScripts. It allows you to
specify the dependencies for a component. It does not allow you to automatically load the
dependencies. References: Enabling the ASP.NET Ajax script loader for your own scripts
(https://weblogs.asp.net/bleroy/enabling-the-asp-net-ajax-script-loader-for-your-own-scripts);
A page in an ASP.NET MVC 5 Razor application contains the markup that is shown in the
exhibit.
You are implementing SignalR so that when the Send button is clicked, a message is
broadcast to all browsers that are connected to the page. All browsers run Internet
Explorer 10 or later and support Web Sockets.
You need to implement the server class.
1 public class MessageBoard: Hub {

2 public void broadcastMessage(string message) {
3 Clients.All.ShowMessage(message);
4 }
5 }
1 public class MessageBoard: WebSocketHandler {

2 public void showMessage(string message) {
3 Clients.All.broadcastMessage(message);
4 }
5 }
 1 public class MessageBoard: WebSocketHandler {

2 public void ShowMessage(string message) {
3 Clients.All.BroadcastMessage(message); (Incorrect)
4 }
5 }
1 public class MessageBoard: Hub {

2 public void BroadcastMessage(string message) {
3 Clients.All.showMessage(message); (Correct)
4 }
5 }
Explanation
You should use the following code segment: public class MessageBoard : Hub { public void
BroadcastMessage(string message) { Clients.All.showMessage(message); } } To implement
SignalR, you must create a class that is derived from Hub. This represents a SignalR hub, which
is responsible for accepting messages from and relaying messages to clients. In the JavaScript
code, the following code statement retrieves an instance of the hub: var chat =
$.connection.messageBoard; The hub is referenced as messageBoard. The C#-equivalent to
this object is MessageBoard, which uses Pascal casing instead of Camel casing. Therefore, you
must use the class name MessageBoard. To use a di erent name, you must apply the
HubName attribute to the class. The following JavaScript code statement sends a message to
the hub: chat.server.broadcastMessage($('#message').val()); This code calls the
broadcastMessage function. The C#-equivalent method to this function is BroadcastMessage,
which uses Pascal casing instead of Camel casing. To use a di erent name, you must apply the
HubMethodName attribute to the method. Finally, the following JavaScript code retrieves the
message from the hub and displays it on the page: chat.client.showMessage =
function(message) { $('#discussion').append(message); }; This code de nes a function named
showMessage. You must call this method as is from server code, using the same casing. You
should not use the following code segment: public class MessageBoard : WebSocketHandler {
public void ShowMessage(string message) { Clients.All.BroadcastMessage(message); } } First,
this class should implement Hub, not WebSocketHandler. Second, the class must de ne a
method named BroadcastMessage instead of ShowMessage. Finally, the method must be
implemented to call the showMessage function on the client. You should not use the following
code segment: public class MessageBoard : Hub { public void broadcastMessage(string
message) { Clients.All.ShowMessage(message); } } The method must be named

BroadcastMessage instead of broadcastMessage. Server methods must use Pascal casing
instead of camel casing. To use a di erent name, you must apply the HubMethodName
attribute to the method. Also, the method must call showMessage, using the same casing of
the function as it is de ned in JavaScript. You should not use the following code segment:
public class MessageBoard : WebSocketHandler { public void showMessage(string message) {
Clients.All.broadcastMessage(message); } } First, this class should implement Hub, not
WebSocketHandler. Second, the class must de ne a method named BroadcastMessage
instead of showMessage. Finally, the method must be implemented to call the showMessage
function on the client. References: Tutorial: Getting Started with SignalR 2 and MVC 5
(https://docs.microsoft.com/en-us/aspnet/signalr/overview/getting-started/tutorial-getting-
started-with-signalr-and-mvc);
You are designing a web application that will allow subscribers to monitor the progress of
runners during marathons. Users of the application will have the ability to monitor a
selected runner. When a user selects a runner, the application will display additional
detailed pace information about the selected runner. The application must be able to
support many concurrent viewers and should minimize network tra c as much as
possible.
You must choose an appropriate strategy for automatically updating the course map with
runner positions and selected runner pace details.
What strategy should you choose?
Long Polling
 AJAX Polling (Incorrect)
Meta Refresh
Web Sockets (Correct)
Explanation
You should use Web Sockets. Web Sockets allow for e cient bi-directional communication
between the client and server. This strategy will allow the server to push information to the
client as it becomes available. You should not use Meta Refresh. This strategy uses a meta tag
in the HTML to force the browser to refresh the page at a speci c interval. This is wasteful
because the browser will perform a full page refresh and there may be no updated data to
display. This strategy could also overwhelm the server if there are many concurrent users. You
should not use AJAX polling. This strategy is better than Meta Refresh, but it still generates
unnecessary network tra c as it polls for updated data. You should not use Long Polling. The
long polling strategy works by sending a request to the server. If the server has updated data,
the response will be returned immediately. Otherwise, the connection remains open until
there is updated data or the connection times out. This strategy does help to reduce requests,
but may not scale at high volumes. References: The WebSocket API
developer/dev-guides/hh673567(v=vs.85)); WebSocket Class (https://msdn.microsoft.com/en-
us/library/system.net.websockets.websocket(v=vs.110).aspx);
You have developed a custom CRM solution for the sales force at your company. The
application uses Integrated Windows authentication to prevent unauthorized access. The
authorization section of the web.con g le is as follows (line numbers are for reference
purposes only):
1 01 <authorization>
2 02 <allow roles="Sales,Management" />
3 03 </authorization>
After deployment, users in the Sales and Management Active Directory groups have
indicated that they are unable to access the application.
What should you do? (More than one answer choice may be correct. Choose the BEST
answer.)
Ensure that all users are using Internet Explorer 7 or newer.
Ensure that you are using IIS 7 or greater.
Create a new Active Directory security group that contains both Sales and
Management groups and specify the new group name on line 02.
Pre x each of the role names with the Active Directory domain name. (Correct)
 Create a GenericPrinicipal and use an LDAP query to return the roles in

(Incorrect)
the IsInRole implementation.
Explanation
You should pre x each of the role names with the Active Directory domain name. Although
you could create a GenericPrinicipal and use an LDAP query to return the roles in the IsInRole
implementation, this is unnecessary because the WindowsPrincipal provides all of the
functionality needed in this scenario. You should not create a new Active Directory security
group that contains both Sales and Management groups and specify the new group name on
line 02. You may specify a comma-separated list of roles and alter the groups in Active
Directory, but it is not necessary in this scenario. Although Windows Authentication works with
Internet Explorer, you are not required to use Internet Explorer. Also, Internet Explorer has
supported Windows authentication since version 2. You are not required to use IIS 7 to
support Windows Authentication. Windows Authentication was supported since IIS 5.
References: allow Element for authorization (ASP.NET Settings Schema)
(https://msdn.microsoft.com/en-us/library/acsd09b0(v=vs.85).aspx);
You create an ASP.NET application that uses claims-based authentication. An external

security token service authenticates the users.
You need to choose an authentication method for the application.
Which authentication method should you use? (More than one answer choice may be
correct. Choose the BEST answer.)
 Federated (Correct)
None
Windows
Forms
Explanation
You should use Federated authentication. This allows users to authenticate with an external
security token service. You should not set the authentication mode to None. This indicates
that no authentication mechanism should be used. To use claims-based authentication with
an external security token, you should set the authentication mode to Federated. You should
not use Forms authentication. Forms authentication uses a login page that accepts a user's
username and password. You should not use Windows authentication. Windows
authentication uses Active Directory and NTLM to authenticate Windows users. References:
AuthenticationMode Enumeration (https://msdn.microsoft.com/en-
us/library/system.web.con guration.authenticationmode.aspx); Federated Identity - Passive
Authentication for ASP.NET with WIF (https://msdn.microsoft.com/en-
us/magazine/ 872350.aspx);
You are designing a Web farm. You need to store the session state in a separate process,
preserve state if the Web application is restarted, and also make session state available to
multiple web servers.
Which state mode should you choose?
 SQLServer (Incorrect)
StateServer (Correct)
InProc
Explanation
ASP.NET session state supports di erent storage options. Each option is identi ed by a value
in the SessionStateMode enumeration. In this scenario, you are supporting a web farm and
the session state needs to be in a separate process. By using the StateServer enumeration,
you ensure that the session state is preserved if the web server is restarted. In addition, the
session state is available to multiple Web servers in the Web farm. InProc is not an option
because the session state is stored in memory on the Web server. O is not an appropriate
option either because this will disable the session state. The SQLServer mode stores the
session state in the SQL Server database, not in a separate process as the requirement states.
Using this mode ensures that session state is preserved in the case of web application
restarts. Also, the session state is available to multiple web servers in a Web farm. However,
storing session data using this mode is slower because there needs to be a call to a SQLServer
and this will add latency to the session access. References: Session-State Modes
(https://msdn.microsoft.com/en-us/library/ms178586.aspx);
Your company deploys its applications to Azure. You create a startup task that will change
some con gurations before a role starts.
What will happen if an unhandled error is thrown in the startup task?
The OnStop method automatically runs.
 The startup is cancelled and the role does not start. (Correct)
The startup task attempts to run as a background task, if possible.
The startup role consumes the error during its load.
Explanation
The startup is cancelled and the role does not start. The task will actually stop processing and
return a non-zero value. If the startup task causes an unhandled error, the role stops in a
failure and the task will not complete successfully. Therefore, the startup role will not
consume the error during its load. In addition, because the task will stop in error, the OnStop
method in the role will not even be reached. Finally, the startup task will not run as a
background task because the task will stop processing. References: How to con gure and run
startup tasks for a cloud service (https://docs.microsoft.com/en-us/azure/cloud-
services/cloud-services-startup-tasks); Common Cloud Service startup tasks
(https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-startup-tasks-
common); Windows Azure Start-up Tasks Part 1
(https://blogs.msdn.microsoft.com/cclayton/2012/05/17/windows-azure-start-up-tasks-part-
1/);
You create an ASP.NET e-Commerce application. You write the following code to retrieve
products from a SQL Server 2008 database table named Product and store them in an
XmlDocument instance (line numbers are for reference purposes only):
1 01 var document = new XmlDocument();

2 02 var connectionString = "server=DB1;database=eCommerce;Integrated Security=SSPI";
3 03 using (var connection = new SqlConnection(connectionString))
4 04 {
5 05 connection.Open();
6 06 var command = new SqlCommand("GetProducts", connection);
7 07 command.CommandType = CommandType.StoredProcedure;
8 08 using (var reader = command.ExecuteXmlReader())
9 09 {
10 10 document.Load(reader);
11 11
12 12 }
13 13 }
You want to cache the XML data until the data changes in the database.
Which code segment should you insert at line 11?
1 var dependency = new SqlCacheDependency("eCommerce", "Product");

2 if (Cache["Products"] == null)
3 {
4 Cache.Add("Products", reader, dependency, Cache.NoAbsoluteExpiration,
5 Cache.NoSlidingExpiration, CacheItemPriority.Default, null);
6 }

2 if (Cache["Products"] == null)
3 {
4 Cache.Add("Products", document, dependency, Cache.NoAbsoluteEx (Correct)
6 }
 1 var dependency = new SqlCacheDependency("eCommerce", "Product")

2 if (Cache["Products"] != null)
3 {
4 Cache.Add("Products", document, dependency, Cache.NoAbsoluteE (Incorrect)
6 }

2 if (Cache["Products"] != null)
3 {
4 Cache.Add("Products", reader, dependency, Cache.NoAbsoluteExpiration,
6 }
Explanation
You should use the following code segment: var dependency = new
SqlCacheDependency("eCommerce", "Product"); if (Cache["Products"] == null) {
Cache.Add("Products", document, dependency, Cache.NoAbsoluteExpiration,
Cache.NoSlidingExpiration, CacheItemPriority.Default, null); } This code creates a
SqlCacheDepedency instance on the Product table in the eCommerce database. The
SqlCacheDependency class represents a cache dependency. This cache dependency
invalidates the cache whenever data in the Product table changes. The code then adds the
XmlDocument instance to the cache using the dependency if it does not already exist. Caching
data improves performance by allowing application code to access data from memory until it
changes in the database or until ASP.NET removes the data from the cache to free server
resources. You should not use the following code segment: var dependency = new
SqlCacheDependency("eCommerce", "Product"); if (Cache["Products"] == null) {
Cache.Add("Products", reader, dependency, Cache.NoAbsoluteExpiration,
Cache.NoSlidingExpiration, CacheItemPriority.Default, null); } This code attempts to cache an
XmlReader instance. Because the XmlReader class represents a forward-only XML cursor, this
code puts the reader in an inconsistent state every time it is accessed and used. You should
not use the following code segment: var dependency = new
SqlCacheDependency("eCommerce", "Product"); if (Cache["Products"] != null) {
Cache.Add("Products", document, dependency, Cache.NoAbsoluteExpiration,
Cache.NoSlidingExpiration, CacheItemPriority.Default, null); } This code caches product data
even if it already exists in the cache. You should not use the following code segment: var
dependency = new SqlCacheDependency("eCommerce", "Product"); if (Cache["Products"] !=
null) { Cache.Add("Products", reader, dependency, Cache.NoAbsoluteExpiration,
Cache.NoSlidingExpiration, CacheItemPriority.Default, null); } This code attempts to cache an
XmlReader instance. Because the XmlReader class represents a forward-only XML cursor, this
code puts the reader in an inconsistent state every time it is accessed and used. References:
Caching in ASP.NET with the SqlCacheDependency Class (https://msdn.microsoft.com/en-
us/library/ms178604.ASPX);
You are a senior application developer at your company. You want to create an

AppCmd.exe command to clear the provider list. You need to write the code to accomplish
this task.
Which code should you use?
1 appcmd set config "MySite/MyApp" -section:system.webServer/security/authenti
1 appcmd set config MySite/MyApp -section:system.webServer/security/authentica
1 appcmd set config MySite/MyApp -section:system.webServer/security/authentica
 1 appcmd set config MySite/MyApp -section:system.webServer/securit (Correct)
Explanation
To clear the provider list, you need to issue the following command: appcmd set con g
MySite/MyApp -section:system.webServer/security/authentication/windowsAuthentication
/~providers /commit:apphost AppCmd.exe is an IIS command-line tool that helps you
con gure objects on the web server, such as con guring site and application pools. You can
start and stop sites, start, stop, and recycle application pools, and create and con gure sites,
applications, application pools, and virtual directories. The following command is not correct
because it enables anonymous authentication instead: appcmd set con g "MySite/MyApp" -
section:system.webServer/security/authentication/anonymousAuthentication /enabled:"True"
/commit:apphost The following command changes the Windows authentication provider by
setting it to negotiate: appcmd set con g MySite/MyApp -
section:system.webServer/security/authentication/windowsAuthentication /+providers.
[value='Negotiate'] /commit:apphost The following command changes the Windows
authentication provider by setting it to NTLM: appcmd set con g MySite/MyApp -
section:system.webServer/security/authentication/windowsAuthentication /-providers.
[value='NTLM'] /commit:apphost References: Common Cloud Service startup tasks
(https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-startup-tasks-
common); Appcmd.exe (IIS 8) (https://docs.microsoft.com/en-us/previous-
versions/windows/it-pro/windows-server-2012-R2-and-2012/jj635852(v=ws.11)); IIS AppCmd
Quick Reference (https://blogs.msdn.microsoft.com/mikezh/2012/04/23/iis-appcmd-quick-
reference/);
QUESTION
You need to meet the requirement for displaying properties when the user initially loads
the application.
Which code segment should you insert at line RC11?
1 defaults: new
2 { controller="PropertyController", action="List", id=100 }
 1 defaults: new
2 { controller="Property", action="List", id=UrlParameter.Optional (Correct)
1 constraints: new
2 { controller="PropertyController", action="List", id=100 }
1 constraints: new
2 { controller="Property", action="List", id=UrlParameter.Optional, communityI
Explanation
You should use the following code segment: defaults: new { controller="Property",
action="List", id=UrlParameter.Optional, communityId=100 } The defaults parameter of the
MapRoute method speci es the default values of a route when a URL does not match a route
pattern exactly. In this scenario, the route pattern is {controller}\{action}\{id}. This means that
the rst component of the URL corresponds to the controller name without the "Controller"
su x, the second component corresponds to a controller action, and the third component
corresponds to an action parameter named id. This code sets the default controller name to
Property and the default action name to List. It also speci es that the id parameter is optional
and sets the default value of a communityId parameter to 100. Therefore, when the user rst
loads the application without specifying a matching URL pattern, the application browses to
/Property/List?communityId=100. You should not use the following code segment: constraints:
new { controller="Property", action="List", id=UrlParameter.Optional, communityId=100 } The
constraints parameter of the MapRoute method allows you to ensure that route parameters
meet certain criteria before a URL matches a route pattern. For example, you can require that
the communityId parameter be an integer for a speci c URL to match the route. You should
not use the following code segment: constraints: new { controller="PropertyController",
action="List", id=100 } The constraints parameter of the MapRoute method allows you to
ensure that route parameters meet certain criteria before a URL matches a route pattern. For
example, you can require that the communityId parameter be an integer for a speci c URL to
match the route. Second, the controller value should be set to Property without the
"Controller" su x. Finally, you should specify a parameter named communityId because the
fourth column in Views\Community\List.cshtml uses the communityId parameter in its call to
Html.ActionLink. In this PropertyController class, you should create a method named List that
accepts a parameter named communityId. You should not use the following code segment:
defaults: new { controller="PropertyController", action="List", id=100 } The controller value

should be set to Property without the "Controller" su x. Also, you should specify a parameter
named communityId because the fourth column in Views\Community\List.cshtml uses the
communityId parameter in its call to Html.ActionLink. In this PropertyController class, you
should create a method named List that accepts a parameter named communityId.
References: ASP.NET Routing (https://msdn.microsoft.com/en-us/library/cc668201.aspx);
An ASP.NET MVC 5 page contains the following markup:
1 <%: Html.DropDownList("Location") %>

2 <%: Html.TextBox("Name") %>
3 <%: Html.TextBox("Comment") %>
4 <%: Html.DropDownList("Group") %>
You need to call a JavaScript function named Animate whenever a user changes the
selected item in one of the DropDownList controls or changes the text in one of the
TextBox controls.
You need to use jQuery to accomplish your goal.
1 $(document).ready(function () {$("Html").change(Animate);});
 1 $(document).ready(function () {$("TextBox,DropDownList").change (Incorrect)
1 $(document).ready(function () {$("input:text,select").change(Ani (Correct)
1 $(document).ready(function () {$("[runat=server]").bind('change', Animate);}
Explanation
You should use the following code segment: $(document).ready(function ()
{$("input:text,select").change(Animate);}); This code statement registers a handler for the
change event of all select elements and text input elements. The event handler is the Animate
function. This means that whenever the value of the select or text input elements change, the
Animate function is called. You should not use the following code segment:
$(document).ready(function () {$("TextBox,DropDownList").change(Animate);}); This code
statement attempts to register an event handler for elements named TextBox and
DropDownList. However, when the page is rendered at runtime, the controls are rendered as
HTML text input and select elements. You should not use the following code segment:
$(document).ready(function () {$("Html").change(Animate);}); This code statement attempts to
register an event handler for elements named Html. When the page is rendered, no elements
corresponds to this name. The rendered names are Location, Name, Comment and Group.
You should not use the following code segment: $(document).ready(function () {$("
[runat=server]").bind('change', Animate);}); This code statement attempts to register an event
handler for elements that have a runat attribute set to server. The runat attribute indicates
that an element corresponds to an ASP.NET server control. No runat attribute is available
when the page is rendered. References: Category: Selectors
(http://api.jquery.com/category/selectors/); .bind() (http://api.jquery.com/bind/); .change()
(http://api.jquery.com/change/);
You are a senior application developer working on an ASP.NET web application. One of the
pages contains a custom tab control, for which you need to remember which tab is
selected by the user between round trips to the server.
You need to eliminate user and developer control over the inner-working of the tab widget.
Which state management technique should you choose?
View State
Hidden Field
Control State (Correct)
 Cookies (Incorrect)
Explanation
Control state is the better option for storing custom control data between server trips.
Because control state cannot be turned o by developers at the page level, it is more reliable
to store control-state data. Control state is stored in hidden elds on the page, and no server
resources are required. Although this task can be accomplished using view state, developers
can turn view state o and break the control. On the other hand, view state does not require
any custom programming to use. It has enhanced security features (values are hashed,
compressed, and encoded), and no server resources are required. Cookies can be used to
store small amounts of information, such as in this case. However, some users might disable
them on their browsers and render the control nonfunctional. You can store page-speci c
information in a hidden eld. In this scenario, a hidden eld is not an option because, when
designing such controls, you need to keep security in mind. Hidden elds can be tampered
with. The information in the hidden eld can be seen while viewing the page source.
References: ASP.NET State Management Recommendations (https://msdn.microsoft.com/en-
us/library/z1hkazw7.aspx);
You are building a responsively designed web application that will allow users to provide
feedback regarding the quality of recent dining experiences at their favorite restaurants.
After starting a survey, users will have 24 hours in which to complete it.
The application will be deployed in a web farm con guration and the IT department has
indicated that database tra c should be minimized. All completed surveys are stored in a
SQL Server database.
You must manage the survey state so that the survey will always resume at the correct
location.
What technology should you use?
InProc Session State
Cookie
 StateServer Session State (Correct)
SqlServer Session State
Explanation
StateServer Session State is the best option in this scenario. StateServer session state makes
the state information available to all web servers in the web farm. StateServer session runs as
a Windows service and would help to minimize database tra c. You should not use a cookie.
The requirements state that the user must always resume at the correct location. Cookies are
stored on the client, so the application would not be able to track the user's progress if they
switched to a di erent device. You should not use InProc Session State because this mode
stores session state with the ASP.NET worker process and is not valid in a web farm
con guration. You should not use SqlServer Session State. It does support a web farm
con guration, but is not a valid option because it would not minimize database tra c. You
should not use a querystring. Although querystrings can be used for passing limited state
information across request boundaries, this solution would not be able to track the user's
progress if they switched to a di erent device. References: Session-State Modes
(https://msdn.microsoft.com/library/ms178586.aspx); sessionState Element (ASP.NET Settings
Schema) (https://msdn.microsoft.com/en-us/library/h6bb9cz9(v=vs.85).aspx); Con gure a
State Server to Maintain Session State (IIS 7) (https://docs.microsoft.com/en-us/previous-
versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732412(v=ws.10));
You create an ASP.NET application. You want to store data from the beginning of a request
until the page is displayed to the user. However, the user must not be able to view or
access this data. When the page is displayed, the data must not be accessible any longer.
You need to choose a storage mechanism.
Where should you store the data?
Cookie
 HTTP context (Correct)
Application state
Query string
Explanation
You should use the HTTP context. Data stored in the HTTP context is available for the duration
of a single request. It is not accessible or viewable by a user. You should not use a query
string. Data stored in a query string is accessible by a user. You should not use a cookie. Data
stored in a cookie is accessible by a user. You should not use application state. Data stored in
application state is available until the application is stopped. References: ASP.NET State
Management Overview (https://msdn.microsoft.com/en-us/library/75x4ha6s.ASPX);
QUESTION
You need to determine the minimum number of controllers to add to the project for
allowing management companies to manage communities.
How many controllers should you use?
Three
Four
Two
 One (Correct)
Explanation
You should use one controller. A single controller can contain multiple actions, allowing
management companies to view, create, edit, and delete communities. References: Overview
of ASP.NET Core MVC (https://docs.microsoft.com/en-us/aspnet/core/mvc/overview?
view=aspnetcore-2.1); ASP.NET Routing (https://msdn.microsoft.com/en-
us/library/cc668201.aspx);
You create an Azure worker role service. When the role is starting, you must execute a
process named Initialize.exe before the role is actually started. Once the process
completes, the role must continue to run.
You need to add a method to the role. Which code segment should you use?
1 public async override bool OnStart() {

2 Task task = new Task(() => Process.Start("Initialize.exe"));
3 task.Wait();
4 return false;
5 }
1 public override bool OnStart() {

2 base.OnStart();
3 Process.Start("Initialize.exe");
4 return true;
5 }
 1 public override bool OnStart() {

2 Process.Start("Initialize.exe").WaitForExit();
3 base.OnStart(); (Correct)
4 return true;
5 }
1 public async override bool OnStart() {

2 base.OnStart();
3 Process.Start("Initialize.exe");
4 return false;
5 }
Explanation
You should use the following code segment: public override bool OnStart() {
Process.Start("Initialize.exe").WaitForExit(); base.OnStart(); return true; } The OnStart method is
called when a role is being started. Within the body of the method, you should rst call the
Start method of the Process class to start the Initialize.exe process. The Start method returns a
Process instance. You should call the WaitForExit method of that instance to block the current
thread until the Initialize.exe process completes. You should then call the base OnStart
method to notify Azure that your role-initialization functionality is complete. Finally, you
should return true from the method to indicate that the startup functionality completed
successfully so that the role instance does not immediately stop. You should not use the
following code segment: public async override bool OnStart() { Task task = new Task(() =>
Process.Start("Initialize.exe")); task.Wait(); return false; } This code does not call the base
OnStart method. Also, it does not wait until the Initialize.exe process completes. To do so, you
must call the WaitForExit method of the Process class. Finally, this code returns false, causing
the role instance to immediately stop. You should not use the following code segment: public
override bool OnStart() { base.OnStart(); Process.Start("Initialize.exe"); return true; } This code
does not call the WaitForExit method of the Process class. You should not use the following
code segment: public async override bool OnStart() { base.OnStart();
Process.Start("Initialize.exe"); return false; } This code calls the base OnStart method before it
starts the Initialize.exe process. This might stop the role before the Initialize.exe process has a
chance to start. Also, this code returns false, causing the role instance to immediately stop
after the OnStart method completes. References: RoleEntryPoint.OnStart Method ()
us/library/microsoft.windowsazure.serviceruntime.roleentrypoint.onstart.aspx);
QUESTION
You need to remove all R-rated videos from the list if a user is under age 18. You write the
following code to determine if a user is at least 18:
1 private bool IsAdult(DateTime dateOfBirth)

2 {
3 DateTime today = DateTime.Today;
4 int age = today.Year - dateOfBirth.Year;
5 if (today.Month < dateOfBirth.Month ||
6 (today.Month == dateOfBirth.Month && today.Day < dateOfBirth.Day))
7 age = age - 1;
8 return age < 18;
9 }
Which code segment should you add to line VI17?
1 ClaimsPrincipal principal = (ClaimsPrincipal) Thread.CurrentPrin

2 Claim claim = principal.FindFirst(ClaimTypes.DateOfBirth);
3 DateTime dob = DateTime.Parse(claim.Value);
4 bool isAdult = IsAdult(dob);
5 if (!isAdult) (Correct)
6 {
7 videos = videos.FindAll(v => v.Rating != "R");
8 }
1 ClaimsPrincipal principal = (ClaimsPrincipal) Thread.CurrentPrincipal;

2 Claim claim = principal.First(c => c.ValueType == "DateOfBirth");
3 DateTime dob = DateTime.Parse(claim.Type);
5 if (!isAdult)
6 {
8 }
 1 ClaimsPrincipal principal = (ClaimsPrincipal) Thread.CurrentPri

2 Claim claim = principal.First(c => c.Type == "DateOfBirth");
3 DateTime dob = DateTime.Parse(claim.ValueType);
5 if (!isAdult) (Incorrect)
6 {
8 }
1 ClaimsPrincipal principal = (ClaimsPrincipal) Thread.CurrentPrincipal;

2 Claim claim = principal.First(c => c.Value == "DateOfBirth");
3 DateTime dob = DateTime.Parse(claim.Type);
4 bool isAdult = IsAdult(dob); if (!isAdult)
5 {
7 }
Explanation
You should use the following code segment: ClaimsPrincipal principal = (ClaimsPrincipal)
Thread.CurrentPrincipal; Claim claim = principal.FindFirst(ClaimTypes.DateOfBirth); DateTime
dob = DateTime.Parse(claim.Value); bool isAdult = IsAdult(dob); if (!isAdult) { videos =
videos.FindAll(v => v.Rating != "R"); } This code rst casts the current principal to a
ClaimsPrincipal instance. The ClaimsPrincipal class represents an authenticated user with
attached claims. The code then nds the rst claim of type date of birth. The URI for this claim
type is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth. However, you can
use the ClaimTypes.DateOfBirth eld to retrieve a shortcut to this claim type. Next the code
accesses the value of the claim through the Value property of the returned Claim instance. It
then converts the value to a DateTime instance so that it can be passed to the IsAdult method.
Finally, it lters the videos by removing those with an R rating if the user is not at least age 18.
You should not use the following code segment: ClaimsPrincipal principal = (ClaimsPrincipal)
Thread.CurrentPrincipal; Claim claim = principal.First(c => c.ValueType == "DateOfBirth");
DateTime dob = DateTime.Parse(claim.Type); bool isAdult = IsAdult(dob); if (!isAdult) { videos =
videos.FindAll(v => v.Rating != "R"); } This code retrieves the rst Claim instance that has a
value type set to DateOfBirth. It attempts to convert the claim type to a DateTime instance.
However, claim types are typically URIs. You should not use the following code segment:
ClaimsPrincipal principal = (ClaimsPrincipal) Thread.CurrentPrincipal; Claim claim =
principal.First(c => c.Value == "DateOfBirth"); DateTime dob = DateTime.Parse(claim.Type);
bool isAdult = IsAdult(dob); if (!isAdult) { videos = videos.FindAll(v => v.Rating != "R"); } This code
retrieves the rst Claim instance that has a value set to DateOfBirth. It attempts to convert the
claim type to a DateTime instance. However, claim types are typically URIs. You should not use
the following code segment: ClaimsPrincipal principal = (ClaimsPrincipal)
Thread.CurrentPrincipal; Claim claim = principal.First(c => c.Type == "DateOfBirth"); DateTime
dob = DateTime.Parse(claim.ValueType); bool isAdult = IsAdult(dob); if (!isAdult) { videos =
videos.FindAll(v => v.Rating != "R"); } This code retrieves the rst Claim instance that has a
claim type set to DateOfBirth. It attempts to convert the value type to a DateTime instance. It
should instead convert the value of the date of birth claim to a DateTime instance. References:
How To: Build Claims-Aware ASP.NET MVC Web Application Using WIF
(https://docs.microsoft.com/en-us/dotnet/framework/security/how-to-build-claims-aware-
aspnet-mvc-web-app-using-wif); How to: Access Claims in an ASP.NET Page
(https://msdn.microsoft.com/en-us/library/ee517271.aspx); ClaimTypes.DateOfBirth Field
us/library/microsoft.identitymodel.claims.claimtypes.dateofbirth.aspx); Claim Class
(https://msdn.microsoft.com/en-us/library/microsoft.identitymodel.claims.claim.aspx);
QUESTION
You discover that some browsers do not natively display the training video in
Training.cshtml.
You need to ensure that these browsers display a link to Training.webm.
What should you do?
Add the following markup as a child of the video element:

1 @Html.RenderPartial("<a href='Training.webm'>Training video</a>");
Add the following markup as a child of the video element:

1 <a href="Training.webm">Training video</a> (Correct)
Add the following markup to the Training.cshtml page:

2 if (window.video == null)
3 {
4 @Html.RenderPartial("<a href='Training.webm'>Training video</a>");
5 }
6 </script>
 Add the following markup to the Training.cshtml page:

2 if (window.video == null)
3 { (Incorrect)
4 @Html.ActionLink("Training.webm", "Training video");
5 }
6 </script>
Explanation
You should add the following markup as a child of the video element: Training video
(Training.webm) The HTML5 video element supports automatic browser feature detection. If
the browser does not natively support the video element or the video format, the markup
between the open and closing video tags gets rendered. You should not add the following
markup as a child of the video element: @Html.RenderPartial("Training video
(Training.webm)"); The Html.RenderPartial method allows you to render partial markup from
another page on the current page. You should not add the following markup to the
Training.cshtml page: The Html.ActionLink method allows you to render a link to a controller
action. The rst parameter speci es the text of the link. The second parameter speci es the
name of the controller action. You should not add the following markup to the Training.cshtml
page: The Html.RenderPartial method allows you to render partial markup from another page
on the current page. References: HTML5 - Browser and Feature Detection
(https://msdn.microsoft.com/en-us/magazine/hh475813.aspx); LinkExtensions.ActionLink
Method (HtmlHelper, String, String, String, Object, Object) (https://msdn.microsoft.com/en-
us/library/dd504972(v=vs.118).aspx); RenderPartialExtensions.RenderPartial Method
(HtmlHelper, String, Object) (https://msdn.microsoft.com/en-
us/library/dd492962(v=vs.118).aspx);
QUESTION
You need to hide the Maintenance Amount column in Views\Community\List.cshtml and

prevent it from taking up any space when the user's browser is resized to a width that is
less than or equal to 350px.
 1 @media screen and (min-width: 350px)

2 {
3 th:nth-child(2) { display:none; }
4 td:nth-child(2) { display:none; } (Incorrect)
5
6 }
1 @media screen and (max-width: 350px)

2 {
3 th:nth-child(2) { display:none; }
4 td:nth-child(2) { display:none; } (Correct)
5
6 }
1 @media screen and (max-width: 350px)

2 {
3 th:nth-child(2) { visibility:hidden; }
4 td:nth-child(2) { display:none; }
5
6 }
1 @media screen and (min-width: 350px)

2 {
3 th:nth-child(2) { visibility:hidden; }
4 td:nth-child(2) { display:none; }
5
6 }
Explanation
You should use the following markup: @media screen and (max-width: 350px) { th:nth-child(2)
{ display:none; } td:nth-child(2) { display:none; } The @media rule allows you to target speci c
CSS rules to speci c media features, width, height, and color. The @media screen rule applies
to all screen types. The and operator speci es a logical AND to combine multiple rules. The
(max-width: 350px) property-value pair indicates that the enclosed rules apply when the
page's width is less than or equal to 350 pixels. The nth-child selector allows you to select a
speci c element that is the nth child of its parent element. The value in parenthesis represents
the one-based index of the speci c child element to which the rule applies. In this scenario,
th:nth-child(2) selects the second element of its parent element, which is the table element.
This markup applies to the rst cell of each table header row. The enclosed rule sets the
display property of this element to none. By setting the display property to none, you prevent
the associated element from being displayed or taking up any space. You should not use the
following markup: @media screen and (min-width: 350px) { th:nth-child(2) { display:none; }
td:nth-child(2) { display:none; } } The (min-width: 350px) property-value pair in this case
indicates that the enclosed rules apply when the page's width is greater than or equal to 350
pixels. You should not use the following markup: @media screen and (max-width: 350px) {
th:nth-child(2) { visibility:hidden; } td:nth-child(2) { display:none; } } This markup sets the
visibility property to hidden. Although this CSS rule hides elements, it does not prevent the
elements from taking up space. You should not use the following markup: @media screen and
(min-width: 350px) { th:nth-child(2) { visibility:hidden; } td:nth-child(2) { display:none; } } This
markup sets the visibility property to hidden. Although this CSS rule hides elements, it does
not prevent the elements from taking up space. Finally, the (min-width: 350px) property-value
pair in this case indicates that the enclosed rules apply when the page's width is greater than
or equal to 350 pixels. References: Media queries (https://developer.mozilla.org/en-
US/docs/Web/CSS/Media_Queries); width (https://developer.mozilla.org/en-
US/docs/Web/CSS/@media/width); display (https://developer.mozilla.org/en-
US/docs/Web/CSS/display); visibility (https://developer.mozilla.org/en-
US/docs/Web/CSS/visibility);
Your company is building a website that enables automobile enthusiasts to connect with
each other. Each user has a pro le picture that is displayed in a di erent size depending on
the area of the application. You have created an HttpHandler that will load the image into
a byte array. The code is shown below (line numbers are for reference purposes only):
1 01 public class ImageResizeHandler : IHttpHandler

2 02 {
3 03 public void ProcessRequest(HttpContext context)
4 04 {
5 05
6 06 }
7 07
8 08 // Remaining implementation omitted for brevity.
9 09 }
Now you need to read the size querystring parameter from the context object parameter
in the ProcessRequest method.
You need to add a statement at line 05 that will return the size parameter from the
querystring.
Which statement should you use? (Choose all that apply.)
context.Request["size"] (Correct)
context.Application["size"]
context.Items["size"]
 context.Request.Params["size"] (Correct)
Explanation
You should use the following: context.Request["size"] or context.Request.Params["size"] Both
indexed collections contain the parameters that are supplied in the QueryString, Form,
Cookies, and ServerVariables collections. You should not use the following:
context.Items["size"] This dictionary contains key value pairs that are useful for sharing data
between HttpModules and HttpHandlers during a request. You should not use the following:
context.Application["size"] The HttpApplicationState object is used to store and retrieve global
data that is persistent for the lifetime of an application. References: IHttpHandler Interface
(https://msdn.microsoft.com/en-us/library/system.web.ihttphandler(v=vs.110).aspx);
HttpContext Class (https://msdn.microsoft.com/en-
us/library/system.web.httpcontext(v=vs.110).aspx); HttpContext.Request Property
(https://msdn.microsoft.com/en-us/library/system.web.httpcontext.request(v=vs.110).aspx);
You deploy an ASP.NET MVC e-commerce application to a four-server web farm, with each
server residing in a di erent geographical location. The application uses a centralized SQL
Server database to store products and customer orders. It uses the Entity Framework as
the middle tier.
The application contains the following code segment to load or create a user's shopping
cart:
1 ShoppingCart cart = Session["ShoppingCart"] as ShoppingCart;

2 if (cart == null)
3 {
4 cart = new ShoppingCart();
5 Session["ShoppingCart"] = cart;
6 }
The Web.con g le contains the following markup:
1 <connectionStrings>
2 <add name="eCommerce" connectionString="metadata=res://*/eCommerce.csdl|res://*/eCom
Session a nity is not enabled. The shopping cart must be maintained between requests.
You need to con gure session state.
 1 <sessionState
2 mode="StateServer"
3 cookieless="false" (Incorrect)
4 stateConnectionString="tcpip=DB1\eCommerce" />
1 <sessionState
2 mode="SQLServer" (Correct)
3 sqlConnectionString="server=DB1;database=eCommerce;integrated Se
1 <sessionState
2 mode="InProc"
3 stateConnectionString="
4 metadata=res://*/eCommerce.csdl|res://*/eCommerce.ssdl|res://*/eCommerce.msl
5 provider connection string="server=DB1;database=eCommerce;integrated
6 security=True;"" />
1 <sessionState
2 mode="InProc"
3 cookieless="true"
4 sqlConnectionString="server=DB1;database=eCommerce;integrated Security=True;
Explanation
You should use the following con guration: By setting the mode attribute of the sessionState
element to SQLServer, you allow session state to be stored in a SQL Server database. Your
sqlConnectionString attribute allows you to specify the connection string to the database. By
using a database, you allow session state to be stored in a single place for all browser
sessions. This is necessary because the web application is hosted on a web farm with session
a nity disabled, meaning that multiple requests from the same browser session can connect
to di erent physical servers. You should not use the following con guration: The StateServer
mode allows you to store session state in memory on a shared server where the ASP.NET
State Service is running. However, the stateConnectionString attribute should specify a server
name or IP address and port. You should not use the following con guration: The InProc
mode causes session state to be stored in memory on the web server, which is the default
session state mode. If a user's session switches to another web server in the web farm, the
user's session state is not maintained. You should not use the following con guration: The
InProc mode causes session state to be stored in memory on the web server, which is the
default session state mode. If a user's session switches to another web server in the web farm,
the user's session state is not maintained. References: Session-State Modes
(https://msdn.microsoft.com/en-us/library/ms178586.aspx); ASP.NET Session State Overview

(https://msdn.microsoft.com/en-us/library/ms178581(v=vs.100).aspx);
QUESTION
You need to con gure authentication for the application.
Which authentication method should you use?
Windows
Federated
 Forms (Correct)
Password
Explanation
You should use Forms authentication because you provide a custom login page for users at
Home/Index. You can use Active Directory application programming interface (API) calls to
authenticate the users. You should not use Federated authentication. This authentication
method allows users to authenticate with one domain and access services hosted on another
domain. You should not use Passport authentication. This authentication method
authenticates users with Microsoft Passport accounts. You should not use Windows
authentication. You cannot use a custom login page with Windows authentication without
writing a custom HTTP module. References: ASP.NET Authentication
(https://msdn.microsoft.com/en-us/library/eeyk640h.aspx); WSFederation Authentication
Module Overview (https://docs.microsoft.com/en-us/dotnet/framework/security/wsfederation-
authentication-module-overview);
You are creating an ASP.NET MVC application. You plan to deploy the application on a
three-server web farm. User session state must be maintained between requests. The
application must preserve the session ID for all links that use application-relative paths.
The application must not embed the session ID in the URL.
You need to con gure session state.
<sessionState mode="InProc" cookieless="true"/>
<sessionState mode="StateServer" cookieless="true"/>
<sessionState mode="InProc" cookieless="false"/>
 <sessionState mode="StateServer" cookieless="false"/> (Correct)
Explanation
You should use the following con guration: By setting the mode attribute of the sessionState
element to StateServer, you allow session state to be stored in memory in the ASP.NET state
service. You can specify the machine and port that hosts the service by using the
stateConnectionString attribute. By using the ASP.NET state service, you allow session state to
be stored in a single place for all browser sessions. By setting the cookieless attribute of the
sessionState element to false, you cause the session ID to be persisted in the memory of the
user's browser rather than in the URL. You should not use the following con guration: The
InProc mode causes session state to be stored in memory on the web server. If a user's
session switches to another web server in the web farm, the user's session state is not
maintained. You should not use the following con guration: This con guration sets the
cookieless attribute to true, causing the session ID to be stored in the URL. You should not use
the following con guration: The InProc mode causes session state to be stored in memory on
the web server. If a user's session switches to another web server in the web farm, the user's
session state is not maintained. Also, this con guration sets the cookieless attribute to false,
causing the session ID to be stored in memory in the user's browser. References: Session-
State Modes (https://msdn.microsoft.com/en-us/library/ms178586.aspx); Session Identi ers
(https://msdn.microsoft.com/en-us/library/ms178582.aspx);
You have a web application deployed in a web farm that must use StateServer for
maintaining session state between requests. You have con gured StateServer Session
State in your web.con g as follows:
1 <sessionState
2 mode="StateServer"
3 stateConnectionString="tcpip=statesrv.corp-apps-01.net:42424"
4 cookieless="false" timeout="20" />
While testing the application, you found that the session does not appear to be shared
across all of the web servers in the web farm. Instead, each server appears to have a
distinct copy of the session values.
What should you do?
 Ensure that the ASP.NET State Service is running on each of the web
(Incorrect)
servers in the farm.
Adjust the validationKey and decryptionKey on the machine element in

(Correct)
the web.con g les so that each server has the same values for each.
On each web server, adjust the port number on the stateConnectionString attribute in
the web.con g les so that each web server is connecting to a di erent port.
On each web server, change the protocol on the stateConnectionString attribute in the
web.con g les from tcpip to udp.
Explanation
You should adjust the validationKey and decryptionKey on the machine element in the
web.con g les so that each server has the same values for each. Each web server must share
the same encryption keys in order for the session values to be available on each web server.
You should not adjust the port number on the stateConnectionString attribute in the
web.con g les or ensure that the ASP.NET State Service is running on each of the web servers
in the farm. The state server will only listen for connections on a single port. The default port is
42424. There should only be one state server running. All web servers in the web farm will
connect to the single state server. You should not change the protocol on the
stateConnectionString attribute in the web.con g les from TCP/IP to UDP. The state server
communicates over the TCP/IP protocol not UDP. Changing the protocol will not x the
problem. References: Session-State Modes
(https://msdn.microsoft.com/library/ms178586.aspx); machineKey Element (ASP.NET Settings
Schema) (https://msdn.microsoft.com/en-us/library/w8h3skw9(v=vs.100).aspx);
QUESTION
You need to implement the security requirement for URL access.
What should you do? (Each correct answer presents part of the solution. Choose all that
apply.)
 Add the following markup to the Web.con g le:

1 <location path="*">
2 <system.web>
3 <authorization>
4 <deny users="?"/> (Incorrect)
5 </authorization>
6 </system.web>
7 </location>
Apply the following attribute to the Index method in the HomeController

class: (Correct)
1 [AllowAnonymous]
Add the following code to the Application_Start method in Global.asax.cs:

1 GlobalFilters.Filters.Add(new AuthorizeAttribute()); (Correct)
Add the following markup to the Web.con g le:

1 <location path="Home/Index">
2 <system.web>
3 <authorization>
4 <allow users="*"/>
5 </authorization>
6 </system.web>
7 </location>
Explanation
You should add the following code to the Application_Start method in Global.asax.cs:
GlobalFilters.Filters.Add(new AuthorizeAttribute()); This applies the Authorize attribute to all
controllers. The Authorize attribute indicates that a user must be logged-on to invoke one or
more controller actions. If the attribute is applied to the controller itself, it applies to all actions
unless an action is marked with the AllowAnonymous attribute. If it is applied to a speci c
method, it only applies to the action represented by that method. You should also apply the
AllowAnonymous attribute to the Index method in the HomeController class. This attribute
indicates that the Index action of the Home controller should be accessible by anyone. You
should not add the following markup to the Web.con g le: Or: The authorization element
allows you to implement URL authorization for ASP.NET web forms applications. With MVC
applications, you should use the Authorize attribute. References: AuthorizeAttribute Class
(https://docs.microsoft.com/en-
ASP.NET Authorization (https://msdn.microsoft.com/en-us/library/wce3kxhd.ASPX);
You are creating an ASP.NET MVC application. You are presented with the code in the
exhibit.
The method can be called with RenderAction. You need to ensure that a user cannot see
the results of this action by navigating through a URL.
What should you do?
Add the [ChildActionOnly] attribute. (Correct)
Add the [AllowAnonymous] attribute.
Remove the ActionResult return value.
 Make the method private. (Incorrect)
Explanation
You should add the [ChildActionOnly] attribute. When an action method is decorated with
[ChildActionOnly] attribute, it becomes a child action method, which renders inline HTML
markup for a part of a view, not a complete view. These type of methods do not respond to
URL requests. You should not make the method private. Changing the method to private will
make it callable from only within the class it is in. You should not add the [AllowAnonymous]
attribute. Regarding security, it is important to apply the Authorize attribute to a controller,
and use the AllowAnonymous attribute on the login and register actions. However, the action
presented in the exhibit is not suitable for the AllowAnonymous attribute. You should not
remove the ActionResult return value. The action RemoveExternalLogins() is returning a partial
view. You will get a compiler error if you remove the ActionResult return value. References:
ChildActionOnlyAttribute Class (https://technet.microsoft.com/ -
/library/system.web.mvc.childactiononlyattribute(v=vs.100).aspx);
You add the following class to an ASP.NET application:
1 public class ImageGenerator

2 {
3 public bool IsReusable
4 {
5 get { return true; }
6 }
7 public void ProcessRequest(HttpContext context)
8 {
9 }
10 }
When users browse your web application for les with the .imx extension, you want to be
sure that your ProcessRequest method processes the request. You need to modify the
environment or code to accomplish your goal.
What should you do? (Each correct answer presents part of the solution. Choose all that
apply.)
Add the following code to the Session_Start method in Global.asax:

1 RouteTable.Routes.MapPageRoute(null, "*.imx", "ImageGenerator");
Add the following con guration to the web.con g le:

1 <httpModules>
2 <add name="*.imx" type="ImageGenerator"/>
3 </httpModules>
Modify the ImageGenerator class to implement IHttpModule.
 Add the following con guration to the web.con g le:

1 <httpHandlers>
2 <add verb="*" path="*.imx" type="ImageGenerator"/> (Correct)
3 </httpHandlers>
Add the following code to the Application_Start method in Global.asax:

1 RouteTable.Routes.MapRoute(name: "ImageGenerator", url: "*.imx");
 Modify the ImageGenerator class to implement IHttpHandler. (Correct)
Explanation
You should modify the ImageGenerator class to implement IHttpHandler. This interface
represents an HTTP handler, which is used to process HTTP endpoint requests. You should
also add the following con guration to the web.con g le: This con guration registers the
ImageGenerator class to handle all HTTP requests for les with the .imx extension. Because
the verb attribute is set to an asterisk (*), ImageGenerator processes both GET and POST
requests. You should not add the following code to the Application_Start method in
Global.asax: RouteTable.Routes.MapRoute(name: "ImageGenerator", url: "*.imx"); This code
de nes a route for an MVC application. MVC applications use a special HTTP handler to
process requests to resources. You should not add the following code to the Session_Start
method in Global.asax: RouteTable.Routes.MapPageRoute(null, "*.imx", "ImageGenerator");
The MapPageRoute method allows you to specify a page to handle a speci c URL pattern.
However, in this scenario, ImageGenerator is an IHttpHandler instance, not a Page instance.
You should not add the following con guration to the web.con g le: This con guration
registers an HTTP module. HTTP modules do not represent endpoints for resources. Instead,
they have access to the HTTP pipeline, allowing them to inspect incoming requests and
outgoing responses. In this scenario, ImageGenerator should act as an HTTP handler, not an
HTTP module. You should not modify ImageGenerator to implement IHttpModule. This
interface represents an HTTP module. HTTP modules do not represent endpoints for
resources. Instead, they have access to the HTTP pipeline, allowing them to inspect incoming
requests and outgoing responses. In this scenario, ImageGenerator should act as an HTTP
handler, not an HTTP module. References: How to: Register HTTP Handlers
(https://msdn.microsoft.com/en-us/library/46c5ddfy.aspx); Walkthrough: Creating and
Registering a Custom HTTP Module (https://msdn.microsoft.com/en-
us/library/ms227673.aspx); ASP.NET Routing (https://msdn.microsoft.com/en-
us/library/cc668201.aspx);
 

70-486 - Developing ASP - NET MVC Web Applications - Gold Tests - 1 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

70-486 - Developing ASP - NET MVC Web Applications - Gold Tests - 1 PDF

Uploaded by

Copyright:

Available Formats

4/7/2019 70-486: Developing ASP.

NET MVC Web Applications : Gold Tests | Udemy

70-486: Developing ASP.NET MVC Web Applications : Gold Test 1 -

Attempt 1 All knowledge areas  All questions 

What should you do? (Choose all that apply.)

Change the Copy to output Directory property for SetLicense.cmd and

Link to Case Study 2: http://certifyme.io/70-486_CS2/index.html

You need to de ne the action method in the PropertyController class.

Which method declaration should you use?

public IView PropertiesByCommunity(int communityId = 0)

public ActionResult List(int communityId = 0) (Correct)

public void ListProperty(int id = 0)

public bool Property(int id = 0)

You are developing the functionality in a warehouse inventory management application

What should you do? (Choose all that apply.)

Create a public action method called Details on the controller. (Correct)

Create a controller class called Product in the Controllers folder.

Create a protected action method called Details on the controller.

Create a controller class called ProductController in the Controllers

A page in an ASP.NET MVC razor application contains the following markup:

Which CSS markup should you use?

tr: rst-child { font-weight: bold; }

tr+td { font-weight: bold; }

tr>td { font-weight: bold; }

td:nth-child(1) { font-weight: bold; } (Correct)

are siblings of tr elements. References: Pseudo-classes (https://developer.mozilla.org/en-

Web Socket application programming interface (API) (Correct)

Asynchronous JavaScript and XML (AJAX)

Windows Push Noti cation Services (WNS)

Representational State Transfer (REST)

us/windows/uwp/design/shell/tiles-and-noti cations/windows-push-noti cation-services--wns-

Which CSS should you use?

.options div: rst-child > li:last-child { font-weight: bold; }

#options div:nth-child(0) li:nth-child(3) { font-weight: bold; }

#options div: rst-of-type > ul > li:last-of-type { font-weight: bold; } (Correct)

#options div: rst-child > li:last-child { font-weight: bold; }

.options div:nth-child(0) li:nth-child(3) { font-weight: bold; }

#options li:last-child { font-weight: bold; }

[Authorize(Users = "None", Roles = "None")]

[Authorize(Users = "*", Roles = "*")]

What should you do?

Add this markup to the system.web section in the web.con g le:

Link to Case Study 2: http://certifyme.io/70-486_CS2/index.html

Which code segment should you insert at line VS02?

1 Layout = "~/Views/Shared/_Layout.cshtml"; (Correct)

Question 10: Skipped

1 < div class = "wrapper" >

What CSS do you add to the large-block class declaration?

clear: left; (Correct)

Question 11: Skipped

You need to use a binding that meets these criteria by default.

Which binding should you use?

Question 12: Skipped

What should you do with the code?

Convert it to a custom control.

Convert it to a partial view. (Correct)

Create an empty view and add a reference to the control.

Question 13: Skipped

Link to Case Study 1: http://certifyme.io/70-486_CS1/index.html

You need to meet the technical requirement for unhandled exceptions.

What should you use?

Health monitoring (Correct)

Question 14: Skipped

[Authorize(Users = "", Roles = "")]