Today I gave exam 70-340 (Implementing Security for Applications with Microsoft Visual C# .NET, or 71-340 as it's called in beta) a shot. Well, after careful preparation of course, although not as much as I would have liked, but isn't that always so.
Anyway, I prepared myself with the book .NET Framework security. The book has got mostly positive reviews and I concur with most of these. It is, however, a bit dry at times, and it tries to cover a lot of ground with mostly text. Actually, I cannot remember seeing any illustration... maybe I missed them as I didn't read the 800 pages from front to cover. After reading most introductory paragraphs and closing summaries, I went to take a look at the exam preparation guide. Now, I did not find every single subject in the book, but combined with the MSDN Library few missing parts were left. I also checked out a few webcasts and especially liked the one by Juval Lowy.
The security section on MSDN is an overall good point to start your search on security in the .NET Framework. There's also a good article on code access security here.
So how did al this information fit into the actual exam? Well, you know of course that it's not possible to post too much information on the actual contents. If you see anything that violates this, please let me know.
Virtually all of the almost 90 questions begin with “you are an application developer for your company”. Not very creative, but perhaps it allows you to concentrate more on the question at hand than be distracted with non-relevant circumstances. Most questions deal with application security. I would expected more code access security caveats. Code access security was one of the topices I thought I knew least about before my prepartion for this exam. It turns out I should have focused a bit more on cryptography. If I answered any of the questions on cryptography right, it's more luck than knowledge. There weren't that many anyway. Since COM+, ASP.NET and Windows security are areas I've dealt with in real life situations I felt more secure in answering related questions.
It was annoying that the screen at the testcenter defaulted to a resolution of 640x480. This way, I was unable to read some of the questions or answers, especially when they involved sourcecode. Naturally I mentioned this and the testcenter support staff tried to fix this, but they failed. I had to guess on 1 or 2 questions, but mostly it was just a nuisance that, other than distracting me, would not influence my picking the correct answer, or what I believed it to be.
After about 2 hours I was finished. You get 4 hours to complete it, so there's plenty time left and no extra worries that you'll be stressed for time. I don't know if I passed, since scoring beta exams usually take 8 weeks after the betaperiod ends. The fact that I didn't find the exam too difficult can be a positive thing but also a negative one. It may indicate my sound knowledge of the subject, but it may also indicate that they will increase the passing score level.
Anyone with this exam on their schedule (Darrel?), good luck!