最新的SOA S90.19免費考試真題

問題1

Security policies defined using WS-SecurityPolicy can be used to convey which of the following requirements to a service consumer?

A. The type of security token that must be used

B. The algorithms that need to be used for cryptographic operations

C. The encryption type that needs to be used for transport-layer security

D. Whether transport-layer or message-layer security needs to be used

正確答案: A,B,D

問題2

Which of the following types of attack always affect the availability of a service?

A. Exception generation attack

B. SQL injection attack

C. None of the above

D. XPath injection attack

正確答案: C

問題3

SAML assertions are smaller than certificates and they do not require access to any remote system for verification purposes.

A. False

B. True

正確答案: A

問題4

How can the use of pre-compiled XPath expressions help avoid attacks?

A. Pre-compiled XPath expressions contain no white space, which helps avoid buffer overrun attacks

B. Pre-compiled XPath expressions reduce the chance of missing escape characters, which helps avoid XPath injection attacks

C. They can't because XPath expressions cannot be pre-compiled

D. Pre-compiled XPath expressions execute faster and therefore help avoid denial of service attacks.

正確答案: B

問題5

The use of XML schemas for data validation helps avoid several types of data-centric threats.

A. False

B. True

正確答案: B

問題6

A malicious active intermediary intercepts a message sent between two services. What concerns are raised by such an attack?

A. The integrity of the message can be compromised

B. All of the above.

C. the message can be routed to a different destination

D. The confidentiality of the message can be compromised

正確答案: B

問題7

An attacker is able to gain access to a service and invokes the service. Upon executing the service logic, the attacker is able to gain access to underlying service resources, including a private database. The attacker proceeds to delete data from the database. The attacker has successfully executed which type of attack?

A. None of the above.

B. denial of service attack

C. exception generation attack

D. insufficient authorization attack

正確答案: D

問題8

When considering the ESB as providing intermediary logic, which of the following types of subject confirmation methods relate to its access control issues?

A. Issuer-vouches

B. None of the above.

C. Sender-vouches

D. Holder-of-key

正確答案: C

問題9

Service A's logic has been implemented using unmanaged code. An attacker sends a message to Service A that contains specially crafted data capable of manipulating the quoting within a particular XPath expression. This results in the release of confidential information. Service A is a victim of which kind of attack?

A. None of the above.

B. Buffer overrun attack

C. Insufficient authorization attack

D. XPath injection attack

正確答案: D

最新的SOA Advanced SOA Security - S90.19免費考試真題

聯系我們

站內鏈接

最新更新