Service A requires self-signed digital certificates from all of its service consumers. The service and its service consumers both belong to the same organization. You are presented with a new requirement to only allow access to those service consumers with certificates that have not expired. How can this requirement be addressed with minimal impacts on the current security architecture?
Answer : A
The X.509 token can be used to express a ______________ security token that provides an X.509 digital certificate.
Answer : C
Responses issued by Certificate Revocation Lists (CRLs) and Online Certificate Status
Protocol (OCSP) services need to be ___________ and ___________ so that it can be determined whether these responses were sent by a trusted certificate authority or a malicious program pretending to be a certificate authority.
Answer : B
The application of the Service Autonomy principle is always negatively affected when applying the Data Confidentiality pattern together with the Data Origin Authentication pattern.
Answer : B
The Data Confidentiality pattern can be applied using which of the following security mechanisms?
Answer : AB
Security mechanisms that are based on vendor-specific security technology will always decrease the autonomy of services that are required to use these security mechanisms.
Answer : B
Service A sends a message to Service B which reads the values in the message header to determine whether to forward the message to Service C or Service D. Because of recent attacks on Services C and D, it has been decided to protect the body content of messages using some form of encryption. However, certain restrictions within the design of Service B will not permit it to be changed to support the encryption and decryption of messages. Only
Services A, C and D can support message encryption and decryption. Which of the following approaches fulfill these security requirements without changing the role of Service
B?
Answer : B
Online Certificate Status Protocol (OCSP) based services provide online certificate revocation checking. However, these types of services can introduce network latency because only one certificate can be checked at a time.
Answer : A
When using a single sign-on mechanism, security contexts are____________.
Answer : B
The Direct Authentication pattern has been applied to a set of services so that they can authenticate service consumers. These services use a shared identity management system. This results in a security architecture that reduces the potential for applying the
Service Autonomy principle.
Answer : A
Username and X.509 token profiles can be combined so that a single message can contain a username token that is digitally signed.
Answer : A
Atypical SAML assertion will contain at least one of the following subject statements:
Answer : ABC
Which of the following design options can help reduce the amount of runtime processing required by security logic within a service composition?
Answer : B
With SAML, the _____________ element is used by the relying party to confirm that a given message came from the subject specified in the assertion.
Answer : A
A project team is planning to create a secure service composition that consists of services from two different domain service inventories. The security mechanisms for each service inventory are based on different vendor technologies that adhere to the same industry standards and the same design standards. What is wrong with this service composition architecture?
Answer : D
Have any questions or issues ? Please dont hesitate to contact us