Arcitura Education S90.20 Exam - Topic 1 Question 16 Discussion
Service Consumer A sends a request message to Service A (1), after which Service A sends a request message with security credentials to Service B (2). Service B authenticates the request and, if the authentication is successful, writes data from the request message into Database B (3). Service B then sends a request message to Service C (4), which is not required to issue a response message. Service B then sends a response message back to Service A (5). After processing Service B's response, Service A sends another request message with security credentials to Service B (6). After successfully authenticating this second request message from Service A, Service B sends a request message to Service D (7). Service D is also not required to issue a response message. Finally, Service B sends a response message to Service A (8), after which Service A records the response message contents in Database A (9) before sending its own response message to Service Consumer A (10).Services A and B use digital certificates to support message integrity and authentication. With every message exchange between the two services (2, 5, 6, 8), the digital certificates are used. It has been determined that both Databases A and B are vulnerable to malicious attackers that may try to directly access sensitive data records. Furthermore, performance logs have revealed that the current exchange of digital certificates between Services A and B is unacceptably slow. How can the integrity and authenticity of messages exchanged between Services A and B be maintained, but with improved runtime performance - and - how can Databases A and B be protected with minimal additional impact on performance?
B) Apply the Brokered Authentication pattern to establish an authentication broker that uses WS-Secure-Conversation Security-context tokens (SCTs) to generate and transmit a symmetric session key. The session key is used to encrypt and digitally sign messages exchanged between Services A and B .For each database the Trusted Subsystem pattern is applied to require authenticated access to the database and to prevent attackers from accessing the database directly
A) Apply the Brokered Authentication pattern to establish an authentication broker that uses WS-Trust based SAML tokens for message exchanges between Services A and B .This eliminates the need for Service A to be repeatedly authenticated by Service B .Use the public key of Service A to encrypt Database A and use the public key of Service B to encrypt Database B.
C) Apply the Direct Authentication pattern to establish mutual authentication between Services A and B using a shared identity store. Service A attaches a Username token to the first request message sent to Service B and Service B authenticates the request message using the shared identity store. Similarly, when Service B submits a response message to Service A .it attaches its own Username token that Service A then authenticates by also using the same shared identity-store. Database A is encrypted using the Service A password as a secret encryption key and Database B is encrypted using the Service B password as a secret encryption key.
D) Apply the Brokered Authentication pattern to establish an authentication broker that uses WS-Trust based SAML tokens for message exchanges between Services A and B .This eliminates the need for Service A to be repeatedly authenticated by Service B .Database A is encrypted using the Service A password as a secret encryption key and Database B is encrypted using the Service B password as a secret encryption key.
MENU
Fredric
7 months agoTijuana
7 months agoKrissy
8 months agoCiara
8 months agoBrendan
8 months agoSuzi
8 months agoPamella
8 months ago