Engineering Questions with Answers - Multiple Choice Questions
MCQs on SOA Security
1 - Question
Which of the following is policy based XML security service by Cisco?
a) Application Oriented Manager
b) Application Oriented Networking
c) Application Process Networking
d) All of the mentioned
View Answer
Answer: b
Explanation: Cisco has a family of products that enforce rules and policies for the transmission of XML messaging.
2 - Question
Point out the wrong statement.
a) SOA eliminates the use of application boundaries, the traditional methods where security is at the application level aren’t likely to be effective
b) An atomic service cannot be decomposed into smaller services that provide a useful function
c) XML security service may be found in Citrix’s NetScaler 9.0
d) None of the mentioned
View Answer
Answer: d
Explanation: Citrix NetScaler platforms ensure the best delivery, performance and security for any web, mobile and cloud application.
3 - Question
Which of the following is not an OASIS standard for SOA Security?
a) Security Assertion Markup Language
b) Synchronized Multimedia Integration Language
c) WS-SecureConversion
d) All of the mentioned
View Answer
Answer: b
Explanation: SMIL (Synchronized Multimedia Integration Language), is a language that allows Web site creators to be able to easily define and synchronize multimedia applications.
4 - Question
Which of the following provides data authentication and authorization between client and service?
a) SAML
b) WS-SecureConversion
c) WS-Security
d) All of the mentioned
View Answer
Answer: a
Explanation: The SAML technology is used as part of Single Sign-on Systems (SSO) and allows a user logging into a system from a Web browser to
have access to distributed SOA resources.
5 - Question
Point out the wrong statement.
a) To address SOA security, a set of OASIS standards have been created
b) WS-SecureConversion attaches a security context token to communications such as SOAP used to transport messages in an SOA enterprise
c) WS-Trust is an extension of SOA that enforces security by applying tokens such as Kerberos, SAML, or X.509 to messages
d) None of the mentioned
View Answer
Answer: c
Explanation: WS-Security (WSS) is an extension of SOA that enforces security by applying tokens such as Kerberos, SAML, or X.509 to messages.
6 - Question
Which of the following is a web services protocol for creating and sharing security context?
a) WS-Trust
b) WS-SecureConversion
c) WS-SecurityPolicy
d) All of the mentioned
View Answer
Answer: b
Explanation: WS-SecureConversion is meant to operate in systems where WS-Security, WS-Trust, and WS-Policy are in use.
7 - Question
Which of the following is part of a general WS-Policy framework?
a) WS-Trust
b) WS-SecureConversion
c) WS-SecurityPolicy
d) All of the mentioned
View Answer
Answer: c
Explanation: WS-SecurityPolicy provides a set of network policies that extend WS-Security, WS-Trust, and WS-SecureConversion so messages complying to a policy must be signed and encrypted.
8 - Question
Which of the following extends WS-Security to provide a mechanism to issue, renew, and validate security tokens?
a) WS-Trust
b) WS-SecureConversion
c) WS-SecurityPolicy
d) All of the mentioned
View Answer
Answer: a
Explanation: A Web service using WS-Trust can implement this system through the use of a Security Token Service (STS).
9 - Question
__________ is a mechanism for attaching security tokens to messages.
a) STT
b) STS
c) SAS
d) All of the mentioned
View Answer
Answer: b
Explanation: STS stands for Security Token Service.
10 - Question
Providing XML Gateway SOA security requires a _________ so that encryption is enforced by digital signatures.
a) Public Key Infrastructure
b) Private Key Infrastructure
c) Hybrid Key Infrastructure
d) None of the mentioned
View Answer
Answer: a
Explanation: Another approach to enforcing security in SOA is to use an XML gateway that intercepts XML messages transported by SOAP or REST.