Table of Contents
Study Questions
Exam 70-528 Study Questions
Chapter 1: Framework Fundamentals
Extension
C1XQ1: What is the primary purpose of a delegate?
Answer: To facilitate event handling.
Lesson 3: Constructing Classes
C1L3Q1: To raise an event, what three elements must be provided?
Answer:
- A class that provides event data.
- An event delegate.
- A class that raises the event.
C1L3Q2: What object type should an event pass if it has no custom data?
Answer: EventArgs
C1L3Q3: If an event needs to pass custom data, what class should be derived from and what is the naming convention?
Answer: EventArgs should be derived from and the naming convention is {EventName}EventArgs.
C1L3Q4: What is the naming convention for a delegate for an event?
Answer: {EventName}Handler
C1L3Q5: What two things should be done to allow a class to raise an event?
Answer:
- A public event needs to be declared.
- A protected On{EventName} method should be created.
Chapter 2: Input/Output (I/O)
Lesson 1: Navigating the File System
C2L1Q1: How do you enumerate the drives in a system?
Answer: Call the DriveInfo.GetDrives method.
C2L1Q2: How do you enumerate the files in a particular directory?
Answer:
- Create a new DirectoryInfo object, specifying the directory in the constructor.
- Call the GetFiles method on the DirectoryInfo object, which returns a collection of FileInfo objects.
C2L1Q3: How would you determine the size of a particular file in the file system?
Answer:
- Create a new FileInfo object, specifying the path to the file in the constructor.
- Examine the FileInfo's Length property.
C2L1Q4: How do you copy a file?
Answer:
- Create a new FileInfo object, specifying the path to the source file in the constructor.
- Call the FileInfo's CopyTo method, specifying the path to the destination file.
C2L1Q5: What are the high level steps required to monitor a directory for changes?
Answer:
- Create a FileSystemWatcher object.
- Set the Path property.
- Register for the event that you are interested in.
- Set the EnableRaisingEvents property to true.
C2L1Q6: How do you create a DriveInfo object for a specific drive?
Answer: Create a new DriveInfo object, specifying the drive letter in the constructor.
Lesson 3: Compressing Streams
C2L3Q1: What two classes are used to compress and decompress data?
Follow up question: What is the difference between the two and what would you use each for?
Answer: GZipStream and DeflateStream.
Follow up answer: GZipStream conforms to the GZip standard by adding extra header information. GZipStream is best if inter-operation is required, DeflateStream has slightly better compression.
C2L3Q2: What is the data size limit of both compression methods?
Answer: 4 GB (of uncompressed data).
C2L3Q3: Which stream is passed to the constructor of a compression stream?
Answer:
- When compressing, the destination or output stream.
- When decompressing, the source or input stream.
How to Remember: The compressed stream is passed.
Chapter 3: Searching, Modifying, and Encoding Text
Lesson 1: Forming Regular Expressions
C3L1Q1: In a regular expression, what symbol matches the start of a line and what matches the end?
Answer: Start = ^ (carat), end = $
C3L1Q2: In a regular expression, what is a lazy quantifier and how is one specified?
Answer: A lazy quantifier will match as little of the searched string as possible. A lazy quantifier is specified by adding a '?' symbol immediately after the quantifier.
Chapter 4: Collections and Generics
Lesson 1: Collecting Data Items
C4L1Q1: What needs to be done to a custom collection class to enable the use of the foreach
statement?
Answer: IEnumerator needs to be implemented.
C4L1Q2: How would you randomise a collection?
Answer: Create a class that implements the IComparer interface and pass an instance of it to the collection's Sort method.
C4L1Q3: Which non-generic collection is the most basic, general collection?
Answer: ArrayList.
C4L1Q4: Which class is used by default to sort a collection?
Answer: Comparer.
Lesson 3: Working with Dictionaries
C4L3Q1: When iterating over a Hashtable, what order are entries returned in, by default?
Answer: The order of the hash values.
C4L3Q2: What are the five non-generic, non-specialised dictionary collections, what is each used for and what is the generic equivalent?
Answer:
- Hashtable, used for simple basic dictionaries, Dictionary<>.
- SortedList, used for dictionaries that are sorted by key, SortedList<> and SortedDictionary.
- ListDictionary, used for small dictionaries, Dictionary<>.
- HybridDictionary, used for dictionaries of unknown or varying size, Dictionary<>.
- OrderedDictionary, used where direct control of the order is required, Dictionary<>.
C4L3Q3: What type of object does a non-generic dictionary collection contain?
Answer: DictionaryEntry
C4L3Q4: Which list is a dictionary?
Answer: SortedList
Lesson 4: Using Specialized Collections
C4L4Q1: What type of dictionary collection should be used for small collections (typically fewer than ten elements)?
Answer: ListDictionary
C4L4Q2: What type of dictionary collection should be used for large collections?
Answer: Hashtable
C4L4Q3: What type of dictionary collection should be used if the size of the collection is unknown or will vary?
Answer: HybridDictionary
C4L4Q4: What type of dictionary collection should be used if ordering is required?
Answer: OrderedDictionary
C4L4Q5: How does a dictionary collection determine uniqueness?
Answer: It uses the IEqualityComparer passed into the constructor or, if none was passed, it uses the GetHashCode and Equals methods.
C4L4Q6: What are the five specialised collections and their generic equivalent?
Answer:
- BitArray, no generic equivalent.
- BitVector32, no generic equivalent.
- StringCollection, equivalent to List<String>.
- StringDictionary, equivalent to Dictionary<String>.
- NameValueCollection, equivalent to Dictionary<>.
C4L4Q7: The StringCollection class is a specialised version of what class?
Answer: ArrayList
C4L4Q8: The StringDictionary class is a specialised version of what class?
Answer: Hashtable
C4L4Q9: What can be created with the CollectionsUtil class?
Answer: Case-insensitive Hashtables and case-insensitive SortedLists.
C4L4Q10: How do you create a culture-invariant collection?
Answer: Pass StringComparer.InvariantCulture or StringComparer.InvariantCultureIgnoreCase to the constructor of the collection.
C4L4Q11: What is the difference between the NameValueCollection class and the StringDictionary class?
Answer:
- NameValueCollection can store multiple values for each key.
- NameValueCollection values can be accessed by key index.
Lesson 5: Generic Collections
C4L5Q1: What are the six 'standard' generic collections that are type-safe versions of the other ones?
Answer: List, Dictionary, SortedList, SortedDictionary, Queue and Stack.
C4L5Q2: What is the additional generic collection that is not a version of the other ones?
Answer: LinkedList
C4L5Q3: What are the three non-specialised, non-dictionary, non-generic collections and their generic equivalent?
Answer:
- ArrayList, equivalent to List<>.
- Queue, equivalent to Queue<>.
- Stack, equivalent to Stack<>.
Extension
C4XQ1: What does the compiler do when an iterator is implemented?
Answer: Automatically generates the Current, MoveNext and Dispose methods of the IEnumerable interface.
C4XQ2: How do you implement an iterator?
Answer:
- Implement the IEnumerable interface.
- Create a method called GetEnumerator which returns an IEnumerator.
- Use the
yield return
statement to return each element. - If required, use the
yield break
to end the iteration.
C4XQ3: What are two ways that the default iterator functionality can be extended?
Answer:
- Named iterators can be created which allows a class to have multiple iteration techniques.
- Parameterised iterators can be created which allows clients control over some or all of the iteration behaviour.
Chapter 5: Serialization
Lesson 1: Serializing Objects
C5L1Q1: What are the three steps to serialise an object to binary format?
Answer:
- Create a stream object.
- Create a BinaryFormatter object.
- Call the BinaryFormatter's Serialise method, passing in the stream object and the object to be serialised.
C5L1Q2: What are the four steps to deserialise an object from binary data?
Answer:
- Create a stream object.
- Create a BinaryFormatter object.
- Create a new object to store the deserialised data.
- Call the BinaryFormatter's Deserialise method, passing in the stream object and cast the result.
C5L1Q3: What needs to be done to a custom class to enable it to be serialised to binary?
Answer: Add the Serializable attribute to the class.
C5L1Q4: What needs to be done to a custom class to enable it to be serialised to SOAP?
Answer: Add the Serializable attribute to the class.
C5L1Q5: What needs to be done to prevent a member of a custom class from being serialised to binary?
Answer: Add the NonSerialized attribute to the member.
C5L1Q6: What needs to be done to prevent a member of a custom class from being serialised to SOAP?
Answer: Add the SoapIgnore attribute to the member.
C5L1Q7: How can a non-serialised object be automatically initialised after deserialisation?
Answer: The class should implement the IDeserializationCallback interface and implement the IDeserializationCallback.OnDeserialization method.
C5L1Q8: How can an exception be prevented from being thrown if a member is missing from the serialisation data?
Answer: Add the OptionalField attribute to the member.
Lesson 2: XML Serialization
C5L2Q1: Which tool would you use to create a class that, when serialised, would produce an XML document that conformed to an XML schema?
Answer: Xsd.exe
C5L2Q2: What are the three steps to serialise data to XML?
Answer:
- Create or get a reference to a stream, TextWriter, or XmlWriter object to hold the serialised output.
- Create or get a reference to an XmlSerializer object, passing it the type of object to be serialised.
- Call the XmlSerializer object's Serialize method, passing the stream and the object to be serialised.
C5L2Q3: What are the three steps to deserialise data from XML?
Answer:
- Create or get a reference to a stream, TextReader, or XmlReader object to read the serialised input.
- Create or get a reference to an XmlSerializer object, passing it the type of object to be deserialised.
- Call the XmlSerializer object's Deserialize method, passing the stream, and cast the result.
C5L2Q4: What needs to be done to ensure that a class can be serialised to XML?
Answer:
- Specify the class as public.
- Specify all members that must be serialised as public.
- Create a parameterless (or default) constructor.
C5L2Q5: By default, what are public class members serialised as?
Hint: Attributes or elements.
Answer: Elements.
C5L2Q6: What needs to be done to prevent a member of a custom class from being serialised to XML?
Answer: Add the XMLIgnore attribute to the member.
Lesson 3: Custom Serialization
C5L3Q1: How do you override the default serialisation functionality?
Answer: Implement the ISerializable interface and add the Serializable attribute to the class.
C5L3Q2: When should you not use the default serialisation functionality?
Answer: When the class has declarative or imperative security at the class level or on its constructors.
C5L3Q3: What should be implemented for the ISerializable interface?
Follow up question: What happens if you forget that which should be implemented for the ISerializable interface?
Answer: The GetObjectData method and the serialisation constructor.
Follow up answer: Forgeting the GetObjectData method results in a compiler error. Forgeting the serialisation constructor results in a serialisation exception at runtime.
C5L3Q4: What are the four serialisation events?
Answer: Serializing, Serialized, Deserializing and Deserialized.
C5L3Q5: What are the four attributes used to specify which methods respond to each serialisation event?
Answer: OnSerializing, OnSerialized, OnDeserializing and OnDeserialized.
C5L3Q6: Which event occurs first, IDeserializationCallback.OnDeserialization or ISerializable's OnDeserialization event?
Answer: IDeserializationCallback.OnDeserialization.
C5L3Q7: Which event occurs first, ISerializable's OnDeserialization event or IDeserializationCallback.OnDeserialization?
Answer: IDeserializationCallback.OnDeserialization.
C5L3Q8: What must a method have to respond to a serialisation event?
Answer:
- A StreamingContext object as a parameter.
- Return void.
- The attribute that matches the serialisation event.
C5L3Q9: Which of the serialisation types supports events?
Hint: Either BinaryFormatter, SoapFormatter or custom serialisation.
Answer: BinaryFormatter.
C5L3Q10: How can you make context decisions during serialisation?
Answer: Inspect (or examine etc) the StreamingContext object passed to the GetObjectData method.
C5L3Q11: How can you make context decisions during deserialisation?
Answer: Inspect (or examine etc) the StreamingContext object passed to the serialisation constructor.
Chapter 6: Graphics
Lesson 2: Working with Images
C6L2Q1: How can a System.Drawing.Image class be instantiated?
Answer:
- Call the Image.FromFile or Image.FromStream method.
- Create a System.Drawing.Bitmap or System.Drawing.Imaging.Metafile object.
C6L2Q2: What two methods does Bitmap have that Image does not?
Answer: GetPixel and SetPixel.
C6L2Q3: What must first be done to draw a rectangle on a Image or Bitmap object?
Answer: Create a Graphics object by calling the Graphics.FromImage method.
C6L2Q4: How can an image from a JPEG file be displayed in a Windows Forms application?
Answer:
- Create a PictureBox control on the form.
- Create a Image or Bitmap object by calling the Image.FromFile or Bitmap.FromFile method.
- Assign the Image or Bitmap object to the BackgroundImage property of the PictureBox control.
C6L2Q5: How can an image from a JPEG file be displayed in a Windows Forms application, without using a PictureBox control?
Answer:
- Create a Bitmap object by calling the Bitmap.FromFile method.
- Get the Graphics object by calling the GetGraphics method.
- Call the DrawImage method on the Graphics object, passing in the Bitmap object, the location and the size.
Lesson 3: Formatting Text
C6L3Q1: When using the Graphics.DrawString method, how do you set the vertical alignment to top, center or bottom?
Answer:
- Create a StringFormat object.
- Set the LineAlignment property of the StringFormat object to
- StringAlignment.Near for top,
- StringAlignment.Center for center or
- StringAlignment.Far for bottom.
- Pass the StringFormat object to the Graphics.DrawString method.
C6L3Q2: When using the Graphics.DrawString method, how do you set the horizontal alignment to left, center or right?
Answer:
- Create a StringFormat object.
- Set the Alignment property of the StringFormat object to
- StringAlignment.Near for left,
- StringAlignment.Center for center or
- StringAlignment.Far for right.
- Pass the StringFormat object to the Graphics.DrawString method.
Chapter 7: Threading
Extension
C7XQ1: What is the difference between the way the CLR deals with unhandled exceptions in the .NET Framework 1.1 verses 2.0?
Answer: In 1.0, a backstop is provided for unhandled exceptions that occur on the following types of thread:
- A thread from the thread pool.
- A thread created with the Thread.Start method.
- A finaliser thread.
In 2.0, these exceptions are left to proceed naturally.
C7XQ2: The .NET Framework 2.0 provides a backstop for what three types of unhandled exceptions?
Answer:
- A ThreadAbortException thrown because of an Abort call.
- An AppDomainUnloadException thrown because the application domain is being unloaded.
- An internal exception thrown by the CLR or host process.
Lesson 1: Creating Threads
C7L1Q1: What are the steps to create a new thread that does not require data passed to it?
Answer:
- Create a ThreadStart object and pass the method to be run into the constructor.
- Create a Thread object and pass the ThreadStart object into the constructor.
- Call the Thread object's Start method.
C7L1Q2: What are the steps to create a new thread that requires data passed to it?
Answer:
- Create a ParameterizedThreadStart object and pass the method to be run into the constructor.
- Create a Thread object and pass the ThreadStart object into the constructor.
- Call the Thread object's Start method and pass the data to go to the new thread.
C7L1Q3: What method signature does a ThreadStart delegate have?
Answer: It takes no parameters and returns void.
C7L1Q4: What method signature does a ParameterizedThreadStart delegate have?
Answer: It takes an Object as a parameter and returns void.
C7L1Q5: How should a thread be stopped?
Answer: By calling its Abort method.
C7L1Q6: What happens when you call a thread's Abort method?
Answer: The threading system prepares to throw a ThreadAbortException.
C7L1Q7: What two methods can be used to prevent data corruption when a thread is aborted?
Answer: BeginCriticalRegion and EndCriticalRegion.
C7L1Q8: What is contained in the execution context of a thread?
Answer:
- Security information
- Localisation settings
- Transaction information
C7L1Q9: How do you prevent new threads from getting the execution context?
Answer: Call the ExecutionContext.SurpressFlow before the new thread is created and call the ExecutionContext.RestoreFlow afterwards.
C7L1Q10: Why would you want to prevent new threads from getting the execution context?
Answer: It is faster.
C7L1Q11: What should the Thread.ThreadState property be used for?
Answer: Debugging only and not thread synchronisation.
C7L1Q12: Which thread state can a thread not return to once it has left it?
Answer: Unstarted
C7L1Q13: Which thread state can a thread not leave once it has entered it?
Answer: Stopped
C7L1Q14: Which thread state is a newly created thread in?
Answer: Unstarted
C7L1Q15: What happens to a thread's state when another thread calls Thread.Start on it?
Answer: At first, nothing. Then, when the thread responds to the call and actually starts running, it changes to Running.
C7L1Q16: What happens to a thread's state when another thread calls Thread.Suspend on it?
Answer: Thread.Suspend is depreciated and should not be used. But if it is, at first the thread's state changes to SuspendRequested. Then, when the thread responds to the call, it changes to Suspended.
C7L1Q17: What happens to a thread's state when another thread calls Thread.Abort on it?
Answer: At first the thread's state changes to AbortRequested. Then, when the thread responds to the call, it changes to Aborted.
C7L1Q18: What can trigger a thread to change its state to Running?
Answer:
- The thread responds to a Thread.Start call.
- Another thread calls Thread.Resume which is depreciated and should not be used.
- TODO: there may be a third.
C7L1Q19: How can a thread enter the WaitSleepJoin state?
Answer:
- The thread calls Monitor.Wait on another object.
- The thread calls Thread.Sleep.
- The thread calls Thread.Join on another thread.
Lesson 2: Sharing Data
C7L2Q1: What class can be used to atomically increment a variable?
Answer: Interlocked.
C7L2Q2: What five atomic operations can the Interlocked class perform?
Answer: Add, Increment, Decrement, Exchange and Read.
C7L2Q3: What are the three kernel object that allow thread synchronisation across application domains or process boundaries?
Answer: Mutex, Semaphore and Event.
C7L2Q4: What would you use to control access to a resource across application domains or process boundaries?
Answer: A Mutex.
C7L2Q5: What would you use to restrict access to a resource across application domains or process boundaries to a certain number of processes?
Answer: A Semaphore.
C7L2Q6: What would you use to signal processes across application domains or process boundaries?
Answer: An Event.
Lesson 3: The Asynchronous Programming Model
C7L3Q1: What does APM stand for?
Answer: Asynchronous Programming Model
C7L3Q2: What type does the method BeginRead (part of the APM) return?
Answer: IAsyncResult
C7L3Q3: What are the three APM rendezvous models?
Answer: Wait-until-done, polling and callback.
C7L3Q4: When using the APM, when is an exception that occurs on an asynchronous thread thrown?
Answer: When the EndXXX method is called.
C7L3Q5: To add a piece of work to be processed by the thead pool, what method should be called and what should be passed to it?
Answer: The ThreadPool.QueueUserWorkItem method should be called, a WaitCallback object and a data object to be processed should be passed.
C7L3Q6: What information does the method ThreadPool.GetMaxThreads give?
Answer: The maximum number of threads and the maximum completion ports.
C7L3Q7: What information does the method ThreadPool.GetMinThreads give?
Answer: The minimum number of threads and the minimum completion ports.
C7L3Q8: Which are there typically more of, threads managed by the thread pool or completion ports?
Answer: Completion ports
C7L3Q9: What method can be used to utilise the thread pool to fire a callback when a kernal-level synchronisation object signals it has been released?
Answer: ThreadPool.RegisterWaitForSingleObject
C7L3Q10: What is the namespace of the preferred Timer class?
Answer: System.Threading.Timer
Chapter 8: Application Domains and Services
Lesson 1: Creating Application Domains
C8L1Q1: What are application domains used for?
Answer: To keep assemblies separate within a single process.
C8L1Q2: What manages application domains?
Answer: The .NET framework runtime.
C8L1Q3: What manages processes?
Answer: The operating system.
C8L1Q4: What can host an application domain?
Answer: The .NET framework runtime or an assembly.
C8L1Q5: How do you create an application domain?
Answer: Call AppDomain's static CreateDomain method.
C8L1Q6: How do you load an assembly into an application domain?
Answer: Call the ExecuteAssembly or ExecuteAssemblyByName method on the instance of the AppDomain object.
C8L1Q7: How do you close an application domain?
Answer: Call AppDomain's static Unload method and pass a reference to the application domain to be closed.
Lesson 2: Configuring Application Domains
C8L2Q1: The Evidence object has a constructor that requires two arrays. What goes in each array?
Follow up question: Although either or both can be null, which is more likely to be null?
Answer: Host evidence and assembly evidence.
Follow up answer: Assembly evidence.
C8L2Q2: At what two stages can evidence be specified for an assembly running in an application domain?
Answer: When the application domain is created and when the assembly is executed.
C8L2Q3: Which existing AppDomain objects are affected by changing the properties of an AppDomainSetup instance?
Answer: None (tricky). Changing the properties of an AppDomainSetup instance only affects new AppDomain objects that are created with it.
Lesson 3: Creating Windows Services
C8L3Q1: How do you debug a service?
Answer: Install it, start it and then attach a debugger to the service's process.
C8L3Q2: When creating a service, which methods should you override and which are optional?
Follow up question: What should you also do if you override any optional method?
Answer: The methods OnStart and OnStop should be overridden. The methods OnPause, OnContinue and OnShutdown are optional.
Follow up answer: If OnPause and/or OnContinue are overriden, set ServiceBase.CanPauseAndContinue to true. If OnShutdown is overriden set ServiceBase.CanShutdown to true.
C8L3Q3: What four things does the ServiceInstaller class define?
Answer: The service description, display name, service name and start type.
C8L3Q4: What does the ServiceProcessInstaller class define?
Answer: The service account settings.
C8L3Q5: What are the three start types for a service and which is the default?
Answer: Automatic, manual (default) and disabled.
C8L3Q6: What are the four types of accounts that can be used in a security context for a Windows service?
Follow up question: Which is the default, which is the most secure and which is the most privileged?
Answer:
- Local service (most secure)
- Network service
- Local system (most privileged)
- User (default)
C8L3Q7: What tool is used to manually install a service?
Answer: InstallUtil.exe.
C8L3Q8: What are three methods for starting a Windows service?
Answer:
- Server Explorer.
- Services Control Manager.
- Programmatically using the ServiceController class.
C8L3Q9: What exception will a ServiceController object throw if the service name does not exist on the machine?
Answer: InvalidOperationException.
C8L3Q10: What class is used to interact with Windows services?
Answer: ServiceController.
C8L3Q11: What should a service name be and how is it set?
Answer: A service name should be unique and is set by modifying the ServiceBase.ServiceName property in Visual Studio's service Designer.
C8L3Q12: What must a service's OnStart method do?
Answer: Return.
C8L3Q13: What are three ways to stop or start a service?
Answer:
- Use Computer Management's Services snap-in.
- Use the Net command from a command line.
- Programmatically, by using the ServiceProcess.ServiceController class.
Chapter 9: Installing and Configuring Applications
Lesson 1: Configuration Settings
C9L1Q1: What are the two most important classes used to deal with application settings and what namespace are they in?
Answer: Configuration and ConfigurationManager, which are in the System.Configuration namespace.
C9L1Q2: What are the four ConfigurationManager methods that open various configurations?
Answer:
- OpenExeConfiguration
- OpenMachineConfiguration
- OpenMappedExeConfiguration
- OpenMappedMachineConfiguration
C9L1Q3: What should you always do before opening a mapped configuration file and why?
Answer: Check for the existence of the file, because if it is missing no error will be generated - instead all the configuration settings will be null.
C9L1Q4: How can you specify which version of the .NET Framework an application should be run with?
Answer: Add a supportedRuntime entry in the startup section of the configuration file.
C9L1Q5: Which is obsolete, ConfigurationSettings or ConfigurationManager?
Answer: ConfigurationSettings
C9L1Q6: What are the two default properties of the ConfigurationManager class used to store configuration information?
Answer: AppSettings and ConnectionString.
C9L1Q7: What is the default file name for putting configuration settings in?
Answer: App.config.
C9L1Q8: What is the XML path for custom application settings in the App.config file?
Follow up question: What is the element name and what should its two attributes be?
Answer: configuration → appSettings.
Follow up answer: The element name is 'add' and the two attributes should be 'key' and 'value'.
C9L1Q9: How would you read a setting called 'foo' from the application settings file?
Answer: Call ConfigurationManager.AppSettings[“foo”] and store the result in a String.
Lesson 2: Creating an Installer
C9L2Q1: What are the two specific predefined installers?
Answer: AssemblyInstaller and ComponentInstaller.
C9L2Q2: What methods should be overridden when creating a custom Installer class?
Follow up question: What two events can also be responded to?
Answer: Install, Commit, Rollback and Uninstall.
Follow up answer: Committing and Committed.
C9L2Q3: Other than overriding methods and responding to events, what else needs to be done to create a custom Installer class?
Answer: Add the RunInstallerAttribute to the custom class and set the runInstaller parameter to true.
Lesson 3: Using the .NET Framework 2.0 Configuration Tool
C9L3Q1: What are the code groups in the .NET Framework named after?
Answer: The evidence they provide.
Chapter 10: Instrumentation
Lesson 1: Logging Events
C10L1Q1: Which account or accounts have enough privileges to write to the Windows event log?
Answer: The Local System account.
C10L1Q2: Which logs are available by default in the Windows event log mechanism?
Answer: Application, Security and System.
C10L1Q3: What should never be done with any event log object?
Answer: It should never be passed to less trusted code.
C10L1Q4: What is required to create an event source and why?
Answer: Administrative privileges is required because all logs, including security, must be searched to determine whether the event source is unique.
C10L1Q5: Which versions of Windows do not support event logs?
Answer: Windows 98 and Windows Me.
Lesson 2: Debugging and Tracing
C10L2Q1: How can you programmatically signal a break to the debugger?
Answer: Call the Debugger.Break method.
C10L2Q2: How do you prevent a member from appearing in the variable watch window while debugging?
Answer: Add a DebuggerBrowsable attribute to the member and pass in DebuggerBrowserState.Never.
C10L2Q3: How do you specify what text will appear in the Value column of the variable watch window for a custom class while debugging?
Answer: Add a DebuggerDisplay attribute to the member.
C10L2Q4: What does the DebuggerDisplay attribute do?
Answer: Specifies what should be displayed in the Value column of the variable watch window while debugging.
C10L2Q5: What does the DebuggerHidden attribute do?
Follow up question: How is it different from the DebuggerStepThrough attribute?
Answer: It causes the debugger to step through the code for the class, method or property it decorates, and causes the debugger to ignore any breakpoints in the code.
Follow up answer: The DebuggerStepThrough attribute will not cause debugger to ignore any breakpoints in the code.
C10L2Q6: What does the DebuggerStepThrough attribute do?
Follow up question: How is it different from the DebuggerHidden attribute?
Answer: It causes the debugger to step through the code for the class, method or property it decorates, but the debugger will still break at any breakpoints in the code.
Follow up answer: The DebuggerHidden attribute will cause debugger to ignore any breakpoints in the code.
C10L2Q7: How do you prevent the debugger from breaking inside a class, method or property, even if there is a breakpoint?
Answer: Add a DebuggerHidden attribute to the class, method or property.
C10L2Q8: How do you prevent the debugger from breaking inside a class, method or property, but still stop on any breakpoints?
Answer: Add a DebuggerStepThrough attribute to the class, method or property.
C10L2Q9: How do you add a DebuggerHidden or DebuggerStepThrough attribute to a property?
Answer: Decorate either or both of the accessor methods with the attribute.
Lesson 3: Monitoring Performance
C10L3Q1: What is the difference between the Trace class and the Debug class?
Answer: The Trace class is implemented in both the release and debug builds, whereas Debug is only implemented in debug builds.
C10L3Q2: What are the four primary methods of getting a reference to a process or processes?
Answer: The GetCurrentProcess, GetProcessById, GetProcessByName and GetProcesses.
C10L3Q3: How do you start an external executable from .NET code?
Answer: Call the Process.Start method.
C10L3Q4: How do you start an external executable with command line arguments from .NET code?
Answer: Create or get a reference to a ProcessStartInfo object, set the Arguments property and pass it to the Process.Start method.
C10L3Q5: What object type should secure text be stored in?
Answer: SecureString
Lesson 4: Detecting Management Events
C10L4Q1: What are the four most important members of the System.Management namespace?
Answer: ManagementQuery, EventQuery, ObjectQuery and ManagementObjectQuery.
C10L4Q2: What does WMI stand for?
Answer: Windows Management Instrumentation.
C10L4Q3: What are the two steps to retrieve information from the WMI?
Answer:
- Create a ManagementObjectSearcher object and pass the query into the constructor.
- Obtain a ManagementObjectCollection object by calling the ManagementObjectSearcher's Get method.
C10L4Q4: What needs to be selected from to enumerate the logical drives?
Answer: Win32_LogicalDisk
C10L4Q5: What needs to be selected from to enumerate the network adapters?
Answer: Win32_NetworkAdapterConfiguration
C10L4Q6: What needs to be selected from to enumerate the Windows Services?
Answer: Win32_Service
C10L4Q7: What class would be used to respond a change in the WMI?
Answer: ManagementEventWatcher
C10L4Q8: What industry standard does the WMI use to represent systems, processes, networks, devices and enterprise components?
Answer: Common Information Model
C10L4Q9: The WMI architecture consists of what three tiers?
Answer:
- Client software components.
- The object manager.
- Provider software components.
C10L4Q10: What three things can applications use the WMI for?
Answer:
- Enumerating or retrieving a collection of instance property data.
- Querying for selected instance data.
- Subscribing to events.
C10L4Q11: What can the WMI instrumentation be used for?
Answer: Applications can create their own class and instances with properties and methods that store data about themselves to WMI.
C10L4Q12: What class or classes are used when gathering WMI class information?
Answer: ManagementObject and ManagementClass.
C10L4Q13: What class or classes are used when querying for data with WMI?
Answer: SelectQuery, ManagementObjectSearcher, WqlObjectQuery and ObjectQuery.
C10L4Q14: What class or classes are used when querying for data asynchronously with WMI?
Answer: ManagementObjectCollection and ManagementOperationObserver.
C10L4Q15: What class or classes are used when executing methods with WMI?
Answer: ManagementBaseObject.
C10L4Q16: What class or classes are used when executing methods asynchronously with WMI?
Answer: ManagementOperationObserver.
C10L4Q17: What class or classes are used when receiving events from WMI?
Answer: WqlEventQuery and ManagementEventWatcher.
C10L4Q18: What class or classes are used when receiving events asynchronously from WMI?
Answer: EventArrivedEventArgs, EventArrivedEventHandler, CompletedEventArgs and CompletedEventHandler.
C10L4Q19: What class or classes are used when connecting to a remote computer with WMI?
Answer: ConnectionOptions and ManagementScope.
C10L4Q20: What class or classes are used when creating data providers with WMI instrumentation?
Answer: Instance, InstrumentationClassAttribute and InstrumentedAttribute.
C10L4Q21: What class or classes are used when creating event providers with WMI instrumentation?
Answer: BaseEvent and Instrumentation.
C10L4Q22: What class or classes are used when registering a provider with WMI instrumentation?
Answer: ManagementInstaller.
C10L4Q23: What does the ObjectQuery class do?
Answer: It represents a management query that returns instances or classes.
C10L4Q24: What does the ManagementObjectSearcher class do?
Answer: It retrieved a collection of management objects based on a specifies query.
C10L4Q25: What does the ManagementObjectCollection class do?
Answer: It represents different collections of management objects retrieved through WMI.
C10L4Q26: Objects contained in a ManagementObjectCollection are derived from what type?
Answer: ManagementBaseObject.
Chapter 11: Application Security
Lesson 1: Understanding Code Access Security
C11L1Q1: What does CAS stand for?
Answer: Code Access Security.
C11L1Q2: What is the relationship between evidence, code groups and permission sets?
Answer: The evidence that an assembly has determines what code group or groups it belongs to. The code group or groups determines what permission set or sets it gets.
C11L1Q3: What are the two types of evidence?
Answer: Host evidence and assembly evidence.
C11L1Q4: What are the three CAS policy levels and which one would you most commonly use?
Answer: Enterprise, machine and user. Machine policy is the most commonly used.
C11L1Q5: What must an assembly have before its trust can be increased?
Answer: A strong name.
C11L1Q6: As a developer, the permission set assigned to the My_Computer_Zone should be changed from what to what?
Follow up question: Why should it be changed?
Answer: From “Full Trust” to “Everything”.
Follow up answer: Full Trust completely skips all CAS statements in code. The Everything permission set has similar permissions, but it does not skip CAS statements.
C11L1Q7: What is the command line utility for maintaining CAS settings?
Answer: Caspol.exe - Code Access Security POLicy tool.
Lesson 2: Using Declarative Security to Protect Assemblies
C11L2Q1: What does the Microsoft term 'RequestOptional' mean in English?
Answer: 'Refuse all except'.
C11L2Q2: What does the Microsoft term 'RequestMinimum' mean in English?
Answer: 'Require minimum'.
C11L2Q3: What is the English term 'refuse all except' called in Microsoft language?
Answer: 'RequestOptional'.
C11L2Q4: What is the English term 'require minimum' called in Microsoft language?
Answer: 'RequestMinimum'.
C11L2Q5: What are the three SecurityActions?
Answer: RequestMinimum, RequestOptional and RequestRefuse.
C11L2Q6: CAS declarations are only significant in what type of assemblies?
Answer: Partially trusted assemblies.
Lesson 3: Using Declarative and Imperative Security to Protect Methods
C11L3Q1: How many declarative CAS security actions are available for assemblies and how many are available for methods?
Answer: Three for assemblies, six for methods.
C11L3Q2: What are the three declarative CAS security actions for assemblies?
Answer: RequestMinimum, RequestOptional and RequestRefuse.
C11L3Q3: What are the six declarative CAS security actions for methods?
Answer: Assert, Demand, Deny, InheritanceDemand, LinkDemand, and PermitOnly.
C11L3Q4: What is the difference between the Demand CAS security action and the LinkDemand CAS security action?
Answer: Demand checks the security of all the callers, LinkDemand only checks the security of the immediate caller.
C11L3Q5: Which class is used to specify what to check for in a declarative permission statement and which is used in an imperative permission statement?
Answer: Declarative permission statements use SecurityAction, imperative permission statements use CodeAccessPermission.
C11L3Q6: How should a method check if it has a particular CAS permission?
Answer: Call the System.Security.SecurityManager.IsGranted method.
C11L3Q7: Which two security actions reduce CAS permissions for a method and what is the difference between the two?
Answer: Deny and PermitOnly. Deny removes only the specified permission, PermitOnly removes all except the specified permission.
C11L3Q8: Which two security actions reduce CAS permissions for an assembly and what is the difference between the two?
Answer: RequestRefuse and RequestOptional. RequestRefuse removes only the specified permission, RequestOptional removes all except the specified permission.
C11L3Q9: What are the three security actions that are applicable to assembles and what are their equivalent security actions that are applicable to classes and methods?
Answer:
- RequestRefuse (assembly) is equivalent to Deny (class and methods).
- RequestOptional (assembly) is equivalent to PermitOnly (class and methods).
- RequestMinimum (assembly) is equivalent to Demand (class and methods).
C11L3Q10: What is the meaning of life?
Answer: 42
C11L3Q11: As the security action Assert can only be used once in a method, how can multiple CAS permissions be asserted?
Answer: Add the permissions to a PermissionSet object and assert that.
Chapter 12: User and Data Security
Lesson 1: Authenticating and Authorizing Users
C12L1Q1: What are the three properties of PrinciplePermission?
Authenticated, Name, Role.
C12L1Q2: What does RBS stand for?
Role-Base Security
C12L1Q3: What two things must be defined to make a declarative permission statement?
Answer:
- SecurityAction, typically Demand
- one or more PrinciplePermission properties.
C12L1Q4: Which type of RBS security demand restricts entire methods?
Hint: Declarative or imperative?
Answer: Declarative.
C12L1Q5: Which type of RBS security demand is more granular?
Hint: Declarative or imperative?
Answer: Imperative.
C12L1Q6: What must be done before making an RBS demand?
Answer: Set the principle policy.
C12L1Q7: What must be implemented for a custom principle class based on IIdentity ?
Answer: AuthenticationType, IsAuthenticated and Name.
C12L1Q8: What must be implemented for a custom principle class based on IPrinciple ?
Answer: Constructor, the Identity property, the IsInRole method.
C12L1Q9: Scenario question
Question: You must restrict access to a method based on a user’s group memberships in the local user database. You want to use the most secure method possible. Which technique will you use?
Hint: WindowsPrincipal.IsInRole or WindowsIdentity.IsInRole or Imperative RBS demands or Declarative RBS demands.
Answer: Declarative RBS demands.
C12L1Q10: Scenario question
Question: You must restrict access to a method that is directly called by a Windows event. It will be based on a user’s group memberships in the local user database. If the user lacks sufficient access, you want to log an event and display a message to the user. You want to use the most secure method possible. Which technique will you use?
Hint: WindowsPrincipal.IsInRole or WindowsIdentity.IsInRole or Imperative RBS demands or Declarative RBS demands.
Answer: Imperative RBS demands.
C12L1Q11: Scenario question
Question: You are writing a method for a console application that lists options available to a user based on his group memberships. Which technique should you use?
Hint: WindowsPrincipal.IsInRole or WindowsIdentity.IsInRole or Imperative RBS demands or Declarative RBS demands.
Answer: WindowsPrincipal.IsInRole.
Lesson 2: Using Access Control Lists
C12L2Q1: What does DACL stand for?
Answer: Discretionary Access Control List.
C12L2Q2: What does SACL stand for?
Answer: Security Access Control List.
C12L2Q3: What is the difference between DACLs and SACLs?
Answer: DACLs restrict access, SACLs audit (or log) access.
C12L2Q4: What do DACLs contain?
Answer: ACEs (Access Control Entries)
C12L2Q5: Scenario question
Scenario: Mary is a member of the managers group, which has delete access to a resource. She is also a member of the accountants group, which has modify access to the resource.
Question: What access to the resource does Mary have?
Answer: Both delete and modify access.
C12L2Q6: Scenario question
Scenario: Mary is a member of the managers group, which has grant read access to a resource. She is also a member of the accountants group, which has deny read access to the resource.
Question: What access to the resource does Mary have?
Answer: None.
C12L2Q7: Scenario question
Scenario: Mary is not a member of any group that is in any of the ACEs for a resource.
Question: What access to the resource does Mary have?
Answer: None.
C12L2Q8: What are the standard file and folder permissions?
Answer: FullControl, Modify, ReadAndExecute, ListDirectory, Read, and Write.
C12L2Q9: What system resources can be secured using DACLs, SACLs and ACEs?
Answer: Files, folders (or directories), registry keys, cryptographic keys, Event Wait handles, mutexes, and semaphores.
Lesson 3: Encrypting and Decrypting Data
C12L3Q1: What is the preferred symmetric encryption class?
Follow up Question: What is the preferred encryption algorithm also known as?
Another Follow up Question: What is the next most preferred encryption algorithm?
Answer: RijndaelManaged ('Rijndael' is pronounced 'Rhine Dahl'.)
Follow up Answer: Advanced Encryption Standard (AES).
Another Follow up Answer: TripleDES (not DES).
C12L3Q2: What is the common, older, crappier symmetric encryption algorithm?
Answer: Data Encryption Standard (DES).
C12L3Q3: What class is used to convert a password into a key?
Answer: Rfc2898DeriveBytes ('R-F-C-some numbers-derive-bytes' is ok)
C12L3Q4: What are the two implementations of the AsymmetricAlgorithm base class and what is each used for?
Answer: RSACryptoServiceProvider and DSACryptoServiceProvider. RSACryptoServiceProvider is for asynchronous encryption and decryption; DSACryptoServiceProvider is for digitally signing messages.
C12L3Q5: What two methods are used to convert strings to byte arrays?
Answer: System.Text.Encoding.Unicode.GetBytes and System.Text.Encoding.Unicode.GetString.
C12L3Q6: Which of the following classes are synchronous and which are asynchronous?
- RSACryptoServiceProvider
- RijndaelManaged
- TripleDES
- DSACryptoServiceProvider
- DES
- RC2
Answer:
- RSACryptoServiceProvider (Asynchronous)
- RijndaelManaged (Synchronous)
- TripleDES (Synchronous)
- DSACryptoServiceProvider (Asynchronous)
- DES (Synchronous)
- RC2 (Synchronous)
C12L3Q7: What must be synchronized between the encryptor and decryptor when using symmetric encryption?
Answer: The key, the IV (Initial Value) and the Mode.
C12L3Q8: What are the two keyed hashing algorithms?
Answer: HMACSHA1 and MACTripleDES.
Chapter 13: Interoperation
Extension
C13XQ1: What are the eight integer based COM data types and their .NET equivalent types?
Answer:
- bool → Int32
- byte → Byte
- char → SByte
- small → SByte
- short → Int16
- long → Int32
- int → Int32
- Hyper → Int64
C13XQ2: What are the four non-integer numeric COM data types and their .NET equivalent types?
Answer:
- float → Single
- double → Double
- DECIMAL → Decimal
- CURRENCY → Decimal
C13XQ3: What are the three other important COM data types and their .NET equivalent types?
Answer:
- void * → IntPtr
- HRESULT → Int16 or IntPtr
- VARIANT → Object
C13XQ4: What are the five COM data types that are equivalent to String?
Answer: BSTR, LPSTR, LPWSTR, char *, wchar_t *
Lesson 1: Using COM Objects
C13L1Q1: What does RCW stand for?
Answer: Runtime Callable Wrapper.
C13L1Q2: COM components must be what before being used?
Answer: Registered, then imported.
C13L1Q3: What is used to register a COM component?
Answer: Regsvr32
C13L1Q4: What is used to import a COM component?
Answer: Visual Studio or Type Library Importer Tool.
C13L1Q5: When calling VB interop code, what should C# pass for optional parameters?
Answer: Type.Missing
C13L1Q6: What are the four shortcomings of COM interop?
Answer: Static members, parameterised constructors, inheritance, portability.
C13L1Q7: When generating metadata from a type library, what is the resulting assembly called?
Answer: An interop assembly.
C13L1Q8: What are the four options for generating an interop assembly containing type metadata?
Answer:
- Visual Studio.
- Type Library Importer (Tlbimp.exe).
- The TypeLibConverter class.
- Custom wrappers.
C13L1Q9: What can the TypeLibConverter class do that the Type Library Importer can not?
Answer: It can convert an in-memory type library to metadata.
C13L1Q10: What are the four high level steps to expose a COM component to the .NET Framework?
Answer:
- Import a type library as an assembly.
- Create COM types in managed code.
- Compile an interop project.
- Deploy an interop application.
C13L1Q11: How are COM types that are defined in an assembly used differently from other managed types?
Answer: They aren't used differently (tricky).
C13L1Q12: How is compiling an interop project different from compiling a managed project?
Answer: It isn't different (tricky).
C13L1Q13: What three things does an interop application contain?
Answer:
- A .NET client assembly.
- One or more interop assemblies.
- One or more registered COM components.
C13L1Q14: Where should private assemblies be installed?
Answer: The same directory as the application.
C13L1Q15: What must a shared assembly have and where is it installed?
Answer: It must have a strong name and be installed in the Global Assembly Cache (GAC).
C13L1Q16: What is a primary interop assembly?
Answer: A unique, vendor-supplied, strong named, interop assembly that contains type definitions (as metadata) of types implemented with COM.
Lesson 2: Exposing .NET Components to COM
C13L2Q1: When .NET components are consumed by COM, what handles the marshalling between .NET and COM?
Answer: The COM Callable Wrapper (CCW).
C13L2Q2: How do you hide a public .NET class from COM?
Answer: Give it a ComVisible attribute and pass in false.
C13L2Q3: What are the four options for generating a type library for COM?
Answer:
- Type Library Exporter (Tlbexp.exe)
- Using the TypeLibConverter class.
- Assembly Registration Tool (Regasm.exe)
- .NET Services Installation Tool (Regsvcs.exe)
C13L2Q4: What are the five guidelines for qualifying .NET types for interoperation?
Answer:
- Classes should implement interfaces explicitly.
- Managed types must be public.
- Methods, properties, fields and events must be public.
- Types must have a public default constructor to be activated from COM.
- Types can not be abstract.
C13L2Q5: What public parts of a class are not exposed to COM clients?
Answer: Parameterised constructors, static methods and constant fields.
C13L2Q6: What does the Assembly Registration tool do and what .NET class provides the equivalent functionality?
Answer: The Assembly Registration tool generates a type library and then registers it so that COM clients can use the .NET class transparently, or it can unregister an assembly. The equivalent class is RegistrationServices.
C13L2Q7: What is the difference between the Type Library Exporter and the Assembly Registration tool?
Answer: The Type Library Exporter generates a type library but does not register it. The Assembly Registration tool does both.
C13L2Q8: How do you use the Type Library Exporter to generate a subset of the types defined in an assembly?
Answer: You can't - the entire assembly is converted at once (tricky).
C13L2Q9: How can an interop assembly be activated from any COM client?
Answer: After registering it, install it in the Global Assembly Cache (GAC).
C13L2Q10: When using the Assembly Registration tool, what does the /tlb
option do?
Answer: It causes the Assembly Registration tool to generate a type library in addition to registering the types.
C13L2Q11: When should the /tlb
option of the Assembly Registration tool not be used?
Answer: If the assembly was produced by the Type Library Importer.
C13L2Q12: What are the three actions that the .NET Services Installation tool performs?
Answer:
- Loads and registers an assembly.
- Generates, registers and installs a type library into a specified COM+ 1.0 application.
- Configures services that you have added programmatically to your class.
C13L2Q13: What must an assembly have before it can be used by the .NET Services Installation tool?
Answer: A strong name.
C13L2Q14: What two security considerations does the .NET Services Installation tool have?
Answer:
- It can not register components with methods protected by a demand or link demand for the StrongNameIdentityPermission or the PublisherIdentityPermission.
- You must have administrative privileges on the local computer to use the .NET Services Installation tool.
Lesson 3: Using Unmanaged Code
C13L3Q1: A Runtime Callable Wrapper is used for what?
Hint: External libraries or P/Invokes?
Answer: External libraries.
C13L3Q2: When using P/Invoke calls, which type is best for passing text?
Answer: StringBuilder
C13L3Q3: How do you specify what unmanaged type a property should be?
Answer: Add a MarshalAs attribute and specify an UnmanagedType.
C13L3Q4: What attribute is used to specify a library when creating a P/Invoke?
Answer: DllImport
C13L3Q5: What attribute is used to determine what order members of a structure are stored in memory?
Answer: StructLayoutAttribute
C13L3Q6: What are the three methods for determining what order members of a structure are stored in memory and how are they specified?
Answer: Auto, sequential and explicit. An instance of LayoutKind is passed to the attribute StructLayout.
Chapter 14: Reflection
Lesson 1: Understanding Reflection
C14L1Q1: What are the four parts of an assembly?
Answer: Assembly metadata (or manifest), type metadata, code and resources.
C14L1Q2: What is the relationship between assemblies, modules and types?
Answer: An assembly can contain one or more modules (although typically just one). A module can contain one or more types. An assembly can not directly contain a type (or types must be contained in a module).
Lesson 2: Assembly Attributes
C14L2Q1: How do you get a reference to the current assembly?
Answer: Call the Assembly.GetExecutingAssembly method.
C14L2Q2: Using reflection, how can you get a collection of all the attributes that a class has?
Answer: Call the Assembly.GetCustomAttributes method, which will return an array.
C14L2Q3: What happens when the revision part of the version number in the AssemblyVersionAttribute is set to an asterisk?
Answer: It will be replaced with a random number by the compiler.
C14L2Q4: What happens when the build part of the version number in the AssemblyVersionAttribute is set to an asterisk?
Answer: It will be replaced with an automatically incrementing number by the compiler.
Lesson 3: Reflecting Types
C14L3Q1: How do you create a Type object based on a particular object?
Follow up question: How do you create a Type object based on a particular class?
Answer: Call the object's GetType method.
Follow up answer: Use the typeof keyword.
C14L3Q2: If a string has been cast into a variable of type object, what will calling the method GetType on the variable return?
Answer: A Type object that represents the string class.
Lesson 5: Creating Code at Runtime
C14L5Q1: Which class is used to create a dynamic assembly?
Answer: AppDomain.
Chapter 15: Mail
Lesson 1: Sending Mail
C15L1Q1: What exception will be thrown if you call SmtpClient.Send and the server hostname is defined but the server cannot be found?
Answer: SmtpException with an inner WebException.
C15L1Q2: What exception will be thrown if you call SmtpClient.Send and any other problem occurs?
Answer: SmtpException.
C15L1Q3: What exception will be thrown if you call SmtpClient.Send and the server hostname has not been defined?
Answer: InvalidOperationException.
C15L1Q4: What exception will be thrown if you call SmtpClient.Send and the SMTP server reports that the recipient is invalid?
Answer: SmtpFailedRecipientException.
C15L1Q5: Which method would you call to send an e-mail message and wait for the transmission to complete before proceeding?
Answer: SmtpClient.Send
C15L1Q6: Which method would you call to send an e-mail message and not wait for the transmission to complete before proceeding?
Answer: SmtpClient.SendAsync
C15L1Q7: How do you talk to the SMTP server securely?
Answer: Set SmtpClient.EnableSsl to true.
Chapter 16: Globalization
Lesson 1: Using Culture Information
C16L1Q1: What are the three culture categories?
Answer: Invariant, neutral and specific.
C16L1Q2: How can a string comparison be made that is specific to a culture and can use the CompareOptions class?
Answer:
- Create or get a reference to an CultureInfo object.
- Get a reference to the CompareInfo property of the CultureInfo object.
- Call the Compare method on the CompareInfo object and pass in the two strings to be compared and any CompareOtions required.
Web Exam 70-528 Study Questions
Chapter 1: Introducing the ASP.NET 2.0 Web Site
Lesson 1: Understanding The Players
WebC1L1Q1: What are the four main HTTP methods?
Answer: Get, post, put and delete.
WebC1L1Q2: What are the five common MIME types?
Answer: Text, image, audio, video and application.
WebC1L1Q3: What is the difference between where form data is stored in a GET request and a POST request?
Answer: In a GET request, the form data is put in the query string. In a POST request, the data is put in the message body.
Lesson 2: Creating a Web Site
WebC1L2Q1: What are the three sections of an in-line ASPX file?
Answer: Page directives, code, layout.
Lesson 3: Working with Web Configuration Files
WebC1L3Q1: What are the five levels, in order, of the ASP.NET configuration hierarchy?
Answer: Global machine, root default web, web site, web application, sub-directory.
Lesson 4: Using ASP.NET Trace
WebC1L4Q1: What is the virtual page that displays trace information?
Answer: Trace.axd.
WebC1L4Q2: What are the two methods of configuring the trace facility?
Answer: Using the Website Administration Tool and editing the web.config file.
Chapter 2: Adding and Configuring Server Controls
Lesson 1: Using a Server Control
WebC2L1Q1: How should the source of bloat in the ViewState be identified?
Answer: By using the trace facility.
WebC2L1Q2: What must an HTML server control be located inside to operate correctly?
Answer: A form element that has the runat=“server” attribute.
WebC2L1Q3: What are the three methods of setting the properties of an HTML control?
Answer: Source view, design view and programmatically in code.
WebC2L1Q4: In which event on what object should dynamically created controls be created?
Answer: The Init event on the page object.
WebC2L1Q5: What order are events from a web page raised on the server side?
Answer: The event that caused the postback is processed last.
WebC2L1Q6: What property on a control should be set to minimize the size of the ViewState data?
Answer: The EnableViewState should be set to false.
WebC2L1Q7: What are the five main page events, in the order they occur?
Answer: Page_PreInit, Page_Init, Page_Load, Page_PreRender and Page_Unload
Lesson 2: Exploring Common Web Server Controls
WebC2L2Q1: What are two differences between the Literal control and the TextBox control?
Answer:
- The Literal control does not support styles, themes, and skins.
- The Literal control does not inherit from WebControl.
Chapter 3: Exploring Specialized Server Controls
Lesson 1: Exploring Specialized Web Server Controls
WebC3L1Q1: What are the three modes of the Literal control?
Answer: PassThrough, Encode and Transform.
WebC3L1Q2: What is the advantage of using the Table, TableRow and TableCell controls over using straight HTML markup?
Answer: The ability to add rows and cells programmatically.
WebC3L1Q3: What web control should be used if clicking on an image is required?
Answer: ImageButton or ImageMap.
IT Questions
ITQ1: What is the definition of third normal form?
Answer: “Every non-key attribute must provide a fact about the key, the whole key, and nothing but the key.”
ITQ2: What is Brooks' Law?
Answer: “Adding resources to a late project makes it later.”
ITQ3: What is the Unicode number for the snowman character?
<html> <span style=“font-size:60px”>☃<span> </html>
Answer: 2603 (Hex).
ITQ4: What are Robert Martin's three laws of Test Driven Development?
Answer:
- You are not allowed to write a line of production code until you have written a failing unit test.
- You are not allowed to write more of the unit test than is sufficient to fail.
- You are not allowed to write more production code than is sufficient to pass the test.
ITQ5: What is Conway's Law?
Answer: “Organisations which design systems are constrained to produce designs which are copies of the communication structures of these organisations.” - Melvin Conway, 1968.
ITQ6: What is the difference between Cast and Convert in T-SQL?
Answer: Cast is ANSI compliant. Convert is specific to SQL Server and allows some formatting options.
ITQ7: What type of URL should destructive or data modifying operations be put behind and why?
Answer: They should be put behind HTTP-POST requests because web-crawlers and search engines are not supposed to follow them.
ITQ8: What should be looked for in a code review?
Answer: Correctness (only).
Fractal Questions
FractalQ1: What should be done first if a layer is too 'busy' or has a lot of noise?
Answer: Lower the bailout parameter on the formula tab.
FractalQ2: What should be done if a layer has 'black holes'?
Answer: Increase the Maximum Iterations parameter on the formula tab.
Life Questions
LifeQ1: Whose fault should you always assume it is?
Answer: Your own fault.
LifeQ2: When things are shit, what question should you ask?
Answer: “What can I do about it?”
LifeQ3: What is the effect / affect usage mnemonic?
Answer: VANE - Verb Affect Noun Effect
LifeQ4: If you are afraid of being embarrassed or laughed at, what will your art always be?
Answer: Embarrassing and laughable.
LifeQ5: What two things should every person with a job be doing?
Answer:
- The very best they can at their job.
- Looking for a better job.
The Pragmatic Programmer
Preface
PragPreQ1: What is the most basic characteristic of a Pragmatic Programmer?
Answer: They care about their craft.
PragPreQ2: What are the five lesser characteristics of a Pragmatic Programmer?
Answer: Early adopter / fast adapter, Inquisitive, Critical thinker, Realistic, and Jack of all trades.
PragPreQ3: How does one become a Pragmatic Programmer?
Answer: THINK! about one's work and continuously make many small improvements.
Chapter 1
PragC1Q1: What is the 'Broken Window Theory' and how does it apply to software development?
Answer: …
PragC1Q2: What type of soup should you make when being a catalyst for change?
Hint: Stone soup or frog soup.
Answer: Stone soup.
PragC1Q3: Great software today is often preferable to what?
Answer: Perfect software tomorrow.
PragC1Q4: Perfect software tomorrow is often less preferable to what?
Answer: Great software today.
Chapter 2: A Pragmatic Approach
PragC2Q1: When does software maintenance begin and why?
Answer: Software maintenance begins as soon as coding starts, because things keep changing (requirements and our understanding of them, environments, knowledge etc.)
PragC2Q2: What is the DRY principle?
Answer: Don't Repeat Yourself.
“Every piece of knowledge must be a single unambiguous, authoritative representation with in a system.”
PragC2Q3: What are the four categories of duplication?
Hint: The four i's of duplication.
Answer:
- Imposed - Developers feel they have no choice - the environment appears to require duplication.
- Inadvertent - Developers don't realise they are duplicating information.
- Impatient - Developers get lazy and duplicate because it seems easier.
- Interdeveloper - Multiple people on a team (or different teams) duplicate information.
PragC2Q4: What is a technique for avoiding or reducing imposed duplication?
Answer: Code generation.
PragC2Q5: What is Meyer's Uniform Access principle?
Answer:
“All services offered by a module should be available through a uniform notation, which does not betray whether they are implemented through storage or through computation.”
or
“Class properties are good.”
PragC2Q6: What are two techniques for avoiding or reducing inadvertent duplication?
Answer: Normalise the data and don't store what can be calculated.
PragC2Q7: What should be done if the DRY principle needs to be violated for performance reasons?
Answer: Ensure the violation is not exposed to the outside world by keeping it contained with in the class.
PragC2Q8: How do you avoid impatient duplication?
Answer: Discipline.
PragC2Q9: What adage relates to impatient duplication?
Answer:
“Short cuts make for long delays.”
PragC2Q10: What is orthogonality?
Answer: Independence or decoupling.
PragC2Q11: What are the two major benefits of orthogonality?
Answer: Increased productivity and reduced risk.
PragC2Q12: How can you get an informal measurement of how orthogonal a team is?
Answer: Determine how many people need to be involved in discussing each change that is requested. The less people, the more orthogonal and better off the team is.
PragC2Q13: How can low orthogonality affect a team?
Answer: Confusion over responsibilities leading to bickering.
PragC2Q14: What are three techniques to maintain orthogonality?
Answer:
- Keep code decoupled.
- Avoid global data.
- Avoid similar functions.
PragC2Q15: How is orthogonality related to unit testing?
Answer:
- If the unit test does not require much set up, the unit has a good amount of orthogonality.
- If the unit test has to bring in a big chunk of the system to set up the test, the unit has little orthogonality.
PragC2Q16: What is code that glows in the dark?
Answer: Tracer code.
PragC2Q17: What are the four aspects of code that tracer code should share with production code and what is the one aspect that it should not?
Answer:
Shared: error checking, structuring, documentation and self-checking.
Not shared: Full functionality.
PragC2Q18: What are the five advantages of tracer code?
Answer:
- Users get to see something early.
- Develops a build structure to work in.
- Creates an integration platform.
- Creates something to demonstrate.
- Creates a better feel for progress.
PragC2Q19: What is the difference between tracer code and prototyping?
Answer: Prototyping generates disposable code. Tracer code is lean but complete and forms part of the skeleton of the final system.
PragC2Q20: What are seven types of things that are good to prototype?
Answer: Risky, untried, critical, unproven, experimental, doubtful or uncomfortable things.
PragC2Q21: What are six parts of a system that are good to prototype?
Answer:
- The architecture.
- New functionality in an existing system.
- The structure or contents of external data.
- Third-party tools or components.
- Performance issues.
- The user interface.
PragC2Q22: What are four aspects of coding that can, when appropriate, be ignored while prototyping?
Answer: Correctness, completeness, robustness and style.
Chapter 3: The Basic Tools
PragC3Q1: What are the three benefits of plain text?
Answer:
- Insurance against obsolescence
- Leverage
- Easier testing
PragC3Q2: What are three situations that make tracing statements invaluable?
Answer:
- Concurrent processes
- Real-time systems
- Event-based applications
Chapter 5: Bend or Break
PragC5Q1: What is the Law of Demeter?
Answer: Any method of an object should call only methods belonging to:
- itself,
- any parameters that were passed into the method,
- any object it created, or
- any directly held component objects.
PragC5Q2: What is the response set of a class?
Answer: The number of functions directly invoked by methods of the class.
PragC5Q3: What us Levy's Eight Law?
Answer:
“No amount of genius can overcome a preoccupation with detail.”
PragC5Q4: What type of diagram can be used to determine temporal coupling?
Answer: A UML activity diagram.
PragC5Q5: What should be analysed to improve concurrency?
Answer: Workflow.
Chapter 6: While You Are Coding
PragC6Q1: What are three examples of programming by coincidence?
Answer:
- Accidents of implementation.
- Accidents of context.
- Implicit assumptions.
PragC6Q2: What should you do if something seems to work?
Answer: Make sure it isn't just a coincidence.
PragC6Q3: What is the problem with the building metaphor of software development?
Answer: Buildings are not normally refactored.
PragC6Q4: What are four reasons for refactoring?
Answer:
- Duplication (violation of the DRY principle).
- Non-orthogonal design.
- Outdated knowledge.
- Performance.
PragC6Q5: What are Martin Fowler's three tips on refactoring?
Answer:
- Don't refactor and add functionality at the same time.
- Make sure there are good tests beforehand.
- Take short, deliberate steps.
PragC6Q6: What four capabilities should a test harness include?
Answer:
- A standard way to specify setup and clean up.
- A method for selecting individual tests or all available tests.
- A means of analysing output for expected (or unexpected) results.
- A standardised form of failure reporting.
PragC6Q7: What should be done at the end of any debugging session?
Answer: Formalise any ad hoc tests into unit tests.
Professional ASP.NET MVC 1.0
MvcC1Q1: What are the six top-level directories, created by default when a new ASP.NET MVC project is created?
Answer: Controllers, Models, Views, Scripts, Content and App_Data.
MvcC1Q2: Where does ASP.NET MVC store its routing rules?
Answer: In the Global.asax file.
Article 1: Design Principles and Design Patterns, Robert C. Martin
Art1P2Q1: What are the four primary symptoms of rotting design?
Answer:
- Rigidity (changes cascade)
- Fragility (breaks whenever it is changed)
- Immobility (inability to reuse software from other projects or part of the system)
- Viscosity (easier for the engineers to break the design with hacks rather than preserve it)
Art1P4Q1: What kind of requirements changes cause design rot?
Answer: Changes that introduce new and unplanned for dependencies.
Art1P4Q2: What technique can be used to prevent degradation of the dependency architecture?
Answer: Dependency firewalls.
Art1P4Q3: What is the Open Closed Principle and who came up with it?
Answer:
“A module should be open for extension, but closed for modification.” - Bertrand Meyer
Art1P5Q1: What is the key to the OCP?
Answer: Abstraction.
Art1P8Q1: What is the Liskov Substitution Principle and who came up with it?
Answer:
“Subclasses should be substitutable for their base classes.” - Barbara Liskov
Art1P8Q2: What is the canonical example of the subtleties of the LSP?
Answer: The Circle / Ellipse dilemma.
Art1P12Q1: Violations of the LSP are also what?
Answer: Violations of the OCP.
Art1P12Q2: What is the Dependency Inversion Principle?
Answer:
“Depend on abstractions. Do not depend on concretions.”
Art1P12Q3: Which principle states the goal of object orientated architecture and which states the primary mechanism?
Answer: The goal is stated by the Open Closed Principle and the primary mechanism is stated by the Dependency Inversion Principle.
Art1P14Q1: Where is the most common places that designs depend on concrete classes?
Answer: When instances are created.
Art1P14Q2: What is the Interface Segregation Principle?
Answer:
“Many client specific interfaces are better than one general purpose interface.”
Art1P16Q1: What means of organising a design has larger granularity than classes?
Answer: Packages.
Art1P16Q2: What are the three principles of package architecture?
Answer:
- The Release Reuse Equivalency Principle
- The Common Closure Principle
- The Common Reuse Principle
Art1P17Q1: What is the Release Reuse Equivalency Principle?
Answer:
“The granule of reuse is the granule of release.”
Art1P17Q2: What is the Common Closure Principle?
Answer:
“Classes that change together, belong together.”
Art1P17Q3: What is the Common Reuse Principle?
Answer:
“Classes that aren't reused together should not be grouped together.”
Art1P18Q1: Which package architecture principle or principles tends to advantage reusers and which tends to advantage maintainers?
Answer: Reusers are advantaged by the Release Reuse Equivalency Principle and the Common Reuse Principle. Maintainers are advantaged by the Common Closure Principle.
Art1P18Q2: Which package architecture principle or principles tends to make packages large which tends to make them small?
Answer: The Common Closure Principle tends to make large packages and the Common Reuse Principle tends to make small packages.
Art1P18Q3: Which package architecture principle or principles would architects tend to use in the early life of a system and which would they tend to use when the system has matured?
Answer: In early life, the Common Closure Principle tends to be used. When the system has matured the Release Reuse Equivalency Principle and the Common Reuse Principle tend to be used.
Art1P18Q4: What are the three principles of package coupling?
Answer:
- The Acyclic Dependencies Principle
- The Stable Dependencies Principle
- The Stable Abstraction Principle
Art1P18Q5: What is the Acyclic Dependencies Principle?
Answer:
“The dependencies between packages must not form cycles.”
Art1P21Q1: What are two methods for breaking a cycle in a package dependency structure?
Answer:
- Add a new package.
- Add a new interface that has all the methods that one package is dependant on and is implemented by the other package.
Art1P21Q2: What design pattern should be used when a client type class directly depends on a server type class?
Answer: An Abstract Server.
Art1P21Q3: What is the Abstract Server design pattern and what is its advantage?
Answer: An Abstract Server is an abstract interface between a client and a server. Its advantage is that the abstract interface becomes a “hinge point” that design can flex around.
Art1P22Q1: Which package would an interface very often go in?
Answer: The package that uses it, rather than the package that implements it.
Art1P22Q2: What is the Stable Dependencies Principle?
Answer:
“Depend in the direction of stability.”
Art1P23Q1: What is a package that has three other packages depending on it said to be?
Answer: Responsible to those three other packages.
Art1P23Q2: What is a package that depends on nothing said to be?
Answer: An independent package.
Art1P23Q3: What is a package that has no other packages depending on it said to be?
Answer: An irresponsible package.
Art1P23Q4: What is a package that has three other packages depending on it said to be?
Answer: A dependant package.
Art1P23Q5: What is a package that is independent and responsible to other packages said to be?
Answer: A stable package.
Art1P23Q6: What is an irresponsible, dependant package said to be?
Answer: An instable package.
Art1P24Q1: What is the Stable Abstraction Principle?
Answer:
“Stable packages should be abstract packages.”
Art1P24Q2: What is afferent coupling?
Answer: The number of classes outside the package that depend on classes inside the package.
Art1P24Q3: What is efferent coupling?
Answer: The number of classes outside the package that classes inside the package depend on.
Art1P24Q4: What is the formula for determining the instability of a package?
Answer: Instability equals efferent coupling divided by afferent coupling plus efferent coupling.
Art1P26Q1: What is the formula for determining the abstractness of a package?
Answer: Abstractness equals the number of abstract classes in the package divided by the total number of classes.
Art1P26Q2: What type of packages occupy the zone of uselessness?
Answer: Instable, abstract packages.
Art1P26Q3: What type of packages occupy the zone of pain?
Answer: Stable, concrete packages.
Art1P26Q4: What is the formula for determining the distance a package is from the main sequence?
Answer: The absolute value of the abstractness plus instability minus one.
Art1P29Q1: What design pattern should be used when inserting an abstract interface is not feasible?
Answer: Adapter.
Art1P29Q2: What is the Adapter design pattern?
Answer: The Adapter is an object that implements the abstract interface to delegate to the server. Every method of the adapter simply translates and then delegates.
59 Seconds - Think a little, change a lot, Professor Richard Wiseman
59SecHappinessQ1: What is materialism mainly driven by?
Answer: Low self-esteem.
59SecHappinessQ2: How does one buy happiness?
Answer: By buying experiences, not goods.
59SecHappinessQ3: What are three ways to feel more happy?
Answer: Smile, sit up and act happy.
59SecPersuasionQ1: What are the three steps to giving a great job interview?
Answer:
- Likeability is more important than academic achievements and work experience.
- Reveal weaknesses early and strengths late. Retain something strong for the end.
- Don't overreact to mistakes - the interviewer probably didn't notice.
59SecPersuasionQ2: What is the Spontaneous Trait Transference Effect?
Answer: When criticising someone else, observers will attribute the negative traits to the speaker.
59SecPersuasionQ3: What is the Franklin Effect?
Answer: Getting someone to do you a favour will increase the chance of them liking you.
59SecPersuasionQ4: What is the Pratfall Effect?
Answer: The occasional mistake can make you more likeable.
59SecPersuasionQ5: What should you do if you require assistance in the street?
Answer: Pick out a friendly face in the crowd. Clearly tell them what is happening and what they need to do.
59SecMotivationQ1: What is the rule to beat procrastination?
Answer: Work on the activity for “just a few minutes”.
59SecMotivationQ2: What are the four key techniques to achieve a goal?
Answer:
- Have a plan.
- Tell friends a family.
- Doublethink. Focus on the benefits and potential setbacks.
- Reward each step of the way.
59SecMotivationQ3: What visualisation technique should be used to provide motivation to achieve goals and how does it work?
Answer: Doublethink. Imagine both the potential benefits from achieving the goal and the potential setbacks that may occur along the way.