SOA Fundamental SOA Security - S90.18 FREE EXAM DUMPS QUESTIONS & ANSWERS]

Question 1

Using transport-layer security, an active intermediary that takes possession of a message
can compromise:

A. message confidentiality and message integrity B. message confidentiality C. message integrity D. None of the above.

Discussion 0

Correct Answer: A Vote an answer

Question 2

With SAML, the _____________ element is used by the relying party to confirm that a
given message came from the subject specified in the assertion.

A. claim B. token C. sign-on D. subject confirmation

Discussion 0

Correct Answer: D Vote an answer

Question 3

Which of the following are valid security considerations specific to the application of the
Service Autonomy principle?

A. Avoid including content in the service contract that unnecessarily exposes details about
the underlying service implementation. B. Avoid modifying security policies that can break dependencies with service consumers. C. None of the above. D. Avoid including non-essential security requirements in the service contract.

Discussion 0

Correct Answer: C Vote an answer

Question 4

Which of the following tasks directly relates to the application of the Service Loose
Coupling principle?

A. Creating one security policy that is shared by multiple services. B. Creating one security policy that is specific to one service. C. All of the above. D. Creating multiple security policies that are specific to one service.

Discussion 0

Correct Answer: C Vote an answer

Question 5

A service contract includes a security policy that exposes specific details of the service's
underlying implementation. This is an example of the application of which service-
orientation principle?

A. Service Abstraction B. None of the above. C. Service Loose Coupling D. Standardized Service Contract

Discussion 0

Correct Answer: B Vote an answer

Question 6

The application of the Brokered Authentication pattern is best suited for a scenario whereby
a service consumer does not need to re-authenticate itself with multiple services.

A. True B. False

Discussion 0

Correct Answer: B Vote an answer

Question 7

Which of the following industry standards enable non-repudiation?

A. SAML B. None of the above C. XML-Signature D. XML-Encryption

Discussion 0

Correct Answer: A,C Vote an answer

Question 8

The X.509 token can be used to express a ______________ security token that provides
an X.509 digital certificate.

A. text-based B. UDDI-based C. None of the above. D. binary

Discussion 0

Correct Answer: D Vote an answer

Question 9

The application of the Service Composability principle can be supported by the application
of the Brokered Authentication pattern.

A. True B. False

Discussion 0

Correct Answer: A Vote an answer

Question 10

Responses issued by Certificate Revocation Lists (CRLs) and Online Certificate Status
Protocol (OCSP) services need to be ___________ and ___________ so that it can be
determined whether these responses were sent by a trusted certificate authority or a
malicious program pretending to be a certificate authority.

A. signed, verified B. signed, decrypted C. encrypted, verified D. encrypted, decrypted

Discussion 0

Correct Answer: A Vote an answer