Arcitura Education S90.18 Exam Practice Test Instant Access

Question 1

Security specialists are planning to implement public key cryptography in order to encrypt messages exchanged between Service A and Service B. Which of the following options fulfills this requirement?

AA shared key is used by both the services for message encryption and decryption

BThe XML-Signature standard is applied

CThe Data Origin Authentication pattern is applied

DNone of the above

Answer : D

Question 2

When establishing a single sign-on mechanism, the application of the Standardized Service Contract principle requires the use of SAML because it is an industry standard understood by multiple service consumers.

ATrue

BFalse

Answer : B

Question 3

As part of Service Composition A, a service consumer needs to authenticate itself to four different services. The Direct Authentication pattern was applied to each of these four services, all of which share the same identity store. This identity store is also shared by a number of additional services. As a result of increased usage, the identity store has become a performance bottleneck. The resulting performance degradation is impacting Service Composition A to the extent that it is causing problems. The security architecture for Service Composition A needs to be improved in order to avoid further performance degradation. However, any changes to the service composition architecture cannot break any dependencies with the existing service consumer. Which of the following approaches fulfills these requirements?

AApply the Brokered Authentication pattern so that SAML tokens can be issued by a centralized authentication broker. This way, the existing service consumer does not need to re-authenticate itself over and over again

BIntroduce dedicated identity stores so that each service in the service composition has its own copy of the identity information. This way, dependencies with the existing service consumer are not broken

CUse a service agent between the four services and the centralized identity store in order to centralize the task of authentication. This way, load on the identity store is decreased and dependencies with the existing service consumer are not broken

DNone of the above

Answer : B

Question 4

A set of services within a service inventory were originally each designed with a dedicated identity store. To reduce the need for service consumers to repeatedly authenticate themselves when having to access multiple services, a new ___________ has been added along with a____________.

Aauthentication broker, certificate authority

Bauthentication broker, single identity store

Ccertificate authority, certificate repository

Dcertificate authority, single identity store

Answer : B

Question 5

With SAML, the _____________ element is used by the relying party to confirm that a given message came from the subject specified in the assertion.

Asubject confirmation

Btoken

Csign-on

Dclaim

Answer : A

Question 6

Service A sends a message to Service B which reads the values in the message header to determine whether to forward the message to Service C or Service D. Because of recent attacks on Services C and D, it has been decided to protect the body content of messages using some form of encryption. However, certain restrictions within the design of Service B will not permit it to be changed to support the encryption and decryption of messages. Only Services A, C and D can support message encryption and decryption. Which of the following approaches fulfill these security requirements without changing the role of Service B?

ATransport-layer security is implemented between all services.

BMessage-layer security is implemented between all services.

CService B is removed. Instead, the routing logic is added to Service A.

DNone of the above

Answer : B

Question 7

Service A carries out XML canonicalization and creates a message digest. It then encrypts the message digest using asymmetric encryption. Service B. upon receiving the message, decrypts the message hash and calculates the hash of the original message. However, upon comparison, the received message digest and the calculated message digest do not match. How can this problem be avoided?

ATransforms need to be used so that Service B is provided the sequence of actions used by Service A . That way, Service B will know that it has to calculate the original message's hash first, and then perform XML canonicalization on the original message, and only then compare it against the decrypted message hash

BTransforms need to be used so that Service B is provided the sequence of actions used by Service A. That way, Service B will know that it has to perform XML canonicalization on the original message first, then calculate its hash, and only then compare it against the decrypted message hash

CXML canonicalization should not be performed because it is the cause of the mismatch and will also unnecessarily increase the message size

DNone of the above

Answer : B

Arcitura Education Fundamental SOA Security S90.18 Exam Practice Test