Fundamental SOA Security v6.0

Page:    1 / 7   
Exam contains 98 questions

Service A requires self-signed digital certificates from all of its service consumers. The service and its service consumers both belong to the same organization. You are presented with a new requirement to only allow access to those service consumers with certificates that have not expired. How can this requirement be addressed with minimal impacts on the current security architecture?

  • A. The current security mechanism already addresses this requirement because the certificates contain a value that represents the validity period.
  • B. The certificates need to be signed by an external certificate authority so that the certificate authority's Certificate Revocation List (CRL) can be accessed in order to check the expiry dates of the certificates.
  • C. Using certificates in this scenario is not a valid option.
  • D. None of the above


Answer : A

The X.509 token can be used to express a ______________ security token that provides an X.509 digital certificate.

  • A. text-based
  • B. UDDI-based
  • C. binary
  • D. None of the above.


Answer : C

Responses issued by Certificate Revocation Lists (CRLs) and Online Certificate Status
Protocol (OCSP) services need to be ___________ and ___________ so that it can be determined whether these responses were sent by a trusted certificate authority or a malicious program pretending to be a certificate authority.

  • A. encrypted, verified
  • B. signed, verified
  • C. encrypted, decrypted
  • D. signed, decrypted


Answer : B

The application of the Service Autonomy principle is always negatively affected when applying the Data Confidentiality pattern together with the Data Origin Authentication pattern.

  • A. True
  • B. False


Answer : B

The Data Confidentiality pattern can be applied using which of the following security mechanisms?

  • A. symmetric encryption
  • B. asymmetric encryption
  • C. hashing
  • D. identity store


Answer : A,B

Security mechanisms that are based on vendor-specific security technology will always decrease the autonomy of services that are required to use these security mechanisms.

  • A. True
  • B. False


Answer : B

Service A sends a message to Service B which reads the values in the message header to determine whether to forward the message to Service C or Service D. Because of recent attacks on Services C and D, it has been decided to protect the body content of messages using some form of encryption. However, certain restrictions within the design of Service B will not permit it to be changed to support the encryption and decryption of messages. Only
Services A, C and D can support message encryption and decryption. Which of the following approaches fulfill these security requirements without changing the role of Service
B?

  • A. Transport-layer security is implemented between all services.
  • B. Message-layer security is implemented between all services.
  • C. Service B is removed. Instead, the routing logic is added to Service A.
  • D. None of the above


Answer : B

Online Certificate Status Protocol (OCSP) based services provide online certificate revocation checking. However, these types of services can introduce network latency because only one certificate can be checked at a time.

  • A. True
  • B. False


Answer : A

When using a single sign-on mechanism, security contexts are____________.

  • A. discarded within seconds after creation
  • B. stored in a UDDI repository for auditing purposes
  • C. combined together at runtime
  • D. None of the above.


Answer : B

The Direct Authentication pattern has been applied to a set of services so that they can authenticate service consumers. These services use a shared identity management system. This results in a security architecture that reduces the potential for applying the
Service Autonomy principle.

  • A. True
  • B. False


Answer : A

Username and X.509 token profiles can be combined so that a single message can contain a username token that is digitally signed.

  • A. True
  • B. False


Answer : A

Atypical SAML assertion will contain at least one of the following subject statements:

  • A. authorization decision statement
  • B. authentication statement
  • C. attribute statement
  • D. certificate authority issuer statement


Answer : A,B,C

Which of the following design options can help reduce the amount of runtime processing required by security logic within a service composition?

  • A. Increase the usage of XML-Encryption and XML-Signature.
  • B. Use a single sign-on mechanism.
  • C. Introduce an identity store that is shared by the services within the service composition.
  • D. Ensure that non-repudiation is constantly guaranteed.


Answer : B

With SAML, the _____________ element is used by the relying party to confirm that a given message came from the subject specified in the assertion.

  • A. subject confirmation
  • B. token
  • C. sign-on
  • D. claim


Answer : A

A project team is planning to create a secure service composition that consists of services from two different domain service inventories. The security mechanisms for each service inventory are based on different vendor technologies that adhere to the same industry standards and the same design standards. What is wrong with this service composition architecture?

  • A. Because different vendor security technologies were used, services from different domain service inventories will be using incompatible security credentials.
  • B. Security mechanisms have a fixed limitation that prevents their usage across service inventory boundaries.
  • C. Vendor technologies do not adhere to industry standards. Only industry technologies adhere to industry standards.
  • D. None of the above


Answer : D

Page:    1 / 7   
Exam contains 98 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.