S90.19 試験問題を無料オンラインアクセス

A service receives a message containing an XML document that expands to a very large size as it is processed by the parser. As a result, the service becomes unavailable to service consumers. The service was subjected to which type of attack?

• A.Exception generation attack
• B.XPath injection attack
• C.None of the above.
• D.XML parser attack

The Service Perimeter Guard pattern has been applied to help avoid denial of service attacks for a service inventory. As a result, services within the service inventory are only accessible via a perimeter service However, denial of service attacks continue to succeed and services within the service inventory become unavailable to external service consumers. What is the likely cause of this?

• A.The Trusted Subsystem pattern should have been applied so that each service has a dedicated trusted subsystem.
• B.The Service Perimeter Guard pattern does not help avoid denial of service attacks.
• C.The application of the Service Perimeter Guard pattern needs to be combined with the application of the Message Screening pattern in order to mitigate denial of service attacks.
• D.The perimeter service itself is the victim of denial of service attacks. As a result, none of the services inside the service inventory can be accessed by external service consumers.

An IT enterprise has three domain service inventories that map to three different departments. Each service inventory uses a security token service (STS) based authentication broker to enable single sign-on for services within the respective service inventory boundary. The tokens used for all single sign-on mechanisms are based on SAML assertions. You are given a new requirement to extend this security architecture so that services from different domain service inventories can communicate. What new security mechanisms are required to fulfill this requirement?

• A.The individual authentication brokers need to be replaced with one single authentication broker so that one single token can be used by services across all domain service inventories.
• B.There is no need to introduce a new security mechanism. The existing SAML tokens can be used by services across the domain service inventories as long as the existing authentication brokers are configured to issue service inventory-specific assertions for SAML tokens from specific domain service inventories.
• C.An additional authentication broker needs to be added in between each domain service inventory in order to enable communication between services using disparate security tokens.
• D.There is no need to introduce a new security mechanism. The individual domain service inventories need to be combined into a single enterprise service inventory. That way, the Service Perimeter Guard pattern can be applied so that services won't need to authenticate each other.

Because of a new security requirement, all messages received by Service A need to be logged. This requirement needs to be expressed in a policy that is part of Service A's service contract. However, the addition of this policy must not impact existing service consumers that have already formed dependencies on Service A's service contract. How can this be accomplished?

• A.The policy can be expressed using an ignorable policy assertion that is added to the service contract.
• B.The policy can be expressed using a digital certificate that is added to the service contract.
• C.None of the above.
• D.The policy can be centralized and isolated into a separate policy document that is linked to the service contract.

Service A is a Web service that accesses the Student table in a shared database in order to store XML-based student records. When invoked, the GetStudent operation of Service A uses a StudentID value to retrieve the record of a single student by executing an XPath query. An attacker sends a malicious message that manipulates the XPath query to return all the student records. Which of the following attacks was carried out?

• A.SQL injection attack
• B.XPath injection attack
• C.None of the above
• D.XML parser attack