Arcitura Education S90.19 Advanced SOA Security Exam Practice Test

An IT enterprise has three domain service inventories that map to three different departments. Each service inventory uses a security token service (STS) based authentication broker to enable single sign-on for services within the respective service inventory boundary. The tokens used for all single sign-on mechanisms are based on SAML assertions. You are given a new requirement to extend this security architecture so that services from different domain service inventories can communicate. What new security mechanisms are required to fulfill this requirement?

The exception shielding logic resulting from the application of the Exception Shielding pattern can be centralized by applying which additional pattern?

Service A is only authorized to access one service capability of Service B . Service B acts as a trusted subsystem for several underlying resources which it accesses using its own set of credentials. Service B can therefore not become a victim of an insufficient authorization attack initiated by Service A .

The Service Perimeter Guard pattern has been applied to help avoid denial of service attacks for a service inventory. As a result, services within the service inventory are only accessible via a perimeter service However, denial of service attacks continue to succeed and services within the service inventory become unavailable to external service consumers. What is the likely cause of this?

Service A is a Web service that accesses the Student table in a shared database in order to store XML-based student records. When invoked, the GetStudent operation of Service A uses a Student ID value to retrieve the record of a single student by executing an XPath query. An attacker sends a malicious message that manipulates the XPath query to return all the student records. Which of the following attacks was carried out?

A service uses specialized logic to compare the size of a request message to the maximum allowable size that is specified for request messages. Upon a mismatch, the service triggers an error that results in the issuance of a message with detailed error information. What type of attack does this specialized logic not help protect the service from?

The service contract for Service A uses an XML schema that does not specify the maximum length for the Customer-Address XML element. A service consumer sends a message that contains a very long string of characters inside the Customer-Address XML element. This can be an indication of what types of attacks?