ITEC102PART2

Question 1

Objects that represent specific authorizations

Answer 1

Permissions

Question 2

Determines what code is permitted to do:

set of permissions to grant to an assembly

Answer 2

Policy

Question 3

Inputs to policy about code, from multiple sources

Answer 3

Evidence

Question 4

object represents a specific authorization, such as access to a resource

“permission to do something”

Answer 4

Permission

Question 5

is an authorization given to an assembly (code)

“this code is authorized to do something”

Answer 5

Grant

Question 6

is a security check for corresponding grants

“is something allowed?” (else, raise exception)

Answer 6

Demand

Question 7

Permissions for Framework resources

• These permissions represent access to protected resources.

Answer 7

Standard .NET permissions

Question 8

These permissions represent code identity. They are granted to code based on its corresponding evidence.

Answer 8

Identity permissions

Question 9

A user identity permission is also supported. this is the only non-code access permission in the framework

Answer 9

Other permission

Question 10

Most permissions are code access permissions ( true/ false )

Answer 10

True

Question 11

Demanding a permission performs a _____ ______ checking for related grants of all callers

Answer 11

Stack walk

Question 12

Modifiers provide fine-grained, dynamic control over state of grants on the stack

Answer 12

Stack Walk Modifiers

Question 13

“I vouch for my callers; checks for perm can stop at this frame”

■ Example: “Gatekeeper” classes

Answer 13

Assertion

Question 14

appropriate permission from caller

Answer 14

Demand

Question 15

permission to call unmanaged code
Make the unmanaged call

Answer 15

Assert

Question 16

Identity permissions allow the same security checks on identity of code

• Digital signature, location (URL, site), etc.

Answer 16

Controlling access to code

Question 17

code reference by a caller

Answer 17

LinkDemand

Question 18

It must be signed with the private key corresponding to the public key used in the previous example.

Answer 18

Calling code

Question 19

is the process of determining the permissions to grant to code

• Permissions granted to code, not user

■ Grants are on a per-assembly basis

Answer 19

Policy

Question 20

A policy level is a collection of

Answer 20

Code group

Question 21

Read environment variables (limited), UI, IsolatedStorage, Assertion, Web access to same site, File read to same UNC directory

Answer 21

Intranet Zone

Question 22

Safe UI, IsolatedStorage, Web access to same site

Answer 22

Internet Zone

Question 23

Evidence-Based Security ( 3 )

Answer 23

Permission
Policy
Evidence

Question 24

Two ways to make checks

Answer 24

Imperatively
Declaratively

Question 25

Managed wrappers for unmanaged

resources

Answer 25

-Demand
-Assert

Question 26

Declarative security checks by JIT instead of (most costly) runtime checks

Answer 26

LinkDemand
Inheritance Demand

Question 27

Default policy

Answer 27

Local Computer Zone
Intranet Zone
Internet Zone
Restricted Zone
MS Strong Name

Question 28

Declarative Security Checks / Declarative security is

Answer 28

• Part of a method’s metadata
• Implemented with custom attributes
• Processed by JIT

Question 29

Any object can be a piece of evidence
only impacts grants if there is a code group membership condition that cares about it

Answer 29

Evidence is completely extensible

Question 30

Assemblies can request permissons
( true/false )

Answer 30

true

Question 31

Managed apps just run, consistent experience for scripts, exes, controls

Safe defaults, no runtime trust decisions for user.

Answer 31

End-user

Question 32

All settings in one place, easy to customize.
Understandable policy model ( need beta feedback ).
Security administration tool coming in Beta 2.

Answer 32

Administrator

Question 33

can focus on app logic, security comes for free.
but, easy to use and extend when necessary

Answer 33

Developer

Question 34

managed code verified for typesafety at runtime.
eliminates most common security problems

Answer 34

Typesafe code

Question 35

Developers can use ‘least privilege’
code access security blocks most ‘luring’ attacks ( true / false )

Answer 35

true

Question 36

Multi levels of policy ( 3 )

Answer 36

Machine-wide, User-specific
Enterprise support: group policy ( beta 2 )
Further policy restrictions allowed on a per application domain basis

Question 37

Evidence / info about a code assembly

Answer 37

Shared names
Publisher identity
location of origin ( URL, zone, site )

Question 38

Eliminates most common security problems

Answer 38

-Buffer overrun attacks
-Reading private state or uninitialized memory
-Access arbitrary memory in process space
-Transfer execution to arbitrary location in process

Question 39

Managed code verified for typesafety at runtime

Answer 39

Typesafe code