|
 |
Newsgroups: microsoft.public.cert.exam.mcad
From: UAError <n...@null.null>
Date: Fri, 19 Nov 2004 08:34:55 -0500
Local: Fri, Nov 19 2004 8:34 am
Subject: Re: 70-315, 70-316 and 70-320
Finn J Johnsen <f...@void.no> wrote:
>hi Well, in general it may still be a good idea to look ahead - >> The only thing I didn't mention was that in fact >ah, I got the impression you suggested one extra exam to back up your MCAD requires 3 exams, MCSD.NET requires 5 exams; so once you're MCAD you are more that halfway there. Many individuals use the 70-3(05|15|06|16) / 70-3(10|20) / 70-229 route for the MCAD if you take Then you can take a breather and get some real experience I should note though that by taking 70-340 over 70-229 you But when you are finally ready you only have one exam left >> You better start reading everything word for word, otherwise >ouch ;) >> The page does tell you! Carefully read ALL of the >> "If you use Exam 70-305 or 70-315 to satisfy the core exam >> If you use Exam 70-306 or 70-316 to satisfy the core exam >I guess my mind locked up on the topic of the requirement -page at >How to Earn Your MCAD >Elective Exams (1 Exams Required) >> Can't be any clearer than that. >Maybe ;) >Well, thank you for clearing this stuff up for me. I've now got my recipe... >Finn Good Luck Repost of [Re: MCAD thinking of taking on 70-340] from >"Stud Sinister" <anonym...@discussions.microsoft.com> wrote:
>>I'm curious about test 70-340. Thus far I've passed the >>It's a relatively new test, though. Anyone experienced UAError <n...@null.null> wrote: >Passed it first time after: >- Countless trips to the MSDN including MSDN Mag and MSJ articles. >Writing Secure Code, Second Edition >"Worked through" Chapters 1 -17 (resulting in 58 pages of Arial 9pt notes). Best of the bunch here for establishing the need and urgency of "Secure Coding", while also underlining how hostile today's environment really is. >MCAD/MCSD Self-Paced Training Kit: Implementing Security for Applications with Microsoft Visual Basic .NET and Microsoft Visual C# .NET (Pro-Certification (Paperback)) >"Worked through" the whole thing (resulting in 87 pages of notes). Valuable as a guide to deciphering the 70-340 "Skills Being Measured". >The book includes a Readiness Review Suite. Got 77% on the first go (ran out of time (90 min) leaving 5 of 60 questions unanswered). While some of the questions were real howler's; it did point out my weak areas in enterprise services (COM+) security and security with reference to Forms Authentication in ASP.NET. This prompted me to move on to "Building Secure Microsoft ASP.NET Applications". Few days later had another go at it and got 83% (leaving 1 of 60 questions unanswered due to lack of time). >Building Secure Microsoft ASP.NET Applications >Proceeded to "read" chapters 8 through 12 in no particular order and reviewed a number of the How-Tos in the back. >Finally proceeded to attempt the actual exam... >Casual References: >NET Framework Security >Read the first 8 chapters (only ~100 pages; it has 32 chapters). >This was the only reference that I could find that actually explains the nitty-gritty of SignedXML class (based on XMLDSIG; Chapter 32 Using Cryptography with the .NET Framework: Creating and Verifying XML Digital Signatures). I had to move on to more "profitable" matters before I could finally figure out how to verify DETACHED signed content that had been moved to a different URL. I couldn't believe that the Training-Kit only showed you how to generate the signature but not how to verify it (probably easy as long as the signed content isn't relocated - not very useful). I didn't find the SignedXML sample code that I found on the MSDN all that helpful. >Used "Chapter 30: Using Cryptography with .NET Framework: The Basics" when I ran into some sample code in the Readiness Review that asked you outline the steps for decrypting a stream encrypted with some sample code using a symmetric algorithm. The sample code wrote the KEY (!!!; should have been the SALT/entropy value) and the initialization vector (IV) to the stream. To make matters worse the code wrote the key/IV into the CryptoStream (!!!; i.e. forget about decrypting that). That's when I decided that I better know how to do the salt/IV thing properly - the code in this chapter used an interesting tactic; rather than writing the salt/IV to the unencrypted output stream and then wrapping the output stream in a CryptoStream, the code wrapped the CryptoStream around the data input stream. >Improving Web Application Security: Threats and Countermeasures >Read the first three chapters and probed randomly into various areas of interest or concern. >COM and .NET Component Services (O'Reilly Windows) >Used this for its more casual treatment of COM+ security and its configuration. >Mastering Regular Expressions, Second Edition >Better have this within arms reach when you are chanting "Constrain-Reject-Sanitize". >The .NET Developer's Guide to Windows Security >(Note: This title deals with "Windows Security" as it concerns the .NET developer, NOT ".NET Security". Look forward to "unsatisfied" reviews of readers that couldn't make that "subtle" distinction based on the title). You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||