← Back to exam page

S90.19 Advanced SOA Security

Loading demo links...

Showing 4–6 of 10 questions

Question 4

Service A contains reporting logic that collects statistical data from different sources in order to produce a report document. One of the sources is a Web service that exists outside of the organizational boundary. Some of Service A's service consumers are encountering slow response times and periods of unavailability when invoking Service

Select all that apply, then click Submit answer.

  • While investigating the cause, it has been discovered that some of the messages received from the external Web service contain excessive data and links to files (that are not XML schemas or policies). What can be done to address this issue?



    define cardinality in message schemas

  • correlate request and response messages across different services

  • use precompiled XPath expressions

  • avoid downloading XML schemas at runtime
Question 5

A service is designed to respond to an error condition by issuing a message containing detailed error information. This message includes connection information for a database that is shared by numerous services within the service inventory. An attacker intentionally sends an invalid message to the service in order to trigger an error and receive the connection information. The attacker then proceeds to connect to the database and issues a series of malicious SQL queries that make the database non-responsive. As a result, a number of services within the service inventory are disabled. Which of the following types of attacks were successfully carried out?

Select all that apply, then click Submit answer.

  • SQL injection attack

  • Exception generation attack

  • Denial of service attack

  • Buffer overrun attack
Question 6

An XML bomb attack and an XML external entity attack are both considered types of XML parser attacks.

Select an option, then click Submit answer.

  • True

  • False