← Back to exam page

S90.19 Advanced SOA Security

Loading demo links...

Showing 1–3 of 10 questions

Question 1

When designing XML schemas to avoid data-centric threats, which of the following are valid considerations?

Select all that apply, then click Submit answer.

  • The maxOccurs attribute needs to be specified using a restrictive value.

  • The element needs to be avoided.

  • The element can be used to create more restrictive user-defined simple types.

  • All of the above.
Question 2

Security policies defined using WS-SecurityPolicy can be used to convey which of the following requirements to a service consumer?

Select all that apply, then click Submit answer.

  • Whether transport-layer or message-layer security needs to be used

  • The encryption type that needs to be used for transport-layer security

  • The algorithms that need to be used for cryptographic operations

  • The type of security token that must be used
Question 3

Which of the following statements regarding the usage of security tokens for authentication and authorization are true?

Select all that apply, then click Submit answer.

  • Security tokens can be validated without resorting to pre-shared secrets.

  • Security tokens issued by a token issuer in the same security domain can be used with a different token issuer in a different security domain in order to get access to services in that domain.

  • Security token issuance and cancellation are done by the relying party.

  • Security tokens can only be issued by a legitimate token issuer.