S90.19 by SOA Actual Free Exam Questions And Answers

Question 1

As an SOA security specialist you are being asked to educate an IT team about how to best design security policies for a given set of services. Which of the following recommendations are valid?

A. common security requirements can be centralized into shared security policies

B. security policies can be decoupled from service logic

C. security policies are defined by using WSDL and XML Schema industry standards together

D. security policies can be part of service contracts and are therefore subject to the Service Loose Coupling principle

Discussion 0

Correct Answer: A,B,D Vote an answer

Question 2

The application of the Message Screening pattern can help avoid which of the following attacks?

A. Insufficient authorization attack

B. Buffer overrun attack

C. XPath injection attack

D. SQL injection attack

Discussion 0

Correct Answer: B,C,D Vote an answer

Question 3

An alternative to using a ___________ is to use a __________.

A. Public key, private key

B. Digital signature, asymmetric key

C. Public key, key agreement security session

D. Digital signature, symmetric key

Discussion 0

Correct Answer: C Vote an answer

Question 4

A service is designed to respond to an error condition by issuing a message containing detailed error information. This message includes connection information for a database that is shared by numerous services within the service inventory. An attacker intentionally sends an invalid message to the service in order to trigger an error and receive the connection information. The attacker then proceeds to connect to the database and issues a series of malicious SQL queries that make the database non-responsive. As a result, a number of services within the service inventory are disabled. Which of the following types of attacks were successfully carried out?

A. Buffer overrun attack

B. Exception generation attack

C. SQL injection attack

D. Denial of service attack

Discussion 0

Correct Answer: B,D Vote an answer

Question 5

Which of the following statements regarding the usage of security tokens for authentication and authorization are true?

A. Security tokens can only be issued by a legitimate token issuer.

B. Security tokens can be validated without resorting to pre-shared secrets.

C. Security token issuance and cancellation are done by the relying party.

D. Security tokens issued by a token issuer in the same security domain can be used with a different token issuer in a different security domain in order to get access to services in that domain.

Discussion 0

Correct Answer: B,D Vote an answer

Question 6

Service A contains reporting logic that collects statistical data from different sources in order to produce a report document. One of the sources is a Web service that exists outside of the organizational boundary. Some of Service A's service consumers are encountering slow response times and periods of unavailability when invoking Service A.
While investigating the cause, it has been discovered that some of the messages received from the external Web service contain excessive data and links to files (that are not XML schemas or policies). What can be done to address this issue?

A. define cardinality in message schemas

B. avoid downloading XML schemas at runtime

C. use precompiled XPath expressions

D. correlate request and response messages across different services

Discussion 0

Correct Answer: A,B Vote an answer

Question 7

A common alternative to_____________ is the use of a ____________.

A. Private keys, digital signatures

B. Digital signatures, symmetric key

C. Public key cryptography, public key

D. Public key cryptography, private key

Discussion 0

Correct Answer: C Vote an answer

Question 8

An ESB is introduced into an IT enterprise, primarily to enable communication between a set of disparate Web services. As a first step, the ESB needs to be configured to carry out data model transformation in order to overcome differences in the XML schemas used by the Web services. However, the messages exchanged by the Web services need to be encrypted. What needs to be done in order for the ESB to enable communication between the Web services without compromising message confidentiality?

A. The Web services need to be designed to support transport-layer security instead of message-layer security.

B. The ESB needs to be configured so that it can decrypt and encrypt messages.

C. In this scenario, the ESB cannot enable communication between the Web services without compromising message confidentiality.

D. The messages need to be digitally signed instead of encrypted.

Discussion 0

Correct Answer: B Vote an answer

Question 9

A denial of service attack can be the byproduct of an insufficient authorization attack.

A. False

B. True

Discussion 0

Correct Answer: B Vote an answer

SOA Advanced SOA Security - S90.19 Exam Practice Test

Contact Us

Useful Links

Latest Updated