Fundamental SOA Security v6.0 (S90.18)

Page:    1 / 7   
Total 105 questions

Which of the following are valid reasons for a certificate to be revoked:

  • A. The certificate was fraudulently obtained
  • B. The public key has been compromised
  • C. The private key has been compromised
  • D. The subject is no longer permitted to use the certificate


Answer : A,C,D

Service A hashes a message using algorithm X. which creates message digest X1. Service
B uses a different algorithm Y to create message digest Y1 of the same message. Which of the following statements are true regarding the comparison of X1 and Y1?

  • A. They have fixed sizes
  • B. They can be swapped
  • C. They do not match
  • D. They are based on the same hashing algorithm


Answer : A,C

To provide message confidentiality and message integrity, which of the following patterns need to be applied?

  • A. Data Confidentiality and Direct Authentication
  • B. Data Origin Authentication and Brokered Authentication
  • C. Direct Authentication and Brokered Authentication
  • D. None of the above


Answer : D

The requirement to defer security related state data at runtime relates directly to the application of which service-orientation principle?

  • A. Service Loose Coupling
  • B. Service Autonomy
  • C. Service Abstraction
  • D. None of the above.


Answer : D

A valid signature issued by a certificate authority provides a guarantee that:

  • A. the certificate authority can be trusted
  • B. the certificate is not expired
  • C. the certificate is being used for an authorized purpose
  • D. None of the above.


Answer : D

A service that was previously using a shared identity store is now given its own dedicated identity store instead. What are the likely impacts (positive or negative) that will result from this change?

  • A. The service's autonomy is increased.
  • B. The operational responsibility is increased due to the need to keep the dedicated identity store in synch with a parent identity store.
  • C. The potential to apply the Service Abstraction principle is increased.
  • D. The service will no longer be dependent on a certificate authority.


Answer : A,B

When establishing a single sign-on mechanism, the application of the Standardized Service
Contract principle requires the use of SAML because it is an industry standard understood by multiple service consumers.

  • A. True
  • B. False


Answer : B

The services within a domain service inventory provide access to confidential data retrieved from a shared database. These services need to be accessible from outside the domain service inventory. Which of the following design options will preserve the confidentiality of the data when the services are accessed from outside the service inventory?

  • A. The Direct Authentication pattern is applied to the database used by the services that need to be externally accessed.
  • B. A dedicated database is created to store the confidential data. This database will only be used by the services that need to be externally accessed.
  • C. The messages exchanged by the services are designed to include security tokens.
  • D. None of above


Answer : D

The more _____________ the security architecture is across services, the more
____________the service composition architecture.

  • A. standardized, flexible
  • B. centralized, vendor-neutral
  • C. standardized, vendor-centric
  • D. centralized, inflexible


Answer : A

In order to keep a service-oriented architectural model in constant alignment with the business it can be helpful for the security architecture to be ____________ and
___________.

  • A. fragmented, decentralized
  • B. vendor-diverse, coupled
  • C. abstracted, centralized
  • D. vendor-specific, centralized


Answer : C

The messages exchanged between two services are kept confidential by using symmetric encryption. The security specialist is quite strict about making sure that no attacker is able to intercept and decipher messages sent between these two services. As a result, periodic audits are conducted in order to ensure that shared keys are always kept confidential. A single shared key has been in use for quite some time now. The security specialist was confident that all keys were well guarded, but just recently their security was compromised.
How is this possible given that the shared key was never lost?

  • A. Symmetric encryption is not intended for long-term use. It needs to be replaced with asymmetric encryption after some time.
  • B. The attackers somehow figured out which encryption algorithm was used. As a result, they were able to decipher the messages.
  • C. Because the same shared key was used for a long time, attackers were able to obtain the key by comparing messages sent between the two services.
  • D. The shared key was decoded by the attackers using algorithms from related private keys used during prior message exchanges.


Answer : C

Which of the following is not a hashing algorithm?

  • A. MD5
  • B. X.509
  • C. SHA-1
  • D. SHA-256


Answer : B

A set of SAML tokens has been used as a result of the application of the Brokered
Authentication pattern within a particular service inventory. Because SAML assertions normally contain a signature, the security specialist is confident that the integrity of messages will be maintained. What's wrong with this assumption?

  • A. The signature contained within the SAML assertion protects the integrity of the assertion, not of the message itself.
  • B. SAML assertions also contain the name of the issuer and the validity period, which are needed in addition to the signature to ensure message integrity.
  • C. SAML assertions cannot contain signatures.
  • D. Nothing is wrong. The security specialist's assumption is correct.


Answer : A

A service is forced to use a non-standardized service contract that expresses security policies that were derived from underlying legacy resources. This inhibits the application of which of the following service-orientation principles?

  • A. Service Statelessness
  • B. Service Loose Coupling
  • C. Service Authenticity
  • D. Standardized Service Contract


Answer : B,D

Digital signatures use encryption and hashing.

  • A. True
  • B. False


Answer : A

Page:    1 / 7   
Total 105 questions