Arcitura Education S90.19 Exam - Topic 6 Question 43 Discussion

Actual exam question for Arcitura Education's S90.19 exam

Question #: 43
Topic #: 6

Service A has recently been the victim of XPath injection attacks. Messages sent between Service A and Service C have traditionally been protected via transport-layer security. A redesign of the service composition architecture introduces Service B, which is positioned as an intermediary service between Service A and Service C . The Message Screening pattern was applied to the design of Service B . As part of the new service composition architecture, transport-layer security is replaced with message-layer security for all services, but Service A and Service C continue to share the same encryption key. After the new service composition goes live, Service A continues to be subjected to XPath injection attacks. What is the reason for this?

AThe message screening logic can only work for Service C . Therefore, Service A is not protected.

BBecause message-layer security is being used, it is not possible for the message screening logic in Service B to inspect messages without having the encryption key that is shared by Service A and Service C

CXPath injection attacks are not prevented by message screening logic or message-layer security.

DNone of the above.

Show Suggested Answer

Suggested Answer: B

by Quentin at May 03, 2022, 10:40 PM

Limited Time Offer

25%

5 months ago

I'm feeling pretty confident about this one. I think the aggregate method would be the most appropriate way to handle the FIT withholding, given the information provided.

upvoted 0 times

...