|Credit toward certification|
|Preparation tools and resources|
Exam 70-340 became available June 28, 2004.
|•||This exam is scheduled to retire in March 2009|
|•||This exam is available at 40 percent off retail price until it retires|
Candidates for this exam work on an application development team in a software development environment that uses Microsoft Visual Studio .NET 2003. Candidates have at least three years of experience developing n-tier applications and at least one year of experience using Visual Studio .NET 2003, including ASP.NET and ADO.NET. Candidates have experience developing both Web-based and Microsoft Windows-based applications from start to finish.
When you pass the Implementing Security for Applications with Microsoft Visual C# .NET exam, you achieve Microsoft Certified Professional status.
|•||Learn about Microsoft Certified Professional status|
You also earn credit toward the following certifications:
Elective credit toward Microsoft Certified Application Developer (MCAD) for Microsoft .NET certification
Elective credit toward Microsoft Certified Solution Developer (MCSD) for Microsoft .NET certification
To help you prepare for this exam, Microsoft Learning recommends that you have hands-on experience with the product and that you use the following training resources. These training resources do not necessarily cover all of the topics listed in the "Skills measured" section.
Course 2350: Developing and Deploying Secure Microsoft .NET Framework Applications
Course 2840: Implementing Security for Applications
Writing Secure Code, Second Edition (ISBN: 9780735617223)
MeasureUp: Visit the MeasureUp Web site to take a practice test.
Self Test Software: Visit the Self Test Software Web site to take a practice test.
Microsoft Learning Community: Join newsgroups and visit community forums to connect with peers for suggestions on training resources and advice on your certification path and studies.
TechNet: Designed for IT professionals, this site includes how-to instructions, best practices, downloads, technical resources, newsgroups, and chats.
MSDN: Designed for developers, the Microsoft Developer Network (MSDN) features code samples, technical articles, downloads, newsgroups, and chats.
This certification exam measures your ability to implement code by using methods to minimize security risks and take advantage of the security functionality built into the .NET Framework. Before taking the exam, you should be proficient in the job skills listed in the following matrix. The matrix shows which Official Microsoft Learning Products may help you reach competency in the skills being tested in the exam.
|Skills measured by Exam 70-340||Course 2350||Course 2840|
|Developing Applications by Using Security Best Practices|
Develop code under a least privilege account within the development environment.
Develop code that runs under a least privilege account at run time.
Analyze security implications of calling unknown code. Third-party components include .NET components, legacy COM components, ActiveX controls, Win32 DLLs, and Web services.
Write code that addresses failures in a manner that does not compromise security.
Develop code that includes security measures in each tier of the solution, also known as defense in depth.
Implement application functionality to apply defaults that minimize security threats.
Write code to prevent canonicalization problems.
Validate external input at every boundary level to prevent security problems.
|Developing .NET Applications That Include Security Enhancements|
Implement security by using application domains.
Write authorization code.
Sign data by using certificates.
Implement data protection.
Implement security for an application or shared library by using .NET code access security.
Access remote functionality in a manner that minimizes security risks.
|Configuring Application Security by Using the Microsoft .NET Framework and Operating System Tools|
Work with .NET security policies. Tools include the .NET Framework Configuration tool and the Code Access Security Policy tool.
Analyze the code access permissions of an assembly by using the Permissions View tool.
Configure security by using IIS and ASP.NET.
|Stabilizing and Releasing Applications in a Manner That Minimizes Security Risks|
Perform unit testing on applications and components to identify security vulnerabilities.
Release applications in a manner that minimizes security risks.
Note: This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format.
|•||Learn more and download samples|