Online Access Free S90.20 Practice Test

• A.
• B.Apply the Trusted Subsystem pattern together with the Data Origin Authentication pattern in order to establish a utility service that performs the security processing on behalf of Service A.
  Service Consumer A must digitally sign all request messages and encrypt the credential information using the public key of the utility service. The utility service can then verify the security credentials and the digital signature to establish the validity of the request message. If the request message is permitted, the utility service establishes a composite trust domain that encompasses Service Consumer A, Service A, Database A, and the legacy system. Because all communications remain within a single trust domain, malicious intermediaries will not be able to gain access to any exchanged data.
• C.Apply the Data Origin Authentication pattern together with the Data Confidentiality pattern in order to establish message-layer security that guarantees the confidentiality and integrity of messages exchanged by Service Consumer A and Service A.
  Further, a security policy can be created to require that security credentials submitted to Service A must be digitally signed and encrypted and also contain a timestamp to validate the actual time the request was issued. Industry standards that can be used for this solution are WS- Policy, WS-SecurityPolicy, XML-Encryption, and XML-Signature.
• D.Apply the Service Perimeter Guard pattern to establish a perimeter service that can perform security functions on behalf of Service A.
  Next, apply the Data Confidentiality pattern so that the security credential information provided by Service Consumer A with the request message is encrypted with the secret key shared between the perimeter service and Service Consumer A.
  The perimeter service evaluates the credentials and if successfully authenticated, forwards the request message to Service A.
  Transport-layer security is used to protect message exchanges between Service A and Service Consumer
• E.Apply the Service Perimeter Guard pattern together with the Trusted Subsystem pattern to establish a perimeter service that can perform security functions on behalf of Service A.
  The utility service can verify the validity of the request messages from Service Consumer A by authenticating the request message against an identity store. If the request message is authenticated, the utility service then sends it to Service A for further processing. All communications between Service A and Service Consumer A can be encrypted using the public key of the intended recipient, and signed using the private key of the sender.
  Industry standards that can be used for this solution are XML-Encryption, XML-Signature, and WS-Trust.

Service Consumer A sends a request message with a Username token to Service A (1).
Service B authenticates the request by verifying the security credentials from the Username token with a shared identity store (2). To process Service Consumer A's request message, Service A must use Services B, C, and D.
Each of these three services also requires the Username token (3. 6, 9) in order to authenticate Service Consumer A by using the same shared identity store (4, 7, 10). Upon each successful authentication, each of the three services (B, C, and D) issues a response message back to Service A (5, 8, 11).
Upon receiving and processing the data in all three response messages, Service A sends its own response message to Service Consumer A (12).

You are asked to redesign this service composition architecture so that it can still carry out the described message exchanges while requiring that Service Consumer A only be authenticated once using the identity store.
Which of the following statements describes an accurate solution?

• A.A single sign-on mechanism is implemented. The Brokered Authentication pattern is applied, resulting in Service A becoming the authentication broker. The authentication broker authenticates the security credentials received from Service Consumer A against the identity store. After successful authentication, the authentication broker issues a signed SAML token for Service Consumer A.
  The SAML token is subsequently provided to Services B.C. and D by Service A, on behalf of Service Consumer A.
• B.A single sign-on mechanism is implemented. The Brokered Authentication pattern is applied together with the Data Origin Authentication pattern. A separate authentication broker utility service is added in between Service Consumer A and Service A.
  This requires that Service A send its Username token only once to Service B.
  Service B then acts as a secondary authentication broker and authenticates Service Consumer A and Service A using the identity store. If the authentication is successful, Service B generates a shared secret key to be used as a session key during communication with Services C and D.
  Because the session key is only known by these services, it can be used authenticates the services to each other.
• C.The Direct Authentication pattern is applied together with an authentication process that uses digital certificates and digital signatures instead of Username tokens. The digital certificate of Service Consumer A is attached to all subsequent request messages issued by Services A, B, C and D and these request messages are further signed by a private key.
• D.A single sign-on mechanism is implemented. The Brokered Authentication pattern is applied together with the Data Origin Authentication pattern. Service A is redesigned to use holder-of-key based subject confirmation SAML assertions. This way, Service A only needs to send its Username token once to Service B.
  Service B then acts as the authentication broker by issuing a SAML token to Service A and then further sends the SAML token to Services C and D on behalf of Service Consumer A and Service A.
  Service B signs the SAML assertion in order to ensure its authenticity and integrity during message exchanges with Services C and D.

Service A provides a customized report generating capability. Due to infrastructure limitations, the number of service consumers permitted to access Service A concurrently is strictly controlled. Service A validates request messages based on the supplied credentials (1). If the authentication of the request message is successful, Service A sends a message to Service B (2) to retrieve the required data from Database A (3). Service A stores the response from Service B (4) in memory and then issues a request message to Service C (5). Service C retrieves a different set of data from Database A (6) and sends the result back to Service A (7). Service A consolidates the data received from Services B and C and sends the generated report in the response message to the service consumer (8).

It has been discovered that attackers have been gaining access to confidential data exchanged between Service A and Service B, and between Service A and its service consumers. What changes can be made to this service composition architecture in order to counter this threat?

• A.Apply the Direct Authentication pattern in order to protect message exchanges between Service A and its service consumers and between Service A and Service B.
  This approach will establish a password-based authentication mechanism that relies on a local identity store and will therefore prevent access by attackers.
• B.Apply the Data Origin Authentication pattern to protect the final report sent by Service A to its service consumer. Service A can generate a message digest of the final report, after which it can sign the digest with its own private key. It then can send both the final report and the signed message digest to its service consumer. This service consumer can generate its own message digest, decrypt the signed digest using the public key of Service A (which proves that Service A sent the message), and then compare the two digests. If the digests match, it guarantees that the final report was not tampered with during transmission.
• C.None of the above
• D.Apply the Service Perimeter Guard pattern in order to protect message exchanges between Service A and its service consumers. Apply the Direct Authentication pattern in order to protect message exchanges between Service A and Service B.

Service A provides a customized report generating capability. Due to infrastructure limitations, the number of service consumers permitted to access Service A concurrently is strictly controlled. Service A validates request messages based on the supplied credentials (1). If the authentication of the request message is successful, Service A sends a message to Service B (2) to retrieve the required data from Database A (3). Service A stores the response from Service B (4) in memory and then issues a request message to Service C (5). Service C retrieves a different set of data from Database A (6) and sends the result back to Service A (7). Service A consolidates the data received from Services B and C and sends the generated report in the response message to its service consumer (8).

This service composition was recently shut down after it was discovered that Database A had been successfully attacked twice in a row. The first type of attack consisted of a series of coordinated request messages sent by the same malicious service consumer, with the intention of triggering a range of exception conditions within the database in order to generate various error messages. The second type of attack consisted of a service consumer sending request messages with malicious input with the intention of gaining control over the database server. This attack resulted in the deletion of database records and tables. An investigation revealed that both attacks were carried out by malicious service consumers that were authorized.
How can the service composition security architecture be improved to prevent these types of attacks?

• A.Apply the Exception Shielding pattern together with the Message Screening pattern.
  This establishes new logic within Service A that screens incoming request messages for data-driven attacks (such as SQL injection and XPath injection attacks), and also evaluates whether exception details returned by Database A contains potentially confidential or unsafe information. Any inappropriate exception information is replaced with sanitized content.
• B.Apply the Trusted Subsystem pattern to protect Database A from data-driven attacks and to evaluate whether database responses contain inappropriate data. The trusted subsystem maintains a snapshot of Database A and executes the original service consumer's request message against the snapshot. The processing logic that accesses the snapshot has limited privileges in order to prevent malicious attacks from overtaking the database. If no security violation is detected during the processing of the snapshot, then the original service consumer's request is forwarded to Database A.
  If an error message is generated during the processing of the snapshot, then it is returned to the original service consumer and the request is not forwarded to Database A.
  Because the error message was generated on the snapshot, it cannot contain unsafe information about Database A.
• C.Apply the Data Confidentiality pattern together with the Data Origin Authentication pattern. This establishes message-level security so that all messages are encrypted and digitally signed. Secondly, the Service A logic must be enhanced so that it can keep track of the trustworthiness of its service consumers If a request message originated from a trustworthy service consumer, then the request message is processed as normal. If the request message originates from a non-trustworthy service consumer, then the request message is rejected and an error message is returned to the service consumer.
• D.Apply the Service Perimeter Guard pattern together with the Trusted Subsystem pattern.
  This establishes a perimeter service between Database A and any service that requires access to it (including Services B and C). The perimeter service evaluates incoming data requests and filters out those that can introduce a security risk. Only request messages issued by authorized services and service consumers are forwarded to Database A.
  Responses originating from Database A are further evaluated by the trusted subsystem to remove any unauthorized data. The two patterns together ensure that only authorized data is returned to the service consumer and that no request messages present a security threat to Database A.