Arcitura Education Advanced SOA Security S90.19 Exam Questions

Service A is a Web service with an implementation that uses managed code. To perform a graphics-related operation, this managed code needs to access a graphics function that exist as unmanaged code. A malicious service consumer sends a message to Service A containing a very large numeric value. This value is forwarded by Service A' s logic to the graphics function. As a result, the service crashes and becomes unavailable. The service consumer successfully executed which attack?

As an SOA security specialist you are being asked to educate an IT team about how to best design security policies for a given set of services. Which of the following recommendations are valid?

The use of a perimeter service can centralize authentication and authorization logic and it can also prevent direct access to other services positioned behind a firewall.

A malicious passive intermediary intercepts messages sent between two services. Which of the following is the primary security concern raised by this situation?

When considering the ESB as providing intermediary logic, which of the following types of subject confirmation methods relate to its access control issues?

The use of XML schemas for data validation helps avoid several types of data-centric threats.

Which of the following types of attack always affect the availability of a service?