Advanced SOA Security v6.0

Page:    1 / 6   
Exam contains 83 questions

A malicious passive intermediary intercepts messages sent between two services. Which of the following is the primary security concern raised by this situation?

  • A. The integrity of the message can be affected.
  • B. The confidentiality of the message can be affected.
  • C. The reliability of the message can be affected.
  • D. The availability of the message can be affected.


Answer : B

The use of derived keys is based on symmetric encryption. This is similar to asymmetric encryption because different keys can be derived from a session key and used separately for encryption and decryption.

  • A. True
  • B. False


Answer : B

Service A's logic has been implemented using managed code. An attacker sends an XML

  • A. XML parser attack
  • B. Buffer overrun attack
  • C. Insufficient authorization attack
  • D. Denial of service


Answer : A,D

SAML assertions are smaller than certificates and they do not require access to any remote system for verification purposes.

  • A. True
  • B. False


Answer : B

When applying the Exception Shielding pattern, which of the following are valid options for implementing exception shielding logic?

  • A. as part of the core service logic
  • B. within a service agent
  • C. within a utility service
  • D. All of the above.


Answer : D

Service A retrieves data from third-party services that reside outside the organizational boundary. The quality of the data provided by these third-party services is not guaranteed.
Service A contains exception shielding logic that checks all outgoing messages. It is discovered that service consumers are still sometimes receiving malicious content from

  • A. Messages received from third-party services are the likely source of the malicious content.
  • B. Digital signatures alone are not sufficient. They need to be used in conjunction with asymmetric encryption in order to ensure that no intermediary can alter messages.
  • C. Exception shielding logic needs to be used in conjunction with asymmetric encryption in order to guarantee that malicious content is not spread to service consumers.
  • D. None of the above.


Answer : A

The exception shielding logic resulting from the application of the Exception Shielding pattern can be centralized by applying which additional pattern?

  • A. Message Screening
  • B. Trusted Subsystem
  • C. Service Perimeter Guard
  • D. None of the above.


Answer : C

An XML bomb attack and an XML external entity attack are both considered types of XML parser attacks.

  • A. True
  • B. False


Answer : A

How can the use of pre-compiled XPath expressions help avoid attacks?

  • A. Pre-compiled XPath expressions execute faster and therefore help avoid denial of service attacks.
  • B. Pre-compiled XPath expressions reduce the chance of missing escape characters, which helps avoid XPath injection attacks
  • C. Pre-compiled XPath expressions contain no white space, which helps avoid buffer overrun attacks
  • D. They can't because XPath expressions cannot be pre-compiled


Answer : B

An alternative to using a ___________ is to use a __________.

  • A. Public key, private key
  • B. Digital signature, symmetric key
  • C. Public key, key agreement security session
  • D. Digital signature, asymmetric key


Answer : C

The Exception Shielding pattern can be applied together with the Trusted Subsystem pattern.

  • A. True
  • B. False


Answer : A

Service A contains a comprehensive message screening routine that can consume a lot of system resources. Service consumers are reporting that sometimes Service A becomes non-responsive, especially after it receives a message containing a large amount of content. This may be an indication of which types of attacks?

  • A. XML parser attack
  • B. Denial of service attack
  • C. Insufficient authorization
  • D. XPath injection


Answer : A,B

A malicious active intermediary intercepts a message sent between two services. What concerns are raised by such an attack?

  • A. The integrity of the message can be compromised
  • B. The confidentiality of the message can be compromised
  • C. the message can be routed to a different destination
  • D. All of the above.


Answer : D

The Service Perimeter Guard pattern is applied to position a perimeter service outside of the firewall. The firewall only permits the perimeter service to access services within a specific service inventory. Which of the following statements describes a valid problem with this security architecture?

  • A. The Trusted Subsystem pattern was not applied to the perimeter service.
  • B. The perimeter service needs to be located inside the firewall and the firewall needs to be configured so that only known service consumers have access to the service inventory.
  • C. The Service Perimeter Guard pattern cannot be applied to a service outside of a service inventory.
  • D. None of the above


Answer : D

As an SOA security specialist you are being asked to educate an IT team about how to best design security policies for a given set of services. Which of the following recommendations are valid?

  • A. common security requirements can be centralized into shared security policies
  • B. security policies are defined by using WSDL and XML Schema industry standards together
  • C. security policies can be decoupled from service logic
  • D. security policies can be part of service contracts and are therefore subject to the Service Loose Coupling principle


Answer : A,C,D

Page:    1 / 6   
Exam contains 83 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.