ASP.NET CORE EXAM STUDY GUIDE, Exams of Advanced Education

ASP.NET CORE EXAM STUDY GUIDE 2025

Typology: Exams

2024/2025

Available from 11/20/2024

alex-david-34
alex-david-34 🇿🇦

4.5

(4)

5.6K documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ASP.NET CORE EXAM
What are the required skills to work as a Full Stack ASP.NET Core Developer? - Client-Side Programming:
Web basics with HTML5, CSS3 and JavaScript, responsive Frond-Ends with Angular, design libraries such
as Bootstrap, JQuery and Ajax.
Server-Side Programming: build scalable, secure back-end services using C#, ASP.NET Core and ASP
WebAPI
Management: Agile project management principles
Version Control: Git and GitHup
ASP.NET Core Framework Benefits - Open-source and community-focused.
Cross-platform: you can run it on Windows, Mac and Linux operating system
Modular framework: create small, independent units of the system
Easy to integrate with modern client-side frameworks such as Angular and JavaScript libraries
Built-in dependency injection.
HTTP Get vs. HTTP Post - HTTP GET used to retrieve data from the server HTTP POST used to supply data
from the client (browser) to the server in the message body.
What is MVC pattern? - The Model-View-Controller (MVC) architectural pattern separates an application
into three main groups of components: Models, Views, and Controllers.
This pattern helps to achieve Separation of Concerns principle
Model Responsibility: Represents the domain or entity classes.
View Responsibility: Presenting content through the user interface.
Controller Responsibility: the entry point to receive the request, handle user interaction, work with the
models, services, view-models and ultimately select a view to render.
View-Model Responsibility: Represents the data that need to be displayed in the view.
Services Responsibility: business logic, back-end logic, mash-ups and call of external APIs.
What is Dependency injection (DI)? - Dependency injection (DI) is a technique for achieving loose
coupling between objects and their dependencies.
pf3
pf4
pf5

Partial preview of the text

Download ASP.NET CORE EXAM STUDY GUIDE and more Exams Advanced Education in PDF only on Docsity!

ASP.NET CORE EXAM

What are the required skills to work as a Full Stack ASP.NET Core Developer? - Client-Side Programming: Web basics with HTML5, CSS3 and JavaScript, responsive Frond-Ends with Angular, design libraries such as Bootstrap, JQuery and Ajax. Server-Side Programming: build scalable, secure back-end services using C#, ASP.NET Core and ASP WebAPI Management: Agile project management principles Version Control: Git and GitHup ASP.NET Core Framework Benefits - Open-source and community-focused. Cross-platform: you can run it on Windows, Mac and Linux operating system Modular framework: create small, independent units of the system Easy to integrate with modern client-side frameworks such as Angular and JavaScript libraries Built-in dependency injection. HTTP Get vs. HTTP Post - HTTP GET used to retrieve data from the server HTTP POST used to supply data from the client (browser) to the server in the message body. What is MVC pattern? - The Model-View-Controller (MVC) architectural pattern separates an application into three main groups of components: Models, Views, and Controllers. This pattern helps to achieve Separation of Concerns principle Model Responsibility: Represents the domain or entity classes. View Responsibility: Presenting content through the user interface. Controller Responsibility: the entry point to receive the request, handle user interaction, work with the models, services, view-models and ultimately select a view to render. View-Model Responsibility: Represents the data that need to be displayed in the view. Services Responsibility: business logic, back-end logic, mash-ups and call of external APIs. What is Dependency injection (DI)? - Dependency injection (DI) is a technique for achieving loose coupling between objects and their dependencies.

ASP.NET Core includes a simple built-in container that refers to the types of objects that need to be created when the service is injected into the controller constructor. We inject a service interface into the constructor of the controller and the container is responsible to create the required object. So the controller and the service are loosely coupled. Where do we configure the Dependency Injection container? - In ConfigureServices method In the Startup file. What is middleware? - Middleware is software that is assembled into an application pipeline to handle HTTP requests and responses. The pipeline consists of a sequence of request delegates, called one after the other. Where do we configure the Pipeline? - In Configure method In the Startup file. The order of Middleware(s) is important since any middleware that has the response will send it back to the user. For example if we are using static files, session and MVC then the code should be in order as below: [StaticFiles -> Session -> MVC ] app.UseStaticFiles(); // Return static files and end pipeline. app.UseSession(); // Add session to the pipeline app.UseMvcWithDefaultRoute(); // Add MVC to the request pipeline. What is Session state? - Session state is a feature in ASP.NET Core that you can use to save and store user data in the server while the user browses your web app. ASP.NET Core maintains session state by giving the client a cookie that contains the session ID, which is sent to the server with each request.

A3 Cross-Site Scripting (XSS) A4 Broken Access Control A5 Security Misconfiguration A6 Sensitive Data Exposure A7 Insufficient Attack Protection A8 Cross-Site Request Forgery (CSRF) A9 Using Components with Known Vulnerabilities A10 Underprotected APIs Injections - Injection flows occur when an application sends untrusted data to an interpreter (such as SQL, NoSQL, and XML). The first top Web application attack at all time Injections attack the database server To prevent SQL injections: - Apply security in depth "protect all layers". Using JavaScript in the client side is important but is not a complete defence, you must protect all layers. Parameterized input such as using safe stored procedures Use a tested ORM system for the back-end layer such as Entity Framework. But remember to protect all layers. Broken Authentication and Session Management - Attacker uses leaks or flaws in the authentication or session management functions (e.g., exposed accounts, passwords, session IDs) to impersonate users To prevent Broken Authentication and Session Management: - Passwords, session IDs, and other credentials are sent over encrypted connections such as the use of HTTPS and not HTTP Password has to be strong (difficult to guess). Such as a mixture of lower case, upper case, digits and not alphabetical letters, also 6+ long. Password must be changed in a regular bases Session time-out configured correctly (not too long) Multi-Factor Authentication (MFA) by asking the user several separate pieces of evidence to be authenticated such as a password, PIN, SMS code, secret question/answer

Cross-Site Scripting (XSS) - XSS flaws occur when an application includes user supplied data in a page sent to the browser without properly validating or escaping that content. Attacker sends text-based attack scripts that exploit the interpreter in the browser. Attackers can execute scripts in a victim's browser using JavaScript XSS attack the users through browsers To prevent Cross-Site Scripting (XSS) - Use encoding and validation ASP.NET Core has a built-in Anti XSS feature Authentication and Authorization - Authentication is the process of verifying who you are. Authorization refers to rules that determine who is allowed to do what. The Principle of Defense-In-Depth or Security-In-Depth - Defense-in-depth or security-in-depth is the use of multiple security controls (defence) to protect the information assets in an enterprise. Example Onion Layers of Security or The Onion Model. What is Social engineering? - Social engineering is the art of manipulating people so they give up confidential information.