Arcitura Education S90.19 Advanced SOA Security Exam Practice Test

The use of derived keys is based on symmetric encryption. This is similar to asymmetric encryption because different keys can be derived from a session key and used separately for encryption and decryption.

Service A is only authorized to access one service capability of Service B . Service B acts as a trusted subsystem for several underlying resources which it accesses using its own set of credentials. Service B can therefore not become a victim of an insufficient authorization attack initiated by Service A .

The application of the Trusted Subsystem pattern directly supports the goals of the Service Loose Coupling principle.

An attacker is able to gain access to a service and invokes the service. Upon executing the service logic, the attacker is able to gain access to underlying service resources, including a private database. The attacker proceeds to delete data from the database. The attacker has successfully executed which type of attack?

A service receives a message containing an XML document that expands to a very large size as it is processed by the parser. As a result, the service becomes unavailable to service consumers. The service was subjected to which type of attack?

A service protected from an XML bomb attack will automatically also be protected from a schema poisoning attack.

The application of the Trusted Subsystem pattern can help centralize access to services.