单选题A developer has used this code within a servlet： 62.if（request.isUserInRole（"vip"）） { 63.// VIP-related logic here 64.} What else must the developer do to ensure that the intended security goal is achieved？（）A Create a user called vip in the security r

第1题：

Given the security constraint in a DD:// 101. 102. 103.Foo 104./Bar/Baz/* 105.POST 106. 107. 108.DEVELOPER 109. 110. And given that "MANAGER" is a valid role-name，which four are true for this security constraint？（）

• A、MANAGER can do a GET on resources in the /Bar/Baz directory.
• B、MANAGER can do a POST on any resource in the /Bar/Baz directory.
• C、MANAGER can do a TRACE on any resource in the /Bar/Baz directory.
• D、DEVELOPER can do a GET on resources in the /Bar/Baz directory.
• E、DEVELOPER can do only a POST on resources in the /Bar/Baz directory.
• F、DEVELOPER can do a TRACE on any resource in the /Bar/Baz directory.

第2题：

You need to design a method to standardize and deploy a baseline security configuration for servers. You solution must meet business requirements. What should you do？（）

• A、Create a script that installs the Hisecdc.inf security template
• B、Use a GPO to distribute and apply the Hisec.inf security template
• C、Use the System Policy Editor to configure each server’s security settings
• D、Use a GPO to distribute and apply a custom security template

第3题：

A developer has created a special servlet that is responsible for generating XML content that is sent to adata warehousing subsystem. This subsystem uses HTTP to request these large data files， which are compressed by the servlet to save internal network bandwidth. The developer has received a request frommanagement to create several more of these data warehousing servlets. The developer is about to copyand paste the compression code into each new servlet. Which design pattern can consolidate thiscompression code to be used by all of the data warehousing servlets？（）

• A、Facade
• B、View Helper
• C、Transfer Object
• D、Intercepting Filter
• E、Composite Facade

第4题：

You are the administrator of a SQL Server 2005 computer named SQL1. You create a security template that disables unnecessary services. The template is appropriate only for SQL1. You need to ensure that the security template is applied to SQL1. Your solution must ensure that the template automatically overrides any manual configuration changes made by other administrators within an hour. What should you do？（）

• A、Use the SQL Server Surface Area Configuration tool to import the security template.
• B、Use the Local Security Policy editor to import the security template into the Local Security Policy object.
• C、Configure Task Scheduler to import the security template by using Secedit.exe. Configure the task to run every half hour.
• D、Configure Task Scheduler to run the Microsoft Baseline Security Analyzer tool every half hour.

第5题：

Your network contains an Active Directory forest. The functional level of the forest is Windows Server  2008 R2.   Your companys corporate security policy states that the password for each user account must be  changed at least every 45 days.   You have a user account named Service1. Service1 is used by a network application named Application1.   Every 45 days， Application1 fails.   After resetting the password for Service1， Application1 runs properly.   You need to resolve the issue that causes Application1 to fail. The solution must adhere to the corporate  security policy.   What should you do（）

• A、Run the Set-ADAccountControl cmdlet.
• B、Run the Set-ADServiceAccount cmdlet.
• C、Create a new password policy.
• D、Create a new Password Settings object （PSO）.

第6题：

Your network consists of a single Active Directory forest. The forest functional level is Windows Server 2008 R2. The forest contains two domains named contoso.com and na.contoso.com.   Contoso.com contains a user named User1. Na.contoso.com contains an organizational unit （OU） named  Security.   You need to give User1 administrative rights so that he can manage Group Policies for the Security OU.   You want to achieve this goal while meeting the following requirements：   èUser1 must be able to create and configure Group Policies in na.contoso.com. èUser1 must be able to link Group Policies to the Security OU.   èUser1 must be granted the least administrative rights necessary to achieve the goal. What should you do？（）

• A、Add User1 to the Administrators group for na.contoso.com.
• B、Add User1 to the Group Policy Creator Owners group in contoso.com. Modify the permissions on the scurity OU.
• C、Run the Delegation of Control Wizard on the Security OU. In the Group Policy Management Console，modify the permissions of the Group Policy Objects container in the na.contoso.com domain.
• D、Run the Delegation of Control Wizard on na.contoso.com. In the Group Policy Management Console， modify the permissions of the Group Policy Objects container in the contoso.com domain.

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

Which menu option must be used to grant a user the authority to add or remove users to one or more Security Groups？（）

• A、 Security Controls
• B、 Database Access
• C、 Set Security Profile
• D、 Authorize Group Reassignment

第14题：

A developer has used this code within a servlet： 62.if（request.isUserInRole（"vip"）） { 63.// VIP-related logic here 64.} What else must the developer do to ensure that the intended security goal is achieved？（）

• A、Create a user called vip in the security realm
• B、Define a group within the security realm and call it vip
• C、Define a security-role named vip in the deployment descriptor
• D、Declare a security-role-ref for vip in the deployment descripto

第15题：

A developer for the Company.com web site has been told that users may turn off cookie support in their browsers. What must the developer do to ensure that these customers can still use the web application？（）  

• A、 The developer must ensure that every URL is properly encoded using the appropriate URL rewriting APIs
• B、 The developer must provide an alternate mechanism for managing sessions and abandon theHttpSession mechanism entirely
• C、 The developer can ignore this issue. Web containers are required to support automatic URL rewriting when cookies are not supported
• D、 The developer must ass the string ？id= to the end of every URL to ensure that the conversion with the browser can continue.

第16题：

You create a Web site. The Web site has many predefined roles and associated users that will be used for security purposes. You need to manage these roles and user accounts. Which tool should you use? （）

• A、the Microsoft .NET Framework Configuration tool
• B、the Code Access Security Policy tool
• C、the ASP.NET IIS Registration tool
• D、the Web Site Administration Tool

第17题：

You work as an application developer at Certkiller .com. Certkiller .com has instructed you to create a class named MetricFormula. This class will be used to compare MetricUnit and EnglishUnit objects.The MetricFormula is currently defined as follows （Line numbers are used for reference purposes only）： 1. public class MetricFormula2. { 3. 4. } You need to ensure that the MetricFormula class can be used to compare the required objects. What should you do？ （）

• A、 Add the following code on line 1： ： IComparable {
• B、 Add the following code on line 1： ： IComparer {
• C、 Add the following code on line 3： public int Compare （object x， object y） {// implementation code }
• D、 Add the following code on line 3： public int CompareTo （object obj） {// implementation code }

第18题：

Your company has four offices.   The network contains a single Active Directory domain.   Each office has domain controller. Each office has an organitational unit （OU） that contains the  user accounts for the users in that office.   In each office， support technicians perform basic troubleshooting for the users in their respective  office.   You need to ensure that the support technicians can reset the password for the user accounts in  their respective office only. The solution must prevent the thechnicians from creating user  accounts.   What shoul you do（）

• A、Four each OU， run the Delegation of Control Wizard.
• B、For the domain， run the Delegation of Control Wizard.
• C、For each office， create an Active Directory group， and then modify the security setting for each group.
• D、For each office， create an Active Directory group， and then modify the contorlAccessRights attirbute for each group

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：