ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-486 All Questions

View all questions & answers for the 70-486 exam
Go to Exam

Exam 70-486 topic 1 question 88 discussion

Actual exam question from Microsoft's 70-486
Question #: 88
Topic #: 1
[All 70-486 Questions]

You are developing an ASP.NET MVC application that will run in a shared environment.
The application requests the user's password, and then uses the password to sign data.
You need to minimize the potential for the password to be discovered by other processes that run in the shared environment. What should you do?

  • A. Add the SecuritySafeCriticalAttribute attribute to the methods which process the password.
  • B. Store the password in a SecureString instance.
  • C. Encrypt the password on the web page, and decrypt the password in the MVC application.
  • D. Run the code that processes the password in its own AppDomain.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Application domains provide a unit of isolation for the common language runtime. They are created and run inside a process. Application domains are usually created by a runtime host, which is an application responsible for loading the runtime into a process and executing user code within an application domain. The runtime host creates a process and a default application domain, and runs managed code inside it. Runtime hosts include ASP.NET, Microsoft Internet Explorer, and the Windows shell.
For most applications, you do not need to create your own application domain; the runtime host creates any necessary application domains for you. However, you can create and configure additional application domains if your application needs to isolate code or to use and unload DLLs.
References:
https://msdn.microsoft.com/en-us/library/yb506139(v=vs.110).aspx
by francis at Oct. 15, 2019, 7:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
hungry_ape9000
Highly Voted 5 years, 2 months ago
FINAL ANSWER: D is correct
upvoted 6 times
...
francis
Most Recent 5 years, 9 months ago
The question is about ensuring no other _processes_ can access the password within the app process. How does a separate app domain helps with this? Isn't it a task for a SecureString?
upvoted 2 times
asdf652434
5 years, 7 months ago
SecureString would actually provide protection.
upvoted 2 times
majco333
5 years, 6 months ago
SecuredString is deprecated: https://docs.microsoft.com/en-us/dotnet/api/system.security.securestring?view=netframework-4.8
upvoted 4 times
...
...
hungry_ape9000
5 years, 2 months ago
A separate app domain sounds like it kind of creates a box around the application that contains it and nothing can access into it, it can probably only call outside. That would make it a secure option, since SecureString is deprecated.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel