SOA S90.18 - Fundamental SOA Security Exam
Page: 2 / 20
Total 98 questions
Question #6 (Topic: )
Which of the following industry standards can be used to apply the Data Confidentiality
pattern?
pattern?
A. XML-Encryption
B. XML-Signature
C. SAML
D. All of the above.
Answer: A
Question #7 (Topic: )
A SAML assertion always contains:
A. the name of the issuer
B. a validity period
C. subject confirmation
D. signature
Answer: A,B
Question #8 (Topic: )
Service A is an agnostic service that currently uses message-layer security implemented
by symmetric encryption. However, because Service A has recently been successfully
attacked, it has been decided that asymmetric encryption needs to be used instead. The
nature of the messages exchanged by Service A requires that only some parts of the
message data need to be encrypted. Although it is agreed that asymmetric encryption is
required, architects are concerned that it will adversely affect the service's runtime
performance. Which of the following approaches will fulfill these security requirements with
the least amount of performance degradation?
by symmetric encryption. However, because Service A has recently been successfully
attacked, it has been decided that asymmetric encryption needs to be used instead. The
nature of the messages exchanged by Service A requires that only some parts of the
message data need to be encrypted. Although it is agreed that asymmetric encryption is
required, architects are concerned that it will adversely affect the service's runtime
performance. Which of the following approaches will fulfill these security requirements with
the least amount of performance degradation?
A. An authentication broker needs to be introduced with a dedicated identity store.
B. Only the required parts of the message need to be encrypted instead of encrypting the entire message.
C. The Direct Authentication pattern needs to be applied so that no intermediary is involved between Service A and its service consumers.
D. Certificates need to be issued by a registered certificate authority.
Answer: B
Question #9 (Topic: )
The owner of a service inventory reports that the public key related to a certain private key
has been lost. There is a concern that this was the result of a security breach. A security
specialist recommends contacting the certificate authority in order to add the corresponding
certificate to the certificate authority's Certificate Revocation List (CRL). However, the
certificate authority responds by indicating that this is not necessary. Which of the following
answers explains this response?
has been lost. There is a concern that this was the result of a security breach. A security
specialist recommends contacting the certificate authority in order to add the corresponding
certificate to the certificate authority's Certificate Revocation List (CRL). However, the
certificate authority responds by indicating that this is not necessary. Which of the following
answers explains this response?
A. The certificate authority needs to issue a new public key instead.
B. The certificate authority requires that the existing public key needs to be changed within the existing certificate.
C. Public keys cannot get lost because they are already publically available.
D. None of the above
Answer: C
Question #10 (Topic: )
The application of the Service Composability principle dictates that services acting as
composition members be designed to establish and propagate a security context to other
composition members, while services acting as composition controllers be designed so that
they are prepared to join a security context already in progress rather than carrying out
authentication themselves.
composition members be designed to establish and propagate a security context to other
composition members, while services acting as composition controllers be designed so that
they are prepared to join a security context already in progress rather than carrying out
authentication themselves.
A. True
B. False
Answer: B
