Daily Archives: March 11, 2012

MCITP, mcitp certification, MCITP Training, MCSE, MCSE Certification, MCSE Training, MCTS, MCTS Certification, MCTS Training, Microsoft, Tech

70-573 Q & A / Study Guide / Testing Engine

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com

QUESTION 1
A site definition has been purchased from another company. It is used to created SharePoint sites.
Now there is a request to modify the home page for the site definition by adding a Web Part.
What actions need to be taken? Select two.

A. Add..
B. Uninstall..
C. Remove…
D. Modify..
E. Install…
F. ..the file CSTemplate.xsd
G. ..the file Onet.xml
H. ..a Feature receiver
I. ..a Feature dependcy
J. ..the file config.web
K. ..the file web.config

Answer: D,G

Explanation:

QUESTION 2
A customized Site Featured need to be made. There is customized site definition.
The Feature of this site definition must be activated for all additional sites which are created using
it.
What actions need to be taken? Select two.

A. Add..
B. Uninstall..
C. Remove…
D. Modify..
E. Install…
F. ..the file CSTemplate.xsd
G. ..the file Onet.xml
H. ..a Feature receiver
I. ..a Feature dependcy
J. ..the file config.web
K. ..the file web.config

Answer: D,G

Explanation:

QUESTION 3
There is third party site definition named CertKingdom.
A file named TemplateCertKingdom.xsd is included in CertKingdom.
TemplateCertKingdom.xsd contains configuration date.
There is a provision handler for CertKingdom.
The information in TemplateCertKingdom.xsd must be read.
The following property should be used.

Answer:

QUESTION 4
There is a specialized program to import data into SharePoint sites.
There is a specialized site definition named CertKingdom created by MS Visual Studio 2010.
The specialized program code must be run whenever a new site is created by using CertKingdom.
What should be done to ensure this? Select three.

A. Modify..
B. Add…
C. Delete…
D. ..file..
E. ..class..
F. ..feature..
G. .. CSTemplate.xsd
H. ..SPItemEventReceiver
I. .. Onet.xml
J. .. receiver
K. .. SPChangeFile
L. .. SPWebEventReceiver
M. .. dependcy
N. .. SPWebProvisioningProvider
O. ..config.web
P. .. web.config

Answer: B,E,N

Explanation:

QUESTION 5
There is a specialized Web Part named CertKingdomWebpart.
There must be a test to check if CertKingdomWebpart generates leaks in the RAM.
What should be done to ensure this? Select two.

A. Modify..
B. Add…
C. Run..
D. Delete…
E. .. WinDbg.exe
F. .. CSTemplate.xsd
G. ..SPItemEventReceiver
H. .. Onet.xml
I. .. SPDisposeCheck.exe
J. .. SPChangeFile
K. .. SPWebEventReceiver
L. .. SPMetal.exe
M. .. SPWebProvisioningProvider
N. ..config.web
O. .. web.config

Answer: C,I

Explanation:

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com

 

IE9, Microsoft, Tech

Researchers hack IE9 during second day at Pwn2Own

Researchers from VUPEN Security exploited previously unknown vulnerabilities in Internet Explorer 9 at the CanSecWest conference

Internet Explorer 9 was the second browser to succumb to white-hat hackers during the Pwn2Own contest at the CanSecWest security conference in Vancouver.
MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com
Contest hacks the heck out of Chrome

A team of vulnerability researchers from French security firm VUPEN Security exploited a pair of previously unknown vulnerabilities in the latest version of Microsoft’s browser on Thursday.

The attack was demonstrated on a fully patched 64-bit Windows 7 with Service Pack 1 system and earned the VUPEN team 32 points in the annual Pwn2Own competition sponsored by TippingPoint’s Zero Day Initiative (ZDI) program.

The rules have changed for this year’s Pwn2Own contest, its focus shifting from who can hack a browser faster, as it was in previous editions, to who can write the highest number of reliable exploits. Researchers earn 32 points for exploiting previously unknown browser vulnerabilities, also known as zero-days, and 10 points for exploiting patched vulnerabilities selected by the organizers.

VUPEN is currently in the lead with 124 points, 64 of which were earned for a zero-day exploit against Google Chrome on Wednesday and a similar one against Internet Explorer 9 on Thursday. The team claims to have similar exploits for Apple’s Safari and Mozilla Firefox.

VUPEN’s Internet Explorer 9 exploit leveraged two vulnerabilities — a remote code execution (RCE) that bypassed the browser’s anti-exploitation mechanisms like DEP (Data Execution Prevention) or ASLR (address space layout randomization) and one that bypassed its post-exploitation defense, commonly known as the sandbox, or Protected Mode in Internet Explorer’s case.

The Internet Explorer 9 Protected Mode limits what attackers can do on the OS once they exploit a RCE vulnerability inside the browser. However, according to security researchers, IE’s Protected Mode is less restrictive than Google Chrome’s sandbox. This is expected to improve with Internet Explorer 10 on Windows 8.

It’s also worth noting that the order in which browsers get attacked at this year’s Pwn2Own contest has nothing to do with difficulty. Participating researchers come with their zero-day exploits prepared in advance and the order in which they demonstrate them is purely a matter of personal choice rather than an indication of one browser being harder to hack than another.

The zero-day RCE vulnerabilities are shared with TippingPoint, but not the sandbox-escape ones, which are considered highly valuable and rare. The organizers will share the details with the affected vendors after the contest is over.