S90.19試験無料問題集「SOA Advanced SOA Security 認定」

ページ: 1 / 11
トータル 83 問
完全版を入手する
Which of the following are types of security sessions?

Service A is a Web service that accesses the Student table in a shared database in order to store XML-based student records. When invoked, the GetStudent operation of Service A uses a StudentID value to retrieve the record of a single student by executing an XPath query. An attacker sends a malicious message that manipulates the XPath query to return all the student records. Which of the following attacks was carried out?

A service protected from an XML bomb attack will automatically also be protected from a schema poisoning attack.

The Service Perimeter Guard pattern can be used in combination with other patterns to help avoid both data-oriented attacks and access-oriented attacks.

When considering the ESB as providing intermediary logic, which of the following types of subject confirmation methods relate to its access control issues?

As an SOA security specialist you are being asked to educate an IT team about how to best design security policies for a given set of services. Which of the following recommendations are valid?

正解:B,C,D 解答を投票する
A certain service becomes a victim of an insufficient authorization attack. This service acts as a trusted subsystem for an entire service inventory. Which of the following are under threat as a result of this attack?

An XML bomb attack and an XML external entity attack are both considered types of XML parser attacks.

ページ: 1 / 11
トータル 83 問