Arcitura Education S90.20 Exam - Topic 1 Question 31 Discussion

Actual exam question for Arcitura Education's S90.20 exam

Question #: 31
Topic #: 1

Service Consumer A sends a request to Service A (1). Service A replies with an acknowledgement message (2) and then processes the request and sends a request message to Service B (3). This message contains confidential financial data. Service B sends three different request messages together with its security credentials to Services C, D, and E (4, 5, 6). Upon successful authentication, Services C, D, and E store the data from the message in separate databases (7, 8, 9) Services B, C, D, and E belong to Service Inventory A, which further belongs to Organization B .Service Consumer A and Service A belong to Organization A .The service contracts of Services A and B both comply with the same XML schema. However, each organization employs different security technologies for their service architectures. To protect the confidential financial data sent by Service A to Service B, each organization decides to independently apply the Data Confidentiality and the Data Origin Authentication patterns to establish message-layer security for external message exchanges. However, when an encrypted and digitally signed test message is sent by Service A to Service B, Service B was unable to decrypt the message. Which of the following statements describes a solution that solves this problem?

AAlthough both of the organizations applied the Data Confidentiality and the Data Origin Authentication patterns, the security-technologies used for the Service A and Service B architectures may be incompatible. Because there are several technologies and versions of technologies that can be used to apply these patterns, the organizations need to standardize implementation level details of the relevant security technologies.

BThe problem with the test message occurred because Service A used incorrect keys to protect the message sent to Service B .Service A used its own public key to sign the message and then used Service B's public key to encrypt the message content. To correct the problem, Service A must use WS-Secure-Conversation to agree on a secret session key to be used to encrypt messages exchanged between Services A and B .Because this session key is only known by Services A and B, encrypting the messages with this key also provides authentication of the origin of the data.

CAlthough both of the organizations successfully applied the Data Confidentiality and the Data Origin Authentication patterns, the order in which the patterns were applied is incorrect. The application of the Data Origin Authentication pattern must always follow the application of the Data Confidentiality pattern to ensure that the message confidentiality from a third party authenticates the origin of the message.

DThe problem with the test message occurred because Service A needed the private key of Service B to digitally sign the-message. An attacker pretending to be Service B likely sent a fake private/public keys pair to Service A .Using these fake keys to encrypt and digitally sign the message made the message incompatible for Service B .Because the fake private key was also used to sign the hash, it explains the source of the problem.

Show Suggested Answer

Suggested Answer: A

by Leslie at Jul 29, 2022, 04:43 AM

Limited Time Offer

25%

5 months ago

For me, it's definitely D. When you benchmark, you want to understand how top-performing facilities achieve their results. No point comparing to average organizations.

upvoted 0 times

...