Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
38 Cards in this Set
- Front
- Back
|
When would you set ASP.NET authentication to None?
|
When users do not need to be authenticated or when you are creating custom authentication logic
|
|
|
In which phase of a project is the functional specification created?
|
planning
|
|
|
Which term refers to the process of automatically capturing information to a predetermined data store?
|
logging
|
|
|
What are three limitations of using IIS Integrated Windows authentication?
|
1. It is not supported by all browsers(only Microsoft Internet Explorer 2.0 or later)
2. It cannot be used over HTTP Proxy connections. 3. On the firewall, additional TCP ports must be opened. |
|
|
Which two types of accounts can be used to authenticate SQL Server users?
|
SQL Server Login accounts and Windows accounts
|
|
|
When using ASP.NET Windows authentication, how are users authenticated?
|
using their Windows domain accounts
|
|
|
Why is IIS Integrated Windows authentication more secure than Basic authentication?
|
because with Integrated Windows authentication, the user name and password are not sent in clear text, but rather the credentials for the current Windows user are hashed and sent
|
|
|
What is an ACL?
|
An Access Control List(ACL)is a list of security descriptors that apply to objects.
|
|
|
Which two types of IIS authentication are enabled by default?
|
Anonymous and Integrated Windows
|
|
|
Are client-side cookies supported by all clients' browsers?
|
No. Some browsers for small devices do not support cookies, and even with some browsers that are capable of supporting cookies, users can configure their browser to either support or not support cookies.
|
|
|
Can Integrated Windows authentication be used to non-Windows computers?
|
No
|
|
|
Which credentials does IIS Basic authentication use to authenticate?
|
the user's Windows user account
|
|
|
What is the technical specification?
|
a set of documents, which usually includes all of the artifacts of physical design, such as class and component specifications and network and topologies, that documents the actual implementation of a solution
|
|
|
For which type of environment is IIS Integrated Windows authentication best used?
|
It is best used in intranet environments where users have a Windows account and are using Internet Explorer 2.0 or later.
|
|
|
What is the best option for storing small amounts of global data on the server that will not change frequently?
|
This type of information is best stored as Applivation state variables.
|
|
|
What protocols can IIS Integrated Windows authentication use?
|
Kerberos v5 and the challenge/response protocol inherently provided
|
|
|
When using Basic authentication, are logon credentials encrypted before they are transmitted?
|
No. They are passed in plain text.
|
|
|
To what does the term "integration" refer?
|
the process of providing the ability for separate applications of systems to communicate with one another
|
|
|
Which items should you include in your functional specification?
|
the features of the system (what it will do and how it will do it), the security requirements of the system, and the potential risks and how you plan to mitigate them
|
|
|
Can you change the account that IIS uses for Anonymous authentication?
|
Yes. You can use the IIS snap-in to change the account.
|
|
|
Can you use Integrated Windows authentication with all browsers?
|
No. Integrated Windows authentication is only supported by Microsoft Internet Explorer version 2.0 or later.
|
|
|
With SQL Server, why might you choose to have users authenticated using their Windows accounts instead of using a single SQL Server login account?
|
if you need to audit on a per-user basis or specifically identify each user
|
|
|
Which type of ASP.NET authentication takes advantage of a centralized authentication service provided by Microsoft?
|
Passport authentication
|
|
|
Which four types of authentication does ASP.NET support?
|
Forms authentication, Windows authentication, Passport authentication, and None (Custom)
|
|
|
What is MSMQ?
|
Microsoft Message Queuing. MSMQ allows for asynchronous communication between two processes by one process posting messages to the queue and he other retrieving the messages when it is available to process them.
|
|
|
Which four approaches does ASP.NET support for client-side management?
|
ViewState, hidden fields, cookies, and query strings
|
|
|
Which term refers to the process of logging specific events that happen within a system?
|
auditing
|
|
|
What are three advantages of using hidden fields to manage state on the client side?
|
1. The field is stored and read from the page, so no additional server resources are needed.
2. Implementation is easy and straightforward. 3. Hidden fields are supported by almost all browsers and client devices. |
|
|
Is Forms authentication supported for XML Web services?
|
No
|
|
|
What are the advantages of using a SQL Server login account, instead of Windows accounts, for SQL Server users?
|
The account can be used by multiple users, so connection pooling can be used and there are fewer accounts to administer.
|
|
|
Which three approaches does ASP.NET support for server-side management?
|
Application state, Session state, and Database
|
|
|
What is the difference between Basic and Digest authentication?
|
They are basically the same except that Digest authentication hashes authentication credentials and can be used across firewalls or a proxy server.
|
|
|
Which four types of authentication does IIS support?
|
Anonymous, Basic, Digest, and Integrated Windows (which can use Client Certificate Mapping to map client certificates to Windows accounts)
|
|
|
How is a user authenticated using ASP.NET Forms authentication?
|
You specify a page to which ASP.NET will redirect. This page contains the controls necessary to retrieve the user's credentials and validate them. The user's credentials are compared to those you have previously explicitly stored.
|
|
|
With IIS Anonymous authentication, which user account is used by default to authenticate the user?
|
IUSR_<computername>
|
|
|
Which method of IIS Anonymous authentication allows all users to access the public areas of a Web site without prompting them for credentials?
|
Anonymous authentication
|
|
|
With IIS Anonymous authentication, how is the IUSR_<computername> account used?
|
With IIS Anonymous authentication, when the request is received IIS impersonates the IUSR_<computername> account. IIS checks NTFS permissions to verify that the IUSR_<computername> account (which is by default a member of Guests) has the appropriate permissions to the requested file.
|
|
|
How do functional specifications differ from technical specifications?
|
The functional specification describes what will be built in terms of functionality, while the technical specification includes specifics of the physical design.
|
