INFORMATION NETWORK SECURITY AGENCY

(2 HOURS)

INSTRUCTIONS:

1. No cell phones/iPods are allowed during the examination at any time.

2. You will be dismissed from the testing site if you are seen with one out. Please do not talk during the
examination.
3. If you have a problem please raise your hand and wait quietly for an examiner.
4. Please do not open the examination until directed to do so.
5. Please ensure that you have the correct examination in front of you.
6. No pencil cases allowed; bring only the writing materials you need into the examination room.
7. Write your name clearly in the space below when directed to do so.
8. At the conclusion of your examination please refrain from speaking until you are outside the exam
Room as there may still be other examinations still in progress.

Full Name: _________________________________________________________________

ICF-Level: - _______________________________________________________________

Department: - ________________________________________________________________

Multiple Choice
Work out
Total Result

1
1. PART I
MULTIPLE CHOICES (30 POINTS)
1. In which of the following scenarios should you include validation? (Choose all that
apply.)
A. You have an online diary with two form fields, a title, and a large subject box. A title
is not required, and the subject content is stored in a database column with no
maximum size.
B. The web application you maintain has an area that serves as a pass-through to another
company’s web services. The form contains personal information, such as address
and phone number, and is used to set up a profile on the company’s retirement partner
website. The partner has never given you any instructions as to what is or is not
required to be sent to them.
C. Your application is a long wizard that college students use to apply for financial aid.
They do not have access to the application until they are already logged on to the
system so the application knows who they are. Most students will log on many times
to finish the application, so any field might or might not be completed at any time.
D. You are developing a simple form that helps home brewers keep track of their
process. The form provides two input fields: Date/time and ph level. The Date/ time
box needs to be an ordinary text box because people around the world might enter the
date differently, in a way that is meaningful to them. The ph level can be either a
numeric value or a text description.
2. You want to support the Internet Explorer, Firefox, and Opera web browsers in your
application. Which vendor-specific extensions do you need to include with CSS3
properties? (Choose all that apply.)
A. –webkit
B. –ms
C. –o
D. –hp
E. –moz
3. You are developing an ASP.NET MVC application and you need to create satellite
assemblies from resource files. What code should you use?
A. mage.exe /n: /embed:strings.de-DE.resources MyApp.de-DE.resources.dll
B. WinRes.exe /t: embed:strings.de-DE.resources /culture:de-DE
C. Lc.exe strings.de-DE.resources MyApp.de-DE.resources.dll
D. al.exe /t:lib /embed:strings.de-DE.resources /culture:de-DE /out:MyApp.de-DE.
resources.dll

2
4. You are designing an HTML5 website. You need to design the interface such that the
content is viewable in all types of browsers, including screen readers, what should you
do? (Choose all that apply.)
A. Ensure that content elements have valid and descriptive names.
B. Use Resource Description Framework (RDF) to describe content elements.
C. Convert HTML forms to XForms.
D. Use HTML5 semantic markup elements.
E. Annotate content elements with Accessible Rich Internet Application (ARIA)
attributes.

5. Which of the following is true for a raster data structure?

A. a 2m grid has a lower resolution than a 20m grid

B. cells in a raster can have multiple values
C. The values "0" and "NODATA" hold the same meaning
D. The node is the point of no further expansion in a quad tree

6. What is default authentication in Internet Information Services (IIS)?

A. Standard User
B. Administrator
C. Anonymous
D. None

7. Which one is support TDD (test driven development)?

A. Razor Engine.
B. ASPX View Engine
C. both
D. none

8. To be able to use the token, you must create a custom token handler by overriding a
method. Which of the following method you override?
A. SecurityToken
B. SecurityTokenHandler
C. SWTToken
D. Saml2SecurityTokenHandler

9. If the multiple filters are implemented in mvc, in which order the filters that get executed
A. Action filters, Response filters, Authorization filters then Exception filters
B. Exception filters, Action filters, Response filters, then Authorization filters
C. Action filters, Response filters, Exception filters, then Authorization filters
D. Authorization filters, Action filters, Response filters, then Exception filters

3
10. Your application manages the sale of expensive well-drilling equipment. Your IT director
wants you to add functionality that sends an email to a customer’s sales account manager
whenever someone from your client company logs in to the system. What is an
appropriate solution?
A. Override the AuthorizeAttribute and apply it to the login action. Run the base method
first to handle the authentication and then evaluate the status of the request. If the user is
a customer, send the email.
B. Create a custom action filter that is globally defined and overrides the
OnActionExecuting method. This action filter evaluates the status of the user and sends
the email if it is a customer.
C. Override the AuthorizeAttribute that is applied to the login action, check for the user’s
authentication status, and determine whether it is a customer prior to sending it to the
base authentication method.
D. Create an action filter that overrides the OnActionExecuted method and apply it to the
login action. This action filter evaluates the status of the user and sends the email if it is a
customer.

4
 Workout question-part1 (10points)
1. You are developing an ASP.NET MVC application that takes customer orders. Orders are
restricted to customers with IP addresses based in Ethiopia. You need to implement a
custom route handler. How should you implement the route handler? (To answer, fill the
blank space with the appropriate code)

public class EthiopiaRouteHandler:________________

{
public ______________GetHttpHandler( ____________ mContext)
{
return new EthiopiaIPHandler(mContext);

2. Given that employeeList is type of List<Employee>, how can you delete

the Employee elements with FirstName that are equal to Abebe using LINQ?

Workout question-part2 (10 points)

1. What are Bundling and minification in MVC and explain both.

2. What is Web map service (WMS)?

5
3. How can you maintain session in MVC? Mention each and explain their difference

4. Imagine you want to develop spatially enabled dynamic website using open source
software. Mention which software you use to manage your spatial data contents and
explain their use.

5. Explain the use of web workers in HTML5 web page application and the limitations?

6. What is the difference ado.net and Entity Framework?(Bonus)

7. How to handle SQL injection attacks in Entity Framework?(Bonus)