Arcitura Education Exam S90.20 Topic 1 Question 13 Discussion

Actual exam question for Arcitura Education's S90.20 exam

Question #: 13
Topic #: 1

Service Consumer A sends a request message to Service A (1), after which Service A sends a request message to Service B (2). Service B forwards the message to have its contents calculated by Service C (3). After receiving the results of the calculations via a response message from Service C (4), Service B then requests additional data by sending a request message to Service D (5). Service D retrieves the necessary data from Database A (6), formats it into an XML document, and sends the response message containing the XML-formatted data to Service B (7). Service B appends this XML document with the calculation results received from Service C, and then records the entire contents of the XML document into Database B (8). Finally, Service B sends a response message to Service A (9) and Service A sends a response message to Service Consumer A (10). Services A, B and D are agnostic services that belong to Organization A and are also being reused in other service compositions. Service C is a publicly accessible calculation service that resides outside of the organizational boundary. Database A is a shared database used by other systems within Organization A and Database B is dedicated to exclusive access by Service B .Recently, Service D received request messages containing improperly formatted database retrieval requests. All of these request messages contained data that originated from Service C .There is a strong suspicion that an attacker from outside of the organization has been attempting to carry out SOL injection attacks. Furthermore, it has been decided that each service that writes data to a database must keep a separate log file that records a timestamp of each database record change. Because of a data privacy disclosure requirement used by Organization A, the service contracts of these services need to indicate that this logging activity may occur. How can the service composition architecture be improved to avoid SQL injection attacks originating from Service C - and - how can the data privacy disclosure requirement be fulfilled?

AApply the Service Perimeter Guard pattern together with the Message Screening pattern in order to establish a perimeter service with message screening logic. Position the perimeter service between Service C and Service B .The message screening logic rejects or filters out potentially harmful content in messages sent from Service C, prior to being forwarded to Service B .Secondly, update the service contracts for Services B and D with an optional WS-Policy assertion that provides service consumers with the option of complying to the logging requirements.

BApply the Data Origin Authentication pattern to authenticate data received from Service C .Service C digitally signs any datasent in response messages to Service B .Service B can then verify that the data has not been modified during transit and that it originated from Service C .Secondly, update the service contracts for Services B and D with an ignorable WS-Policy assertion that communicates the possibility of the logging activity.

CApply the Data Origin Authentication pattern to authenticate data received from Service C .Service C digitally signs any datasent in response messages to Service B .Service B can then verify that the data has not been modified during transit and that it originated from Service C .Secondly, update the service contracts for Services B and D with an ignorable WS-Policy assertion that communicates the possibility of the logging activity. The service contracts for Services B and D are updated with an optional WS-Policy assertion that provides service consumers with the option of complying to the logging requirements.

DApply the Message Screening pattern in order to establish a service agent with message screening logic. Position the service agent between Service C and Service B .The service agent's message screening logic can reject or filter out potentially harmful content in messages sent from Service C, before being processed by Service B .Secondly, update the service contracts for Services B and D with an ignorable WS-Policy assertion that communicates the possibility of the logging activity.

Show Suggested Answer

Suggested Answer: D

by Caprice at May 09, 2022, 05:59 PM

Limited Time Offer

25%

Off

Get Premium S90.20 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!