Online Access Free S90.19 Practice Test

Exam Code:	S90.19
Exam Name:	Advanced SOA Security
Certification Provider:	SOA
Free Question Number:	83
Posted:	Sep 09, 2025

Rating

100%

Page: 1 / 17
Total 83 questions

Question 1

Which of the following types of attack always affect the availability of a service?

A.None of the above
B.XPath injection attack
C.Exception generation attack
D.SQL injection attack

Question 2

The Exception Shielding pattern was applied to the design of Service A.
During testing, it is revealed that Service A is disclosing sensitive error information in one of its response messages. How is this possible?

A.It is the Message Screening pattern, not the Exception Shielding pattern, that prevents a service from transmitting sensitive error information in response messages.
B.The Trusted Subsystem pattern has already been applied to Service A, thereby conflicting with the application of the Exception Shielding pattern.
C.The Exception Shielding pattern states that, in case of an error, the service should not send back any message at all, because this would implicitly tell the service consumer that something has gone wrong, thereby exposing vulnerabilities.
D.None of the above.

Question 3

A malicious active intermediary intercepts a message sent between two services. What concerns are raised by such an attack?

A.The integrity of the message can be compromised
B.The confidentiality of the message can be compromised
C.All of the above.
D.the message can be routed to a different destination

Question 4

An attacker is able to gain access to a service and invokes the service. Upon executing the service logic, the attacker is able to gain access to underlying service resources, including a private database. The attacker proceeds to delete data from the database. The attacker has successfully executed which type of attack?

A.exception generation attack
B.insufficient authorization attack
C.denial of service attack
D.None of the above.

Question 5

Service A is a Web service that accesses the Student table in a shared database in order to store XML-based student records. When invoked, the GetStudent operation of Service A uses a StudentID value to retrieve the record of a single student by executing an XPath query. An attacker sends a malicious message that manipulates the XPath query to return all the student records. Which of the following attacks was carried out?

A.None of the above
B.XML parser attack
C.XPath injection attack
D.SQL injection attack

Latest Upload: 105Oracle.1Z0-1057-23.v2025-09-10.q47; 146Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 130SAP.C-S4EWM-2023.v2025-09-08.q83; 148TheSecOpsGroup.CNSP.v2025-09-08.q20; 190CFAInstitute.ESG-Investing.v2025-09-08.q173; 148PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 139Salesforce.Data-Architect.v2025-09-05.q216; 133Adobe.AD0-E605.v2025-09-05.q50; 173Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 113Oracle.1z0-591.v2025-09-05.q104