Arcitura Education S90.19 Exam Questions Instant Access

Question 1

Service A is an agnostic service that is part of a complex service composition that relies on the use of several intermediaries for message routing purposes. Due to a recent malicious intermediary attack, public key cryptography and digital signatures have been added to Service A . Subsequently, the attacks stop. However, legitimate service consumers are experiencing latency when interacting with services from this complex service composition. Following an investigation, it is discovered that Service A has increased its system resource consumption in order to perform its new security-related functions. How can you improve Service A's performance without compromising its security requirements and without introducing new security mechanisms?

AUse symmetric encryption in combination with the Service Perimeter Guard pattern and SAML tokens.

BUse key agreement security sessions by deriving different keys from a session key for signing as well as encryption.

CUse base 64 encoded certificates in order to provide integrity and confidentiality.

DNone of the above.

Answer : B

Question 2

Which of the following statements is true?

AWhen the maxOccurs attribute in an XML schema element is not specified it creates a security risk because attackers can specify this element multiple times.

BWhen numeric ranges within an XML schema are not specified it creates a security risk because attackers can introduce very large numeric values within the message data.

CWhen the xsd:any element is used within an XML schema it can introduce a security risk because it allows attackers to extend the schema.

DAll of above.

Answer : D

Question 3

The service contract for Service A uses an XML schema that does not specify the maximum length for the Customer-Address XML element. A service consumer sends a message that contains a very long string of characters inside the Customer-Address XML element. This can be an indication of what types of attacks?

AXML parser attack

BBuffer overrun attack

CInsufficient authorization attack

DXPath injection attack

Answer : A, B

Question 4

Within a service composition, two Web services are using certificates in order to ensure message integrity and sender's authenticity. The certificates are included with every message exchange. Recently, the performance of these message exchanges has degraded. How can the performance be improved without compromising message integrity and message authenticity?

AUse WS-Trust based SAML tokens by introducing an authentication broker

BUse WS-Secure-Conversation security context tokens that make use of session keys and symmetric cryptography

CBecause the services are part of the same service composition, there are no message integrity or message authenticity requirements. Therefore, the certificates can be removed

DNone of the above

Answer : B

Question 5

The difference between the Exception Shielding and Message Screening patterns is in how the core service logic processes incoming messages received by malicious service consumers?

ATrue

BFalse

Answer : B

Question 6

The Exception Shielding pattern was applied to the design of Service A . During testing, it is revealed that Service A is disclosing sensitive error information in one of its response messages. How is this possible?

AIt is the Message Screening pattern, not the Exception Shielding pattern that prevents a service from transmitting sensitive error information in response messages.

BThe Trusted Subsystem pattern has already been applied to Service A, thereby conflicting with the application of the Exception Shielding pattern.

CThe Exception Shielding pattern states that, in case of an error, the service should not send back any message at all, because this would implicitly tell the service consumer that something has gone wrong, thereby exposing vulnerabilities.

DNone of the above.

Answer : D

Question 7

The Service Perimeter Guard pattern has been applied to help avoid denial of service attacks for a service inventory. As a result, services within the service inventory are only accessible via a perimeter service However, denial of service attacks continue to succeed and services within the service inventory become unavailable to external service consumers. What is the likely cause of this?

AThe application of the Service Perimeter Guard pattern needs to be combined with the application of the Message Screening pattern in order to mitigate denial of service attacks.

BThe perimeter service itself is the victim of denial of service attacks. As a result, none of the services inside the service inventory can be accessed by external service consumers.

CThe Trusted Subsystem pattern should have been applied so that each service has a dedicated trusted subsystem.

DThe Service Perimeter Guard pattern does not help avoid denial of service attacks.

Answer : B

Arcitura Education Advanced SOA Security S90.19 Exam Questions