70-486 Exam
The Secret of free exam voucher for 70-486
7/24 online customer service will be available whenever and anywhere you need. All of us provide track services for one calendar year if you acquire our Microsoft 70-486 exam dumps. You are going to enjoy the particular free updated Microsoft 70-486 analyze questions and answers inside of this period of time. If there is certainly something changed within the latest Microsoft Microsoft exam syllabus, we will mail the upgraded Microsoft exam demos for you soon.
2021 Sep testdumps.com 70-486:
Q11. - (Topic 4)
You are developing an ASP.NET MVC application that uses forms authentication. The application uses SQL queries that display customer order data.
You need to prevent all SQL injection attacks against the application.
How should you secure the queries?
A. Implement parameterization.
B. Pattern check the input.
C. Filter out prohibited words in the input.
D. Escape single quotes on string-based input parameters.
Answer: A
Explanation: With most development platforms, parameterized statements that work with parameters can be used (sometimes called placeholders or bind variables) instead of embedding user input in the statement. A placeholder can only store a value of the given type and not an arbitrary SQL fragment. Hence the SQL injection would simply be treated as a strange (and probably invalid) parameter value.
Reference: https://en.wikipedia.org/wiki/SQL_injection#Parameterized_statements
Q12. - (Topic 4)
You are developing an ASP.NET MVC application.
The application must allow users to enter HTML in a feedback text box only.
You need to disable request validation.
What should you do?
A. Use the HttpRequest.Form property to read the unvalidated form value.
B. Apply and set the Validatelnput attribute on the controller action to FALSE.
C. Use the HttpRequest.Unvalidated property to read the unvalidated form value.
D. Apply and set the CausesValidation attribute on the controller action to FALSE.
Answer: C
Explanation: The HttpRequest.Unvalidated Property provides access to HTTP request values without triggering request validation.
Q13. - (Topic 4)
You are implementing a website redesign of an existing website that provides historical weather condition maps.
The current layout resembles the graphic in the exhibit. (Click the Exhibit button.)
Year selection is implemented as a set of links, which causes the page to reload when the user changes the year. The year selection HTML is contained in a div with an id of "year-selector".
You need to modify the page so that the user can change the year without the page reloading.
You also need to ensure that there is minimal change to the design of the page.
Which code segment should you use?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Q14. DRAG DROP - (Topic 4)
You are developing an ASP.NET MVC application in Visual Studio. The application contains sensitive bank account data.
The application contains a helper class named SensitiveData.Helpers.CustomEncryptor.
The application contains a controller named BankAccountController with two actions.
The application contains a model named BankAccount, which is defined in the following code segment.
The application must not display AccountNumber in clear text in any URL.
You need to build the view for the GetAccounts action.
You have the following code:
Which code segments should you include in Target 1, Target 2 and Target 3 to build the view? To answer, drag the appropriate code segment to the correct targets. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q15. - (Topic 3)
You are creating a new authentication system that uses an HTTP header value.
The existing authentication system must continue to operate normally.
You need to implement the custom authentication.
What should you do? (Each correct answer presents a complete solution. Choose all that
apply.)
A. Create a class derived from ActionResult and check for a valid HTTP header value in the ExecuteResult method. Change all actions to return this new class.
B. Create an HttpHandler to check for a valid HTTP header value in the ProcessRequest method.
C. Create an HttpModule and check for a valid HTTP header value in the AuthenticateRequest event.
D. Create a class derived from AuthorizeAttribute and check for a valid HTTP header value in the AuthorizeCore method. Change usages of the existing AuthorizeAttribute to use the new class.
Answer: C,D
Leading 70-486 self paced training kit:
Q16. - (Topic 4)
You are developing an ASP.NET MVC application that uses forms authentication. The
application uses SQL queries that display customer order data.
Logs show there have been several malicious attacks against the servers.
You need to prevent all SQL injection attacks from malicious users against the application.
How should you secure the queries?
A. Check the input against patterns seen in the logs and other records.
B. Escape single quotes and apostrophes on all string-based input parameters.
C. Implement parameterization of all input strings.
D. Filter out prohibited words in the input submitted by the users.
Answer: C
Explanation: SQL Injection Prevention, Defense Option 1: Prepared Statements (Parameterized Queries) The use of prepared statements (aka parameterized queries) is how all developers should first be taught how to write database queries. They are simple to write, and easier to understand than dynamic queries. Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.
Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.
Reference: SQL Injection Prevention Cheat Sheet
Q17. - (Topic 4)
You are developing an ASP.NET MVC web application for viewing a list of contacts. The application is designed for devices that support changes in orientation, such as tablets and smartphones. The application displays a grid of contact tiles in portrait mode.
When the orientation changes to landscape, each tile in the grid expands to include each contact's details. The HTML that creates the tiled interface resembles the following markup.
The CSS used to style the tiles in landscape mode is as follows.
If this CSS is omitted, the existing CSS displays the tiles in portrait mode.
You need to update the landscape-mode CSS to apply only to screens with a width greater than or equal to 500 pixels.
Which code segment should you use?
A. @media screen and (width >= 500px) { … }
B. @media screen and (min-width: 500px) { … }
C. @media screen(min-width: 500px, max-width: 1000px) { … }
D. @media resolution(min-width: 500px) { … }
Answer: B
Explanation: http://www.javascriptkit.com/dhtmltutors/cssmediaqueries.shtml
Q18. - (Topic 4)
You are designing a localized ASP.NET MVC online shopping application that will be deployed to customers in the United States, China, France, and Brazil. The application must support multiple cultures so that content in the appropriate language is available in each area.
You need to ensure that the content can be viewed in several languages.
How should you implement this feature?
A. Use a resource (.resx) file to provide translations.
B. Use Systems.Collections.Generics.Dictionary to store alternative translations.
C. Ensure that all strings are marked internal to avoid conflict with internal literals.
D. Include language-specific content in the assembly manifest and use .NET culture libraries.
Answer: A
Explanation: A resource file is an XML file that contains the strings that you want to translate into different languages or paths to images. The resource file contains key/value pairs. Each pair is an individual resource. Key names are not case sensitive. For example, a resource file might contain a resource with the key Button1 and the value Submit. You create a separate resource file for each language (for example, English and French) or for a language and culture (for example English [U.K.], English [U.S.]). Each localized resource file has the same key/value pairs; the only difference is that a localized resource file can contain fewer resources than the default resource file. The built-in language fallback process then handles loading the neutral or default resource.
Reference: SP.NET Web Page Resources Overview
Q19. - (Topic 4)
You are developing an application that uses many small images for various aspects of the interface.
The application responds slowly when additional resources are being accessed.
You need to improve the performance of the application.
What should you do?
A. Preload all the images when the client connects to ensure that the images are cached.
B. Combine all the images into a single image and use CSS to create sprites.
C. Host all images on an alternate server and provide a CDN.
D. Convert the images to .png file format and stream all images on a single connection.
Answer: C
Q20. - (Topic 4)
You are developing an ASP.NET MVC application by using Visual Studio.
The application throws and handles exceptions when it runs.
You need to examine the state of the application when exceptions are thrown.
What should you do?
A. Add the following code to the web.config file of the application.
<customErrors mode=”On” >
<error statusCode=”404” redirect=”CustomErrors.html” />
</customErrors>
B. From the Debug menu in Visual Studio, select Exceptions. Disable the User-unhandled
check box for Common Language Runtime Exceptions.
C. Add the following code to the web.config file of the application.
<customErrors mode=“On” >
<error statusCode=”500” redirect=”CustomErrors.html” />
</customErrors>
D. From the Debug menu in Visual Studio, select Exceptions. Enable the Thrown check
box for Common Language Runtime Exceptions.
Answer: D
Explanation: Configuring the debugger to break for first chance exceptions
To change when the debugger breaks, go to Debug->Exceptions…
When you first open this window you will see that there is a tree grid with one column and checkboxes.
*
Break when Thrown. This includes a default list of exceptions known by the debugger,
grouped by category.
Note: The possible exceptions that could break from this list is determined by the runtime
you are debugging. For example, if you are using managed-only debugging then the
debugger will never break for C++, Win32 Exceptions, etc. even if they are configured to
break when thrown.
*
Checkboxes. If you check the box for a category, then the debugger will break for all First
Chance Exceptions while debugging. If you don’t want to enable all First Chance
Exceptions, you can find the specific exception types that you wish to configure by using
the search box.
Reference: Understanding Exceptions while debugging with Visual Studio
http://blogs.msdn.com/b/visualstudioalm/archive/2015/01/08/understanding-exceptions-while-debugging-with-visual-studio.aspx