iPass4sure.net

Certification Practice Test | PDF Questions | Actual Questions | Test Engine | Pass4Sure

S90.18A : Fundamental SOA Security Exam

SOA S90.18A Questions & Answers

Full Version: 98 Q&A


Latest S90.18A Exam Questions and Practice Tests 2025 - Killexams.com


SOA


S90.18A


Fundamental SOA Security


https://killexams.com/pass4sure/exam-detail/S90.18A


QUESTION: 85

One of the primary industry standards used for the application of the Data Confidentiality pattern is:


  • XML-Encryption

  • Canonical XML

  • XML-Signature

  • SAML


    • Answer: A


    QUESTION: 86

    Which of the following design options can help reduce the amount of runtime processing required by security logic within a service composition?


    1. Increase the usage of XML-Encryption and XML-Signature.

    2. Use a single sign-on mechanism.

    3. Introduce an identity store that is shared by the services within the service composition.

    4. Ensure that non-repudiation is constantly guaranteed.


    Answer: B


    QUESTION: 87

    A project team is planning to create a secure service composition that consists of services from two different domain service inventories. The security mechanisms for each service inventory are based on different vendor technologies that adhere to the same industry standards and the same design standards. What is wrong with this service composition architecture?


    1. Because different vendor security technologies were used, services from different domain service inventories will be using incompatible security credentials.

    2. Security mechanisms have a fixed limitation that prevents their usage across service inventory boundaries.

    3. Vendor technologies do not adhere to industry standards. Only industry technologies adhere to industry standards.

    4. None of the above


    Answer: D


    QUESTION: 88

    Online Certificate Status Protocol (OCSP) based services provide online certificate revocation checking. However, these types of services can introduce network latency because only one certificate can be checked at a time.


    1. True

    2. False


    Answer: A


    QUESTION: 89

    Atypical SAML assertion will contain at least one of the following subject statements:


    1. authorization decision statement

    2. authentication statement

    3. attribute statement

    4. certificate authority issuer statement


    Answer: A, B, C


    QUESTION: 90

    Service A hashes a message using algorithm X. which creates message digest X1. Service B uses a different algorithm Y to create message digest Y1 of the same message. Which of the following statements are true regarding the comparison of X1 and Y1?


    1. They have fixed sizes

    2. They can be swapped

    3. They do not match

    4. They are based on the same hashing algorithm


    Answer: A, C


    QUESTION: 91

    Security specialists at an organization require that messages exchanged between two services are kept private. There is an added requirement to check if the messages were


    tampered with. The application of which of the following patterns fulfills these requirements?


    1. Data Confidentiality

      Data Origin Authentication

    2. Direct Authentication

    3. Brokered Authentication


    Answer: A, B


    QUESTION: 92

    Username and X.509 token profiles can be combined so that a single message can contain a username token that is digitally signed.


    1. True

    2. False


    Answer: A


    QUESTION: 93

    Service A is owned by Organization A. Service A sends a message containing confidential data to Service B, which is owned by Organization B. Service B sends the message to Service C, which is also owned by Organization B. Organization A trusts Organization B, which means there is no requirement to protect messages from intermediaries and after a message is received by Service B (and as long as the message remains within the boundary of Organization B), there is no requirement to keep the message data confidential. Which of the following approaches will fulfill these security requirements with the least amount of performance degradation?


    1. Messages exchanged between Service A and Service B are encrypted using XML- Encryption.

    2. The communication channel between Service A and Service B is encrypted using a transport- layer security technology.

    3. SAML security tokens are used so that Service B can authenticate Service A.

    4. An authentication broker is introduced between Service A and Service B.


    Answer: B


    QUESTION: 94


    You are required to design security mechanisms to enable secure message exchanges between different domain service inventories within the same organization. This needs to be documented in the design specification for which type of service-oriented architecture?


  • service architecture

  • service composition architecture

  • service inventory architecture

  • service-oriented enterprise architecture


    • Answer: D


    QUESTION: 95

    Which of the following approaches represents a valid means of utilizing generic security logic?


    1. When required, generic security logic can be embedded within a service. The close proximity to the service logic maximizes the chances that the security logic will be consistently executed without interference from attackers.

    2. When required, generic security logic can be abstracted into a separate utility service. This allows for reuse.

    3. When required, generic security logic can be abstracted into a service agent. This allows for reuse and the security logic can be executed in response to runtime events.

    4. All of the above.


    Answer: D


    QUESTION: 96

    Which of the following tasks directly relates to the application of the Service Loose Coupling principle?


    1. Creating one security policy that is shared by multiple services.

    2. Creating one security policy that is specific to one service.

    3. Creating multiple security policies that are specific to one service.

    4. All of the above. Answer: D QUESTION: 97


    Service A hashes a message, resulting in message digest X. Service A encrypts the message digest X with its private key, resulting ir ciphertext X1. Service A sends the message and X1 to Service B. Service B hashes the message, resulting in message digest

    Y. Service B decrypts X1 with Service A's public key, recovering message digest X. Service B compares Y with X and finds them to be equal. This proves that:


    1. the message was not altered

    2. only Service A sent this particular message

    3. public key cryptography was used

    4. Allof the above


    Answer: D


    QUESTION: 98

    A typical SAML assertion will contain at least one of the following subject statements:


    1. authorization decision statement

    2. authentication statement

    3. attribute statement

    4. certificate authority issuer statement


    Answer: A, B, C


    User: Tatiana*****

    I passed the S90.18A exam with the help of killexams.com. I was worried about failing, so I purchased their exam preparation package. The practice test simulator allowed me to extensively prepare using real exam questions and check my answers. As a result, I was well-prepared and passed the exam, which was a great achievement.
    User: Enzo*****

    I highly recommend killexams.com practice tests as a valuable resource for exam preparation. They did an excellent job, and I appreciate their performance and style of feedback. The quick answers were easy to remember, and I was able to answer 98% of the questions correctly, scoring 80% marks. The s90.18a exam was a significant challenge for my IT profession, and I did not have much time to prepare for it. However, with killexams.com study materials, I was able to perform well in the exam.
    User: Anne*****

    I feel confident during exams now that I have Killexams.com as my exam companion. The instructors are always available to guide me, and their support is invaluable. I am grateful to the lecturers for being so great and pleasant and helping me pass my tough S90.18A exam. Their exam simulator is also awesome.
    User: Sidney*****

    I am very happy with the test papers provided by Killexams.com, especially the answered questions. Their test papers gave me the confidence to take the s90.18a exam and achieve a score of 79%. I heartily thank the Killexams.com team. I passed a different test with the help of their question bank. I suggest it to everyone who needs to pass the s90.18a exam.
    User: Stasya*****

    I scored 92% in my S90.18A certification thanks to the excellent products offered by killexams.com. Technical concepts and difficult language in my certification were challenging to understand, but killexams.com made it easy for me. This platform made my job easy, and I am grateful for my success.

    Features of iPass4sure S90.18A Exam

    • Files: PDF / Test Engine
    • Premium Access
    • Online Test Engine
    • Instant download Access
    • Comprehensive Q&A
    • Success Rate
    • Real Questions
    • Updated Regularly
    • Portable Files
    • Unlimited Download
    • 100% Secured
    • Confidentiality: 100%
    • Success Guarantee: 100%
    • Any Hidden Cost: $0.00
    • Auto Recharge: No
    • Updates Intimation: by Email
    • Technical Support: Free
    • PDF Compatibility: Windows, Android, iOS, Linux
    • Test Engine Compatibility: Mac / Windows / Android / iOS / Linux

    Premium PDF with 98 Q&A

    Get Full Version

    All SOA Exams

    SOA Exams

    Certification and Entry Test Exams

    Complete exam list