Architects responsible for a domain service inventory are being asked to make some of their services available to service consumers from outside the organization. However, they are reluctant to do so and consult you to help define a security architecture that will keep all of the existing services within the domain service inventory hidden within a private network.
Which of the following is a valid approach for fulfilling this requirement?
A. Apply the Brokered Authentication pattern to position an authentication broker outside the private network that has beenconfigured to access the internal services via a firewall. The authentication broker becomes the sole contact point for external service consumers.
B. Apply the Service Perimeter Guard pattern in order to position a perimeter service outside the private network that has been configured to access the internal services via a firewall. The perimeter service becomes the sole contact point for external service consumers.
C. Apply the Trusted Subsystem pattern in order to position a service outside the private network that authenticates each incoming request and then uses its own set of credentials to get access to internal services. This service becomes the sole contact point for external service consumers.
D. None of the above.
The Message Screening pattern can be used to avoid which of the following types of attacks?
A. buffer overrun attack
B. XPath injection attack
C. SQL injection attack
D. exception generation attack
The Exception Shielding pattern was applied to the design of Service A. During testing, it is revealed that Service A is disclosing sensitive error information in one of its response messages.
How is this possible?
A. It is the Message Screening pattern, not the Exception Shielding pattern, that prevents a service from transmitting sensitive error information in response messages.
B. The Trusted Subsystem pattern has already been applied to Service A, thereby conflicting with the application of the Exception Shielding pattern.
C. The Exception Shielding pattern states that, in case of an error, the service should not send back any message at all, because this would implicitly tell the service consumer that something has gone wrong, thereby exposing vulnerabilities.
D. None of the above.
As an SOA security specialist you are being asked to educate an IT team about how to best design security policies for a given set of services.
Which of the following recommendations are valid?
A. common security requirements can be centralized into shared security policies
B. security policies are defined by using WSDL and XML Schema industry standards together
C. security policies can be decoupled from service logic
D. security policies can be part of service contracts and are therefore subject to the Service Loose Coupling principle
Which of the following are types of security sessions?
A. Authentication
B. Authorization
C. asymmetric key agreement
D. single sign-on
The use of a perimeter service can centralize authentication and authorization logic and it can also prevent direct access to other services positioned behind a firewall.
A. True
B. False
Service A expresses its requirement for message-layer security to service consumers via a security policy. Since the launch of Service A, its popularity has grown and it is decided that a fee should be charged for its use. Consequently, the design of Service A is changed so that it is capable of keeping a log of all request messages received from service consumers. The fact that Service A is logging all incoming messages is something that can also be expressed via a policy.
A. True
B. False
Because of a new security requirement, all messages received by Service A need to be logged. This requirement needs to be expressed in a policy that is part of Service A's service contract. However, the addition of this policy must not impact existing service consumers that have already formed dependencies on Service A's service contract.
How can this be accomplished?
A. The policy can be centralized and isolated into a separate policy document that is linked to the service contract.
B. The policy can be expressed using a digital certificate that is added to the service contract.
C. The policy can be expressed using an ignorable policy assertion that is added to the service contract.
D. None of the above.
A security architecture needs to be created in order to guarantee that messages that are sent to Service A must comply to a security policy that is published as part of Service A's service contract.
The application of which of the following patterns will fulfill this requirement?
A. Message Screening
B. Brokered Authentication
C. Exception Shielding
D. None of the above
A legacy system is used as a shared resource by a number of services within a service inventory. The services that access the legacy system use the same user account. The legacy system is also directly accessed by other applications that also use the same set of credentials as the services. It was recently reported that a program gained unauthorized access to confidential data in the legacy system. However, because all of the programs that access the legacy system use the same set of credentials, it is difficult to find out which program carried out the attack.
How can another attack like this be avoided?
A. The Message Screening pattern can be applied to monitor incoming request messages.
B. The Trusted Subsystem pattern can be applied to avoid direct access to the legacy system by any program except a designated service.
C. The Service Perimeter Guard pattern can be applied so that all programs that are not services are required to access the legacy system via a perimeter service.
D. None of the above.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only SOA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your S90-19A exam preparations and SOA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.