Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors
Note! The S90.18 Exam is no longer available.

S90.18 Fundamental SOA Security Questions and Answers

Questions 4

The application of the Service Composability principle dictates that services acting as composition members be designed to establish and propagate a security context to other composition members, while services acting as composition controllers be designed so that they are prepared to join a security context already in progress rather than carrying out authentication themselves.

Options:

A.

True

B.

False

Buy Now
Questions 5

A hashing function always returns _____________ for the same input data.

Options:

A.

a different transformation

B.

a different digest

C.

the same transformation

D.

the same digest

Buy Now
Questions 6

Which of the following SOA characteristics relate to the use of security mechanisms that support the reuse of services as part of multiple service compositions?

Options:

A.

technology-driven

B.

standards-neutral

C.

enterprise-centric

D.

composition-centric

Buy Now
Questions 7

Service A hashes a message, resulting in message digest X. Service A encrypts the message digest X with its private key, resulting ir ciphertext X1. Service A sends the message and X1 to Service B. Service B hashes the message, resulting in message digest Y. Service B decrypts X1 with Service A's public key, recovering message digest X. Service B compares Y with X and finds them to be equal. This proves that:

Options:

A.

the message was not altered

B.

only Service A sent this particular message

C.

public key cryptography was used

D.

All of the above

Buy Now
Questions 8

Which of the following approaches represents a valid means of utilizing generic security logic?

Options:

A.

When required, generic security logic can be embedded within a service. The close proximity to the service logic maximizes the chances that the security logic will be consistently executed without interference from attackers.

B.

When required, generic security logic can be abstracted into a separate utility service. This allows for reuse.

C.

When required, generic security logic can be abstracted into a service agent. This allows for reuse and the security logic can be executed in response to runtime events.

D.

All of the above.

Buy Now
Questions 9

Security mechanisms that are based on vendor-specific security technology will always decrease the autonomy of services that are required to use these security mechanisms.

Options:

A.

True

B.

False

Buy Now
Questions 10

Service A requires self-signed digital certificates from all of its service consumers. The service and its service consumers both belong to the same organization. You are presented with a new requirement to only allow access to those service consumers with certificates that have not expired. How can this requirement be addressed with minimal impacts on the current security architecture?

Options:

A.

The current security mechanism already addresses this requirement because the certificates contain a value that represents the validity period.

B.

The certificates need to be signed by an external certificate authority so that the certificate authority's Certificate Revocation List (CRL) can be accessed in order to check the expiry dates of the certificates.

C.

Using certificates in this scenario is not a valid option.

D.

None of the above

Buy Now
Questions 11

In order to express the order in which a message is signed and encrypted, the _________ industry standard can be used.

Options:

A.

Decryption Transform for XML-Signature

B.

XSL Transformations for XML

C.

XML-Ordering

D.

None of the above.

Buy Now
Questions 12

The application of the Service Composability principle can be supported by the application of the Brokered Authentication pattern.

Options:

A.

True

B.

False

Buy Now
Questions 13

Which of the following are valid security considerations specific to the application of the Service Autonomy principle?

Options:

A.

Avoid including non-essential security requirements in the service contract.

B.

Avoid including content in the service contract that unnecessarily exposes details about the underlying service implementation.

C.

Avoid modifying security policies that can break dependencies with service consumers.

D.

None of the above.

Buy Now
Questions 14

A set of services within a service inventory were originally each designed with a dedicated identity store. To reduce the need for service consumers to repeatedly authenticate themselves when having to access multiple services, a new ___________ has been added along with a____________.

Options:

A.

authentication broker, certificate authority

B.

authentication broker, single identity store

C.

certificate authority, certificate repository

D.

certificate authority, single identity store

Buy Now
Exam Code: S90.18
Exam Name: Fundamental SOA Security
Last Update: Mar 21, 2024
Questions: 98
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 22 Nov 2024