MCSD 70-310高级XML Web服务编程考试问题 [英] MCSD 70-310 Advanced XML Web Services Programming Exam Question
问题描述
现在有人可以帮我回答这个问题吗?
Northwind Traders是一家位于全国各地的连锁百货公司。它正在建立一个新的销售系统,收银员将用它来接受客户的付款。作为试点项目,您正在创建一个Windows应用程序,以在其中一个商店中实施新的销售系统。您希望在此Windows应用程序中使用现有的Web服务。您已实施安全性并确保只有收银员组中的用户和商店经理才能访问销售系统。由于某些财务要求,销售应用程序也需要由Nancy和该商店的会计师访问。但是,XML Web服务未配置为确保访问控制。以下哪项任务确保只有授权用户才能访问XML Web服务? (选择一个正确的选项。)
A.在web.config文件中,插入以下代码行:
< authorization> < allow role =" Cashiers,Managers" /> < allow users =" Nancy" /> < deny users =" *"> < deny users ="?">< / authorization> B.在web.config文件中,插入以下代码行:
< authorization> < deny users =" *"> < allow users =" Nancy" /> < allow role =" Cashiers,Managers" /> < deny users ="?">< / authorization> C.在web.config文件中,插入以下代码行:
< authorization> < allow users =" *"> < allow users =" Nancy" /> < allow role =" Cashiers,Managers" /> < deny users ="?">< / authorization> D.在web.config文件中,插入以下代码行:
< authorization> < allow users ="?"> < deny users =" *"> < allow users =" Nancy" /> < allow role =" Cashiers,Managers" />< / authorization>
我会认为B是正确的答案,但看起来他们想要A.或者A和B会做同样的事情吗?
Now can someone help me answer this question?
Northwind Traders is a chain of department stores located around the country. It is setting up a new sales system cashiers will use to accept payments from customers. As a pilot project, you are creating a Windows application to implement a new sales system in one of the stores. You want to use an existing Web Service in this Windows application. You have implemented security and ensured that only the users in the cashiers group and the store manager can access the sales system. Because of certain financial requirements, the sales application also needs to be accessed by Nancy, and accountant at that store. However, the XML Web service is not configured to ensure access control. Which of the following tasks ensure that only authorized users can access XML Web services? (Choose one correct option.)
A. In the web.config file, insert the following lines of code:
<authorization> <allow role="Cashiers, Managers"/> <allow users="Nancy"/> <deny users="*"> <deny users="?"></authorization>B. In the web.config file, insert the following lines of code:
<authorization> <deny users="*"> <allow users="Nancy"/> <allow role="Cashiers, Managers"/> <deny users="?"></authorization>C. In the web.config file, insert the following lines of code:
<authorization> <allow users="*"> <allow users="Nancy"/> <allow role="Cashiers, Managers"/> <deny users="?"></authorization>D. In the web.config file, insert the following lines of code:
<authorization> <allow users="?"> <deny users="*"> <allow users="Nancy"/> <allow role="Cashiers, Managers"/></authorization>
I would have assumed that B was the correct answer, but it looks like they wanted A. Or would A and B do the same thing?
推荐答案
>现在有人可以帮我回答这个问题吗?
是的,不要用html发布。
Kline Sphere(粉笔)MCNGP#3
>Now can someone help me answer this question?
yes, don''t post in html.
Kline Sphere (Chalk) MCNGP #3
" Greg" < GR **** @ msn.com>写道:
"Greg" <gr****@msn.com> wrote:
现在有人可以帮我回答这个问题吗?
< SNIP>我会假设B是正确答案,但它看起来像他们想要A.或者A和B会做同样的事情吗?
Now can someone help me answer this question?
<SNIP>I would have assumed that B was the correct answer, but it looks like they wanted A. Or would A and B do the same thing?
将您的发布偏好设置为纯文本!!!
Northwind Traders是一家连锁百货商店,位于全国各地,价值
。它正在建立一个新的销售系统
收银员将用于接受客户的付款。作为一个
试点项目,您正在创建一个Windows应用程序,以便在其中一个商店中实施新的销售系统。您希望
在此Windows应用程序中使用现有的Web服务。
您已实现安全性并确保收银员中只有
用户团体和商店经理可以访问销售系统
。由于某些财务要求,销售应用程序还需要由Nancy,
和该商店的会计师访问。但是,XML Web服务
未配置为确保访问控制。哪些
后续任务确保只有授权用户才能访问
XML Web服务? (选择一个正确的选项。)
A.在web.config文件中,插入以下几行
代码:
< authorization>
< allow role =" Cashiers,Managers" />
< allow users =" Nancy" />
< deny users =" *">
< deny users ="?">
< / authorization>
B.在web.config文件中,插入以下几行
代码:
< authorization>
< deny users =" *">
< allow users =" Nancy" />
< allow role =收银员,经理人/>
< deny users ="?">
< / authorization>
C.在web.config文件中,插入以下行
代码:
< authorization>
< ;允许用户=" *">
< allow users =" Nancy" />
< allow role =" C ashiers,Managers" />
< deny users ="?">
< / authorization>
D.在web.config文件中,插入以下行
代码:
< authorization>
< allow users ="?">
< deny users =" *">
< allow users =" Nancy" />
< allow role =" Cashiers,Managers" />
< / authorization>
开始深入了解MSDN :
< authorization>元素
http://msdn.microsoft.com/library/de...ionsection.asp
< deny>元素
http://msdn.microsoft.com/library/de.../gngrfdeny.asp
< allow>元素
http://msdn.microsoft.com/library/de...gngrfallow.asp
< allow role =" Cashiers,Managers" /> - 授予收银员和
经理角色访问权限
< allow users =" Nancy" /> - 允许用户Nancy访问
< deny users =" *"> - 拒绝所有用户访问
< deny users ="?"> - 拒绝未经身份验证的用户访问
< allow users ="?"> - 允许未经身份验证的用户访问
:
"在运行时,授权模块遍历
< allow>和< deny>标签,直到它找到适合特定用户的FIRST访问规则
。然后,根据是否找到第一个访问规则
是< allow>,它会向URL资源授予或拒绝访问
或者< deny>规则。
所以(A)允许访问收银员和经理以及
Nancy,而拒绝访问所有其他用户和
匿名用户。这个问题是
寻找的解决方案。
(B)严格否认所有用户; 允许是错误的
的位置。我们永远不会得到允许规则。
(C)允许所有用户在开始时;我们永远不会得到剩下的规则。这不是限制性的
(D)允许未经身份验证的用户,同时拒绝所有其他
用户;我们当然不希望这个
注意(这与这个问题无关):允许
只有经过身份验证的用户才需要序列两个
规则:
< deny users ="?">
< allow users =" ; *">
另请注意:
" Machine.config文件中的默认授权规则
是< allow users =" *" />因此,默认情况下,除非另有配置,否则允许访问
。
Set your posting preferences to plain-text!!!
Northwind Traders is a chain of department stores located
around the country. It is setting up a new sales system
cashiers will use to accept payments from customers. As a
pilot project, you are creating a Windows application to
implement a new sales system in one of the stores. You want
to use an existing Web Service in this Windows application.
You have implemented security and ensured that only the
users in the cashiers group and the store manager can access
the sales system. Because of certain financial requirements,
the sales application also needs to be accessed by Nancy,
and accountant at that store. However, the XML Web service
is not configured to ensure access control. Which of the
following tasks ensure that only authorized users can access
XML Web services? (Choose one correct option.)
A. In the web.config file, insert the following lines of
code:
<authorization>
<allow role="Cashiers, Managers"/>
<allow users="Nancy"/>
<deny users="*">
<deny users="?">
</authorization>
B. In the web.config file, insert the following lines of
code:
<authorization>
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>
C. In the web.config file, insert the following lines of
code:
<authorization>
<allow users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
<deny users="?">
</authorization>
D. In the web.config file, insert the following lines of
code:
<authorization>
<allow users="?">
<deny users="*">
<allow users="Nancy"/>
<allow role="Cashiers, Managers"/>
</authorization>
start digging into the MSDN:
<authorization> Element
http://msdn.microsoft.com/library/de...ionsection.asp
<deny> Element
http://msdn.microsoft.com/library/de.../gngrfdeny.asp
<allow> Element
http://msdn.microsoft.com/library/de...gngrfallow.asp
<allow role="Cashiers, Managers"/> - Grant the Cashiers and
Manager roles access
<allow users="Nancy"/> - Allow user Nancy access
<deny users="*"> - Deny all users access
<deny users="?"> - Deny unauthenticated users access
<allow users="?"> - Allow unauthenticated users access
also:
"At run time, the authorization module iterates through the
<allow> and <deny> tags until it finds the FIRST access rule
that fits a particular user. It then grants or denies access
to a URL resource depending on whether the first access rule
found is an <allow> or a <deny> rule."
So (A) grants access to the Cashiers and Managers and to
Nancy while THEN denying access to all other users and
anonymous users. This is the solution that the question is
looking for.
(B) strictly denies all users; the "allows" are in the wrong
position. We never get to the "allow" rules.
(C) allows all users right at the beginning; we never get to
the remaining rules; this is not restrictive enough
(D) allows unauthenticated users, while denying all other
users; we certainly do not want this
Note (doesn''t pertain to this question as such): to allow
only authenticated users you would need a sequence of two
rules:
<deny users="?">
<allow users="*">
Also keep in mind:
"The default authorization rule in the Machine.config file
is <allow users="*"/> so, by default, access is allowed
unless configured otherwise."
获取更新的新闻阅读器。
海报以前称为Kline Sphere <>在留言新闻中写道:gr ******************************** @ 4ax.com ...
Get a updated news reader.
"The Poster Formerly Known as Kline Sphere" <.> wrote in message news:gr********************************@4ax.com...
现在有人可以帮我回答这个问题吗?
Now can someone help me answer this question?
是的,不要用html发帖。
Kline Sphere(粉笔)MCNGP#3
yes, don''t post in html.
Kline Sphere (Chalk) MCNGP #3
这篇关于MCSD 70-310高级XML Web服务编程考试问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
