You are creating a new security policy for an application domain.

You are creating a new security policy for an application domain. You write the following lines of
code. PolicyLevel ^policy = PolicyLevel::CreateAppDomainLevel();
PolicyStatement ^noTrustStatement =
gcnew PolicyStatement(
policy->GetNamedPermissionSet(“Nothing”)); PolicyStatement ^fullTrustStatement =
gcnew PolicyStatement(
policy->GetNamedPermissionSet(“FullTrust”)); You need to arrange code groups for the policy so
that loaded assemblies default to the Nothing permission set. If the assembly originates from a
trusted zone, the security policy must grant the assembly the FullTrust permission set. Which
code segment should you use?

A. CodeGroup ^group1 = gcnew FirstMatchCodeGroup(
    gcnew ZoneMembershipCondition(SecurityZone::Trusted),
    fullTrustStatement); CodeGroup ^group2 = gcnew UnionCodeGroup(
    gcnew AllMembershipCondition(),
    noTrustStatement); group1->AddChild(group2);

B. CodeGroup ^group1 = gcnew FirstMatchCodeGroup(
    gcnew AllMembershipCondition(),
    noTrustStatement); CodeGroup ^group2 = gcnew UnionCodeGroup(
    gcnew ZoneMembershipCondition(SecurityZone::Trusted),
    fullTrustStatement); group1->AddChild(group2);

C. CodeGroup ^group = gcnew UnionCodeGroup(
    gcnew ZoneMembershipCondition(SecurityZone::Trusted),
    fullTrustStatement);

D. CodeGroup ^group = gcnew FirstMatchCodeGroup(
    gcnew AllMembershipCondition(),
    noTrustStatement);

 
Answer: B

No comments:

Post a Comment