The use of derived keys is based on symmetric encryption. This is similar to asymmetric encryption because different keys can be derived from a session key and used separately for encryption and decryption.
A. True
B. False
The application of the Trusted Subsystem pattern directly supports the goals of the Service Loose Coupling principle.
A. True
B. False
Service A is only authorized to access one service capability of Service B. Service B acts as a trusted subsystem for several underlying resources which it accesses using its own set of credentials. Service B can therefore not become a victim of an insufficient authorization attack initiated by Service A.
A. True
B. False
A service receives a message containing an XML document that expands to a very large size as it is processed by the parser. As a result, the service becomes unavailable to service consumers.
The service was subjected to which type of attack?
A. XML parser attack
B. Exception generationattack
C. XPath injection attack
D. None of the above.
An attacker is able to gain access to a service and invokes the service. Upon executing the service logic, the attacker is able to gain access to underlying service resources, including a private database. The attacker proceeds to delete data from the database.
The attacker has successfully executed which type of attack?
A. exception generation attack
B. insufficient authorization attack
C. denial of service attack
D. None of the above.
The application of the Trusted Subsystem pattern can help centralize access to services.
A. True
B. False
A service protected from an XML bomb attack will automatically also be protected from a schema poisoning attack.
A. True
B. False
Designing security policies with is an extension of the SOA characteristic that supports interoperability and avoids .
A. industry standards, business-driven, vendor lock-out
B. industry standards, vendor-neutral, vendor lock-in
C. design standards, composition-centric, vendor lock-in
D. design standards, enterprise-centric, vendor lock-in
A malicious passive intermediary intercepts messages sent between two services. Which of the following is the primary security concern raised by this situation?
A. The integrity of the message can be affected.
B. The confidentiality of the message can be affected.
C. The reliability of the message can be affected.
D. The availability of the message can be affected.
When applying the Exception Shielding pattern, which of the following are valid options for implementing exception shielding logic?
A. as part of the core service logic
B. within a service agent
C. within a utility service
D. All of the above.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only SOA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your S90-19A exam preparations and SOA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.