S90.19無料問題集「SOA Advanced SOA Security」

質問 1

A service protected from an XML bomb attack will automatically also be protected from a schema poisoning attack.

（A）False

（B）True

正解：A 解答を投票する

質問 2

A malicious passive intermediary intercepts messages sent between two services. Which of the following is the primary security concern raised by this situation?

（A）The reliability of the message can be affected.

（B）The confidentiality of the message can be affected.

（C）The integrity of the message can be affected.

（D）The availability of the message can be affected.

正解：B 解答を投票する

質問 3

Service A expresses its requirement for message-layer security to service consumers via a security policy. Since the launch of Service A, its popularity has grown and it is decided that a fee should be charged for its use. Consequently, the design of Service A is changed so that it is capable of keeping a log of all request messages received from service consumers. The fact that Service A is logging all incoming messages is something that can also be expressed via a policy.

（A）False

（B）True

正解：B 解答を投票する

質問 4

Which of the following can directly contribute to making a service composition architecture more vulnerable to attacks?

（A）Reliance on intermediaries

（B）Reliance on transport-layer security

（C）Reliance on open networks

（D）All of the above

正解：D 解答を投票する

質問 5

An IT enterprise has three domain service inventories that map to three different departments. Each service inventory uses a security token service (STS) based authentication broker to enable single sign-on for services within the respective service inventory boundary. The tokens used for all single sign-on mechanisms are based on SAML assertions. You are given a new requirement to extend this security architecture so that services from different domain service inventories can communicate. What new security mechanisms are required to fulfill this requirement?

（A）The individual authentication brokers need to be replaced with one single authentication broker so that one single token can be used by services across all domain service inventories.

（B）An additional authentication broker needs to be added in between each domain service inventory in order to enable communication between services using disparate security tokens.

（C）There is no need to introduce a new security mechanism. The individual domain service inventories need to be combined into a single enterprise service inventory. That way, the Service Perimeter Guard pattern can be applied so that services won't need to authenticate each other.

（D）There is no need to introduce a new security mechanism. The existing SAML tokens can be used by services across the domain service inventories as long as the existing authentication brokers are configured to issue service inventory-specific assertions for SAML tokens from specific domain service inventories.

正解：D 解答を投票する

質問 6

The Exception Shielding pattern was applied to the design of Service A.
During testing, it is revealed that Service A is disclosing sensitive error information in one of its response messages. How is this possible?

（A）It is the Message Screening pattern, not the Exception Shielding pattern, that prevents a service from transmitting sensitive error information in response messages.

（B）The Trusted Subsystem pattern has already been applied to Service A, thereby conflicting with the application of the Exception Shielding pattern.

（C）None of the above.

（D）The Exception Shielding pattern states that, in case of an error, the service should not send back any message at all, because this would implicitly tell the service consumer that something has gone wrong, thereby exposing vulnerabilities.

正解：C 解答を投票する

質問 7

A security architecture needs to be created in order to guarantee that messages that are sent to Service A must comply to a security policy that is published as part of Service A's service contract. The application of which of the following patterns will fulfill this requirement?

（A）Exception Shielding

（B）Message Screening

（C）None of the above

（D）Brokered Authentication

正解：C 解答を投票する

質問 8

Message screening logic and exception shielding logic can co-exist in a single perimeter guard service.

（A）False

（B）True

正解：B 解答を投票する

S90.19 無料問題集「SOA Advanced SOA Security」

弊社を連絡する

関連リンク

トップ試験