Arcitura Education S90.19 Exam Practice Test Instant Access

Question 1

An IT enterprise has three domain service inventories that map to three different departments. Each service inventory uses a security token service (STS) based authentication broker to enable single sign-on for services within the respective service inventory boundary. The tokens used for all single sign-on mechanisms are based on SAML assertions. You are given a new requirement to extend this security architecture so that services from different domain service inventories can communicate. What new security mechanisms are required to fulfill this requirement?

AThe individual authentication brokers need to be replaced with one single authentication broker so that one single token can be used by services across all domain service inventories.

BAn additional authentication broker needs to be added in between each domain service inventory in order to enable communication between services using disparate security tokens.

CThere is no need to introduce a new security mechanism. The individual domain service inventories need to be combined into a single enterprise service inventory. That way, the Service Perimeter Guard pattern can be applied so that services won't need to authenticate each other.

DThere is no need to introduce a new security mechanism. The existing SAML tokens can be used by services across the domain service inventories as long as the existing authentication brokers are configured to issue service inventory-specific assertions for SAML tokens from specific domain service inventories.

Answer : D

Question 2

An attacker is able to gain access to a service and invokes the service. Upon executing the service logic, the attacker is able to gain access to underlying service resources, including a private database. The attacker proceeds to delete data from the database. The attacker has successfully executed which type of attack?

Aexception generation attack

Binsufficient authorization attack

Cdenial of service attack

DNone of the above.

Answer : B

Question 3

Service A is only authorized to access one service capability of Service B . Service B acts as a trusted subsystem for several underlying resources which it accesses using its own set of credentials. Service B can therefore not become a victim of an insufficient authorization attack initiated by Service A .

ATrue

BFalse

Answer : B

Question 4

Service A has recently been the victim of XPath injection attacks. Messages sent between Service A and Service C have traditionally been protected via transport-layer security. A redesign of the service composition architecture introduces Service B, which is positioned as an intermediary service between Service A and Service C . The Message Screening pattern was applied to the design of Service B . As part of the new service composition architecture, transport-layer security is replaced with message-layer security for all services, but Service A and Service C continue to share the same encryption key. After the new service composition goes live, Service A continues to be subjected to XPath injection attacks. What is the reason for this?

AThe message screening logic can only work for Service C . Therefore, Service A is not protected.

BBecause message-layer security is being used, it is not possible for the message screening logic in Service B to inspect messages without having the encryption key that is shared by Service A and Service C

CXPath injection attacks are not prevented by message screening logic or message-layer security.

DNone of the above.

Answer : B

Question 5

A denial of service attack can be the byproduct of an insufficient authorization attack.

ATrue

BFalse

Answer : A

Question 6

Security policies defined using WS-SecurityPolicy can be used to convey which of the following requirements to a service consumer?

AWhether transport-layer or message-layer security needs to be used

BThe encryption type that needs to be used for transport-layer security

CThe algorithms that need to be used for cryptographic operations

DThe type of security token that must be used

Answer : A, C, D

Question 7

The exception shielding logic resulting from the application of the Exception Shielding pattern can be centralized by applying which additional pattern?

AMessage Screening

BTrusted Subsystem

CService Perimeter Guard

DNone of the above.

Answer : C

Arcitura Education Advanced SOA Security S90.19 Exam Practice Test