642 お客様のコメント
質問 1:
Which of the following can directly contribute to making a service composition architecture more vulnerable to attacks?
A. All of the above
B. Reliance on transport-layer security
C. Reliance on intermediaries
D. Reliance on open networks
正解:A
質問 2:
Because of a new security requirement, all messages received by Service A need to be logged. This requirement needs to be expressed in a policy that is part of Service A's service contract. However, the addition of this policy must not impact existing service consumers that have already formed dependencies on Service A's service contract. How can this be accomplished?
A. The policy can be expressed using a digital certificate that is added to the service contract.
B. None of the above.
C. The policy can be expressed using an ignorable policy assertion that is added to the service contract.
D. The policy can be centralized and isolated into a separate policy document that is linked to the service contract.
正解:C
質問 3:
Which of the following statements is true?
A. When the maxOccurs attribute in an XML schema element is not specified it creates a security risk because attackers can specify this element multiple times.
B. All of above.
C. When numeric ranges within an XML schema are not specified it creates a security risk because attackers can introduce very large numeric values within the message data.
D. When the xsd:any element is used within an XML schema it can introduce a security risk because it allows attackers to extend the schema.
正解:B
質問 4:
Service A contains reporting logic that collects statistical data from different sources in order to produce a report document. One of the sources is a Web service that exists outside of the organizational boundary. Some of Service A's service consumers are encountering slow response times and periods of unavailability when invoking Service A.
While investigating the cause, it has been discovered that some of the messages received from the external Web service contain excessive data and links to files (that are not XML schemas or policies). What can be done to address this issue?
A. avoid downloading XML schemas at runtime
B. use precompiled XPath expressions
C. define cardinality in message schemas
D. correlate request and response messages across different services
正解:A,C
質問 5:
When considering the ESB as providing intermediary logic, which of the following types of subject confirmation methods relate to its access control issues?
A. Issuer-vouches
B. None of the above.
C. Holder-of-key
D. Sender-vouches
正解:D
Which of the following can directly contribute to making a service composition architecture more vulnerable to attacks?
A. All of the above
B. Reliance on transport-layer security
C. Reliance on intermediaries
D. Reliance on open networks
正解:A
質問 2:
Because of a new security requirement, all messages received by Service A need to be logged. This requirement needs to be expressed in a policy that is part of Service A's service contract. However, the addition of this policy must not impact existing service consumers that have already formed dependencies on Service A's service contract. How can this be accomplished?
A. The policy can be expressed using a digital certificate that is added to the service contract.
B. None of the above.
C. The policy can be expressed using an ignorable policy assertion that is added to the service contract.
D. The policy can be centralized and isolated into a separate policy document that is linked to the service contract.
正解:C
質問 3:
Which of the following statements is true?
A. When the maxOccurs attribute in an XML schema element is not specified it creates a security risk because attackers can specify this element multiple times.
B. All of above.
C. When numeric ranges within an XML schema are not specified it creates a security risk because attackers can introduce very large numeric values within the message data.
D. When the xsd:any element is used within an XML schema it can introduce a security risk because it allows attackers to extend the schema.
正解:B
質問 4:
Service A contains reporting logic that collects statistical data from different sources in order to produce a report document. One of the sources is a Web service that exists outside of the organizational boundary. Some of Service A's service consumers are encountering slow response times and periods of unavailability when invoking Service A.
While investigating the cause, it has been discovered that some of the messages received from the external Web service contain excessive data and links to files (that are not XML schemas or policies). What can be done to address this issue?
A. avoid downloading XML schemas at runtime
B. use precompiled XPath expressions
C. define cardinality in message schemas
D. correlate request and response messages across different services
正解:A,C
質問 5:
When considering the ESB as providing intermediary logic, which of the following types of subject confirmation methods relate to its access control issues?
A. Issuer-vouches
B. None of the above.
C. Holder-of-key
D. Sender-vouches
正解:D
富野** -
S90.19問題集を使って簡単に試験に受かることができました。ありがとねPass4Testさん