Service A retrieves data from third-party services that reside outside the organizational boundary. The quality of the data provided by these third-party services is not guaranteed. Service A contains exception shielding logic that checks all outgoing messages. It is discovered that service consumers are still sometimes receiving malicious content from Service A. Because digital signatures are being used, it is confirmed that Service A is, in fact, the sender of these messages and that the messages are not being altered by any intermediaries.
Why do messages from Service A continue to contain malicious content?
A. Messages received from third-party services are the likely source of the malicious content.
B. Digital signatures alone are not sufficient. They need to be used in conjunction with asymmetric encryption in order to ensure that no intermediary can alter messages.
C. Exception shielding logic needs to be used in conjunction with asymmetric encryption in order to guarantee that malicious content is not spread to service consumers.
D. None of the above.
Service A is a Web service with an implementation that uses managed code. To perform a graphics-related operation, this managed code needs to access a graphics function that exist as unmanaged code. A malicious service consumer sends a message to Service A containing a very large numeric value. This value is forwarded by Service A' s logic to the graphics function. As a result, the service crashes and becomes unavailable.
The service consumer successfully executed which attack?
A. Buffer overrun attack
B. Exception generation attack
C. XML parser attack
D. None of the above
The application of the Data Origin Authentication pattern and the Data Confidentiality pattern do not help mitigate the risk of malicious intermediary attacks.
A. True
B. False
A utility service is responsible for encapsulating a legacy database and providing centralized access to the database for any of its service consumers. However, it is discovered that several service consumers are accessing the database directly. This is considered a security concern because much of the data in the database is classified as sensitive.
How can this concern be addressed?
A. The Trusted Subsystem pattern can be applied to establish an architecture whereby service consumers are required to access the utility service in order to gain access to the data in the database
B. Service agents can be added to route messages to an authentication broker. That way, only authorized service consumers would get access to the database.
C. The Message Screening pattern can be applied so that messages sent to the utility service are inspected at runtime.
D. None of the above.
Which of the following types of WS-SecurityPolicy assertions is required in order to determine whether derived keys are needed for a key agreement security session?
A. protection assertions
B. token assertions
C. security binding assertions
D. None of the above.
Service A acts as a trusted subsystem for a shared database. The database contains sensitive information and performs strict validation on all incoming data modification requests. In case of any invalid input values, the database throws detailed error messages that are required for debugging purposes and are automatically relayed back to service consumers by Service A. Recently, while going through the access logs of the database, it has been reported that attempts have been made to connect to the database from outside the organization.
What can be done to prevent such attacks while preserving the existing database debugging requirements?
A. The Data Confidentially pattern needs to be applied so that all request and response messages exchanged by Service A are encrypted.
B. The Data Origin Authentication pattern needs to be applied in order to incorporate digital signatures in request and response messages exchanged by Service A.
C. The Service Perimeter Guard pattern needs to be applied in order to centralize access to the database.
D. None of the above.
Service A is an agnostic service that is part of a complex service composition that relies on the use of several intermediaries for message routing purposes. Due to a recent malicious intermediary attack, public key cryptography and digital signatures have been added to Service A. Subsequently, the attacks stop. However, legitimate service consumers are experiencing latency when interacting with services from this complex service composition. Following an investigation, it is discovered that Service A has increased its system resource consumption in order to perform its new security-related functions.
How can you improve Service A's performance without compromising its security requirements and without introducing new security mechanisms?
A. Use symmetric encryption in combination with the Service Perimeter Guard pattern and SAML tokens.
B. Use key agreement security sessions by deriving different keys from a session key for signing as well as encryption.
C. Use base 64 encoded certificates in order to provide integrity and confidentiality.
D. None of the above.
A service uses specialized logic to compare the size of a request message to the maximum allowable size that is specified for request messages. Upon a mismatch, the service triggers an error that results in the issuance of a message with detailed error information.
What type of attack does this specialized logic not help protect the service from?
A. XML parser attack
B. buffer overrun attack
C. exception generation attack
D. XPath injection attack
Architects have applied the Service Perimeter Guard pattern to a service inventory by adding a perimeter service inside the firewall that receives all incoming request messages and then routes them to the appropriate services. The firewall has been configured to allow any service consumers to send messages to the perimeter service. You are told that this security architecture is flawed.
Which of the following statements describes a valid approach for improving the security architecture?
A. The Trusted Subsystem pattern needs to be applied to the perimeter service so that it can authenticate all incoming requests before forwarding them to services within the service inventory.
B. The perimeter service needs to be outside the firewall and the firewall needs to be configured so that only the perimeter service has access to the services within the service inventory.
C. The described security architecture is not flawed because the Service Perimeter Guard pattern was applied correctly.
D. None of the above.
Service A contains reporting logic that collects statistical data from different sources in order to produce a report document. One of the sources is a Web service that exists outside of the organizational boundary. Some of Service A's service consumers are encountering slow response times and periods of unavailability when invoking Service A. While investigating the cause, it has been discovered that some of the messages received from the external Web service contain excessive data and links to files (that are not XML schemas or policies).
What can be done to address this issue?
A. define cardinality in message schemas
B. correlate request and response messages across different services
C. use precompiled XPath expressions
D. avoid downloading XML schemas at runtime
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only SOA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your S90-19A exam preparations and SOA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.