CSE 445 FINAL EXAM QUESTIONS
WITH 100% CORRECT ANSWERS
2025 LATEST UPDATE
Which of the following is true about confidentiality of data?
A) It's a measure that ensures only authorized users can access data
B) It's a measure that ensures data is not tampered during the transmission
C) It's a measure that ensures programs that generate data does not have any errors so
that attacks can access the data
D) All of the above - Answer-B) It's a measure that ensures data is not tampered during
the transmission
Which of the following is true about safety of data?
A) It's a measure that ensures only authorized users can access data
B) ensures non-occurrence of catastrophic consequence on the environment (human
life lost, economic impact, etc.)
C) It's a measure that ensures programs that generate data does not have any errors so
that attacks can access the data
D) All of the above - Answer-B) ensures non-occurrence of catastrophic consequence
on the environment (human life lost, economic impact, etc.)
Which of the following is true about vulnerability of data?
A) It's a measure that ensures only authorized users can access data
B) It's a measure that ensures data is not tampered during the transmission
C) It's a measure that ensures programs that generate data does not have any errors so
that attacks can access the data
D) All of the above - Answer-C) It's a measure that ensures programs that generate
data does not have any errors so that attacks can access the data
What dependability functions are implemented in WCF? - Answer-security and reliability
Where are the credentials saved in the built-in account management (offered by the
pages in the "Account" folder) of ASP .Net application? - Answer-in a database
,how is the Windows-based security implemented in a Web application? - Answer-all
access to a web application or web service must go through IIS, which assigns every
request an access token. the access token enables the Windows OS to perform ACL
(access control list) checks on resources targeted by the request.
How does the Windows security mechanism work in Web application security control? -
Answer-It compares the received credential with the credential saved in Windows's user
accounts.
In Windows-based security system, the access control list is stored in... - Answer-the
Windows operating system.
Windows security can be used to control user access to a Website. This security
mechanism can be best applied to the users of - Answer-corporate intranet applications
how is the form-based security implemented in a Web application? - Answer-it used the
Web.config file to define the detailed security policies. the system.web section can be
used to define authentication and authorization to a web application.
What is (are) the problem(s) associated with the standard Windows Forms Security
mechanism? - Answer-- passwords are stored in clear text
- sequential comparisons of user name and password
- unmanageable if accessibility needs to be changed frequently
Where can the credential be possibly saved if the Forms security is used? - Answer-- In
Web.Config file.
- In a user-defined XML file.
- In a user-defined database.
In Forms security, if login is successful, what are the possible solutions to store the
user-entered credential? Select all that apply. - Answer-- As a cookie on client side.
- In a hidden area in the client's web browser.
By default, the cookies used in the Forms-based Security are protected by... - Answer--
using encryption to prevent reading.
- using digital signature to prevent modification.
What are the main roles of IIS in Web application security control? - Answer-- It creates
an access token and passes it to ASP .Net or to Windows for security check
- It blocks IP address and domain that are not permitted
What security mechanism(s) does IIS support? - Answer-- access control list
- IP address restrictions
- domain name restrictions
- encrypted HTTP connections
, Web.config file in ASP.Net application is used for... - Answer-authentication and
authorization
How is the authorization applied to a resource (a page) in ASP .Net application? -
Answer-Authorization information is stored in the Web.config file in the sub directory in
which the page resides.
What are the main problems of storing the credentials in Web.config file? - Answer-
Unmanageable if the number of users is large.
Sequential comparisons of passwords.
What do you do if you want to use your own file for storing the credentials, instead of
using Web.conf? - Answer-Write your own code to handle the access control.
The <authorization> element in a Web.cong file consists of a list of <allow> and <deny>
elements.... - Answer-The elements must be specifically ordered according to
authorization requirement.
Which of the following sequences does not make sense logically or semantically? -
Answer-<deny users="*"/> <allow users="bob"/>
What is the strongest security option in the Forms-based Web security (the most secure
mode)? - Answer-The clause <identity impersonate ="..." /> does not appear in
Web.config file.
In what configuration setting will ASP .Net use the security token passed to it by IIS? -
Answer-<identity impersonate = "false">
Why do you need to create your own machine key in if your ASP .Net application is
hosted in a server farm environment? - Answer-A server farm does not have a unique
machine key
Where do you use the secure machine key generated for your ASP .Net application? -
Answer-In the Web.config file, in the element system.web
What features does Windows Communication Foundation support? - Answer-- Platform-
independent communication.
- WS-Security and WS-ReliableMessaging.
What is (are) the major dependability feature(s) added into the Windows
Communications Foundations? - Answer-- WS-Security
- Reliable Sessions (WS-R)
- Interoperability (WS-I)
what is WS-Specification?
WITH 100% CORRECT ANSWERS
2025 LATEST UPDATE
Which of the following is true about confidentiality of data?
A) It's a measure that ensures only authorized users can access data
B) It's a measure that ensures data is not tampered during the transmission
C) It's a measure that ensures programs that generate data does not have any errors so
that attacks can access the data
D) All of the above - Answer-B) It's a measure that ensures data is not tampered during
the transmission
Which of the following is true about safety of data?
A) It's a measure that ensures only authorized users can access data
B) ensures non-occurrence of catastrophic consequence on the environment (human
life lost, economic impact, etc.)
C) It's a measure that ensures programs that generate data does not have any errors so
that attacks can access the data
D) All of the above - Answer-B) ensures non-occurrence of catastrophic consequence
on the environment (human life lost, economic impact, etc.)
Which of the following is true about vulnerability of data?
A) It's a measure that ensures only authorized users can access data
B) It's a measure that ensures data is not tampered during the transmission
C) It's a measure that ensures programs that generate data does not have any errors so
that attacks can access the data
D) All of the above - Answer-C) It's a measure that ensures programs that generate
data does not have any errors so that attacks can access the data
What dependability functions are implemented in WCF? - Answer-security and reliability
Where are the credentials saved in the built-in account management (offered by the
pages in the "Account" folder) of ASP .Net application? - Answer-in a database
,how is the Windows-based security implemented in a Web application? - Answer-all
access to a web application or web service must go through IIS, which assigns every
request an access token. the access token enables the Windows OS to perform ACL
(access control list) checks on resources targeted by the request.
How does the Windows security mechanism work in Web application security control? -
Answer-It compares the received credential with the credential saved in Windows's user
accounts.
In Windows-based security system, the access control list is stored in... - Answer-the
Windows operating system.
Windows security can be used to control user access to a Website. This security
mechanism can be best applied to the users of - Answer-corporate intranet applications
how is the form-based security implemented in a Web application? - Answer-it used the
Web.config file to define the detailed security policies. the system.web section can be
used to define authentication and authorization to a web application.
What is (are) the problem(s) associated with the standard Windows Forms Security
mechanism? - Answer-- passwords are stored in clear text
- sequential comparisons of user name and password
- unmanageable if accessibility needs to be changed frequently
Where can the credential be possibly saved if the Forms security is used? - Answer-- In
Web.Config file.
- In a user-defined XML file.
- In a user-defined database.
In Forms security, if login is successful, what are the possible solutions to store the
user-entered credential? Select all that apply. - Answer-- As a cookie on client side.
- In a hidden area in the client's web browser.
By default, the cookies used in the Forms-based Security are protected by... - Answer--
using encryption to prevent reading.
- using digital signature to prevent modification.
What are the main roles of IIS in Web application security control? - Answer-- It creates
an access token and passes it to ASP .Net or to Windows for security check
- It blocks IP address and domain that are not permitted
What security mechanism(s) does IIS support? - Answer-- access control list
- IP address restrictions
- domain name restrictions
- encrypted HTTP connections
, Web.config file in ASP.Net application is used for... - Answer-authentication and
authorization
How is the authorization applied to a resource (a page) in ASP .Net application? -
Answer-Authorization information is stored in the Web.config file in the sub directory in
which the page resides.
What are the main problems of storing the credentials in Web.config file? - Answer-
Unmanageable if the number of users is large.
Sequential comparisons of passwords.
What do you do if you want to use your own file for storing the credentials, instead of
using Web.conf? - Answer-Write your own code to handle the access control.
The <authorization> element in a Web.cong file consists of a list of <allow> and <deny>
elements.... - Answer-The elements must be specifically ordered according to
authorization requirement.
Which of the following sequences does not make sense logically or semantically? -
Answer-<deny users="*"/> <allow users="bob"/>
What is the strongest security option in the Forms-based Web security (the most secure
mode)? - Answer-The clause <identity impersonate ="..." /> does not appear in
Web.config file.
In what configuration setting will ASP .Net use the security token passed to it by IIS? -
Answer-<identity impersonate = "false">
Why do you need to create your own machine key in if your ASP .Net application is
hosted in a server farm environment? - Answer-A server farm does not have a unique
machine key
Where do you use the secure machine key generated for your ASP .Net application? -
Answer-In the Web.config file, in the element system.web
What features does Windows Communication Foundation support? - Answer-- Platform-
independent communication.
- WS-Security and WS-ReliableMessaging.
What is (are) the major dependability feature(s) added into the Windows
Communications Foundations? - Answer-- WS-Security
- Reliable Sessions (WS-R)
- Interoperability (WS-I)
what is WS-Specification?
