Service A is only authorized to access one service capability of Service B. Service B acts as a trusted subsystem for several underlying resources which it accesses using its own set of credentials. Service B can therefore not become a victim of an insufficient authorization attack initiated by Service A.

A service uses specialized screening logic that compares the size of a message against a maximum allowable size value. This value is specified for an incoming request message for a specific service capability. Upon a mismatch, the service rejects the request message and instead generates an error message. What type of attack has this security architecture not addressed?

Which of the following types of attack always affect the availability of a service?