You use Microsoft Visual Studio 2010 and Microsoft .NET Framework 4.0 to create an application.
The application connects to a Microsoft SQL Server 2008 database. The application uses a Microsoft ADO.NET SQL Server managed provider.
When a connection fails, the application logs connection information, including the full connection string.
The information is stored as plain text in a .config file. You need to ensure that the database credentials are secure.
Which connection string should you add to the .config file?
A.
Data Source=myServerAddress; Initial Catalog=myDataBase; Integrated Security=SSPI; Persist Security Info=false;
B.
Data Source=myServerAddress; Initial Catalog=myDataBase; Integrated Security=SSPI; Persist Security Info=true;
C.
Data Source=myServerAddress; Initial Catalog=myDataBase; User Id=myUsername; Password=myPassword; Persist Security Info=false;
D.
Data Source=myServerAddress; Initial Catalog=myDataBase; User Id=myUsername; Password=myPassword; Persist Security Info=true;
Explanation:
Persist Security Info
Default: ‘false’When set to false or no (strongly recommended), security-sensitive information, such as the password, is not returned as part of the connection
if the connection is open or has ever been in an open state. Resetting the connection string resets all connection string values including the password.
Recognized values are true, false, yes, and no.
I don’t believe the answer is correct. You want Persist Secuirty Info = false, so the answer is either A or B, but the username and password are stored in config file, so it means you want to log in with those, and need to pass them via User and Password keywords. If you use SSPI, it will use current logged in Windows user credentials instead.
I take back my post above. They don’t want you to store the username and password in the config file, which is why you want to use SSPI instead.