MCPD Certification

Declarative security check is a security check performed on the declarative information in metadata. It uses attributes to place security information into the metadata of application code.

Imperative security check is a security check that occurs on calling a security method within the code being protected. It works by instantiating security classes and using them directly. It can be isolated within an object or method.

The utilities for the verification of the security policy for a deployed application are Caspol.exe, Preverify.exe, and Permview.exe.

Deploy an application to the client computers on a company’s intranet. Later, modify the assembly, any application that uses version 1.0 must now use version 2.0 by using PublisherPolicy.

Create an assembly that is consumed by other application and permission not granted to an assembly without minimum permission request.

Use the Code Access Security Policy tool (Caspol.exe) to enable users and administrators to modify the security policy for the machine policy level, the user policy level, and the enterprise policy level.

The Digital certificate is used to verify the identity of a potential customer.

Standard Internet e-mail is usually sent as plaintext over networks. This is not secure, as intruders can monitor mail servers and network traffic to obtain sensitive information.

L2TP with IPSec needs a certificate authority server (CA server) to generate certificates as well as to check their validity for providing secure communication.

Biometrics is a method of authentication that uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user.

The Passport authentication provider is used for user authentication. It uses an encrypted mechanism to indicate authenticated users.

Use the following permissions to obtain minimum permissions to execute an application properly:

• Code Access Permissions
• Identity Permissions
• Role-Based Permissions

The ApplicationAccessControl attribute allows access checking at the component level in order to support component, interface, or method level role checks. The scope of the ApplicationAccessControl attribute is assembly.

The username and password attributes are specified in the element of the Web.config file for every request on a page.

The FullTrust permission set provides the best performance to set the permission sets. Use the authentication methods, which are provided by Internet Information Services (IIS) in an application.

Use the in the Web.config file to enable Custom authentication.

The Single Sign-On (SSO) is a system capability that enables users to access a number of applications without having to log on and/or provide a password to each application.

The SecurityAction.RequestMinimum value is used to request for the minimum permissions required for code to run.

The SecurityAction enumeration is used to specify the security actions that can be performed using declarative security.

Declarative security check is a security check performed on the declarative information in metadata.

In the Packet Privacy authentication level, authentication and encryption of data are performed. This level includes data integrity and the identity and signature of a user.

The authentication element in the Web.config file is added to identify users to view an application.

The SslStream.IsMutuallyAuthenticated property is used to get a boolean value that indicates whether both the server and client have been authenticated.

A Cryptosystem is a computer system that implements cryptography. It is used to secure email, digital signature, hash function, and key management.

The TripleDESCryptoServiceProvider class is used to encrypt data in a file as well as in the memory.

In cryptography, Optimal Asymmetric Encryption Padding (OAEP) is a padding scheme, which is often used with RSA encryption.

The RijndaelManaged class, which is a symmetric cryptography is used to encrypt assembly data.

CBC is the default mode for all encryption classes that uses Cipher Block Chaining (CBC) as the cipher mode.

The HashAlgorithmType enumeration is used to specify that the algorithm is used for generating Message Authentication Code (MAC) in Secure Sockets Layer (SSL) communications.

Certificate-based authentication is the most secure method of authentication. It provides a stronger key for encryption as compared to Digest authentication and sends encrypted passwords across the network. This prevents unauthorized users from intercepting passwords.

Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. Secure Sockets Layer (SSL) uses a combination of public key and symmetric encryption to provide communication privacy, authentication, and message integrity.

The IsSubSetOf method of the PrincipalPermission class is used to determine whether or not the current permission object is a subset of the specified permission object.

The PrincipalPermissionAttribute attribute applies to a class or method in order to declaratively demand for those users who belong to a specified role or have been authenticated.

The Union method of the PrincipalPermission class is used to create a permission object that is the union of the current permission object and a target parameter permission object.

Use the PrincipalPermission class to imperatively demand that the current user is a member of the local Users group.

Use either the System.Environment.UserName property or System.Environment.GetEnvironmentVariable() method to identify a username of a security context in which the current assembly is running.

The PermitOnly method of the FileIOPermission class is used to prevent callers higher in the call stack from using the code that calls a method to access resources that are not specified by the current instance.

The security policy levels in hierarchical order are Enterprise policy, Machine policy, User policy, and Application domain policy.

The Reset method of the PolicyLevel class is used to set the current policy level to the default state.

A publisher policy configuration file contains compatibility information issued by the publisher of a shared component.

Use the ZoneMembershipCondition class to test whether or not an assembly was located on the intranet.

Use the ApplicationDirectoryMembershipCondition to test whether the assembly was located in a specific folder.

The generic role-based security is used to secure data from unauthorized users.

Role-based authorization uses the GenericPrincipal class to represent the roles of the current user.

The Session object is used to create a variable that will be available as long as the session is active.