Arcitura Education SOA Security Lab S90.20 Exam Practice Test

Page: 1 / 14
Total 30 questions

Want more questions? Get Premium Access.
()

Question 1

Service Consumer A sends a request message with a Username token to Service A (1). Service B authenticates the request by verifying the security credentials from the Username token with a shared identity store (2). To process Service Consumer A's request message, Service A must use Services B, C, and D .Each of these three services also requires the Username token (3. 6, 9) in order to authenticate Service Consumer A by using the same shared identity store (4, 7, 10). Upon each successful authentication, each of the three services (B, C, and D) issues a response message back to Service A (5, 8, 11). Upon receiving and processing the data in all three response messages, Service A sends its own response message to Service Consumer A (12). You are asked to redesign this service composition architecture so that it can still carry out the described message exchanges while requiring that Service Consumer A only be authenticated once using the identity store. Which of the following statements describes an accurate solution?

AA single sign-on mechanism is implemented. The Brokered Authentication pattern is applied, resulting in Service A becoming the authentication broker. The authentication broker authenticates the security credentials received from Service Consumer A against the identity store. After successful authentication, the authentication broker issues a signed SAML token for Service Consumer A .The SAML token is subsequently provided to Services B.C .and D by Service A, on behalf of Service Consumer A .

BA single sign-on mechanism is implemented. The Brokered Authentication pattern is applied together with the Data Origin-Authentication pattern. A separate authentication broker utility service is added in between Service Consumer A and Service A .This requires that Service A send its Username token only once to Service B .Service B then acts as a secondary authentication broker and authenticates Service Consumer A and Service A using the identity store. If the authentication is successful,Service B generates a shared secret key to be used as a session key during communication with Services C and D .Because the session key is only known by these services, it can be used authenticates the services to each other.

CA single sign-on mechanism is implemented. The Brokered Authentication pattern is applied together with the Data Origin Authentication pattern. Service A is redesigned to use holder-of-key based subject confirmation SAML assertions. This way, Service A only needs to send its Username token once to Service B .Service B then acts as the authentication broker by issuing a SAML token to Service A and then further sends the SAML token to Services C and D on behalf of Service Consumer A and Service A .Service B signs the SAML assertion in order to ensure its authenticity and integrity during message exchanges with Services C and D .

DThe Direct Authentication pattern is applied together with an authentication process that uses digital certificates and digital signatures instead of Username tokens. The digital certificate of Service Consumer A is attached to all subsequent request messages issued by Services A, B, C and D and these request messages are further signed by a private key.

Answer : A

Question 2

Service Consumer A sends a request message with an authentication token to Service A, but before the message reaches Service A, it is intercepted by Service Agent A (1). Service Agent A validates the security credentials and also validates whether the message is compliant with Security Policy A .If either validation fails, Service Agent A rejects the request message and writes an error log to Database A (2A). If both validations succeed, the request message is sent to Service A (2B). Service A retrieves additional data from a legacy system (3) and then submits a request message to Service B Before arriving at Service B, the request message is intercepted by Service Agent B (4) which validates its compliance with Security Policy SIB then Service Agent C (5) which validates its compliance with Security Policy B .If either of these validations fails, an error message is sent back to Service A .that then forwards it to Service Agent A so that it the error can be logged in Database A (2A). If both validations succeed, the request message is sent to Service B (6). Service B subsequently stores the data from the message in Database B (7). Service A and Service Agent A reside in Service Inventory A .Service B and Service Agents B and C reside in Service Inventory B .Security Policy SIB is used by all services that reside in Service Inventory B .Service B can also be invoked by other service consumers from Service Inventory B .Request messages sent by these service consumers must also be compliant with Security Policies SIB and B .Access to the legacy system in Service Inventory A is currently only possible via Service A, which means messages must be validated for compliance with Security Policy A .A new requirement has emerged to allow services from Service Inventory B to access the legacy system via a new perimeter service that will be dedicated to processing request messages from services residing in Service Inventory B .Because the legacy system has no security features, all security processing will need to be carried out by the perimeter service. However, there are parts of Security Policy A that are specific to Service A and do not apply to the legacy system or the perimeter service. Furthermore, response messages sent by the perimeter service to services from Service Inventory B will still need to be validated for compliance to Security Policy B and Security Policy SIB .How can the Policy Centralization pattern be correctly applied without compromising the policy compliance requirements of services in both service inventories?

AIn order for Security Policy A to be centralized so that it can be shared by Service A and the new perimeter service, messages sent to the perimeter service from services in Service Inventory B will need to continue complying with Security Policy A, even if it requires that the messages contain content that does not relate to accessing the legacy system. In order to centralize Security-Policy B it will need to be combined with Security Policy SIB, which means that the functionality within Service Agents B and C can be combined into a single service agent.

BA single centralized security policy can be created by combining Security Policy A, Security Policy B .and Security Policy SIB into a single security policy that is shared by services in both Service Inventory A and Service Inventory B .This means that the new perimeter service can share the same new security policy with Service A .This further simplifies message exchange processing because request messages sent by services in Service Inventory B to the new perimeter service need to comply to the same security policy as the response messages sent back by the perimeter service to the services in Service Inventory B .

CThe parts of Security Policy A that are required for access to the new perimeter service need to be removed and placed into a new security policy that is shared by Service A and the perimeter service. Messages sent by services accessing the perimeter service from Service Inventory B will need to be compliant with the new security policy. Because the perimeter service is dedicated to message exchange with services from Service Inventory B, response messages sent by the perimeter service can be designed for compliance to Security Policy B and Security Policy SIB .

DDue to the amount of overlap among Security Policy A, Security Policy B, and Security Policy SIB, the Policy Centralization pattern cannot be correctly applied to enable the described message exchange between the perimeter service in Service Inventory A and services in Service Inventory B .

Answer : C

Question 3

Services A, B and C belong to Service Inventory A .Services D, E and F belong to Service Inventory B .Service C acts as an authentication broker for Service Inventory A .Service F acts as an authentication broker for Service Inventory B .Both of the authentication brokers use Kerberos-based authentication technologies. Upon receiving a request message from a service consumer, Services C and F authenticate the request using a local identity store and then use a separate Ticket Granting Service (not shown) to issue the Kerberos ticket to the service consumer. Currently, tickets issued in one service inventory are not valid in the other. For example, if Service A wants to communicate with Services D or E, it must request a ticket from the Service Inventory B authentication broker (Service F). Because Service Inventory A and B trust each other, the current cross-inventory authentication is considered unnecessarily redundant. How can these service inventory architectures be improved to avoid redundant authentication?

ACreate a single, enterprise-wide service inventory by merging Service Inventories A and B .Instead of the current Kerberos-based brokered authentication, the merged service inventory can use X.509 digital certificates to remove the burden from the local authentication brokers. Designate either Service C or Service F as the central authentication service with the responsibility to validate service consumer X.509 digital certificates. After successful validation, the authentication service can issue a signed SAML token to be used within the entire service inventory.

BThe same Kerberos tickets can be used across both service inventories by updating the security policies of the services that require Kerberos tickets. Because each authentication broker issues Kerberos tickets, the only difference between these tickets is the identity of the issuer. For-example, because services in Service Inventory A already accept Kerberos tickets issued by Service C, Service F just needs to be included in the security policies of these services. Similarly, services in Service Inventory B that accept Kerberos tickets issued by Service F need to include the acceptance of Kerberos tickets issued by Service C in their security policies.

CA trust relationship needs to be established between the two authentication brokers. This trust relationship can enable the authentication brokers to accept Kerberos tickets issued by each other.

DReplace Services C and F with a single authentication broker so that one single token can be used with services across both service inventories. This can be achieved by merging the content of the two identity stores.

Answer : C

Question 4

Service A is a publically accessible service that provides free multimedia retrieval capabilities to a range of service consumers. To carry out this functionality, Service A is first invoked by Service Consumer A (1). Based on the nature of the request message received from Service Consumer A, Service A either invokes Service B or Service C .When Service B is invoked by Service A (2A) it retrieves data from publicly available sources (not shown) and responds with the requested data (3A). When Service C is invoked by Service A (2B) it retrieves data from proprietary sources within the IT enterprise (not shown) and responds with the requested data (3B). After receiving a response from Service B or Service C, Service A sends the retrieved data to Service Consumer A (4). Service B does not require service consumers to be authenticated, but Service C does require authentication of service consumers. The service contract for Service A therefore uses WS-Policy alternative policies in order to express the two different authentication requirements to Service Consumer A .When Service Consumer A sends a request message (1), Service A determines whether the request requires the involvement of Service C and then checks to ensure that the necessary security credentials were received as part of the message. If the credentials provided by Service Consumer A are verified. Service A creates a signed SAML assertion and sends it with the request message to Service C (2B) This authentication information is protected by public key encryption However, responses to Service Consumer A's request message (3B, 4) are not encrypted for performance reasons. The owner of Service C is planning two changes to the service architecture:

1. A fee will be charged to Service Consumer A (or any service consumer) using Service C .2. The response messages issued by Service C need to be secured in order to prevent unauthorized access. An analysis of Service C's usage statistics reveals that a group of service consumers specifically request the retrieval of multimedia data on a frequent basis. To promote the usage of Service C to these types of service consumers, the owner of Service C plans to offer a special discount by allowing unlimited multimedia retrievals for a fixed monthly price. Service consumers that do not subscribe to this promotion will need to pay for each request individually. It is anticipated that the new promotion will significantly increase the usage of Service C .The owner of Service C therefore wants to ensure that the security added to the response messages has a minimal impact on Service C's runtime performance. What steps can be taken to fulfill these requirements?

AUse symmetric session keys so that for each response message, Service C generates a session key and encrypts the-response message using this session key. The session key is then encrypted (using the service consumer's public key) and attached to the encrypted response. A single session key can then be used by Service C for communication with all service consumers that subscribe to the promotion.

BBecause the services in this service composition already rely on public key encryption to provide authentication, Service C can provide message confidentiality by encrypting the response message with Service Consumer A's public key. This will ensure that only the intended recipient, in possession of the corresponding private key, can decrypt the response message. To further reduce the performance impact of encryption, Service C can generate a new public-private key pair to be used by service consumers subscribed to the promotion. By securely distributing the private key to each of these service consumers, Service C only needs to encrypt the response messages once with the public key.

CDesign Service C to generate a message digest of the response message and encrypt it with the service consumer's publickey. Because the message digest is typically small, the performance of public key encryption is acceptable. This approach also ensures that only the service consumer can decrypt the response message using the corresponding private key.

DDesign the service composition architecture so that the encryption of the response messages is performed by Service B and Service C .To reduce the performance impact, a policy can be added to Service A's service contract in order to require the encryption of all response messages, regardless of the type of service consumer making the request. Further, a new utility service can be added to the service composition. This service can be responsible for obtaining the public key of the service consumer and forwarding the key along with the request message to the appropriate service (Service B or Service C). The service receiving the message can then encrypt the response message with the received public key. Service A can then forward the encrypted response to the service consumer. This approach ensures that only authorized service consumers will be able to access response messages.

Answer : A

Question 5

Service Consumer A sends a request to Service A (1). Service A replies with an acknowledgement message (2) and then processes the request and sends a request message to Service B (3). This message contains confidential financial data. Service B sends three different request messages together with its security credentials to Services C, D, and E (4, 5, 6). Upon successful authentication, Services C, D, and E store the data from the message in separate databases (7, 8, 9) Services B, C, D, and E belong to Service Inventory A, which further belongs to Organization B .Service Consumer A and Service A belong to Organization A .The service contracts of Services A and B both comply with the same XML schema. However, each organization employs different security technologies for their service architectures. To protect the confidential financial data sent by Service A to Service B, each organization decides to independently apply the Data Confidentiality and the Data Origin Authentication patterns to establish message-layer security for external message exchanges. However, when an encrypted and digitally signed test message is sent by Service A to Service B, Service B was unable to decrypt the message. Which of the following statements describes a solution that solves this problem?

AAlthough both of the organizations applied the Data Confidentiality and the Data Origin Authentication patterns, the security-technologies used for the Service A and Service B architectures may be incompatible. Because there are several technologies and versions of technologies that can be used to apply these patterns, the organizations need to standardize implementation level details of the relevant security technologies.

BThe problem with the test message occurred because Service A used incorrect keys to protect the message sent to Service B .Service A used its own public key to sign the message and then used Service B's public key to encrypt the message content. To correct the problem, Service A must use WS-Secure-Conversation to agree on a secret session key to be used to encrypt messages exchanged between Services A and B .Because this session key is only known by Services A and B, encrypting the messages with this key also provides authentication of the origin of the data.

CAlthough both of the organizations successfully applied the Data Confidentiality and the Data Origin Authentication patterns, the order in which the patterns were applied is incorrect. The application of the Data Origin Authentication pattern must always follow the application of the Data Confidentiality pattern to ensure that the message confidentiality from a third party authenticates the origin of the message.

DThe problem with the test message occurred because Service A needed the private key of Service B to digitally sign the-message. An attacker pretending to be Service B likely sent a fake private/public keys pair to Service A .Using these fake keys to encrypt and digitally sign the message made the message incompatible for Service B .Because the fake private key was also used to sign the hash, it explains the source of the problem.

Answer : A

Question 6

Service A provides a data retrieval capability that can be used by a range of service consumers, including Service Consumer A .In order to retrieve the necessary data, Service Consumer A first sends a request message to Service A (1). Service A then exchanges request and response messages with Service B (2, 3), Service C (4, 5), and Service D (6. 7). After receiving all three response messages from Services B .C .and D, Service A assembles the collected data into a response message that it returns to Service Consumer A (8). The owner of Service A charges service consumers for each usage of the data retrieval capability. Recently, the owner of Service Consumer A has complained that the data returned by Service A is incorrect, incomplete, and from invalid sources. As evidence, the Service Consumer A owner has presented the owner of Service A with sample messages containing the incorrect and incomplete contents. As a result, the Service Consumer A owner has refused to pay the usage fees. Subsequent to an internal investigation, the owner of Service A determines that the data returned by Service A is consistently correct and complete. There are suspicions that the Service Consumer A owner is altering the original messages and issuing these complaints fraudulently in order to avoid paying the usage fees. How can the owner of Service A prove that Service A is returning correct and complete data and that this data originated from the correct sources?

AApply the Data Origin Authentication and the Data Confidentiality patterns to ensure that request and response messagesexchanged between Service A and Services B .C, and D are digitally signed and encrypted. This guarantees message integrity and confidentiality.

BApply the Data Origin Authentication pattern to verily that request and response messages exchanged by Service Consumer A and Service A and exchanged by Service A and Services B, C, and D originated from the claimed sources and have not been altered prior to transmission. Also, enhance the Service A architecture so that all messages sent to its service consumers are logged.

CApply the Brokered Authentication pattern to send the security credentials of Service Consumer A to Services B, C, and D.Service A can carry out the brokered authentication logic and therefore act as the intermediary security broker. Upon receiving Service Consumer A's request message, Service A can further verify the credentials against an external certificate authority, if the request is authenticated. Service A can create a signed SAML assertion containing Service Consumer A's credentials and the authorization information. Service A then forwards the original request message and the signed SAML assertion to Services B,C, and D .

DThe service contract of Service A can be extended with an ignorable WS-Policy assertion that states that all request and response messages are logged by Service A and that false complaints will be prosecuted.

Answer : B

Question 7

Services A, B, and C reside in Service Inventory A and Services D, E, and F reside in Service Inventory B .Service B is an authentication broker that issues WS-Trust based SAML tokens to Services A and C upon receiving security credentials from Services A and C .Service E is an authentication broker that issues WS-Trust based SAML tokens to Services D and F upon receiving security credentials from Services D and E .Service B uses the Service Inventory A identify store to validate the security credentials of Services A and C .Service E uses the Service Inventory B identity store to validate the security credentials of Services D and F .It is decided to use Service E as the sole authentication broker for all services in Service Inventories A and B .Service B is kept as a secondary authentication broker for load balancing purposes. Specifically, it is to be used for situations where authentication requests are expected to be extra time consuming in order to limit the performance burden on Service E .Even though Service B has all the necessary functionality to fulfill this new responsibility, only Service E can issue SAML tokens to other services. How can these architectures be modified to support these new requirements?

AWhen time consuming authentication requests are identified, Service E can forward them to Service B .Upon performing the authentication, Service B sends its own signed SAML token to Service E .Because Service E trusts Service B .it can use the Service B-specific SAML token to issue an official SAML token that is then sent to the original service consumer (that requested authentication) and further used by other services.

BTo provide load balancing, a service agent needs to be implemented to intercept all incoming requests to Service E .The-service agent uses a random distribution of the authentication requests between Service B and Service E .Because the request messages are distributed in a random manner, the load between the two authentication brokers is balanced.

CBecause both Service B and Service E issue SAML tokens, these tokens are interchangeable. In order for both services to-receive the same amount of authentication requests, a shared key needs to be provided to them for signing the SAML tokens. By signing the SAML tokens with the same key, the SAML tokens generated by Service B cannot be distinguished from the SAML tokens generated by Service E .

DBecause the federation requirements ask for SAML tokens generated by Service E, Service B cannot function as an-authentication broker. To address the load balancing requirement, a new utility service needs to be introduced to provide functionality that is redundant with Service E .This essentially establishes a secondary authentication broker to which Service E can defer time-consuming authentication tasks at runtime.

Answer : B