SOA S90.20 - SOA Security Lab Exam
Page: 2 / 6
Total 30 questions
Question #6 (Topic: )
Service Consumer A sends a request message to Service A (1) after which Service A
retrieves financial data from Database A (2). Service A then sends a request message with
the retrieved data to Service B (3). Service B exchanges messages with Service C (4) and
Service D (5), which perform a series of calculations on the data and return the results to
retrieves financial data from Database A (2). Service A then sends a request message with
the retrieved data to Service B (3). Service B exchanges messages with Service C (4) and
Service D (5), which perform a series of calculations on the data and return the results to
A. Service Consumer A generates a pair of private/public keys (Public Key E and Private Key D) and sends the public key to Service A. Service A can use this key to send confidential messages to Service Consumer A because messages encrypted by the public key of Service Consumer A can only be decrypted by Service A The Data Origin Authentication pattern can be further applied so that Service A can authenticate Service Consumer A by verifying the digital signature on request messages. The Message Scre
B. The Brokered Authentication pattern is applied so that each service consumer generates a pair of private/public keys and sends the public key to Service A. When any service in the external service composition (Services A, B, C, and D) sends a request message to another service, the request message is signed with the private key of the requesting service (the service acting as the service consumer). The service then authenticates the request using the already established public key of the service
C. A utility service is established to encapsulate Database A and to carry out the authentication of all access to the database by Service A and any other service consumers. To further support this functionality within the utility service, an identity store is introduced. This identity store is also used by Service A which is upgraded with its own authentication logic to avoid access by malicious service consumers pretending to be legitimate service consumers. In order to avoid redundant authentica
D. Implement a firewall between Service Consumer A and Service A. All access to Service A is then controlled by the firewall rules. The firewall contains embedded logic that authenticates request messages and then forwards permitted messages to Service A. Moreover, the firewall can implement the Message Screening pattern so that each incoming message is screened for malicious content. This solution minimizes the security processing performed by Service A in order to maintain the performance require
Answer: C
Question #7 (Topic: )
Service Consumer A sends a request message to Service A (1), after which Service A
sends a request message to Service B (2). Service B forwards the message to have its
contents calculated by Service C (3). After receiving the results of the calculations via a
response message from Service C (4), Service B then requests additional data by sending
a request message to Service D (5). Service D retrieves the necessary data from Database
A (6), formats it into an XML document, and sends the response message containing the
XML-formatted data to Service B (7). Service B appends this XML document with the
calculation results received from Service C, and then records the entire contents of the
XML document into Database B (8). Finally, Service B sends a response message to
Service A (9) and Service A sends a response message to Service Consumer A (10).
Services A, B and D are agnostic services that belong to Organization A and are also being
reused in other service compositions. Service C is a publicly accessible calculation service
that resides outside of the organizational boundary. Database A is a shared database used
by other systems within Organization A and Database B is dedicated to exclusive access
by Service B.
[SOA-S90.20-6.0/SOA-S90.20-13_2.png]
Recently, Service D received request messages containing improperly formatted database
retrieval requests. All of these request messages contained data that originated from
Service C. There is a strong suspicion that an attacker from outside of the organization has
been attempting to carry out SOL injection attacks. Furthermore, it has been decided that
each service that writes data to a database must keep a separate log file that records a
timestamp of each database record change. Because of a data privacy disclosure
requirement used by Organization A, the service contracts of these services need to
indicate that this logging activity may occur.
How can the service composition architecture be improved to avoid SQL injecti
sends a request message to Service B (2). Service B forwards the message to have its
contents calculated by Service C (3). After receiving the results of the calculations via a
response message from Service C (4), Service B then requests additional data by sending
a request message to Service D (5). Service D retrieves the necessary data from Database
A (6), formats it into an XML document, and sends the response message containing the
XML-formatted data to Service B (7). Service B appends this XML document with the
calculation results received from Service C, and then records the entire contents of the
XML document into Database B (8). Finally, Service B sends a response message to
Service A (9) and Service A sends a response message to Service Consumer A (10).
Services A, B and D are agnostic services that belong to Organization A and are also being
reused in other service compositions. Service C is a publicly accessible calculation service
that resides outside of the organizational boundary. Database A is a shared database used
by other systems within Organization A and Database B is dedicated to exclusive access
by Service B.
[SOA-S90.20-6.0/SOA-S90.20-13_2.png]
Recently, Service D received request messages containing improperly formatted database
retrieval requests. All of these request messages contained data that originated from
Service C. There is a strong suspicion that an attacker from outside of the organization has
been attempting to carry out SOL injection attacks. Furthermore, it has been decided that
each service that writes data to a database must keep a separate log file that records a
timestamp of each database record change. Because of a data privacy disclosure
requirement used by Organization A, the service contracts of these services need to
indicate that this logging activity may occur.
How can the service composition architecture be improved to avoid SQL injecti
A. Apply the Service Perimeter Guard pattern together with the Message Screening pattern in order to establish a perimeter service with message screening logic. Position the perimeter service between Service C and Service B. The message screening logic rejects or filters out potentially harmful content in messages sent from Service C, prior to being forwarded to Service B. Secondly, update the service contracts for Services B and D with an optional WS-Policy assertion that provides service consumer
B. Apply the Data Origin Authentication pattern to authenticate data received from Service
C. Service C digitally signs any data sent in response messages to Service B. Service B can then verify that the data has not been modified during transit and that it originated from Service C. Secondly, update the service contracts for Services B and D with an ignorable WS-Policy assertion that communicates the possibility of the logging activity. The service contracts for Services B and D are updated with an optional WS-Policy assertion that provides service consumers with the option of complying
D. Apply the Message Screening pattern in order to establish a service agent with message screening logic. Position the service agent between Service C and Service B. The service agent's message screening logic can reject or filter out potentially harmful content in messages sent from Service C, before being processed by Service B. Secondly, update the service contracts for Services B and D with an ignorable WS-Policy assertion that communicates the possibility of the logging activity.
Answer: D
Question #8 (Topic: )
A. The Data Confidentiality pattern can be applied to messages exchanged by the services in Service Inventory A. The Data Origin Authentication pattern can be applied to messages exchanged by services in Service Inventory B.
B. The Service Perimeter Guard pattern can be applied to Service Inventory A in order to establish a perimeter service responsible for validating and filtering all incoming request messages on behalf of Service C. The Data Origin Authentication pattern can be applied to messages exchanged by services in Service Inventory B. This will ensure the integrity of messages by verifying their origins to the message recipients.
C. WS-SecureConversation can be used to secure the communication between the authentication broker and service consumers in Service Inventory A. This ensures that Services A and B will contact Service C to request a security context token that will be used to generates a session key for the encryption of the ticket submitted to Service C. The Data Origin Authentication pattern can be applied to messages exchanged by services in Service Inventory B. This will ensure the integrity of messages try ver
D. WS-Trust can be used to establish secure communication between the authentication broker and the service consumers. After receiving the request message and the corresponding credentials from service consumers, the authentication broker can validate their identity, and if successful, a signed SAML assertion containing all authentication information will be issued. The SAML assertion will then be used to authenticate the service consumers during subsequent communications. Because the messages are
Answer: A
Question #9 (Topic: )
Service Consumer A submits a request message with security credentials to Service A (1).
The identity store that Service A needs to use in order to authenticate the security
credentials can only be accessed via a legacy system that resides in a different service
inventory. Therefore, to authenticate Service Consumer A, Service A must first forward the
security credentials to the legacy system (2). The legacy system then returns the requested
identity to Service A (3). Service A authenticates Service Consumer A against the identity
received from the legacy system. If the authentication is successful, Service A retrieves the
requested data from Database A (4), and returns the data in a response message sent
back to Service Consumer A (5).
Service A belongs to Service Inventory A which further belongs to Security Domain A and
the legacy system belongs to Service Inventory B which further belongs to Security Domain
B. (The legacy system is encapsulated by other services within Service Inventory B, which
are not shown in the diagram.) These two security domains trust each other.
Communication between Service A and the legacy system is kept confidential using
transport-layer security.
[SOA-S90.20-6.0/SOA-S90.20-17_2.png]
It was recently discovered that a malicious attacker, posing as Service Consumer A, has
The identity store that Service A needs to use in order to authenticate the security
credentials can only be accessed via a legacy system that resides in a different service
inventory. Therefore, to authenticate Service Consumer A, Service A must first forward the
security credentials to the legacy system (2). The legacy system then returns the requested
identity to Service A (3). Service A authenticates Service Consumer A against the identity
received from the legacy system. If the authentication is successful, Service A retrieves the
requested data from Database A (4), and returns the data in a response message sent
back to Service Consumer A (5).
Service A belongs to Service Inventory A which further belongs to Security Domain A and
the legacy system belongs to Service Inventory B which further belongs to Security Domain
B. (The legacy system is encapsulated by other services within Service Inventory B, which
are not shown in the diagram.) These two security domains trust each other.
Communication between Service A and the legacy system is kept confidential using
transport-layer security.
[SOA-S90.20-6.0/SOA-S90.20-17_2.png]
It was recently discovered that a malicious attacker, posing as Service Consumer A, has
A.
B. Apply the Service Perimeter Guard pattern together with the Trusted Subsystem pattern to establish a perimeter service that can perform security functions on behalf of Service A. The utility service can verify the validity of the request messages from Service Consumer A by authenticating the request message against an identity store. If the request message is authenticated, the utility service then sends it to Service A for further processing. All communications between Service A and Service Con
C. Apply the Service Perimeter Guard pattern to establish a perimeter service that can perform security functions on behalf of Service A. Next, apply the Data Confidentiality pattern so that the security credential information provided by Service Consumer A with the request message is encrypted with the secret key shared between the perimeter service and Service Consumer A. The perimeter service evaluates the credentials and if successfully authenticated, forwards the request message to Service A.
D. Apply the Trusted Subsystem pattern together with the Data Origin Authentication pattern in order to establish a utility service that performs the security processing on behalf of Service A. Service Consumer A must digitally sign all request messages and encrypt the credential information using the public key of the utility service. The utility service can then verify the security credentials and the digital signature to establish the validity of the request message. If the request message is pe
Answer: A
Question #10 (Topic: )
Service A provides a data access capability that can be used by a variety of service
consumers. The database records accessed by Service A are classified as either private or
public. There are two types of service consumers that use Service A: Service consumers
with public access permissions (allowed to access only public data records) and service
consumers with private access permissions (allowed to access all data records). For
performance reasons the Service A architecture uses a single database, named Database
consumers. The database records accessed by Service A are classified as either private or
public. There are two types of service consumers that use Service A: Service consumers
with public access permissions (allowed to access only public data records) and service
consumers with private access permissions (allowed to access all data records). For
performance reasons the Service A architecture uses a single database, named Database
A. The Exception Shielding pattern is applied to replace the error description text before a response message is returned to the service consumer. Furthermore, the ID value of all database records is appended with a code indicating whether the database record is private or public
B. The database rules are changed so that the ID value of database records no longer needs to be unique. As a further precaution, the Service A logic is changed to disallow the update of private database records by service consumers with only public access permissions.
C. The service consumer's request message containing the ID value can be encrypted by inserting the private key of the service consumer into the data. Because all service consumers have different private keys, this approach will lead to different encrypted values, even if the plain text ID values are the same. As a result, two data items with the same encrypted unique identifier cannot exist.
D. When Service A detects that a service consumer with public access permissions has submitted an ID value that already exists within a private database record, it stores the service consumer's ID value in a temporary database and returns a response message indicating that the update was successful. A notification message is then sent to a human database administrator who manually contacts the owner of the service consumer in order to explain that the ID value submitted cannot be accepted because i
Answer: A
