SOA Advanced SOA Security - S90.19 Exam Questions
QUESTION NO: 1
The Service Perimeter Guard pattern can be used in combination with other patterns to help avoid both data-oriented attacks and access-oriented attacks.
The Service Perimeter Guard pattern can be used in combination with other patterns to help avoid both data-oriented attacks and access-oriented attacks.
Correct Answer: A
QUESTION NO: 2
A denial of service attack can be the byproduct of an insufficient authorization attack.
A denial of service attack can be the byproduct of an insufficient authorization attack.
Correct Answer: A
QUESTION NO: 3
An IT enterprise has three domain service inventories that map to three different departments. Each service inventory uses a security token service (STS) based authentication broker to enable single sign-on for services within the respective service inventory boundary. The tokens used for all single sign-on mechanisms are based on SAML assertions. You are given a new requirement to extend this security architecture so that services from different domain service inventories can communicate. What new security mechanisms are required to fulfill this requirement?
An IT enterprise has three domain service inventories that map to three different departments. Each service inventory uses a security token service (STS) based authentication broker to enable single sign-on for services within the respective service inventory boundary. The tokens used for all single sign-on mechanisms are based on SAML assertions. You are given a new requirement to extend this security architecture so that services from different domain service inventories can communicate. What new security mechanisms are required to fulfill this requirement?
Correct Answer: D
QUESTION NO: 4
Message screening logic and exception shielding logic can co-exist in a single perimeter guard service.
Message screening logic and exception shielding logic can co-exist in a single perimeter guard service.
Correct Answer: A
QUESTION NO: 5
Service A acts as a trusted subsystem for a shared database. The database contains sensitive information and performs strict validation on all incoming data modification requests. In case of any invalid input values, the database throws detailed error messages that are required for debugging purposes and are automatically relayed back to service consumers by Service A.
Recently, while going through the access logs of the database, it has been reported that attempts have been made to connect to the database from outside the organization. What can be done to prevent such attacks while preserving the existing database debugging requirements?
Service A acts as a trusted subsystem for a shared database. The database contains sensitive information and performs strict validation on all incoming data modification requests. In case of any invalid input values, the database throws detailed error messages that are required for debugging purposes and are automatically relayed back to service consumers by Service A.
Recently, while going through the access logs of the database, it has been reported that attempts have been made to connect to the database from outside the organization. What can be done to prevent such attacks while preserving the existing database debugging requirements?
Correct Answer: A
QUESTION NO: 6
Which of the following are types of security sessions?
Which of the following are types of security sessions?
Correct Answer: A,B
QUESTION NO: 7
Service A is part of a large service composition. Following an attack, Service A becomes non-responsive. Which of the following attacks could be responsible for Service A's non- responsiveness?
Service A is part of a large service composition. Following an attack, Service A becomes non-responsive. Which of the following attacks could be responsible for Service A's non- responsiveness?
Correct Answer: C,D
QUESTION NO: 8
Service A is a Web service that accesses the Student table in a shared database in order to store XML-based student records. When invoked, the GetStudent operation of Service A uses a StudentID value to retrieve the record of a single student by executing an XPath query. An attacker sends a malicious message that manipulates the XPath query to return all the student records. Which of the following attacks was carried out?
Service A is a Web service that accesses the Student table in a shared database in order to store XML-based student records. When invoked, the GetStudent operation of Service A uses a StudentID value to retrieve the record of a single student by executing an XPath query. An attacker sends a malicious message that manipulates the XPath query to return all the student records. Which of the following attacks was carried out?
Correct Answer: A
QUESTION NO: 9
A legacy system is used as a shared resource by a number of services within a service inventory. The services that access the legacy system use the same user account. The legacy system is also directly accessed by other applications that also use the same set of credentials as the services. It was recently reported that a program gained unauthorized access to confidential data in the legacy system. However, because all of the programs that access the legacy system use the same set of credentials, it is difficult to find out which program carried out the attack. How can another attack like this be avoided?
A legacy system is used as a shared resource by a number of services within a service inventory. The services that access the legacy system use the same user account. The legacy system is also directly accessed by other applications that also use the same set of credentials as the services. It was recently reported that a program gained unauthorized access to confidential data in the legacy system. However, because all of the programs that access the legacy system use the same set of credentials, it is difficult to find out which program carried out the attack. How can another attack like this be avoided?
Correct Answer: C
