Arcitura Education S90.18 Exam - Topic 3 Question 110 Discussion

Actual exam question for Arcitura Education's S90.18 exam

Question #: 110
Topic #: 3

You are required to design an authorization mechanism for a REST service. The service provides functionality by providing access to different resources, some of which are local to the service while others are located on remote servers. You are required to restrict access to the service based on which resource is requested and which HTTP method has been specified by the service consumer. By doing so, which combination of action control rules needs to be used?

Aidentity and environment

Benvironment and resource

Cresource and action

Daction and identity

Show Suggested Answer

Suggested Answer: C

by Johanna at Apr 06, 2025, 12:05 AM

Limited Time Offer

25%

Off

Get Premium S90.18 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Dalene

5 months ago

Action and identity could work too, but not as effective.

upvoted 0 times

...

Tommy

6 months ago

I agree with Maile, resource and action makes the most sense.

upvoted 0 times

...

Davida

6 months ago

I think it's environment and resource, actually.

upvoted 0 times

...

Maile

6 months ago

Definitely resource and action! That's the key combo.

upvoted 0 times

...

Dudley

6 months ago

Wait, can we really restrict access like that? Seems tricky!

upvoted 0 times

...

Mi

6 months ago

I’m leaning towards environment and resource, but I’m not confident. It’s tricky because the HTTP method seems important too.

upvoted 0 times

...

Marylou

7 months ago

This question feels similar to one we practiced on role-based access control. I wonder if identity plays a bigger role here than I initially thought.

upvoted 0 times

...

Rasheeda

7 months ago

I think it might be resource and action since we need to control access based on the resource requested and the HTTP method.

upvoted 0 times

...

Ryan

7 months ago

I remember studying about access control models, but I'm not entirely sure which combination applies here.

upvoted 0 times

...

Tammy

7 months ago

This seems straightforward to me. The question is specifically asking about restricting access based on the resource and the HTTP method, so option C is the clear choice.

upvoted 0 times

...

Caren

7 months ago

I'm not entirely sure about this one. The environment and resource seem important, but the action and identity could also be relevant. I might need to think this through a bit more.

upvoted 0 times

...

Ernest

8 months ago

Okay, I think I've got this. The question is asking about restricting access based on the resource and the HTTP method, so the combination of resource and action is the way to go. Option C is the answer.

upvoted 0 times

...

Lynelle

8 months ago

Hmm, I'm a bit confused. Do I need to consider the identity of the user as well as the resource and action? Maybe option D would be better.

upvoted 0 times

...

Veronika

8 months ago

This looks like a classic access control problem. I think the key is to focus on the combination of resource and action, so I'll go with option C.

upvoted 0 times

...

Gregoria

1 year ago

I'm going with C. Resource and action. Keeps things simple and focused on the core of the authorization problem.

upvoted 0 times

Tammi

1 year ago

I see your point, but I still think C is more straightforward and effective in controlling access to the service.

upvoted 0 times

...

Dana

1 year ago

I disagree, I believe B is the best combination. Considering the environment along with the resource provides a more comprehensive approach to authorization.

upvoted 0 times

...

Dalene

1 year ago

I think C is the way to go too. It's important to focus on the specific resource and action being requested.

upvoted 0 times

...

Beula

1 year ago

Resource and action, for sure. Wouldn't want any unauthorized users messing with the remote servers, am I right?

upvoted 0 times

Yong

1 year ago

C) resource and action

upvoted 0 times

...

Marcelle

1 year ago

B) environment and resource

upvoted 0 times

...

Dong

1 year ago

A) identity and environment

upvoted 0 times

...

Susy

1 year ago

Haha, identity and environment? What is this, a spy thriller? C is the clear winner here, folks.

upvoted 0 times

...

Cordelia

1 year ago

I'm not sure, but I think D) action and identity could also be a valid combination to control access.

upvoted 0 times

...

Louvenia

1 year ago

I'd say B. Environment and resource seems like the logical choice here. The service needs to know the environment and what resources are available to properly restrict access.

upvoted 0 times

Brynn

1 year ago

I think C is also important. Knowing the resource and the action being requested is crucial for authorization.

upvoted 0 times

...

Cordell

1 year ago

I agree, B makes sense. The environment and resource are key factors in determining access control.

upvoted 0 times

...

Miesha

1 year ago

I agree with Beckie, because we need to restrict access based on the requested resource and HTTP method.

upvoted 0 times

...

Billye

1 year ago

Definitely C. Resource and action is the way to go for this authorization mechanism. Gotta control who can access what resources and how they can interact with them.

upvoted 0 times

...

Beckie

1 year ago

I think the answer is C) resource and action.

upvoted 0 times

...