S90-20A Questions and Answers

  Printable PDF

SOA Security Lab: S90-20A

Rating: 4.7

Vendor: SOA Certified Professional

Certifications: SOACP

Exam Name: SOA Security Lab

Exam Code: S90-20A

Total Questions: 30 Q&As

Last Updated: Sep 28, 2022

Note: Product instant download. Please sign in and click My account to download your product.

PDF Only: $45.99 VCE Only: $49.99 VCE + PDF: $59.99

SOA Certified Professional S90-20A PDF&VCE Dumps Download

  • 99.5% Pass Rate
  • 365 Days Free Update
  • Verified By Professional IT Experts
  • 24/7 Live Support
  • 378,380+ Satisfied Customers
  • 3 Days Preparation Before Test
  • 18 Years Experience
  • 6000+ IT Exam Dumps
  • 100% Safe Shopping Experience

SOA Certified Professional S90-20A Last Month Results

543
Successful Stories of SOA Certified Professional S90-20A Exam
98.2%
High Score Rate in Actual SOA Certified Professional Exams
95.2%
Same Questions from the Latest Real Exam

S90-20A Online Practice Questions and Answers

Questions 1

Service A exchanges messages with Service B multiple times during the same runtime service activity. Communication between Services A and B has been secured using transport-layer security. With each service request message sent to Service B (1A. IB), Service A includes an X.509 certificate, signed by an external Certificate Authority (CA). Service B validates the certificate by retrieving the public key of the CA (2A. 2B) and verifying the digital signature of the X.509 certificate. Service B then performs a certificate revocation check against a separate external CA repository (3A, 3B). No intermediary service agents reside between Service A and Service B.

To fulfill a new security requirement, Service A needs to be able to verify that the response message sent by Service B has not been modified during transit. Secondly, the runtime performance between Services A and B has been unacceptably poor and therefore must be improved without losing the ability to verify Service A's security credentials. It has been determined that the latency is being caused by redundant security processing carried out by Service B. Which of the following statements describes a solution that fulfills these requirements?

A. Apply the Trusted Subsystem pattern to introduce a utility service that performs the security processing instead of Service B. The utility service can verify the security credentials of request messages from Service A and digitally sign messages sent to Service A to enable verification of message integrity. Furthermore, the utility service can perform the verification of security credentials submitted by Service A only once per runtime service activity. After the first messageexchange, it can issue a SAML token to Service A that gets stored within the current session. Service A can then use this session-based token with subsequent message exchange. Because SAML tokens have a very small validity period (in contrast to X.509 certificates), there is no need to perform a revocation check with every message exchange.

B. Service B needs to be redesigned so that it performs the verification of request messages from Service A only for the first message exchange during the runtime service activity. Thereafter, it can issue a SAML token to Service A that gets stored within the current session. Service A then uses this session-based token with subsequent message exchanges. Because SAML tokens have a very small validity period (in contrast to X.509 certificates), there is no need to perform a revocation check with every message exchange.

C. WS-SecurityPolicy transport binding assertions can be used to improve performance via transport-layer security The use of symmetric keys can keep the encryption and decryption overhead to a minimum, which will further reduce the latency between Service A and Service B. By encrypting the messages, attackers cannot modify message contents, so no additional actions for integrity verification are needed.

D. The Data Origin Authentication pattern can be applied together with the Service Perimeter Guard pattern to establish a perimeter service that can verify incoming request messages sent to Service B and to filter response messages sent to Service A. The repository containing the verification information about the Certificate Authorities can be replicated in the trust domain of the perimeter service. When access is requested by Service A, the perimeter service evaluates submitted security credentials by checking them against the locally replicated repository. Furthermore, it can encrypt messages sent to Service A by Service B. and attach a signed hash value.

Show Answer
Questions 2

Service A is a publically accessible service that provides free multimedia retrieval capabilities to a range of service consumers. To carry out this functionality, Service A is first invoked by Service Consumer A (1). Based on the nature of the request message received from Service Consumer A, Service A either invokes Service B or Service C. When Service B is invoked by Service A (2A) it retrieves data from publicly available sources (not shown) and responds with the requested data (3A). When Service C is invoked by Service A (2B) it retrieves data from proprietary sources within the IT enterprise (not shown) and responds with the requested data (3B). After receiving a response from Service B or Service C, Service A sends the retrieved data to Service Consumer A (4). Service B does not require service consumers to be authenticated, but Service C does require authentication of service consumers. The service contract for Service A therefore uses WS-Policy alternative policies in order to express the two different authentication requirements to Service Consumer A. When Service Consumer A sends a request message (1), Service A determines whether the request requires the involvement of Service C and then checks to ensure that the necessary security credentials were received as part of the message. If the credentials provided by Service Consumer A are verified. Service A creates a signed SAML assertion and sends it with the request message to Service C (2B) This authentication information is protected by public key encryption However, responses to Service Consumer A's request message (3B, 4) are not encrypted for performance reasons.

The owner of Service C is planning two changes to the service architecture: 1. A fee will be charged to Service Consumer A (or any service consumer) using Service C. 2. The response messages issued by Service C need to be secured in order to prevent unauthorized access. An analysis of Service C's usage statistics reveals that a group of service consumers specifically request the retrieval of multimedia data on a frequent basis. To promote the usage of Service C to these types of service consumers, the owner of Service C plans to offer a special discount by allowing unlimited multimedia retrievals for a fixed monthly price. Service consumers that do not subscribe to this promotion will need to pay for each request individually. It is anticipated that the new promotion will significantly increase the usage of Service C. The owner of Service C therefore wants to ensure that the security added to the response messages has a minimal impact on Service C's runtime performance. What steps can be taken to fulfill these requirements?

A. Use symmetric session keys so that for each response message, Service C generates a session key and encrypts theresponse message using this session key. The session key is then encrypted (using the service consumer's public key) and attached to the encrypted response. A single session key can then be used by Service C for communication with all service consumers that subscribe to the promotion.

B. Because the services in this service composition already rely on public key encryption to provide authentication, Service C can provide message confidentiality by encrypting the response message with Service Consumer A's public key. This will ensure that only the intended recipient, in possession of the corresponding private key, can decrypt the response message. To further reduce the performance impact of encryption, Service C can generate a new public-private key pair to be used by service consumers subscribed to the promotion. By securely distributing the private key to each of these service consumers, Service C only needs to encrypt the response messages once with the public key.

C. Design Service C to generate a message digest of the response message and encrypt it with the service consumer's publickey. Because the message digest is typically small, the performance of public key encryption is acceptable. This approach also ensures that only the service consumer can decrypt the response message using the corresponding private key.

D. Design the service composition architecture so that the encryption of the response messages is performed by Service B and Service C. To reduce the performance impact, a policy can be added to Service A's service contract in order to require the encryption of all response messages, regardless of the type of service consumer making the request. Further, a new utility service can be added to the service composition. This service can be responsible for obtaining the public key of the service consumer and forwarding the key along with the request message to the appropriate service (Service B or Service C). The service receiving the message can then encrypt the response message with the received public key. Service A can then forward the encrypted response to the service consumer. This approach ensures that only authorized service consumers will be able to access response messages.

Show Answer
Questions 3

Service Consumer A sends a request message with a Username token to Service A (1). Service B authenticates the request by verifying the security credentials from the Username token with a shared identity store (2), To process Service Consumer A's request message. Service A must use Services B, C, and D. Each of these three services also requires the Username token (3. 6, 9) in order to authenticate Service Consumer A by using the same shared identity store (4, 7, 10). Upon each successful authentication, each of the three services (B, C, and D) issues a response message back to Service A (5, 8, 11). Upon receiving and processing the data in all three response messages, Service A sends its own response message to Service Consumer A (12).

There are plans implement a single sign-on security mechanism in this service composition architecture. The service contracts for Services A, C, and D can be modified with minimal impact in order to provide support for the additional messaging requirements of the single sign-on mechanism. However, Service B's service contract is tightly coupled to its implementation and, as a result, this type of change to its service contract is not possible as it would require too many modifications to the underlying service implementation. Given the fact that Service B's service contract cannot be changed to support single sign-on, how can a single sign-on mechanism still be implemented across all services?

A. Apply the Brokered Authentication pattern so that Service A acts as an authentication broker that issues a SAML token on behalf of Service Consumer A, and forwards this token to Services C and D. Create a new utility service is positioned between Service A and Service

B. This utility service perform a conversion of the SAML token to a Username token, and then forwards the Username token to Service B so that Service B can still perform authentication of incoming requests using its own security mechanism.

C. Apply the Brokered Authentication pattern to establish Service A as an authentication broker that issues a SAML token for Service Consumer A and forwards Service Consumer A's token to other services. Apply the Trusted Subsystem pattern to create a utility service that acts as a trusted subsystem for Service B. This utility service is able to perform authentication using the SAML token from Service A and can then generate a Username token by embedding its own credentials when accessing Service B. This way, Service B can perform authentication of requestmessages as it does now, but it can still participate in the single sign-on message exchanges without requiring changes to its service contract.

D. Apply the Brokered Authentication pattern so that Service A acts as an authentication broker that issues a SAML token for Service Consumer A and forwards Service Consumer A's token to Services C and D. Create a second service contract for Service B that supports single sign-on. This way, Service B can still perform authentication of incoming requests using the old service contract while allowing for the processing of SAML tokens using the new service contract.

E. Replace the Username tokens with X.509 digital certificates. This allows for the single sign-on mechanism to be implemented without requiring changes to any of the service contracts.

Show Answer More Questions

Success Stories

zouhair

  • Morocco
  • Sep 30, 2022
  • Rating: 4.2 / 5.0

The content of this dumps is rich and complete, you can find that all the answers of questions from this dumps. Very useful.


Quenty

  • Malaysia
  • Sep 30, 2022
  • Rating: 4.9 / 5.0

No new question when I seat for this exam because i have met all the new questions on this dumps.


Quick

  • Philippines
  • Sep 29, 2022
  • Rating: 4.7 / 5.0

Valid dumps. I hope all my friend will pass the exam, so I will introduce this dumps to them.Good luck to them and you.


Miles

  • Egypt
  • Sep 28, 2022
  • Rating: 4.3 / 5.0

Already passed my {sku} exam. Valid dumps. Good site. Thanks, guys.


zuher

  • India
  • Sep 27, 2022
  • Rating: 4.7 / 5.0

thanks for the advice. I passed my exam today! All the questions are from your dumps. Great job.


Lex

  • Poland
  • Sep 27, 2022
  • Rating: 4.8 / 5.0

All the questions I had on the exam were in this {sku} dumps. I just passed my exam yesterday. Full scored. Thanks very much for your help.


Lisa

  • Jordan
  • Sep 26, 2022
  • Rating: 4.4 / 5.0

thanks god and thank you all. 100% valid. you can trust on it.


zero

  • United States
  • Sep 26, 2022
  • Rating: 4.7 / 5.0

This dumps is very good, and i have passed the exam with the help of it recently.


Ramon

  • Greece
  • Sep 24, 2022
  • Rating: 4.9 / 5.0

The answers are accurate. Well you should notice some of the questions are slightly changed. Be careful.


Download Free SOA Certified Professional S90-20A Demo

Experience Certbus exam material in PDF version.
Simply submit your e-mail address below to get started with our PDF real exam demo of your SOA Certified Professional S90-20A exam.

Instant download
Latest update demo according to real exam

*Email Address

* Our demo shows only a few questions from your selected exam for evaluating purposes