SOA S90.18 - Fundamental SOA Security Exam

Page:    1 / 20   
Total 98 questions

By applying the Data Origin Authentication pattern together with the Brokered
Authentication pattern, you guarantee confidential message exchanges by a service consumer that needs to repeatedly authenticate itself with a set of services within the same service composition.

  • A. True
  • B. False


Answer : B

When working with SAML, a Security Token Service (STS) and a Service Provider refer to the same service.

  • A. True
  • B. False


Answer : B

Service A requires certificates signed by a trusted certificate authority. The certificate authority publishes a Certificate Revocation List (CRL) on a frequent basis. As a result, some of the service consumers that were previously authorized to access Service A will not be able to after new CRLs are issued. How can this security requirement be enforced?

  • A. A human security administrator needs to check the validity of each certificate with the certificate authority whenever Service A is accessed.
  • B. An intermediary can check against the CRL to determine whether a certificate provided by a service consumer is still valid.
  • C. Using certificates in such a scenario is not a valid option.
  • D. None of the above


Answer : B

The Data Confidentiality pattern is applied to all of the services in a service inventory. As a result, all message data must be encrypted.

  • A. True
  • B. False


Answer : B

The use of XML-Encryption supports the application of the Service Abstraction principle because the actual message remains hidden from the attacker.

  • A. True
  • B. False


Answer : B

Page:    1 / 20   
Total 98 questions