C2L3Q1: What two classes are used to compress and decompress data?

Follow up question: What is the difference between the two and what would you use each for?

Answer: GZipStream and DeflateStream.

Follow up answer: GZipStream conforms to the GZip standard by adding extra header information. GZipStream is best if inter-operation is required, DeflateStream has slightly better compression.

C2L3Q2: What is the data size limit of both compression methods?

Answer: 4 GB (of uncompressed data).

C2L3Q3: Which stream is passed to the constructor of a compression stream?

Answer:

• When compressing, the destination or output stream.
• When decompressing, the source or input stream.

How to Remember: The compressed stream is passed.

C3L1Q1: In a regular expression, what symbol matches the start of a line and what matches the end?

Answer: Start = ^ (carat), end = $

C4L1Q1: What needs to be done to a custom collection class to enable the use of the foreach statement?

Answer: IEnumerator needs to be implemented.

C4L1Q2: How would you randomise a collection?

Answer: Create a class that implements the IComparer interface and pass an instance of it to the collection's Sort method.

C4L1Q3: Which non-generic collection is the most basic, general collection?

Answer: ArrayList.

C4L1Q4: Which class is used by default to sort a collection?

Answer: Comparer.

C4L4Q1: What type of dictionary collection should be used for small collections (typically fewer than ten elements)?

Answer: ListDictionary

C4L4Q2: What type of dictionary collection should be used for large collections?

Answer: Hashtable

C4L4Q3: What type of dictionary collection should be used if the size of the collection is unknown or will vary?

Answer: HybridDictionary

C4L4Q4: What type of dictionary collection should be used if ordering is required?

Answer: OrderedDictionary

C4L4Q5: How does a dictionary collection determine uniqueness?

Answer: It uses the IEqualityComparer passed into the constructor or, if none was passed, it uses the GetHashCode and Equals methods.

C4L4Q6: What are the five specialised collections?

Answer: BitArray, BitArray32, StringCollection, StringDictionary and NameValueCollection.

C4L4Q7: The StringCollection class is a specialised version of what class?

Answer: ArrayList

C4L4Q8: The StringDictionary class is a specialised version of what class?

Answer: Hashtable

C4L4Q9: What can be created with the CollectionsUtil class?

Answer: Case-insensitive Hashtables and case-insensitive SortedLists.

C4L4Q10: How do you create a culture-invariant collection?

Answer: Pass StringComparer.InvariantCulture or StringComparer.InvariantCultureIgnoreCase to the constructor of the collection.

C4L4Q11: What is the difference between the NameValueCollection class and the StringDictionary class?

Answer:

• NameValueCollection can store multiple values for each key.
• NameValueCollection values can be accessed by key index.

C4L5Q1: What are the six 'standard' generic collections that are type-safe versions of the other ones?

Answer: List, Dictionary, SortedList, SortedDictionary, Queue and Stack.

C4L5Q2: What is the additional generic collection that is not a version of the other ones?

Answer: LinkedList

C5L1Q1: What are the three steps to serialise an object to binary format?

Answer:

1. Create a stream object.
2. Create a BinaryFormatter object.
3. Call the BinaryFormatter's Serialise method, passing in the stream object and the object to be serialised.

C5L1Q2: What are the four steps to deserialise an object from binary data?

Answer:

1. Create a stream object.
2. Create a BinaryFormatter object.
3. Create a new object to store the deserialised data.
4. Call the BinaryFormatter's Deserialise method, passing in the stream object and cast the result.

C5L1Q3: What needs to be done to a custom class to enable it to be serialised to binary?

Answer: Add the Serializable attribute to the class.

C5L1Q4: What needs to be done to a custom class to enable it to be serialised to SOAP?

Answer: Add the Serializable attribute to the class.

C5L1Q5: What needs to be done to prevent a member of a custom class from being serialised to binary?

Answer: Add the NonSerialized attribute to the member.

C5L1Q6: What needs to be done to prevent a member of a custom class from being serialised to SOAP?

Answer: Add the SoapIgnore attribute to the member.

C5L1Q7: How can a non-serialised object be automatically initialised after deserialisation?

Answer: The class should implement the IDeserializationCallback interface and implement the IDeserializationCallback.OnDeserialization method.

C5L1Q8: How can an exception be prevented from being thrown if a member is missing from the serialisation data?

Answer: Add the OptionalField attribute to the member.

C5L2Q1: Which tool would you use to create a class that, when serialised, would produce an XML document that conformed to an XML schema?

Answer: Xsd.exe

C5L2Q2: What are the three steps to serialise data to XML?

Answer:

1. Create or get a reference to a stream, TextWriter, or XmlWriter object to hold the serialised output.
2. Create or get a reference to an XmlSerializer object, passing it the type of object to be serialised.
3. Call the XmlSerializer object's Serialize method, passing the stream and the object to be serialised.

C5L2Q3: What are the three steps to deserialise data from XML?

Answer:

1. Create or get a reference to a stream, TextReader, or XmlReader object to read the serialised input.
2. Create or get a reference to an XmlSerializer object, passing it the type of object to be deserialised.
3. Call the XmlSerializer object's Deserialize method, passing the stream, and cast the result.

C5L2Q4: What needs to be done to ensure that a class can be serialised to XML?

Answer:

• Specify the class as public.
• Specify all members that must be serialised as public.
• Create a parameterless (or default) constructor.

C5L2Q5: By default, what are public class members serialised as?

Hint: Attributes or elements.

Answer: Elements.

C5L2Q6: What needs to be done to prevent a member of a custom class from being serialised to XML?

Answer: Add the XMLIgnore attribute to the member.

C5L3Q1: How do you override the default serialisation functionality?

Answer: Implement the ISerializable interface and add the Serializable attribute to the class.

C5L3Q2: When should you not use the default serialisation functionality?

Answer: When the class has declarative or imperative security at the class level or on its constructors.

C5L3Q3: What should be implemented for the ISerializable interface?

Follow up question: What happens if you forget that which should be implemented for the ISerializable interface?

Answer: The GetObjectData method and the serialisation constructor.

Follow up answer: Forgeting the GetObjectData method results in a compiler error. Forgeting the serialisation constructor results in a serialisation exception at runtime.

C5L3Q4: What are the four serialisation events?

Answer: Serializing, Serialized, Deserializing and Deserialized.

C5L3Q5: What are the four attributes used to specify which methods respond to each serialisation event?

Answer: OnSerializing, OnSerialized, OnDeserializing and OnDeserialized.

C5L3Q6: Which event occurs first, IDeserializationCallback.OnDeserialization or ISerializable's OnDeserialization event?

Answer: IDeserializationCallback.OnDeserialization.

C5L3Q7: Which event occurs first, ISerializable's OnDeserialization event or IDeserializationCallback.OnDeserialization?

Answer: IDeserializationCallback.OnDeserialization.

C5L3Q8: What must a method have to respond to a serialisation event?

Answer:

• A StreamingContext object as a parameter.
• Return void.
• The attribute that matches the serialisation event.

C5L3Q9: Which of the serialisation types supports events?

Hint: Either BinaryFormatter, SoapFormatter or custom serialisation.

Answer: BinaryFormatter.

C5L3Q10: How can you make context decisions during serialisation?

Answer: Inspect (or examine etc) the StreamingContext object passed to the GetObjectData method.

C5L3Q11: How can you make context decisions during deserialisation?

Answer: Inspect (or examine etc) the StreamingContext object passed to the serialisation constructor.

C6L2Q1: How can a System.Drawing.Image class be instantiated?

Answer:

• Call the Image.FromFile or Image.FromStream method.
• Create a System.Drawing.Bitmap or System.Drawing.Imaging.Metafile object.

C6L2Q2: What two methods does Bitmap have that Image does not?

Answer: GetPixel and SetPixel.

C6L2Q3: What must first be done to draw a rectangle on a Image or Bitmap object?

Answer: Create a Graphics object by calling the Graphics.FromImage method.

C6L2Q4: How can an image from a JPEG file be displayed in a Windows Forms application?

Answer:

1. Create a PictureBox control on the form.
2. Create a Image or Bitmap object by calling the Image.FromFile or Bitmap.FromFile method.
3. Assign the Image or Bitmap object to the BackgroundImage property of the PictureBox control.

C6L2Q5: How can an image from a JPEG file be displayed in a Windows Forms application, without using a PictureBox control?

Answer:

1. Create a Bitmap object by calling the Bitmap.FromFile method.
2. Get the Graphics object by calling the GetGraphics method.
3. Call the DrawImage method on the Graphics object, passing in the Bitmap object, the location and the size.

C6L3Q1: When using the Graphics.DrawString method, how do you set the vertical alignment to top, center or bottom?

Answer:

1. Create a StringFormat object.
2. Set the LineAlignment property of the StringFormat object to
   • StringAlignment.Near for top,
   • StringAlignment.Center for center or
   • StringAlignment.Far for bottom.
3. Pass the StringFormat object to the Graphics.DrawString method.

C6L3Q2: When using the Graphics.DrawString method, how do you set the horizontal alignment to left, center or right?

Answer:

1. Create a StringFormat object.
2. Set the Alignment property of the StringFormat object to
   • StringAlignment.Near for left,
   • StringAlignment.Center for center or
   • StringAlignment.Far for right.
3. Pass the StringFormat object to the Graphics.DrawString method.

C7L1Q1: What are the steps to create a new thread that does not require data passed to it?

Answer:

1. Create a ThreadStart object and pass the method to be run into the constructor.
2. Create a Thread object and pass the ThreadStart object into the constructor.
3. Call the Thread object's Start method.

C7L1Q2: What are the steps to create a new thread that requires data passed to it?

Answer:

1. Create a ParameterizedThreadStart object and pass the method to be run into the constructor.
2. Create a Thread object and pass the ThreadStart object into the constructor.
3. Call the Thread object's Start method and pass the data to go to the new thread.

C7L1Q3: What method signature does a ThreadStart delegate have?

Answer: It takes no parameters and returns void.

C7L1Q4: What method signature does a ParameterizedThreadStart delegate have?

Answer: It takes an Object as a parameter and returns void.

C7L1Q5: How should a thread be stopped?

Answer: By calling its Abort method.

C7L1Q6: What happens when you call a thread's Abort method?

Answer: The threading system prepares to throw a ThreadAbortException.

C7L1Q7: What two methods can be used to prevent data corruption when a thread is aborted?

Answer: BeginCriticalRegion and EndCriticalRegion.

C7L1Q8: What is contained in the execution context of a thread?

Answer:

• Security information
• Localisation settings
• Transaction information

C7L1Q9: How do you prevent new threads from getting the execution context?

Answer: Call the ExecutionContext.SurpressFlow before the new thread is created and call the ExecutionContext.RestoreFull afterwards.

C7L1Q10: Why would you want to prevent new threads from getting the execution context?

Answer: It is faster.

C7L2Q1: What class can be used to atomically increment a variable?

Answer: Interlocked.

C7L2Q2: What five atomic operations can the Interlocked class perform?

Answer: Add, Increment, Decrement, Exchange and Read.

C7L2Q3: What are the three kernel object that allow thread synchronisation across application domains or process boundaries?

Answer: Mutex, Semaphore and Event.

C7L2Q4: What would you use to control access to a resource across application domains or process boundaries?

Answer: A Mutex.

C7L2Q5: What would you use to restrict access to a resource across application domains or process boundaries to a certain number of processes?

Answer: A Semaphore.

C7L2Q6: What would you use to signal processes across application domains or process boundaries?

Answer: An Event.

C7L3Q1: What does APM stand for?

Answer: Asynchronous Programming Model

C7L3Q2: What type does the method BeginRead (part of the APM) return?

Answer: IAsyncResult

C7L3Q3: What are the three APM rendezvous models?

Answer: Wait-until-done, polling and callback.

C7L3Q4: When using the APM, when is an exception that occurs on an asynchronous thread thrown?

Answer: When the EndXXX method is called.

C7L3Q5: To add a piece of work to be processed by the thead pool, what method should be called and what should be passed to it?

Answer: The ThreadPool.QueueUserWorkItem method should be called, a WaitCallback object and a data object to be processed should be passed.

C7L3Q6: What information does the method ThreadPool.GetMaxThreads give?

Answer: The maximum number of threads and the maximum completion ports.

C7L3Q7: What information does the method ThreadPool.GetMinThreads give?

Answer: The minimum number of threads and the minimum completion ports.

C7L3Q8: Which are there typically more of, threads managed by the thread pool or completion ports?

Answer: Completion ports

C7L3Q9: What method can be used to utilise the thread pool to fire a callback when a kernal-level synchronisation object signals it has been released?

Answer: ThreadPool.RegisterWaitForSingleObject

C7L3Q10: What is the namespace of the preferred Timer class?

Answer: System.Threading.Timer

C8L1Q1: What are application domains used for?

Answer: To keep assemblies separate within a single process.

C8L1Q2: What manages application domains?

Answer: The .NET framework runtime.

C8L1Q3: What manages processes?

Answer: The operating system.

C8L1Q4: What can host an application domain?

Answer: The .NET framework runtime or an assembly.

C8L1Q5: How do you create an application domain?

Answer: Call AppDomain's static CreateDomain method.

C8L1Q6: How do you load an assembly into an application domain?

Answer: Call the ExecuteAssembly or ExecuteAssemblyByName method on the instance of the AppDomain object.

C8L1Q7: How do you close an application domain?

Answer: Call AppDomain's static Unload method and pass a reference to the application domain to be closed.

C8L2Q1: The Evidence object has a constructor that requires two arrays. What goes in each array?

Follow up question: Although either or both can be null, which is more likely to be null?

Answer: Host evidence and assembly evidence.

Follow up answer: Assembly evidence.

C8L2Q2: At what two stages can evidence be specified for an assembly running in an application domain?

Answer: When the application domain is created and when the assembly is executed.

C8L2Q3: Which existing AppDomain objects are affected by changing the properties of an AppDomainSetup instance?

Answer: None (tricky). Changing the properties of an AppDomainSetup instance only affects new AppDomain objects that are created with it.

C8L3Q1: How do you debug a service?

Answer: Install it, start it and then attach a debugger to the service's process.

C8L3Q2: When creating a service, which methods should you override and which are optional?

Follow up question: What should you also do if you override any optional method?

Answer: The methods OnStart and OnStop should be overridden. The methods OnPause, OnContinue and OnShutdown are optional.

Follow up answer: If OnPause and/or OnContinue are overriden, set ServiceBase.CanPauseAndContinue to true. If OnShutdown is overriden set ServiceBase.CanShutdown to true.

C8L3Q3: What four things does the ServiceInstaller class define?

Answer: The service description, display name, service name and start type.

C8L3Q4: What does the ServiceProcessInstaller class define?

Answer: The service account settings.

C8L3Q5: What are the three start types for a service and which is the default?

Answer: Automatic, manual (default) and disabled.

C8L3Q6: What are the four types of accounts that can be used in a security context for a Windows service?

Follow up question: Which is the default, which is the most secure and which is the most privileged?

Answer:

• Local service (most secure)
• Network service
• Local system (most privileged)
• User (default)

C8L3Q7: What tool is used to manually install a service?

Answer: InstallUtil.exe.

C9L1Q1: What are the two most important classes used to deal with application settings and what namespace are they in?

Answer: Configuration and ConfigurationManager, which are in the System.Configuration namespace.

C9L1Q2: What are the four ConfigurationManager methods that open various configurations?

Answer:

• OpenExeConfiguration
• OpenMachineConfiguration
• OpenMappedExeConfiguration
• OpenMappedMachineConfiguration

C9L1Q3: What should you always do before opening a mapped configuration file and why?

Answer: Check for the existence of the file, because if it is missing no error will be generated - instead all the configuration settings will be null.

C9L1Q4: How can you specify which version of the .NET Framework an application should be run with?

Answer: Add a supportedRuntime entry in the startup section of the configuration file.

C9L1Q5: Which is obsolete, ConfigurationSettings or ConfigurationManager?

Answer: ConfigurationSettings

C9L1Q6: What are the two default properties of the ConfigurationManager class used to store configuration information?

Answer: AppSettings and ConnectionString.

C9L1Q7: What is the default file name for putting configuration settings in?

Answer: App.config.

C9L1Q8: What is the XML path for custom application settings in the App.config file?

Follow up question: What is the element name and what should its two attributes be?

Answer: configuration → appSettings.

Follow up answer: The element name is 'add' and the two attributes should be 'key' and 'value'.

C9L1Q9: How would you read a setting called 'foo' from the application settings file?

Answer: Call ConfigurationManager.AppSettings[“foo”] and store the result in a String.

C9L2Q1: What are the two specific predefined installers?

Answer: AssemblyInstaller and ComponentInstaller.

C9L2Q2: What methods should be overridden when creating a custom Installer class?

Follow up question: What two events can also be responded to?

Answer: Install, Commit, Rollback and Uninstall.

Follow up answer: Committing and Committed.

C9L2Q3: Other than overriding methods and responding to events, what else needs to be done to create a custom Installer class?

Answer: Add the RunInstallerAttribate to the custom class and set the runInstaller parameter to true.

C9L3Q1: What are the code groups in the .NET Framework named after?

Answer: The evidence they provide.

C10L1Q1: Which account or accounts have enough privileges to write to the Windows event log?

Answer: The Local System account.

C10L1Q2: Which logs are available by default in the Windows event log mechanism?

Answer: Application, Security and System.

C10L2Q1: How can you programmatically signal a break to the debugger?

Answer: Call the Debugger.Break method.

C10L2Q2: How do you prevent a member from appearing in the variable watch window while debugging?

Answer: Add a DebuggerBrowsable attribute to the member and pass in DebuggerBrowserState.Never.

C10L2Q3: How do you specify what text will appear in the Value column of the variable watch window for a custom class while debugging?

Answer: Add a DebuggerDisplay attribute to the member.

C10L2Q4: What does the DebuggerDisplay attribute do?

Answer: Specifies what should be displayed in the Value column of the variable watch window while debugging.

C10L2Q5: What does the DebuggerHidden attribute do?

Answer: It prevents the debugger from breaking inside a class, method or property, even if there is a breakpoint.

C10L2Q6: How do you prevent the debugger from breaking inside a class, method or property, even if there is a breakpoint?

Answer: Add a DebuggerHidden attribute to the class, method or property.

C10L2Q7: How do you cause the debugger to automatically step over a section of code?

Answer: Add a DebuggerStepThrough attribute to the code.

C10L2Q8: What does the DebuggerStepThrough attribute do and how is it different to the DebuggerHidden attribute?

Answer: The DebuggerStepThrough attribute causes the debugger to step over the code it decorates, but does not hide the code like the DebuggerHidden attribute does.

C10L3Q1: What is the difference between the Trace class and the Debug class?

Answer: The Trace class is implemented in both the release and debug builds, whereas Debug is only implemented in debug builds.

C10L3Q2: What are the four primary methods of getting a reference to a process or processes?

Answer: The GetCurrentProcess, GetProcessById, GetProcessByName and GetProcesses.

C10L3Q3: How do you start an external executable from .NET code?

Answer: Call the Process.Start method.

C10L3Q4: How do you start an external executable with command line arguments from .NET code?

Answer: Create or get a reference to a ProcessStartInfo object, set the Arguments property and pass it to the Process.Start method.

C10L3Q5: What object type should secure text be stored in?

Answer: SecureString

C10L4Q1: What are the four most important members of the System.Management namespace?

Answer: ManagementQuery, EventQuery, ObjectQuery and ManagementObjectQuery.

C10L4Q2: What does WMI stand for?

Answer: Windows Management Instrumentation.

C10L4Q3: What are the two steps to retrieve information from the WMI?

Answer:

1. Create a ManagementObjectSearcher object and pass the query into the constructor.
2. Obtain a ManagementObjectCollection object by calling the ManagementObjectSearcher's Get method.

C10L4Q4: What needs to be selected from to enumerate the logical drives?

Answer: Win32_LogicalDisk

C10L4Q5: What needs to be selected from to enumerate the network adapters?

Answer: Win32_NetworkAdapterConfiguration

C10L4Q6: What needs to be selected from to enumerate the Windows Services?

Answer: Win32_Service

C10L4Q7: What class would be used to respond a change in the WMI?

Answer: ManagementEventWatcher

C11L1Q1: What does CAS stand for?

Answer: Code Access Security.

C11L1Q2: What is the relationship between evidence, code groups and permission sets?

Answer: The evidence that an assembly has determines what code group or groups it belongs to. The code group or groups determines what permission set or sets it gets.

C11L1Q3: What are the two types of evidence?

Answer: Host evidence and assembly evidence.

C11L1Q4: What are the three CAS policy levels and which one would you most commonly use?

Answer: Enterprise, machine and user. Machine policy is the most commonly used.

C11L1Q5: What must an assembly have before its trust can be increased?

Answer: A strong name.

C11L1Q6: As a developer, the permission set assigned to the My_Computer_Zone should be changed from what to what?

Follow up question: Why should it be changed?

Answer: From “Full Trust” to “Everything”.

Follow up answer: Full Trust completely skips all CAS statements in code. The Everything permission set has similar permissions, but it does not skip CAS statements.

C11L1Q7: What is the command line utility for maintaining CAS settings?

Answer: Caspol.exe - Code Access Security POLicy tool.

C11L2Q1: What does the Microsoft term 'RequestOptional' mean in English?

Answer: 'Refuse all except'.

C11L2Q2: What does the Microsoft term 'RequestMinimum' mean in English?

Answer: 'Require minimum'.

C11L2Q3: What is the English term 'refuse all except' called in Microsoft language?

Answer: 'RequestOptional'.

C11L2Q4: What is the English term 'require minimum' called in Microsoft language?

Answer: 'RequestMinimum'.

C11L2Q5: What are the three SecurityActions?

Answer: RequestMinimum, RequestOptional and RequestRefuse.

C11L2Q6: CAS declarations are in what type of assemblies?

Answer: Fully trusted assemblies (or assemblies with the Full Trust permission set).

C11L3Q1: How many declarative CAS security actions are available for assemblies and how many are available for methods?

Answer: Three for assemblies, six for methods.

C11L3Q2: What are the three declarative CAS security actions for assemblies?

Answer: RequestMinimum, RequestOptional and RequestRefuse.

C11L3Q3: What are the six declarative CAS security actions for methods?

Answer: Assert, Demand, Deny, InheritanceDemand, LinkDemand, and PermitOnly.

C11L3Q4: What is the difference between the Demand CAS security action and the LinkDemand CAS security action?

Answer: Demand checks the security of all the callers, LinkDemand only checks the security of the immediate caller.

C11L3Q5: Which class is used to specify what to check for in a declarative permission statement and which is used in an imperative permission statement?

Answer: Declarative permission statements use SecurityAction, imperative permission statements use CodeAccessPermission.

C11L3Q6: How should a method check if it has a particular CAS permission?

Answer: Call the System.Security.SecurityManager.IsGranted method.

C11L3Q7: Which two security actions reduce CAS permissions for a method and what is the difference between the two?

Answer: Deny and PermitOnly. Deny removes only the specified permission, PermitOnly removes all except the specified permission.

C11L3Q8: Which two security actions reduce CAS permissions for an assembly and what is the difference between the two?

Answer: RequestRefuse and RequestOptional. RequestRefuse removes only the specified permission, RequestOptional removes all except the specified permission.

C11L3Q9: Deny and PermitOnly perform similar functions to what?

Answer: RequestMinimum and RequestOptional.

C11L3Q10: RequestMinimum and RequestOptional perform similar functions to what?

Answer: Deny and PermitOnly.

C11L3Q11: As the security action Assert can only be used once in a method, how can multiple CAS permissions be asserted?

Answer: Add the permissions to a PermissionSet object and assert that.

C12L1Q1: What are the three properties of PrinciplePermission?

Authenticated, Name, Role.

C12L1Q2: What does RBS stand for?

Role-Base Security

C12L1Q3: What two things must be defined to make a declarative permission statement?

Answer:

• SecurityAction, typically Demand
• one or more PrinciplePermission properties.

C12L1Q4: Which type of RBS security demand restricts entire methods?

Hint: Declarative or imperative?

Answer: Declarative.

C12L1Q5: Which type of RBS security demand is more granular?

Hint: Declarative or imperative?

Answer: Imperative.

C12L1Q6: What must be done before making an RBS demand?

Answer: Set the principle policy.

C12L1Q7: What must be implemented for a custom principle class based on IIdentity ?

Answer: AuthenticationType, IsAuthenticated and Name.

C12L1Q8: What must be implemented for a custom principle class based on IPrinciple ?

Answer: Constructor, the Identity property, the IsInRole method.

C12L1Q9: Scenario question

Question: You must restrict access to a method based on a user’s group memberships in the local user database. You want to use the most secure method possible. Which technique will you use?

Hint: WindowsPrincipal.IsInRole or WindowsIdentity.IsInRole or Imperative RBS demands or Declarative RBS demands.

Answer: Declarative RBS demands.

C12L1Q10: Scenario question

Question: You must restrict access to a method that is directly called by a Windows event. It will be based on a user’s group memberships in the local user database. If the user lacks sufficient access, you want to log an event and display a message to the user. You want to use the most secure method possible. Which technique will you use?

Hint: WindowsPrincipal.IsInRole or WindowsIdentity.IsInRole or Imperative RBS demands or Declarative RBS demands.

Answer: Imperative RBS demands.

C12L1Q11: Scenario question

Question: You are writing a method for a console application that lists options available to a user based on his group memberships. Which technique should you use?

Hint: WindowsPrincipal.IsInRole or WindowsIdentity.IsInRole or Imperative RBS demands or Declarative RBS demands.

Answer: WindowsPrincipal.IsInRole.

C12L2Q1: What does DACL stand for?

Answer: Discretionary Access Control List.

C12L2Q2: What does SACL stand for?

Answer: Security Access Control List.

C12L2Q3: What is the difference between DACLs and SACLs?

Answer: DACLs restrict access, SACLs audit (or log) access.

C12L2Q4: What do DACLs contain?

Answer: ACEs (Access Control Entries)

C12L2Q5: Scenario question

Scenario: Mary is a member of the managers group, which has delete access to a resource. She is also a member of the accountants group, which has modify access to the resource.

Question: What access to the resource does Mary have?

Answer: Both delete and modify access.

C12L2Q6: Scenario question

Scenario: Mary is a member of the managers group, which has grant read access to a resource. She is also a member of the accountants group, which has deny read access to the resource.

Question: What access to the resource does Mary have?

Answer: None.

C12L2Q7: Scenario question

Scenario: Mary is not a member of any group that is in any of the ACEs for a resource.

Question: What access to the resource does Mary have?

Answer: None.

C12L2Q8: What are the standard file and folder permissions?

Answer: FullControl, Modify, ReadAndExecute, ListDirectory, Read, and Write.

C12L2Q9: What system resources can be secured using DACLs, SACLs and ACEs?

Answer: Files, folders (or directories), registry keys, cryptographic keys, Event Wait handles, mutexes, and semaphores.

C12L3Q1: What is the preferred symmetric encryption class?

Follow up Question: What is the preferred encryption algorithm also known as?

Another Follow up Question: What is the next most preferred encryption algorithm?

Answer: RijndaelManaged ('Rijndael' is pronounced 'Rhine Dahl'.)

Follow up Answer: Advanced Encryption Standard (AES).

Another Follow up Answer: TripleDES (not DES).

C12L3Q2: What is the common, older, crappier symmetric encryption algorithm?

Answer: Data Encryption Standard (DES).

C12L3Q3: What class is used to convert a password into a key?

Answer: Rfc2898DeriveBytes ('R-F-C-some numbers-derive-bytes' is ok)

C12L3Q4: What are the two implementations of the AsymmetricAlgorithm base class and what is each used for?

Answer: RSACryptoServiceProvider and DSACryptoServiceProvider. RSACryptoServiceProvider is for asynchronous encryption and decryption; DSACryptoServiceProvider is for digitally signing messages.

C12L3Q5: What two methods are used to convert strings to byte arrays?

Answer: System.Text.Encoding.Unicode.GetBytes and System.Text.Encoding.Unicode.GetString.

C12L3Q6: Which of the following classes are synchronous and which are asynchronous?

• RSACryptoServiceProvider
• RijndaelManaged
• TripleDES
• DSACryptoServiceProvider
• DES
• RC2

Answer:

• RSACryptoServiceProvider (Asynchronous)
• RijndaelManaged (Synchronous)
• TripleDES (Synchronous)
• DSACryptoServiceProvider (Asynchronous)
• DES (Synchronous)
• RC2 (Synchronous)

C12L3Q7: What must be synchronized between the encryptor and decryptor when using symmetric encryption?

Answer: The key, the IV (Initial Value) and the Mode.

C12L3Q8: What are the two keyed hashing algorithms?

Answer: HMACSHA1 and MACTripleDES.

C13L1Q1: What does RCW stand for?

Answer: Runtime Callable Wrapper.

C13L1Q2: COM components must be what before being used?

Answer: Registered, then imported.

C13L1Q3: What is used to register a COM component?

Answer: Regsvr32

C13L1Q4: What is used to import a COM component?

Answer: Visual Studio or Type Library Importer Tool.

C13L1Q5: When calling VB interop code, what should C# pass for optional parameters?

Answer: Type.Missing

C13L1Q6: What are the four shortcomings of COM interop?

Answer: Static members, parameterised constructors, inheritance, portability.

C13L2Q1: When .NET components are consumed by COM, what handles the marshalling between .NET and COM?

Answer: The COM Callable Wrapper (CCW).

C13L2Q2: How do you hide a public .NET class from COM?

Answer: Give it a ComVisible attribute and pass in false.

C13L2Q3: What is used to export an assembly to COM?

Answer: Visual Studio or the Type Library Exporter Utility.

C13L3Q1: A Runtime Callable Wrapper is used for what?

Hint: External libraries or P/Invokes?

Answer: External libraries.

C13L3Q2: When using P/Invoke calls, which type is best for passing text?

Answer: StringBuilder

C13L3Q3: How do you specify what unmanaged type a property should be?

Answer: Add a MarshalAs attribute and specify an UnmanagedType.

C13L3Q4: What attribute is used to specify a library when creating a P/Invoke?

Answer: DllImport

C13L3Q5: What attribute is used to determine what order members of a structure are stored in memory?

Answer: StructLayoutAttribute

C13L3Q6: What are the three methods for determining what order members of a structure are stored in memory and how are they specified?

Answer: Auto, sequential and explicit. An instance of LayoutKind is passed to the attribute StructLayout.

C14L1Q1: What are the four parts of an assembly?

Answer: Assembly metadata (or manifest), type metadata, code and resources.

C14L1Q2: What is the relationship between assemblies, modules and types?

Answer: An assembly can contain one or more modules (although typically just one). A module can contain one or more types. An assembly can not directly contain a type (or types must be contained in a module).

C14L2Q1: How do you get a reference to the current assembly?

Answer: Call the Assembly.GetExecutingAssembly method.

C14L2Q2: Using reflection, how can you get a collection of all the attributes that a class has?

Answer: Call the Assembly.GetCustomAttributes method, which will return an array.

C14L2Q3: What happens when the revision part of the version number in the AssemblyVersionAttribute is set to an asterisk?

Answer: It will be replaced with a random number by the compiler.

C14L2Q4: What happens when the build part of the version number in the AssemblyVersionAttribute is set to an asterisk?

Answer: It will be replaced with an automatically incrementing number by the compiler.

C14L3Q1: How do you create a Type object based on a particular object?

Follow up question: How do you create a Type object based on a particular class?

Answer: Call the object's GetType method.

Follow up answer: Use the typeof keyword.

C14L3Q2: If a string has been cast into a variable of type object, what will calling the method GetType on the variable return?

Answer: A Type object that represents the string class.

C14L5Q1: Which class is used to create a dynamic assembly?

Answer: AppDomain.

C15L1Q1: What exception will be thrown if you call SmtpClient.Send and the server hostname is defined but the server cannot be found?

Answer: SmtpException with an inner WebException.

C15L1Q2: What exception will be thrown if you call SmtpClient.Send and any other problem occurs?

Answer: SmtpException.

C15L1Q3: What exception will be thrown if you call SmtpClient.Send and the server hostname has not been defined?

Answer: InvalidOperationException.

C15L1Q4: What exception will be thrown if you call SmtpClient.Send and the SMTP server reports that the recipient is invalid?

Answer: SmtpFailedRecipientException.

C15L1Q5: Which method would you call to send an e-mail message and wait for the transmission to complete before proceeding?

Answer: SmtpClient.Send

C15L1Q6: Which method would you call to send an e-mail message and not wait for the transmission to complete before proceeding?

Answer: SmtpClient.SendAsync

C15L1Q7: How do you talk to the SMTP server securely?

Answer: Set SmtpClient.EnableSsl to true.

C16L1Q1: What are the three culture categories?

Answer: Invariant, neutral and specific.

C16L1Q2: How can a string comparison be made that is specific to a culture and can use the CompareOptions class?

Answer:

1. Create or get a reference to an CultureInfo object.
2. Get a reference to the CompareInfo property of the CultureInfo object.
3. Call the Compare method on the CompareInfo object and pass in the two strings to be compared and any CompareOtions required.

ITQ1: What is the definition of third normal form?

Answer: “Every non-key attribute must provide a fact about the key, the whole key, and nothing but the key.”

ITQ2: What is Brooks' Law?

Answer: “Adding resources to a late project makes it later.”

ITQ3: What is the Unicode number for the snowman character?

<html> <span style=“font-size:60px”>&#9731;<span> </html>

Answer: 2603 (Hex).

FractalQ1: What should be done first if a layer is too 'busy' or has a lot of noise?

Answer: Lower the bailout parameter on the formula tab.

FractalQ2: What should be done if a layer has 'black holes'?

Answer: Increase the Maximum Iterations parameter on the formula tab.

LifeQ1: Whose fault should you always assume it is?

Answer: Your own fault.

LifeQ2: When things are shit, what question should you ask?

Answer: “What can I do about it?”

LifeQ3: What is the effect / affect usage mnemonic?

Answer: VANE - Verb Affect Noun Effect

PragPreQ1: What is the most basic characteristic of a Pragmatic Programmer?

Answer: They care about their craft.

PragPreQ2: What are the five lesser characteristics of a Pragmatic Programmer?

Answer: Early adopter / fast adapter, Inquisitive, Critical thinker, Realistic, and Jack of all trades.

PragPreQ3: How does one become a Pragmatic Programmer?

Answer: THINK! about one's work and continuously make many small improvements.

PragC1Q1: What is the 'Broken Window Theory' and how does it apply to software development?

Answer: …

PragC1Q2: What type of soup should you make when being a catalyst for change?

Hint: Stone soup or frog soup.

Answer: Stone soup.

PragC1Q3: Great software today is often preferable to what?

Answer: Perfect software tomorrow.

PragC1Q4: Perfect software tomorrow is often less preferable to what?

Answer: Great software today.

PragC2Q1: When does software maintenance begin and why?

Answer: Software maintenance begins as soon as coding starts, because things keep changing (requirements and our understanding of them, environments, knowledge etc.)

PragC2Q2: What is the DRY principle?

Answer: Don't Repeat Yourself.

“Every piece of knowledge must be a single unambiguous, authoritative representation with in a system.”

PragC2Q3: What are the four categories of duplication?

Hint: The four i's of duplication.

Answer:

• Imposed - Developers feel they have no choice - the environment appears to require duplication.
• Inadvertent - Developers don't realise they are duplicating information.
• Impatient - Developers get lazy and duplicate because it seems easier.
• Interdeveloper - Multiple people on a team (or different teams) duplicate information.

PragC2Q4: What is a technique for avoiding or reducing imposed duplication?

Answer: Code generation.

PragC2Q5: What is Meyer's Uniform Access principle?

Answer:

“All services offered by a module should be available through a uniform notation, which does not betray whether they are implemented through storage or through computation.”

or

“Class properties are good.”

PragC2Q6: What are two techniques for avoiding or reducing inadvertent duplication?

Answer: Normalise the data and don't store what can be calculated.

PragC2Q7: What should be done if the DRY principle needs to be violated for performance reasons?

Answer: Ensure the violation is not exposed to the outside world by keeping it contained with in the class.

PragC2Q8: How do you avoid impatient duplication?

Answer: Discipline.

PragC2Q9: What adage relates to impatient duplication?

Answer:

“Short cuts make for long delays.”

PragC2Q10: What is orthogonality?

Answer: Independence or decoupling.

PragC2Q11: What are the two major benefits of orthogonality?

Answer: Increased productivity and reduced risk.

PragC2Q12: How can you get an informal measurement of how orthogonal a team is?

Answer: Determine how many people need to be involved in discussing each change that is requested. The less people, the more orthogonal and better off the team is.

PragC2Q13: How can low orthogonality affect a team?

Answer: Confusion over responsibilities leading to bickering.

Art1P2Q1: What are the four primary symptoms of rotting design?

Answer:

• Rigidity (changes cascade)
• Fragility (breaks whenever it is changed)
• Immobility (inability to reuse software from other projects or part of the system)
• Viscosity (easier for the engineers to break the design with hacks rather than preserve it)

Art1P4Q1: What kind of requirements changes cause design rot?

Answer: Changes that introduce new and unplanned for dependencies.

Art1P4Q2: What technique can be used to prevent degradation of the dependency architecture?

Answer: Dependency firewalls.

Art1P4Q3: What is the Open Closed Principle and who came up with it?

Answer:

“A module should be open for extension, but closed for modification.” - Bertrand Meyer

Art1P5Q1: What is the key to the OCP?

Answer: Abstraction.

Art1P8Q1: What is the Liskov Substitution Principle and who came up with it?

Answer:

“Subclasses should be substitutable for their base classes.” - Barbara Liskov

Art1P8Q2: What is the canonical example of the subtleties of the LSP?

Answer: The Circle / Ellipse dilemma.

Art1P12Q1: Violations of the LSP are also what?

Answer: Violations of the OCP.

Art1P12Q2: What is the Dependency Inversion Principle?

Answer:

“Depend on abstractions. Do not depend on concretions.”