Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Hot Vendors
  1. Home
  2. SOA
  3. SOA Certification
  4. S90.19
  5. Advanced SOA Security Questions and Answers
Note! The S90.19 Exam is no longer available.

S90.19 Advanced SOA Security Questions and Answers

Questions 4

The Message Screening pattern can be used to avoid which of the following types of attacks?

Options:

A.

buffer overrun attack

B.

XPath injection attack

C.

SQL injection attack

D.

exception generation attack

Buy Now
Questions 5

A utility service is responsible for encapsulating a legacy database and providing centralized access to the database for any of its service consumers. However, it is discovered that several service consumers are accessing the database directly. This is considered a security concern because much of the data in the database is classified as sensitive. How can this concern be addressed?

Options:

A.

The Trusted Subsystem pattern can be applied to establish an architecture whereby service consumers are required to access the utility service in order to gain access to the data in the database

B.

Service agents can be added to route messages to an authentication broker. That way, only authorized service consumers would get access to the database.

C.

The Message Screening pattern can be applied so that messages sent to the utility service are inspected at runtime.

D.

None of the above.

Buy Now
Questions 6

As an SOA security specialist you are being asked to educate an IT team about how to best design security policies for a given set of services. Which of the following recommendations are valid?

Options:

A.

common security requirements can be centralized into shared security policies

B.

security policies are defined by using WSDL and XML Schema industry standards together

C.

security policies can be decoupled from service logic

D.

security policies can be part of service contracts and are therefore subject to the Service Loose Coupling principle

Buy Now
Questions 7

The use of session keys and symmetric cryptography results in:

Options:

A.

Increased performance degradation

B.

Increased reliability degradation

C.

Reduced message sizes

D.

None of the above

Buy Now
Questions 8

Which of the following statements regarding the usage of security tokens for authentication and authorization are true?

Options:

A.

Security tokens can be validated without resorting to pre-shared secrets.

B.

Security tokens issued by a token issuer in the same security domain can be used with a different token issuer in a different security domain in order to get access to services in that domain.

C.

Security token issuance and cancellation are done by the relying party.

D.

Security tokens can only be issued by a legitimate token issuer.

Buy Now
Questions 9

The Service Perimeter Guard pattern is applied to position a perimeter service outside of the firewall. The firewall only permits the perimeter service to access services within a specific service inventory. Which of the following statements describes a valid problem with this security architecture?

Options:

A.

The Trusted Subsystem pattern was not applied to the perimeter service.

B.

The perimeter service needs to be located inside the firewall and the firewall needs to be configured so that only known service consumers have access to the service inventory.

C.

The Service Perimeter Guard pattern cannot be applied to a service outside of a service inventory.

D.

None of the above

Buy Now
Questions 10

An IT enterprise has three domain service inventories that map to three different departments. Each service inventory uses a security token service (STS) based authentication broker to enable single sign-on for services within the respective service inventory boundary. The tokens used for all single sign-on mechanisms are based on SAML assertions. You are given a new requirement to extend this security architecture so that services from different domain service inventories can communicate. What new security mechanisms are required to fulfill this requirement?

Options:

A.

The individual authentication brokers need to be replaced with one single authentication broker so that one single token can be used by services across all domain service inventories.

B.

An additional authentication broker needs to be added in between each domain service inventory in order to enable communication between services using disparate security tokens.

C.

There is no need to introduce a new security mechanism. The individual domain service inventories need to be combined into a single enterprise service inventory. That way, the Service Perimeter Guard pattern can be applied so that services won't need to authenticate each other.

D.

There is no need to introduce a new security mechanism. The existing SAML tokens can be used by services across the domain service inventories as long as the existing authentication brokers are configured to issue service inventory-specific assertions for SAML tokens from specific domain service inventories.

Buy Now
Questions 11

Service A acts as a trusted subsystem for a shared database. The database contains sensitive information and performs strict validation on all incoming data modification requests. In case of any invalid input values, the database throws detailed error messages that are required for debugging purposes and are automatically relayed back to service consumers by Service A. Recently, while going through the access logs of the database, it has been reported that attempts have been made to connect to the database from outside the organization. What can be done to prevent such attacks while preserving the existing database debugging requirements?

Options:

A.

The Data Confidentially pattern needs to be applied so that all request and response messages exchanged by Service A are encrypted.

B.

The Data Origin Authentication pattern needs to be applied in order to incorporate digital signatures in request and response messages exchanged by Service A.

C.

The Service Perimeter Guard pattern needs to be applied in order to centralize access to the database.

D.

None of the above.

Buy Now
Questions 12

Because of a new security requirement, all messages received by Service A need to be logged. This requirement needs to be expressed in a policy that is part of Service A's service contract. However, the addition of this policy must not impact existing service consumers that have already formed dependencies on Service A's service contract. How can this be accomplished?

Options:

A.

The policy can be centralized and isolated into a separate policy document that is linked to the service contract.

B.

The policy can be expressed using a digital certificate that is added to the service contract.

C.

The policy can be expressed using an ignorable policy assertion that is added to the service contract.

D.

None of the above.

Buy Now
Exam Code: S90.19
Exam Name: Advanced SOA Security
Last Update: Mar 21, 2024
Questions: 83
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Nov 2024