By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,682 Members | 1,980 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,682 IT Pros & Developers. It's quick & easy.

MCSD 70-310 Advanced XML Web Services Programming Exam Question

P: n/a
Now can someone help me answer this question?

Northwind Traders is a chain of department stores located around the country. It is setting up a new sales system cashiers will use to accept payments from customers. As a pilot project, you are creating a Windows application to implement a new sales system in one of the stores. You want to use an existing Web Service in this Windows application. You have implemented security and ensured that only the users in the cashiers group and the store manager can access the sales system. Because of certain financial requirements, the sales application also needs to be accessed by Nancy, and accountant at that store. However, the XML Web service is not configured to ensure access control. Which of the following tasks ensure that only authorized users can access XML Web services? (Choose one correct option.)



A. In the web.config file, insert the following lines of code:

<authorization> <allow role="Cashiers, Managers"/> <allow users="Nancy"/> <deny users="*"> <deny users="?"></authorization>B. In the web.config file, insert the following lines of code:

<authorization> <deny users="*"> <allow users="Nancy"/> <allow role="Cashiers, Managers"/> <deny users="?"></authorization>C. In the web.config file, insert the following lines of code:

<authorization> <allow users="*"> <allow users="Nancy"/> <allow role="Cashiers, Managers"/> <deny users="?"></authorization>D. In the web.config file, insert the following lines of code:

<authorization> <allow users="?"> <deny users="*"> <allow users="Nancy"/> <allow role="Cashiers, Managers"/></authorization>

I would have assumed that B was the correct answer, but it looks like they wanted A. Or would A and B do the same thing?

Nov 21 '05 #1
Share this Question
Share on Google+
29 Replies


P: n/a
>Now can someone help me answer this question?

yes, don't post in html.

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #2

P: n/a
"Greg" <gr****@msn.com> wrote:
Now can someone help me answer this question?
<SNIP>I would have assumed that B was the correct answer, but it looks like they wanted A. Or would A and B do the same thing?


Set your posting preferences to plain-text!!!

Northwind Traders is a chain of department stores located
around the country. It is setting up a new sales system
cashiers will use to accept payments from customers. As a
pilot project, you are creating a Windows application to
implement a new sales system in one of the stores. You want
to use an existing Web Service in this Windows application.
You have implemented security and ensured that only the
users in the cashiers group and the store manager can access
the sales system. Because of certain financial requirements,
the sales application also needs to be accessed by Nancy,
and accountant at that store. However, the XML Web service
is not configured to ensure access control. Which of the
following tasks ensure that only authorized users can access
XML Web services? (Choose one correct option.)

A. In the web.config file, insert the following lines of
code:
<authorization>
<allow role="Cashiers, Managers"/>
<allow users="Nancy"/>
<deny users="*">
<deny users="?">
</authorization>

B. In the web.config file, insert the following lines of
code:
<authorization>
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>

C. In the web.config file, insert the following lines of
code:
<authorization>
<allow users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>

D. In the web.config file, insert the following lines of
code:
<authorization>
<allow users="?">
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
</authorization>

start digging into the MSDN:

<authorization> Element
http://msdn.microsoft.com/library/de...ionsection.asp

<deny> Element
http://msdn.microsoft.com/library/de.../gngrfdeny.asp

<allow> Element
http://msdn.microsoft.com/library/de...gngrfallow.asp

<allow role="Cashiers, Managers"/> - Grant the Cashiers and
Manager roles access
<allow users="Nancy"/> - Allow user Nancy access
<deny users="*"> - Deny all users access
<deny users="?"> - Deny unauthenticated users access
<allow users="?"> - Allow unauthenticated users access

also:

"At run time, the authorization module iterates through the
<allow> and <deny> tags until it finds the FIRST access rule
that fits a particular user. It then grants or denies access
to a URL resource depending on whether the first access rule
found is an <allow> or a <deny> rule."

So (A) grants access to the Cashiers and Managers and to
Nancy while THEN denying access to all other users and
anonymous users. This is the solution that the question is
looking for.

(B) strictly denies all users; the "allows" are in the wrong
position. We never get to the "allow" rules.

(C) allows all users right at the beginning; we never get to
the remaining rules; this is not restrictive enough

(D) allows unauthenticated users, while denying all other
users; we certainly do not want this

Note (doesn't pertain to this question as such): to allow
only authenticated users you would need a sequence of two
rules:

<deny users="?">
<allow users="*">

Also keep in mind:

"The default authorization rule in the Machine.config file
is <allow users="*"/> so, by default, access is allowed
unless configured otherwise."
Nov 21 '05 #3

P: n/a
Get a updated news reader.

"The Poster Formerly Known as Kline Sphere" <.> wrote in message news:gr********************************@4ax.com...
Now can someone help me answer this question?


yes, don't post in html.

Kline Sphere (Chalk) MCNGP #3

Nov 21 '05 #4

P: n/a
Don't post stupid replies.

"UAError" <nu**@null.null> wrote in message news:tu********************************@4ax.com...
"Greg" <gr****@msn.com> wrote:
Now can someone help me answer this question?

<SNIP>
I would have assumed that B was the correct answer, but it looks like they wanted A. Or would A and B do the same thing?


Set your posting preferences to plain-text!!!

Northwind Traders is a chain of department stores located
around the country. It is setting up a new sales system
cashiers will use to accept payments from customers. As a
pilot project, you are creating a Windows application to
implement a new sales system in one of the stores. You want
to use an existing Web Service in this Windows application.
You have implemented security and ensured that only the
users in the cashiers group and the store manager can access
the sales system. Because of certain financial requirements,
the sales application also needs to be accessed by Nancy,
and accountant at that store. However, the XML Web service
is not configured to ensure access control. Which of the
following tasks ensure that only authorized users can access
XML Web services? (Choose one correct option.)

A. In the web.config file, insert the following lines of
code:
<authorization>
<allow role="Cashiers, Managers"/>
<allow users="Nancy"/>
<deny users="*">
<deny users="?">
</authorization>

B. In the web.config file, insert the following lines of
code:
<authorization>
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>

C. In the web.config file, insert the following lines of
code:
<authorization>
<allow users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>

D. In the web.config file, insert the following lines of
code:
<authorization>
<allow users="?">
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
</authorization>

start digging into the MSDN:

<authorization> Element
http://msdn.microsoft.com/library/de...ionsection.asp

<deny> Element
http://msdn.microsoft.com/library/de.../gngrfdeny.asp

<allow> Element
http://msdn.microsoft.com/library/de...gngrfallow.asp

<allow role="Cashiers, Managers"/> - Grant the Cashiers and
Manager roles access
<allow users="Nancy"/> - Allow user Nancy access
<deny users="*"> - Deny all users access
<deny users="?"> - Deny unauthenticated users access
<allow users="?"> - Allow unauthenticated users access

also:

"At run time, the authorization module iterates through the
<allow> and <deny> tags until it finds the FIRST access rule
that fits a particular user. It then grants or denies access
to a URL resource depending on whether the first access rule
found is an <allow> or a <deny> rule."

So (A) grants access to the Cashiers and Managers and to
Nancy while THEN denying access to all other users and
anonymous users. This is the solution that the question is
looking for.

(B) strictly denies all users; the "allows" are in the wrong
position. We never get to the "allow" rules.

(C) allows all users right at the beginning; we never get to
the remaining rules; this is not restrictive enough

(D) allows unauthenticated users, while denying all other
users; we certainly do not want this

Note (doesn't pertain to this question as such): to allow
only authenticated users you would need a sequence of two
rules:

<deny users="?">
<allow users="*">

Also keep in mind:

"The default authorization rule in the Machine.config file
is <allow users="*"/> so, by default, access is allowed
unless configured otherwise."

Nov 21 '05 #5

P: n/a
In article <uV**************@TK2MSFTNGP12.phx.gbl>, gr****@msn.com
says...
Don't post stupid replies.


Shouldn't you be in bed already?
Nov 21 '05 #6

P: n/a
greg you are an stupid idiot.

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #7

P: n/a
greg, you are an idiot.

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #8

P: n/a
>> Don't post stupid replies.


Shouldn't you be in bed already?


.... and a good time was had by all....

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #9

P: n/a
That MCNGP designation really shows your intelligence, too. Since your
newsreader can't support HTML, I'm sure you can understand this now.

"The Poster Formerly Known as Kline Sphere" <.> wrote in message
news:hn********************************@4ax.com...
greg you are an stupid idiot.

Kline Sphere (Chalk) MCNGP #3

Nov 21 '05 #10

P: n/a
I should have known better, "The Poster Formerly Known as Kline Sphere".

"The Poster Formerly Known as Kline Sphere" <.> wrote in message
news:km********************************@4ax.com...
greg, you are an idiot.

Kline Sphere (Chalk) MCNGP #3

Nov 21 '05 #11

P: n/a
>That MCNGP designation really shows your intelligence, too.

not as much as my Msc title.
Since your
newsreader can't support HTML, I'm sure you can understand this now.


Maybe you should review the purpose of usenet, and in the process
review rfc822 & rfc1036.

html posting serves no purpose whatsoever and is only here because of
abominations such as outlook express.

BTW, where did you get that question from for which *you* were unable
to work the answer for yourself? You know the one that seemed, to me
anyway, to resemble a question from the real exam pool?

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #12

P: n/a
>I should have known better, "The Poster Formerly Known as Kline Sphere".

yes indeed.

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #13

P: n/a
In article <kg********************************@4ax.com>, The Poster
Formerly Known as Kline Sphere <.> says...
That MCNGP designation really shows your intelligence, too.


not as much as my Msc title.
Since your
newsreader can't support HTML, I'm sure you can understand this now.


Maybe you should review the purpose of usenet, and in the process
review rfc822 & rfc1036.

html posting serves no purpose whatsoever and is only here because of
abominations such as outlook express.

BTW, where did you get that question from for which *you* were unable
to work the answer for yourself? You know the one that seemed, to me
anyway, to resemble a question from the real exam pool?

Kline Sphere (Chalk) MCNGP #3

That and the fact that he had the cheek to criticise UAError who
actually answered his question and quoted the relevant MSDN sections.
Nov 21 '05 #14

P: n/a
Because with a stupid name like that, we know you are a really intelligent
boy. lol

"The Poster Formerly Known as Kline Sphere" <.> wrote in message
news:ra********************************@4ax.com...
I should have known better, "The Poster Formerly Known as Kline Sphere".


yes indeed.

Kline Sphere (Chalk) MCNGP #3

Nov 21 '05 #15

P: n/a
Since you work for Microsoft, you probably write those questions in your
Chinaman or Paki Enwish.

"Pollux" <po****@nospam.spam> wrote in message
news:MP************************@beta.usenet.plus.n et...
In article <kg********************************@4ax.com>, The Poster
Formerly Known as Kline Sphere <.> says...
That MCNGP designation really shows your intelligence, too.


not as much as my Msc title.
Since your
newsreader can't support HTML, I'm sure you can understand this now.


Maybe you should review the purpose of usenet, and in the process
review rfc822 & rfc1036.

html posting serves no purpose whatsoever and is only here because of
abominations such as outlook express.

BTW, where did you get that question from for which *you* were unable
to work the answer for yourself? You know the one that seemed, to me
anyway, to resemble a question from the real exam pool?

Kline Sphere (Chalk) MCNGP #3

That and the fact that he had the cheek to criticise UAError who
actually answered his question and quoted the relevant MSDN sections.

Nov 21 '05 #16

P: n/a
In article <#4**************@TK2MSFTNGP09.phx.gbl>, gr****@msn.com
says...
Since you work for Microsoft, you probably write those questions in your
Chinaman or Paki Enwish.

"Pollux" <po****@nospam.spam> wrote in message
news:MP************************@beta.usenet.plus.n et...
In article <kg********************************@4ax.com>, The Poster
Formerly Known as Kline Sphere <.> says...
>That MCNGP designation really shows your intelligence, too.

not as much as my Msc title.

>Since your
>newsreader can't support HTML, I'm sure you can understand this now.

Maybe you should review the purpose of usenet, and in the process
review rfc822 & rfc1036.

html posting serves no purpose whatsoever and is only here because of
abominations such as outlook express.

BTW, where did you get that question from for which *you* were unable
to work the answer for yourself? You know the one that seemed, to me
anyway, to resemble a question from the real exam pool?

Kline Sphere (Chalk) MCNGP #3

That and the fact that he had the cheek to criticise UAError who
actually answered his question and quoted the relevant MSDN sections.



An idiot and a bigot. Very nice.

I am neither confirming nor denying that I work for Microsoft. Not sure
where you got the idea though?
Nov 21 '05 #17

P: n/a
>Because with a stupid name like that, we know you are a really intelligent
boy. lol


you mean you know what a 'kline sphere' is? boy I'm impressed!

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #18

P: n/a
>That and the fact that he had the cheek to criticise UAError who
actually answered his question and quoted the relevant MSDN sections.


I'm still waiting to know where the question came from....

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #19

P: n/a
>Since you work for Microsoft, you probably write those questions in your
Chinaman or Paki Enwish.


wow... and people think I'm the bad man.....

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #20

P: n/a
Nah, I'm tired of the stupid banter. I'll give you the last word because I
know it's really important for you.

It looks like this newsgroup is all you have in your shallow life. Bye bye
loser.

"The Poster Formerly Known as Kline Sphere" <.> wrote in message
news:3p********************************@4ax.com...
That and the fact that he had the cheek to criticise UAError who
actually answered his question and quoted the relevant MSDN sections.


I'm still waiting to know where the question came from....

Kline Sphere (Chalk) MCNGP #3

Nov 21 '05 #21

P: n/a
UAError wrote:
A. In the web.config file, insert the following lines of
code:
<authorization>
<allow role="Cashiers, Managers"/>
<allow users="Nancy"/>
<deny users="*">
<deny users="?">
</authorization>

B. In the web.config file, insert the following lines of
code:
<authorization>
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>
So (A) grants access to the Cashiers and Managers and to
Nancy while THEN denying access to all other users and
anonymous users. This is the solution that the question is
looking for.

(B) strictly denies all users; the "allows" are in the wrong
position. We never get to the "allow" rules.


Well, I can see his confusion; however. Logically, the wildcard '*'
should /erase/ the permissions of the preceding permissions. What you are
saying is, based on position, the '*' acts as a blanket, wiping out
permissions for all future requests, OR, it acts as a filter, that takes
into account all the permissions already granted.

That's crazy.

(B) is a more logical format and makes far more sense. I think either this
question is wrong; or else microsoft designed permissions wrong.

--
incognito @ http://kentpsychedelic.blogspot.com/

Man is the best computer we can put aboard a spacecraft ... and the only one
that can be mass produced with unskilled labor. -- Werner von Braun
Nov 21 '05 #22

P: n/a
>It looks like this newsgroup is all you have in your shallow life. Bye bye
loser.


I'm loser? Who's the person with zero initiative when attempting to
solve simple problems?

BTW, when you are preparing my next burger, please don't spit into it.

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #23

P: n/a
The Poster Formerly Known as Kline Sphere wrote:
BTW, when you are preparing my next burger, please don't spit into it.


Do you have a MCNGP lapel pin? It might be wise not to wear that into
McDonalds!

Eric
Nov 21 '05 #24

P: n/a
>Do you have a MCNGP lapel pin? It might be wise not to wear that into
McDonalds!


umm, time to change my name again I think!

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #25

P: n/a
The Poster Formerly Known as Kline Sphere wrote:
Since you work for Microsoft, you probably write those questions in your
Chinaman or Paki Enwish.

wow... and people think I'm the bad man.....

Kline Sphere (Chalk) MCNGP #3


Don't worry. You still are. :-P
Nov 21 '05 #26

P: n/a
In article <uf*************@TK2MSFTNGP10.phx.gbl>, MN*****@Addus.com
says...
The Poster Formerly Known as Kline Sphere wrote:
Since you work for Microsoft, you probably write those questions in your
Chinaman or Paki Enwish.

wow... and people think I'm the bad man.....

Kline Sphere (Chalk) MCNGP #3


Don't worry. You still are. :-P


I came across a thread called "People I Hate" and his name wasn't on the
list. Surely that cannot be good for his reputation.
Nov 21 '05 #27

P: n/a
>I came across a thread called "People I Hate" and his name wasn't on the
list. Surely that cannot be good for his reputation.


I was *very* upset my name was not on that list (it must have been an
over site!), especially seeing that JaR was on it!

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #28

P: n/a
>Don't worry. You still are. :-P

Phew! had me worried for a minute.

Kline Sphere (Chalk) MCNGP #3
Nov 21 '05 #29

P: n/a
JaR
The Poster Formerly Known as Kline Sphere wrote:
I came across a thread called "People I Hate" and his name wasn't on the
list. Surely that cannot be good for his reputation.

I was *very* upset my name was not on that list (it must have been an
over site!), especially seeing that JaR was on it!


Hey! Wait a minnit...

JaR
Nov 21 '05 #30

This discussion thread is closed

Replies have been disabled for this discussion.