Developing ASP.NET MVC Web Applications — Question 30

You are developing an ASP.NET MVC application. The application uses a SQL Server database and a SQL Server login and password.
You need to ensure that the password for the SQL Server login is not stored in plain text.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Answer options

• A. Encrypt the connection string by using aspnet_wp.exe.
• B. Encrypt the connection string by using aspnet_regiis.exe.
• C. Ensure that there is a valid encryptionKey element in the web.config file.
• D. Ensure that there is a valid machineKey element in the web.config file.

Correct answer: B, C

Explanation

Option B is correct because aspnet_regiis.exe is specifically designed to encrypt sections of the web.config file, including connection strings. Option C is also correct as having a valid encryptionKey element is essential for the encryption process. Options A and D are incorrect because aspnet_wp.exe is not meant for this purpose, and the machineKey element relates to forms authentication, not directly to connection string encryption.