As part of Service Composition A, a service consumer needs to authenticate itself to four different services. The Direct Authentication pattern was applied to each of these four services, all of which share the same identity store. This identity store is also shared by a number of additional services. As a result of increased usage, the identity store has become a performance bottleneck. The resulting performance degradation is impacting Service Composition A to the extent that it is causing problems. The security architecture for Service Composition A needs to be improved in order to avoid further performance degradation. However, any changes to the service composition architecture cannot break any dependencies with the existing service consumer.
Which of the following approaches fulfills these requirements?
A. Apply the Brokered Authentication pattern so that SAML tokens can be issued by a centralized authentication broker. This way, the existing service consumer does not need to re-authenticate itself over and over again
B. Introduce dedicated identity stores so that each service in the service composition has its own copy of the identity information. This way, dependencies with the existingservice consumer are not broken
C. Use a service agent between the four services and the centralized identity store in order to centralize the task of authentication. This way, load on the identity store is decreased and dependencies with the existingservice consumer are not broken
D. None of the above
A service consumer submits a message with security credentials to an authentication broker, which authenticates the credentials against a central identity store. The authentication broker then responds with a token that the service consumer can use to access Services A, B, and C (none of which have their own identity store).
This scenario demonstrates the application of which pattern?
A. Data Origin Authentication
B. Direct Authentication
C. Identity Store Authentication
D. None of the above
Which of the following industry standards can be used to apply the Data Confidentiality pattern?
A. XML-Encryption
B. XML-Signature
C. SAML
D. All of the above.
Service A carries out XML canonicalization and creates a message digest. It then encrypts the message digest using asymmetric encryption. Service B. upon receiving the message, decrypts the message hash and calculates the hash of the original message. However, upon comparison, the received message digest and the calculated message digest do not match.
How can this problem be avoided?
A. Transforms need to be used so that Service B is provided the sequence of actions used by Service A. That way, Service B will know that it has to calculate the original message's hash first, and then perform XML canonicalization on the original message, and only then compare it against the decrypted message hash
B. Transforms need to be used so that Service B is provided the sequence of actions used by Service A. That way, Service B will know that it has to perform XML canonicalization on the original message first, then calculate its hash, and only then compare it against the decrypted message hash
C. XML canonicalization should not be performed because it is the cause of the mismatch and will also unnecessarily increase the message size
D. None of the above
When establishing a single sign-on mechanism, the application of the Standardized Service Contract principle requires the use of SAML because it is an industry standard understood by multiple service consumers.
A. True
B. False B
Both the Brokered Authentication pattern and the Direct Authentication pattern advocate the use of a central identity store.
A. True
B. False
The Data Confidentiality pattern can be applied using which of the following security mechanisms?
A. symmetric encryption
B. asymmetric encryption
C. hashing
D. identity store
Security specialists are planning to implement public key cryptography in order to encrypt messages exchanged between Service A and Service B.
Which of the following options fulfills this requirement?
A. A shared key is used by both the services for message encryption and decryption
B. The XML-Signature standard is applied
C. The Data Origin Authentication pattern is applied
D. None of the above
When working with SAML, a Security Token Service (STS) and a Service Provider refer to the same service.
A. True
B. False
The sender-vouches SAML subject confirmation method is best suited for a service consumer that does not need to interact with more than one service for a given task.
A. True
B. False
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only SOA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your S90-18A exam preparations and SOA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.