The application of the Service Composability principle can be supported by the application
of the Brokered Authentication pattern.
A. False
B. True
正解:B
質問 2:
Which of the following SOA characteristics relate to the use of security mechanisms that
support the reuse of services as part of multiple service compositions?
A. technology-driven
B. standards-neutral
C. enterprise-centric
D. composition-centric
正解:C,D
質問 3:
The receiver of a message decrypts an encrypted message digest using the public key of
the sender that corresponds to the private key. The receiver then matches it against the
digest of the original message. If the decrypted digest and the newly calculated digest
match, then what does it prove?
A. confidentiality
B. non-repudiation
C. integrity
D. coupling
正解:B,C
質問 4:
A set of services within a service inventory were originally each designed with a dedicated
identity store. To reduce the need for service consumers to repeatedly authenticate
themselves when having to access multiple services, a new ___________ has been added
along with a____________.
A. authentication broker, certificate authority
B. authentication broker, single identity store
C. certificate authority, single identity store
D. certificate authority, certificate repository
正解:B
質問 5:
The Data Origin Authentication pattern is applied to services throughout a service
inventory. As a result, if malicious service intermediaries change data within messages
exchanged by these services, such changes will be detected.
A. False
B. True
正解:B
質問 6:
The application of the Service Abstraction principle can hinder your ability to fully determine
how a service composition is secured because you may not be able to find out how all
composed services are secured.
A. False
B. True
正解:B
質問 7:
Service A requires certificates signed by a trusted certificate authority. The certificate
authority publishes a Certificate Revocation List (CRL) on a frequent basis. As a result,
some of the service consumers that were previously authorized to access Service A will not
be able to after new CRLs are issued. How can this security requirement be enforced?
A. An intermediary can check against the CRL to determine whether a certificate provided
by a service consumer is still valid.
B. A human security administrator needs to check the validity of each certificate with the
certificate authority whenever Service A is accessed.
C. Using certificates in such a scenario is not a valid option.
D. None of the above
正解:A
質問 8:
The communication between Service A and Service B needs to be kept private. A security
specialist is planning to implement secret key cryptography in order to encrypt the
messages. Which of the following approaches addresses this requirement?
A. Both the services need to be built with support for the XML-Signature industry standard.
B. Create a shared key that will be used by both the services for message encryption and
decryption.
C. None of the above.
D. The Data Origin Authentication pattern needs to be applied across both service
architectures.
正解:B
質問 9:
A set of SAML tokens has been used as a result of the application of the Brokered
Authentication pattern within a particular service inventory. Because SAML assertions
normally contain a signature, the security specialist is confident that the integrity of
messages will be maintained. What's wrong with this assumption?
A. SAML assertions cannot contain signatures.
B. Nothing is wrong. The security specialist's assumption is correct.
C. SAML assertions also contain the name of the issuer and the validity period, which are
needed in addition to the signature to ensure message integrity.
D. The signature contained within the SAML assertion protects the integrity of the
assertion, not of the message itself.
正解:D
Chiyoya -
あまり時間をかけずに効率力学ぶのがいいと思います。回答などもあり、S90.181冊で試験に対応できる良い本だと思います。