S90.18 無料問題集「SOA Fundamental SOA Security」
A service consumer submits a message with security credentials to an authentication
broker, which authenticates the credentials against a central identity store. The
authentication broker then responds with a token that the service consumer can use to
access Services A, B, and C (none of which have their own identity store). This scenario
demonstrates the application of which pattern?
broker, which authenticates the credentials against a central identity store. The
authentication broker then responds with a token that the service consumer can use to
access Services A, B, and C (none of which have their own identity store). This scenario
demonstrates the application of which pattern?
正解:C
解答を投票する
The services in a service inventory have all been built with compatible security
technologies and mechanisms. Now, security policies are being introduced for the first
time. How can security policies become part of the service inventory and its services while
adhering to the application of the Standardized Service Contract principle?
technologies and mechanisms. Now, security policies are being introduced for the first
time. How can security policies become part of the service inventory and its services while
adhering to the application of the Standardized Service Contract principle?
正解:A
解答を投票する
A set of SAML tokens has been used as a result of the application of the Brokered
Authentication pattern within a particular service inventory. Because SAML assertions
normally contain a signature, the security specialist is confident that the integrity of
messages will be maintained. What's wrong with this assumption?
Authentication pattern within a particular service inventory. Because SAML assertions
normally contain a signature, the security specialist is confident that the integrity of
messages will be maintained. What's wrong with this assumption?
正解:A
解答を投票する
You are required to design an authorization mechanism for a REST service. The service
provides functionality by providing access to different resources, some of which are local to
the service while others are located on remote servers. You are required to restrict access
to the service based on which resource is requested and which HTTP method has been
specified by the service consumer. By doing so, which combination of action control rules
needs to be used?
provides functionality by providing access to different resources, some of which are local to
the service while others are located on remote servers. You are required to restrict access
to the service based on which resource is requested and which HTTP method has been
specified by the service consumer. By doing so, which combination of action control rules
needs to be used?
正解:B
解答を投票する