An ESB is introduced into an IT enterprise, primarily to enable communication between a set of disparate Web services. As a first step, the ESB needs to be configured to carry out data model transformation in order to overcome differences in the XML schemas used by the Web services. However, the messages exchanged by the Web services need to be encrypted.
What needs to be done in order for the ESB to enable communication between the Web services without compromising message confidentiality?
A. The messages need to be digitally signed instead of encrypted.
B. The ESB needs to be configured so that it can decrypt and encrypt messages.
C. The Web services need to be designed to support transport-layer security instead of message- layer security.
D. In this scenario, the ESB cannot enable communication between the Web services without compromising message confidentiality.
Service A, residing outside the private network of an organization, provides logic that sanitizes message error information on behalf of other services that reside inside the private network, behind a firewall.
Where is the vulnerability in this architecture?
A. There is no central management of error messages. Instead, policy enforcement points should be used so that all services are required to comply with a policy that states that any error message generated needs to be free of sensitive data.
B. The sanitization logic resides outside the private network. Therefore, if communication between Service A and the services within the private network is compromised, an attacker can get access to sensitive data from non-sanitized messages generated by services inside the private network.
C. There is no single sign-on mechanism in place, which puts all services (within and outside the private network) at risk.
D. None of the above.
Which of the following statements is true?
A. When the maxOccurs attribute in an XML schema element is not specified it creates a security risk because attackers can specify this element multiple times.
B. When numeric ranges within an XML schema are not specified it creates a security risk because attackers can introduce very large numeric values within the message data.
C. When the xsd:any element is used within an XML schema it can introduce a security risk because it allows attackers to extend the schema.
D. All of above.
The Message Screening pattern can be applied to a service acting as a trusted subsystem for an underlying database. That way, the database would be protected from SOL injection attacks.
A. True
B. False
Which of the following statements regarding the usage of security tokens for authentication and authorization are true?
A. Security tokens can be validated without resorting to pre-shared secrets.
B. Security tokens issued by a token issuer in the same security domain can be used with a different token issuer in a different security domain in order to get access to services in that domain.
C. Security token issuance and cancellation are done by the relying party.
D. Security tokens can only be issued by a legitimate token issuer.
Service A accesses a legacy system. There is a requirement to secure Service A so that it can only be accessed by authorized service consumers. The current service architecture doesn't allow the delegation of service consumer credentials to the legacy system.
Which pattern needs to be applied in order to fulfill this security requirement?
A. Brokered Authentication
B. Direct Authentication
C. Data Origin Authentication
D. None of the above.
Service A is part of a large service composition. Following an attack, Service A becomes non- responsive. Which of the following attacks could be responsible for Service A's non- responsiveness?
A. Buffer overrun attack
B. Exception generation attack
C. XML parser attack
D. None of the above.
Service A contains a comprehensive message screening routine that can consume a lot of system resources. Service consumers are reporting that sometimes Service A becomes non-responsive, especially after it receives a message containing a large amount of content.
This may be an indication of which types of attacks?
A. XML parser attack
B. Denial of service attack
C. Insufficient authorization
D. XPath injection
Service A is a Web service that accesses the Student table in a shared database in order to store XML-based student records. When invoked, the GetStudent operation of Service A uses a StudentID value to retrieve the record of a single student by executing an XPath query. An attacker sends a malicious message that manipulates the XPath query to return all the student records.
Which of the following attacks was carried out?
A. XML parser attack
B. SQL injection attack
C. XPath injection attack
D. None of the above
The Service Perimeter Guard pattern is applied to position a perimeter service outside of the firewall. The firewall only permits the perimeter service to access services within a specific service inventory.
Which of the following statements describes a valid problem with this security architecture?
A. The Trusted Subsystem pattern was not applied to the perimeter service.
B. The perimeter service needs to be located inside the firewall and the firewall needs to be configured so that only known service consumers have access to the service inventory.
C. The Service Perimeter Guard pattern cannot be applied to a service outside of a service inventory.
D. None of the above
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only SOA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your S90-19A exam preparations and SOA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.