Welcome to Certifiable, your exam prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams. Following the questions, you'll find the correct answers and explanatory text. We change the questions biweekly.

Test Questions (July 28, 2000)
Test Answers (July 28, 2000)

To finish the MCSD track, you must pass certification exams (three core, one elective) that test your ability to design and build Web-based, distributed, and commerce solutions using products such as Microsoft Visual Studio, Microsoft Transaction Server (MTS), and SQL Server. This week, we consider a scenario that calls for you to use several of these tools and technologies to develop an application that serves both Web-based and Windows-based clients. The following questions cover topics similar to those you can find on Exam 70-175: Designing and Implementing Distributed Applications with Microsoft Visual Basic 6.0 and Exam 70-152: Designing and Implementing Web Solutions with Microsoft Visual InterDev 6.0.

Questions (July 28, 2000)

Scenario:
Final Reckoning, LLC, is an accounting and law firm that specializes in estate planning and probate. In such firms, expense reporting for attorneys and certified financial planners is important for determining the fees to charge to client estates. Sophisticated business rules govern expense allocations, and big-ticket items require an account manager's approval. To streamline processes, management has asked you to implement an expense-reporting solution that can accommodate users connected either directly through the company LAN or through browser-based dialup connections.

Users connected to the LAN should be able to input expenses, reconcile expenses to accounts, and view past account information. Mobile users need only be able to enter current period expenses from the road. Management has chosen SQL Server 7.0 as the data repository. Active Server Pages (ASP) on Microsoft IIS is the company standard for its public Internet and intranet applications, and Internet Explorer (IE) 4.0 and Netscape Navigator are the approved browsers. The training budget for the project is minimal, so the LAN application and the browser-based version should offer a consistent user experience that's easy to use.

The initial design calls for LAN users to enter expenses through a Windows-based Visual Basic (VB) application and mobile users to connect to the company's public Web server through a local ISP and access the application through a private set of Web pages.

Question 1
Because of the sensitivity of client data, application security is important. The initial design reduces the amount of client information available outside the firm's firewall, and only users logged into their Windows desktops can run the VB application. How can you ensure that only employees can access the Web-based application from their browsers, and how can you prevent information interception as it travels over the public Internet? Choose all that apply.

  1. Implement Secure Sockets Layer (SSL) and require digital certificates in the client browsers.
  2. Using Dynamic HTML (DHTML), implement client-side encryption of any information that users submit to the Web server.
  3. Enable Windows NT Challenge/Response on the Web server and disable access to the Web pages from the IUSR_MachineName account.
  4. Enable Basic authentication and NT Challenge/Response on the Web server and disable access to the Web pages from the IUSR_MachineName account.

For the correct answer and an explanation, see the Answers section.

Question 2
To minimize redundancy and simplify maintenance, you decide to implement the business rules in COM components that MTS hosts. After you have developed and tested the COM DLLs in VB, how do you make them available to both Windows and Web clients?

  1. Install your component DLLs on the Windows clients and the Web server. Use regsvr32.exe to register the components on each machine. Package the DLLs in .cab files and download them to the browsers via OBJECT tags in your private Web pages. Call the DLLs directly from your application code.
  2. Install the component DLLs on MTS. Export a client package file from MTS and run the client package executable on the Web server and each Windows client. Instantiate each object that your components expose using the VB or VBScript CreateObject statement.
  3. Create an installation package using the Visual Studio Package and Deployment Wizard. Include in your package the COM DLLs, the MTS runtime engine, and support files. Install the package on all Windows clients and the Web server. Each client will have its own instance of MTS for best performance.

For the correct answer and an explanation, see the Answers section.

Question 3
To improve MTS component performance, how should you write your objects so that they can retrieve and update expense information with a minimum of network traffic?

  1. Write them as individual object properties read and set using client-side Object.Property syntax—e.g., Property Get AccountId() as string.
  2. Write them as objects exposing a separate function for each parameter to be retrieved—e.g., Function FetchAccountID() as integer.
  3. Write them as objects exposing a set of properties accessed through one method call—e.g., Sub FetchExpense( byVal AccountId as string, byVal Amount as Currency).

For the correct answer and an explanation, see the Answers section.

Answers (July 28, 2000)

Answer to Question 1
The correct answer is A—Implement Secure Sockets Layer (SSL) and require digital certificates in the client browsers. Only SSL, which encrypts information that travels between a browser and a Web server, and digital certificates, which provide authentication, meet the requirements. Client-side scripting encryption (answer B) doesn't authenticate users. You can use NT Challenge/Response (answers C and D) only with IE. However, you can use Basic authentication (answer B) with Netscape browsers.

Answer to Question 2
The correct answer is B—Install the component DLLs on MTS. Doing so updates the server's Registry to redirect COM Service Control Manager calls to the component into a package ID that MTS hosts. You must update each client Registry to point to the remote MTS server. A client export package contains a small executable, a copy of the package DLL, and Registry entries. Local CreateObject statements, either in ASP VBScript or in VB code, can instantiate components on the remote MTS machine after the export package has run on the client.

Answer to Question 3
The correct answer is C—Write them as objects exposing a set of properties accessed through one method call. Marshalling one set of parameters by value reduces network traffic by minimizing the number of trips between client and server while populating object values. Individual read/write properties require multiple trips because each end updates values that have changed.