Arcitura Education S90.19 Exam Questions Instant Access

Question 1

The Message Screening pattern can be applied to a service acting as a trusted subsystem for an underlying database. That way, the database would be protected from SOL injection attacks.

ATrue

BFalse

Answer : A

Question 2

Within a certain service activity, two services are using certificates in order to guarantee the integrity of messages. With every message exchange, certificates are sent and received. These certificates are checked against an external Certificate Authority (CA) in order to verify whether or not they have been revoked. The current security architecture is suffering from increased latency resulting from the extra communication required with the CA. How can this problem be addressed without compromising message integrity?

AWS-Trust based SAML tokens can be used via an authentication broker.

BWS-Secure-Conversation security context tokens can be used together with session keys and symmetric cryptography.

CThe security architecture can be redesigned so that the CA is only accessed for the first message exchange.

DNone of the above

Answer : A

Question 3

When applying the Exception Shielding pattern, which of the following are valid options for implementing exception shielding logic?

Aas part of the core service logic

Bwithin a service agent

Cwithin a utility service

DAll of the above.

Answer : D

Question 4

Architects responsible for a domain service inventory are being asked to make some of their services available to service consumers from outside the organization. However, they are reluctant to do so and consult you to help define a security architecture that will keep all of the existing services within the domain service inventory hidden within a private network. Which of the following is a valid approach for fulfilling this requirement?

AApply the Brokered Authentication pattern to position an authentication broker outside the private network that has been configured to access the internal services via a firewall. The authentication broker becomes the sole contact point for external service consumers.

BApply the Service Perimeter Guard pattern in order to position a perimeter service outside the private network that has been configured to access the internal services via a firewall. The perimeter service becomes the sole contact point for external service consumers.

CApply the Trusted Subsystem pattern in order to position a service outside the private network that authenticates each incoming request and then uses its own set of credentials to get access to internal services. This service becomes the sole contact point for external service consumers.

DNone of the above.

Answer : B

Question 5

A certain service becomes a victim of an insufficient authorization attack. This service acts as a trusted subsystem for an entire service inventory. Which of the following are under threat as a result of this attack?

AThe core service logic

BThe underlying resources accessed by the service

COther services in the service inventory

DAll of the above.

Answer : D

Question 6

Service A needs to be designed so that it supports message integrity and so that only part of the messages exchanged by the service are encrypted. You are asked to create the security policy for this service. What type of policy assertions should you use?

AToken assertions

BProtection assertions

CSecurity binding assertions

DService A's security requirements cannot be expressed in a policy

Answer : B

Question 7

The Exception Shielding pattern was applied to the design of Service A . During testing, it is revealed that Service A is disclosing sensitive error information in one of its response messages. How is this possible?

AIt is the Message Screening pattern, not the Exception Shielding pattern that prevents a service from transmitting sensitive error information in response messages.

BThe Trusted Subsystem pattern has already been applied to Service A, thereby conflicting with the application of the Exception Shielding pattern.

CThe Exception Shielding pattern states that, in case of an error, the service should not send back any message at all, because this would implicitly tell the service consumer that something has gone wrong, thereby exposing vulnerabilities.

DNone of the above.

Answer : D

Arcitura Education Advanced SOA Security S90.19 Exam Questions