SOA Advanced SOA Security - S90.19 模擬練習
A service composition is made up of services from a particular domain service inventory.
All of the services belonging to the domain service inventory are deployed on the same server. Service A is part of the same domain inventory but is not part of this service composition. Service A becomes a victim of an XML parser attack resulting in its unavailability. However, because the services in the service composition rely on the same XML parser used by Service A.
the service composition can also be affected by this attack.
All of the services belonging to the domain service inventory are deployed on the same server. Service A is part of the same domain inventory but is not part of this service composition. Service A becomes a victim of an XML parser attack resulting in its unavailability. However, because the services in the service composition rely on the same XML parser used by Service A.
the service composition can also be affected by this attack.
正解: A
Service A's logic has been implemented using managed code. An attacker sends an XML bomb to Service A.
As a result, Service A's memory consumption started increasing at an alarming rate and then decreased back to normal. The service was not affected by this attack and quickly recovered. Which of the following attacks were potentially avoided?
As a result, Service A's memory consumption started increasing at an alarming rate and then decreased back to normal. The service was not affected by this attack and quickly recovered. Which of the following attacks were potentially avoided?
正解: C,D
Service A acts as a trusted subsystem for a shared database. The database contains sensitive information and performs strict validation on all incoming data modification requests. In case of any invalid input values, the database throws detailed error messages that are required for debugging purposes and are automatically relayed back to service consumers by Service A.
Recently, while going through the access logs of the database, it has been reported that attempts have been made to connect to the database from outside the organization. What can be done to prevent such attacks while preserving the existing database debugging requirements?
Recently, while going through the access logs of the database, it has been reported that attempts have been made to connect to the database from outside the organization. What can be done to prevent such attacks while preserving the existing database debugging requirements?
正解: C
Service A expresses its requirement for message-layer security to service consumers via a security policy. Since the launch of Service A, its popularity has grown and it is decided that a fee should be charged for its use. Consequently, the design of Service A is changed so that it is capable of keeping a log of all request messages received from service consumers. The fact that Service A is logging all incoming messages is something that can also be expressed via a policy.
正解: A
The use of XML schemas for data validation helps avoid several types of data-centric threats.
正解: A
When considering the ESB as providing intermediary logic, which of the following types of subject confirmation methods relate to its access control issues?
正解: A
A malicious passive intermediary intercepts messages sent between two services. Which of the following is the primary security concern raised by this situation?
正解: D
The application of the Trusted Subsystem pattern can help centralize access to services.
正解: A
Service A is only authorized to access one service capability of Service B.
Service B acts as a trusted subsystem for several underlying resources which it accesses using its own set of credentials. Service B can therefore not become a victim of an insufficient authorization attack initiated by Service A.
Service B acts as a trusted subsystem for several underlying resources which it accesses using its own set of credentials. Service B can therefore not become a victim of an insufficient authorization attack initiated by Service A.
正解: B