C2L3Q1: What two classes are used to compress and decompress data?

Answer: GZipStream and DeflateStream.

Follow-up Question: What is the difference between the two and what would you use each for?

Answer: GZipStream conforms to the GZip standard by adding extra header information. GZipStream is best if inter-operation is required, DeflateStream has slightly better compression.

C2L3Q2: What is the data size limit of both compression methods?

Answer: 4 GB (of uncompressed data).

C2L3Q3: Which stream is passed to the constructor of a compression stream?

Answer:

• When compressing, the destination or output stream.
• When decompressing, the source or input stream.

How to Remember: The compressed stream is passed.

C3L1Q1: In a regular expression, what symbol matches the start of a line and what matches the end?

Answer: Start = ^ (carat), end = $

C4L1Q1: What needs to be done to a custom collection class to enable the use of the foreach statement?

Answer: IEnumerator needs to be implemented.

*C4L1Q2: How would you randomise a collection?

Answer: Create a class that implements the IComparer interface and pass an instance of it to the collection's Sort method.

*C4L1Q3: Which non-generic collection is the most basic, general collection?

Answer: ArrayList.

*C4L1Q4: Which class is used by default to sort a collection?

Answer: Comparer.

C4L4Q1: What type of dictionary collection should be used for small collections (typically fewer than ten elements)?

Answer: ListDictionary

C4L4Q2: What type of dictionary collection should be used for large collections?

Answer: Hashtable

C4L4Q3: What type of dictionary collection should be used if the size of the collection is unknown or will vary?

Answer: HybridDictionary

C4L4Q4: What type of dictionary collection should be used if ordering is required?

Answer: OrderedDictionary

C4L4Q5: How does a dictionary collection determine uniqueness?

Answer: It uses the IEqualityComparer passed into the constructor or, if none was passed, it uses the GetHashCode and Equals methods.

*C4L4Q6: What are the five specialised collections?

Answer: BitArray, BitArray32, StringCollection, StringDictionary and NameValueCollection.

*C4L4Q7: The StringCollection class is a specialised version of what class?

Answer: ArrayList

*C4L4Q8: The StringDictionary class is a specialised version of what class?

Answer: Hashtable

*C4L4Q9: What can be created with the CollectionsUtil class?

Answer: Case-insensitive Hashtables and case-insensitive SortedLists.

*C4L4Q10: How do you create a culture-invariant collection?

Answer: Pass StringComparer.InvariantCulture or StringComparer.InvariantCultureIgnoreCase to the constructor of the collection.

*C4L4Q11: What is the difference between the NameValueCollection class and the StringDictionary class?

Answer:

• NameValueCollection can store multiple values for each key.
• NameValueCollection values can be accessed by key index.

C4L5Q1: What are the six 'standard' generic collections that are type-safe versions of the other ones?

Answer: List, Dictionary, SortedList, SortedDictionary, Queue and Stack.

C4L5Q2: What is the additional generic collection that is not a version of the other ones?

Answer: LinkedList

*C5L1Q1: What are the three steps to serialise an object to binary format?

Answer:

1. Create a stream object.
2. Create a BinaryFormatter object.
3. Call the BinaryFormatter's Serialise method, passing in the stream object and the object to be serialised.

*C5L1Q2: What are the four steps to deserialise an object from binary data?

Answer:

1. Create a stream object.
2. Create a BinaryFormatter object.
3. Create a new object to store the deserialised data.
4. Call the BinaryFormatter's Deserialise method, passing in the stream object and cast the result.

*C5L1Q3: What needs to be done to a custom class to enable it to be serialised to binary?

Answer: Add the Serializable attribute to the class.

*C5L1Q4: What needs to be done to a custom class to enable it to be serialised to SOAP?

Answer: Add the Serializable attribute to the class.

*C5L1Q5: What needs to be done to prevent a member of a custom class from being serialised to binary?

Answer: Add the NonSerialized attribute to the member.

*C5L1Q6: What needs to be done to prevent a member of a custom class from being serialised to SOAP?

Answer: Add the SoapIgnore attribute to the member.

*C5L1Q7: How can a non-serialised object be automatically initialised after deserialisation?

Answer: The class should implement the IDeserializationCallback interface and implement the IDeserializationCallback.OnDeserialization method.

*C5L1Q8: How can an exception be prevented from being thrown if a member is missing from the serialisation data?

Answer: Add the OptionalField attribute to the member.

C5L2Q1: Which tool would you use to create a class that, when serialised, would produce an XML document that conformed to an XML schema?

Answer: Xsd.exe

*C5L2Q2: What are the three steps to serialise data to XML?

Answer:

1. Create a stream, TextWriter, or XmlWriter object to hold the serialised output.
2. Create an XmlSerializer object, passing it the type of object to be serialised.
3. Call the XmlSerializer object's Serialize method, passing the stream and the object to be serialised.

*C5L2Q3: What are the three steps to deserialise data from XML?

Answer:

1. Create a stream, TextWriter, or XmlWriter object to read the serialised input.
2. Create an XmlSerializer object, passing it the type of object to be serialised.
3. Call the XmlSerializer object's Deserialize method, passing the stream, and cast the result.

*C5L2Q4: What needs to be done to ensure that a class can be serialised to XML?

Answer:

• Specify the class as public.
• Specify all members that must be serialised as public.
• Create a parameterless (or default) constructor.

*C5L2Q5: By default, what are public class members are serialised as?

Hint: Attributes or elements.

Answer: Elements.

*C5L2Q6: What needs to be done to prevent a member of a custom class from being serialised to XML?

Answer: Add the XMLIgnore attribute to the member.

*C5L3Q1: How do you override the default serialisation functionality?

Answer: Implement the ISerializable interface and add the Serializable attribute to the class.

*C5L3Q2: When should you not use the default serialisation functionality?

Answer: When the class has declarative or imperative security at the class level or on its constructors.

*C5L3Q3: What should be implemented for the ISerializable interface?

Answer: The GetObjectData method and the serialisation constructor.

Follow Up Question: What happens if you forget the GetObjectData method?

Answer: Compiler error.

Follow Up Question: What happens if you forget the serialisation constructor.

Answer: A serialisation exception at runtime.

*C5L3Q4: What are the four serialisation events?

Answer: Serializing, Serialized, Deserializing and Deserialized.

*C5L3Q5: What are the four attributes used to specify which methods respond to each serialisation event?

Answer: OnSerializing, OnSerialized, OnDeserializing and OnDeserialized.

*C5L3Q6: Which event occurs first, IDeserializationCallback.OnDeserialization or ISerializable's OnDeserialization event?

Answer: IDeserializationCallback.OnDeserialization.

*C5L3Q7: Which event occurs first, ISerializable's OnDeserialization event or IDeserializationCallback.OnDeserialization?

Answer: IDeserializationCallback.OnDeserialization.

*C5L3Q8: What must a method have to respond to a serialisation event?

Answer:

• A StreamingContext object as a parameter.
• Return void.
• The attribute that matches the serialisation event.

*C5L3Q9: Which of the serialisation types supports events?

Hint: Either BinaryFormatter, SoapFormatter or custom serialisation.

Answer: BinaryFormatter.

*C5L3Q10: How can you make context decisions during serialisation?

Answer: Inspect (or examine etc) the StreamingContext object passed to the GetObjectData method.

*C5L3Q11: How can you make context decisions during deserialisation?

Answer: Inspect (or examine etc) the StreamingContext object passed to the serialisation constructor.

*C6L2Q1: How can can a System.Drawing.Image class be instantiated?

Answer:

• Call the Image.FromFile or Image.FromStream method.
• Create a System.Drawing.Bitmap or System.Drawing.Imaging.Metafile object.

*C6L2Q2: What two methods does Bitmap have that Image does not?

Answer: GetPixel and SetPixel.

*C6L2Q3: What must first be done to draw a rectangle on a Image or Bitmap object?

Answer: Create a Graphics object by calling the Graphics.FromImage method.

*C6L2Q4: How can an image from a JPEG file be displayed in a Windows Forms application?

Answer:

1. Create a PictureBox control on the form.
2. Create a Image or Bitmap object by calling the Image.FromFile or Bitmap.FromFile method.
3. Assign the Image or Bitmap object to the BackgroundImage property of the PictureBox control.

*C6L2Q5: How can an image from a JPEG file be displayed in a Windows Forms application, without using a PictureBox control?

Answer:

1. Create a Bitmap object by calling the Bitmap.FromFile method.
2. Get the Graphics object by calling the GetGraphics method.
3. Call the DrawImage method on the Graphics object, passing in the Bitmap object, the location and the size.

*C6L3Q1: When using the Graphics.DrawString method, how do you set the vertical alignment to top, center or bottom?

Answer:

1. Create a StringFormat object.
2. Set the LineAlignment property of the StringFormat object to
   • StringAlignment.Near for top,
   • StringAlignment.Center for center or
   • StringAlignment.Far for bottom.
3. Pass the StringFormat object to the Graphics.DrawString method.

*C6L3Q2: When using the Graphics.DrawString method, how do you set the horizontal alignment to left, center or right?

Answer:

1. Create a StringFormat object.
2. Set the Alignment property of the StringFormat object to
   • StringAlignment.Near for left,
   • StringAlignment.Center for center or
   • StringAlignment.Far for right.
3. Pass the StringFormat object to the Graphics.DrawString method.

*C7L1Q1: What are the steps to create a new thread that does not require data passed to it?

Answer:

1. Create a ThreadStart object and pass the method to be run into the constructor.
2. Create a Thread object and pass the ThreadStart object into the constructor.
3. Call the Thread object's Start method.

*C7L1Q2: What are the steps to create a new thread that requires data passed to it?

Answer:

1. Create a ParameterizedThreadStart object and pass the method to be run into the constructor.
2. Create a Thread object and pass the ThreadStart object into the constructor.
3. Call the Thread object's Start method and pass the data to go to the new thread.

*C7L1Q3: What method signature does a ThreadStart have?

Answer: It takes no parameters and returns void.

*C7L1Q4: What method signature does a ParameterizedThreadStart have?

Answer: It takes an Object as a parameter and returns void.

*C7L1Q5: How should a thread be stopped?

Answer: By calling its Abort method.

*C7L1Q6: What happens when you call a thread's Abort method?

Answer: The threading system prepares to throw a ThreadAbortException.

*C7L1Q7: What two methods can be used to prevent data corruption when a thread is aborted?

Answer: BeginCriticalRegion and EndCriticalRegion.

*C7L1Q8: What is contained in the execution context of a thread?

Answer:

• Security information
• Localisation settings
• Transaction information

*C7L1Q9: How do you prevent new threads from getting the execution context?

Answer: Call the ExecutionContext.SurpressFlow before the new thread is created and call the ExecutionContext.RestoreFull afterwards.

*C7L1Q10: Why would you want to prevent new threads from getting the execution context?

Answer: It is faster.

*C7L2Q1: What class can be used to atomically increment a variable?

Answer: Interlocked.

*C7L2Q2: What five atomic operations can the Interlocked class preform?

Answer: Add, Increment, Decrement, Exchange and Read.

*C7L2Q3: What are the three kernel object that allow thread synchronisation across AppDomains or process boundaries?

Answer: Mutex, Semaphore and Event.

*C7L2Q4: What would you use to control access to a resource across AppDomains or process boundaries?

Answer: A Mutex.

*C7L2Q5: What would you use to restrict access to a resource across AppDomains or process boundaries to a certain number of processes?

Answer: A Semaphore.

*C7L2Q6: What would you use to signal processes across AppDomains or process boundaries?

Answer: An Event.

*C7L3Q1: What does APM stand for?

Answer: Asynchronous Programming Model

*C7L3Q2: What type does the method BeginRead (part of the APM) return?

Answer: IAsyncResult

*C7L3Q3: What are the three APM rendezvous models?

Answer: Wait-until-done, polling and callback.

*C7L3Q4: When using the APM, when is an exception that occurs on an asynchronous thread thrown?

Answer: When the EndXXX method is called.

*C7L3Q5: To add a piece of work to be processed by the thead pool, what method should be called and what should be passed to it?

Answer: The ThreadPool.QueueUserWorkItem method should be called, a WaitCallback object and a data object to be processed should be passed.

*C7L3Q6: What information does the method ThreadPool.GetMaxThreads give?

Answer: The maximum number of threads and the maximum completion ports.

*C7L3Q7: What information does the method ThreadPool.GetMinThreads give?

Answer: The minimum number of threads and the minimum completion ports.

*C7L3Q8: Which are there typically more of, threads managed by the thread pool or completion ports?

Answer: Completion ports

*C7L3Q9: What method can be used to utilise the thread pool to fire a callback when a kernal-level synchronisation object signals it has been released?

Answer: ThreadPool.RegisterWaitForSingleObject

*C7L3Q10: What is the namespace of the preferred Timer class?

Answer: System.Threading.Timer

*C8L1Q1: What are application domains used for?

Answer: To keep assemblies separate with in a single process.

*C8L1Q2: What manages application domains?

Answer: The .NET framework runtime.

*C8L1Q3: What manages processes?

Answer: The operating system.

*C8L1Q4: What can host an application domain?

Answer: The .NET framework runtime or an assembly.

*C8L1Q5: How do you create an application domain?

Answer: Call AppDomain's static CreateDomain method.

*C8L1Q6: How do you load an assembly into an application domain?

Answer: Call the ExecuteAssembly or ExecuteAssemblyByName method on the instance of the AppDomain object.

*C8L1Q7: How do you close an application domain?

Answer: Call AppDomain's static Unload method and pass a reference to the application domain to be closed.

*C11L2Q1: What does the Microsoft term 'RequestOptional' mean in English?

Answer: 'Refuse all except'.

*C11L2Q2: What does the Microsoft term 'RequestMinimum' mean in English?

Answer: 'Require minimum'.

*C11L2Q3: What is the English term 'refuse all except' called in Microsoft language?

Answer: 'RequestOptional'.

*C11L2Q4: What is the English term 'require minimum' called in Microsoft language?

Answer: 'RequestMinimum'.

C12L1Q1: What are the three properties of PrinciplePermission?

Authenticated, Name, Role.

C12L1Q2: What does RBS stand for?

Role-Base Security

C12L1Q3: What two things must be defined to make a declarative permission statement?

• SecurityAction, typically Demand
• one or more PrinciplePermission properties.

C12L1Q4: Which type of RBS security demand restricts entire methods?

Hint: Declarative or imperative?

Declarative.

C12L1Q5: Which type of RBS security demand is more granular?

Hint: Declarative or imperative?

Imperative.

C12L1Q6: What must be done before making an RBS demand?

Set the principle policy.

C12L1Q7: What must be implemented for a custom principle class based on IIdentity ?

AuthenticationType, IsAuthenticated and Name.

C12L1Q8: What must be implemented for a custom principle class based on IPrinciple ?

Constructor, the Identity property, the IsInRole method.

C12L1Q9: Scenario question

Question: You must restrict access to a method based on a user’s group memberships in the local user database. You want to use the most secure method possible. Which technique will you use?

Hint: WindowsPrincipal.IsInRole or WindowsIdentity.IsInRole or Imperative RBS demands or Declarative RBS demands.

Answer: Declarative RBS demands.

C12L1Q10: Scenario question

Question: You must restrict access to a method that is directly called by a Windows event. It will be based on a user’s group memberships in the local user database. If the user lacks sufficient access, you want to log an event and display a message to the user. You want to use the most secure method possible. Which technique will you use?

Hint: WindowsPrincipal.IsInRole or WindowsIdentity.IsInRole or Imperative RBS demands or Declarative RBS demands.

Answer: Imperative RBS demands.

C12L1Q11: Scenario question

Question: You are writing a method for a console application that lists options available to a user based on his group memberships. Which technique should you use?

Hint: WindowsPrincipal.IsInRole or WindowsIdentity.IsInRole or Imperative RBS demands or Declarative RBS demands.

Answer: WindowsPrincipal.IsInRole.

*C12L2Q1: What does DACL stand for?

Answer: Discretionary Access Control List.

*C12L2Q2: What does SACL stand for?

Answer: Security Access Control List.

*C12L2Q3: What is the difference between DACLs and SACLs?

Answer: DACLs restrict access, SACLs audit (or log) access.

*C12L2Q4: What do DACLs contain?

Answer: ACEs (Access Control Entries)

*C12L2Q5: Scenario question

Scenario: Mary is a member of the managers group, which has delete access to a resource. She is also a member of the accountants group, which has modify access to the resource.

Question: What access to the resource does Mary have?

Answer: Both delete and modify access.

*C12L2Q6: Scenario question

Scenario: Mary is a member of the managers group, which has grant read access to a resource. She is also a member of the accountants group, which has deny read access to the resource.

Question: What access to the resource does Mary have?

Answer: None.

*C12L2Q7: Scenario question

Scenario: Mary is not a member of any group that is in any of the ACEs for a resource.

Question: What access to the resource does Mary have?

Answer: None.

*C12L2Q8: What are the standard file and folder permissions?

Answer: FulControl, Modify, ReadAndExecute, ListDirectory, Read, and Write.

*C12L2Q9: What system resources can be secured using DACLs, SACLs and ACEs?

Answer: Files, folders (or directories), registry keys, cryptographic keys, Event Wait handles, mutexes, and semaphores.

C12L3Q1: What is the preferred symmetric encryption class?

Answer: RijndaelManaged ('Rijndael' is pronounced 'Rhine Dahl'.)

Follow-up Question: What is the Rijndael encryption algorithm also known as?

Answer: Advanced Encryption Standard (AES).

Another Follow-up Question: What is the next most prefered encryption algorithm?

Answer: TripleDES (not DES).

C12L3Q2: What is the common, older, crappier symmetric encryption algorithm?

Answer: Data Encryption Standard (DES).

C12L3Q3: What class is used to convert a password into a key?

Answer: Rfc2898DeriveBytes ('R-F-C-some numbers-derive-bytes' is ok)

C12L3Q4: What are the two implementations of the AsymmetricAlgorithm base class?

Answer: RSACryptoServiceProvider and DSACryptoServiceProvider.

Follow-up question: What is each used for?

Answer: RSACryptoServiceProvider is for asynchronous encryption and decryption; DSACryptoServiceProvider is for digitally signing messages.

C12L3Q5: What two methods are used to convert strings to byte arrays?

Answer: System.Text.Encoding.Unicode.GetBytes and System.Text.Encoding.Unicode.GetString.

C12L3Q6: Which of the following classes requires both the encryptor and decryptor to have the same key?

RSACryptoServiceProvider (No), RijndaelManaged (Yes), TripleDES (Yes), DSACryptoServiceProvider (No), DES (Yes), RC2 (Yes)

C12L3Q7: What must be synchronized between the encryptor and decryptor when using symmetric encryption?

Answer: The key, the IV (Initial Value) and the Mode.

C12L3Q8: What are the two keyed hashing algorithms?

Answer: HMACSHA1 and MACTripleDES.

C13L1Q1: What does RCW stand for?

Answer: Runtime Callable Wrapper.

C13L1Q2: COM components must be what before being used?

Answer: Registered, then imported.

C13L1Q3: What is used to register a COM component?

Answer: Regsvr32

C13L1Q4: What is used to import a COM component?

Answer: Visual Studio or Type Library Importer Tool.

C13L1Q5: When calling VB interop code, what should C# pass for optional parameters?

Answer: Type.Missing

C13L1Q6: What are the four shortcomings of COM interop?

Answer: Static members, parameterised constructors, inheritance, portability.

C13L3Q1: A Runtime Callable Wrapper is used for what?

Hint: External libraries or P/Invokes?

Answer: External libraries.

C13L3Q2: When using P/Invoke calls, which type is best for passing text?

Answer: StringBuilder

C13L3Q3: How do you specify what unmanaged type a property should be?

Answer: Add a MarshalAs attribute and specify an UnmanagedType.

C15L1Q1: What exception will be thrown if you call SmtpClient.Send and …

• the server hostname has not been defined? Answer: InvalidOperationException.
• the server hostname is defined but the server cannot be found? Answer: SmtpException with an inner WebException.
• the SMTP server reports that the recipient is invalid? Answer: SmtpFailedRecipientException.
• any other problem occurs? Answer: SmtpException.

C15L1Q2: Which method would you call to send an e-mail message and wait for the transmission to complete before proceeding?

Answer: SmtpClient.Send

C15L1Q3: Which method would you call to send an e-mail message and not wait for the transmission to complete before proceeding?

Answer: SmtpClient.SendAsync

C15L1Q4: How do you talk to the SMTP server securely?

Answer: Set SmtpClient.EnableSsl to true.

*ITQ1: What is the definition of third normal form?

Answer: “Every non-key attribute must provide a fact about the key, the whole key, and nothing but the key.”

*ITQ2: What is Brooks' Law?

Answer: “Adding resources to a late project makes it later.”

*FractalQ1: What should be done first if a layer is too 'busy' or has a lot of noise?

Answer: Lower the bailout parameter on the formula tab.

*FractalQ2: What should be done if a layer has 'black holes'?

Answer: Increase the Maximum Iterations parameter on the formula tab.

*LifeQ1: Whose fault should you always assume it is?

Answer: Your own fault.

*LifeQ2: When things are shit, what question should you ask?

Answer: “What can I do about it?”

*PragPreQ1: What is the most basic characteristic of a Pragmatic Programmer?

Answer: They care about their craft.

*PragPreQ2: What are the five lesser characteristics of a Pragmatic Programmer?

Answer: Early adopter / fast adapter, Inquisitive, Critical thinker, Realistic, and Jack of all trades.

*PragPreQ3: How does one become a Pragmatic Programmer?

Answer: THINK! about one's work and continuously make many small improvements.

*PragC1Q1: What is the 'Broken Window Theory' and how does it apply to software development?

Answer: …

*PragC1Q2: What type of soup should you make when being a catalyst for change?

Hint: Stone soup or frog soup.

Answer: Stone soup.

*PragC1Q3: Great software today is often preferable to what?

Answer: Perfect software tomorrow.

*PragC1Q4: Perfect software tomorrow is often less preferable to what?

Answer: Great software today.