S90.18 Exam - Free SOA Questions and Answers

Question #1 (Topic: )

By applying the Data Origin Authentication pattern together with the Brokered
Authentication pattern, you guarantee confidential message exchanges by a service
consumer that needs to repeatedly authenticate itself with a set of services within the same
service composition.

A. True B. False

Answer: B

Question #2 (Topic: )

When working with SAML, a Security Token Service (STS) and a Service Provider refer to
the same service.

A. True B. False

Answer: B

Question #3 (Topic: )

Service A requires certificates signed by a trusted certificate authority. The certificate
authority publishes a Certificate Revocation List (CRL) on a frequent basis. As a result,
some of the service consumers that were previously authorized to access Service A will not
be able to after new CRLs are issued. How can this security requirement be enforced?

A. A human security administrator needs to check the validity of each certificate with the certificate authority whenever Service A is accessed. B. An intermediary can check against the CRL to determine whether a certificate provided by a service consumer is still valid. C. Using certificates in such a scenario is not a valid option. D. None of the above

Answer: B

Question #4 (Topic: )

The Data Confidentiality pattern is applied to all of the services in a service inventory. As a
result, all message data must be encrypted.

A. True B. False

Answer: B

Question #5 (Topic: )

The use of XML-Encryption supports the application of the Service Abstraction principle
because the actual message remains hidden from the attacker.

A. True B. False

Answer: B

SOA S90.18 - Fundamental SOA Security Exam