Valentine Day Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

SOA S90.18 Dumps

Page: 1 / 4
Total 98 questions

Fundamental SOA Security Questions and Answers

Question 1

A service that was previously using a shared identity store is now given its own dedicated identity store instead. What are the likely impacts (positive or negative) that will result from this change?

Options:

A.

The service's autonomy is increased.

B.

The operational responsibility is increased due to the need to keep the dedicated identity store in synch with a parent identity store.

C.

The potential to apply the Service Abstraction principle is increased.

D.

The service will no longer be dependent on a certificate authority.

Question 2

A hashing function always returns _____________ for the same input data.

Options:

A.

a different transformation

B.

a different digest

C.

the same transformation

D.

the same digest

Question 3

The use of XML-Encryption supports the application of the Service Abstraction principle because the actual message remains hidden from the attacker.

Options:

A.

True

B.

False

Question 4

The application of the Brokered Authentication pattern is best suited for a scenario whereby a service consumer does not need to re-authenticate itself with multiple services.

Options:

A.

True

B.

False

Question 5

The Data Origin Authentication pattern is applied to services throughout a service inventory. As a result, if malicious service intermediaries change data within messages exchanged by these services, such changes will be detected.

Options:

A.

True

B.

False

Question 6

Service A is owned by Organization A. Service A sends a message containing confidential data to Service B, which is owned by Organization B. Service B sends the message to Service C, which is also owned by Organization B. Organization A trusts Organization B, which means there is no requirement to protect messages from intermediaries and after a message is received by Service B (and as long as the message remains within the boundary of Organization B), there is no requirement to keep the message data confidential. Which of the following approaches will fulfill these security requirements with the least amount of performance degradation?

Options:

A.

Messages exchanged between Service A and Service B are encrypted using XML-Encryption.

B.

The communication channel between Service A and Service B is encrypted using a transport-layer security technology.

C.

SAML security tokens are used so that Service B can authenticate Service A.

D.

An authentication broker is introduced between Service A and Service B.

Question 7

Losing a ______________ does not compromise the identity of the key owner, whereas losing a ___________ does compromise the identity of the key owner.

Options:

A.

private key, public key

B.

validated certificate, revoked certificate

C.

security policy, SAML token

D.

None of the above

Question 8

The X.509 token can be used to express a ______________ security token that provides an X.509 digital certificate.

Options:

A.

text-based

B.

UDDI-based

C.

binary

D.

None of the above.

Question 9

The services within a domain service inventory provide access to confidential data retrieved from a shared database. These services need to be accessible from outside the domain service inventory. Which of the following design options will preserve the confidentiality of the data when the services are accessed from outside the service inventory?

Options:

A.

The Direct Authentication pattern is applied to the database used by the services that need to be externally accessed.

B.

A dedicated database is created to store the confidential data. This database will only be used by the services that need to be externally accessed.

C.

The messages exchanged by the services are designed to include security tokens.

D.

None of above

Question 10

When using a single sign-on mechanism, security contexts are____________.

Options:

A.

discarded within seconds after creation

B.

stored in a UDDI repository for auditing purposes

C.

combined together at runtime

D.

None of the above.

Question 11

Using message-layer security, if a service agent takes possession of a message, it can forward the message to another service.

Options:

A.

True

B.

False

Question 12

Username and X.509 token profiles can be combined so that a single message can contain a username token that is digitally signed.

Options:

A.

True

B.

False

Question 13

Which of the following approaches represents a valid means of utilizing generic security logic?

Options:

A.

When required, generic security logic can be embedded within a service. The close proximity to the service logic maximizes the chances that the security logic will be consistently executed without interference from attackers.

B.

When required, generic security logic can be abstracted into a separate utility service. This allows for reuse.

C.

When required, generic security logic can be abstracted into a service agent. This allows for reuse and the security logic can be executed in response to runtime events.

D.

All of the above.

Question 14

Security specialists are planning to implement public key cryptography in order to encrypt messages exchanged between Service A and Service B. Which of the following options fulfills this requirement?

Options:

A.

A shared key is used by both the services for message encryption and decryption

B.

The XML-Signature standard is applied

C.

The Data Origin Authentication pattern is applied

D.

None of the above

Page: 1 / 4
Total 98 questions