S90.18試験無料問題集（100題）「SOA Fundamental SOA Security 認定」

出題：1

When using a single sign-on mechanism, security contexts are____________.

A. combined together at runtime

B. stored in a UDDI repository for auditing purposes

C. discarded within seconds after creation

D. None of the above.

正解：B 解答を投票する

出題：2

With SAML, the _____________ element is used by the relying party to confirm that a
given message came from the subject specified in the assertion.

A. claim

B. token

C. sign-on

D. subject confirmation

正解：D 解答を投票する

出題：3

Which of the following approaches represents a valid means of utilizing generic security
logic?

A. All of the above.

B. When required, generic security logic can be embedded within a service. The close
proximity to the service logic maximizes the chances that the security logic will be
consistently executed without interference from attackers.

C. When required, generic security logic can be abstracted into a service agent. This allows
for reuse and the security logic can be executed in response to runtime events.

D. When required, generic security logic can be abstracted into a separate utility service.
This allows for reuse.

正解：A 解答を投票する

出題：4

Which of the following design options can help reduce the amount of runtime processing
required by security logic within a service composition?

A. Use a single sign-on mechanism.

B. Ensure that non-repudiation is constantly guaranteed.

C. Introduce an identity store that is shared by the services within the service composition.

D. Increase the usage of XML-Encryption and XML-Signature.

正解：A 解答を投票する

出題：5

A service that issues a SAML assertion is called a Policy Decision Point (PDP) while a
service that accepts a SAML assertion is called a SAML authority.

A. True

B. False

正解：B 解答を投票する

出題：6

Service A requires certificates signed by a trusted certificate authority. The certificate
authority publishes a Certificate Revocation List (CRL) on a frequent basis. As a result,
some of the service consumers that were previously authorized to access Service A will not
be able to after new CRLs are issued. How can this security requirement be enforced?

A. Using certificates in such a scenario is not a valid option.

B. A human security administrator needs to check the validity of each certificate with the
certificate authority whenever Service A is accessed.

C. None of the above

D. An intermediary can check against the CRL to determine whether a certificate provided
by a service consumer is still valid.

正解：D 解答を投票する

出題：7

Which of the following is not a hashing algorithm?

A. MD5

B. X.509

C. SHA-1

D. SHA-256

正解：B 解答を投票する

出題：8

Which of the following tasks directly relates to the application of the Service Loose
Coupling principle?

A. All of the above.

B. Creating one security policy that is specific to one service.

C. Creating one security policy that is shared by multiple services.

D. Creating multiple security policies that are specific to one service.

正解：A 解答を投票する

出題：9

Service A relies on a shared identity store. Service B has its own identity store. Service C
also has its own identity store, but must also access the shared identity store used by
Service A.
Which service has the least reduction in autonomy as a result of its relationship with identity store mechanism(s)?

A. Service B

B. Service C

C. The autonomy of all services is affected equally

D. Service A

正解：A 解答を投票する

出題：10

A hashing function always returns _____________ for the same input data.

A. the same digest

B. a different transformation

C. the same transformation

D. a different digest

正解：A 解答を投票する

S90.18試験無料問題集「SOA Fundamental SOA Security 認定」