Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Arcitura Education S90.20 Exam - Topic 1 Question 6 Discussion

Service Consumer A sends a request message to Service A (1), after which Service A sends a request message to Service B (2). Service B forwards the message to have its contents calculated by Service C (3). After receiving the results of the calculations via a response message from Service C (4), Service B then requests additional data by sending a request message to Service D (5). Service D retrieves the necessary data from Database A (6), formats it into an XML document, and sends the response message containing the XML-formatted data to Service B (7). Service B appends this XML document with the calculation results received from Service C, and then records the entire contents of the XML document into Database B (8). Finally, Service B sends a response message to Service A (9) and Service A sends a response message to Service Consumer A (10). Services A, B and D are agnostic services that belong to Organization A and are also being reused in other service compositions. Service C is a publicly accessible calculation service that resides outside of the organizational boundary. Database A is a shared database used by other systems within Organization A and Database B is dedicated to exclusive access by Service B .Service B has recently been experiencing a large increase in the volume of incoming request messages. It has been determined that most of these request messages were auto-generated and not legitimate. As a result, there is a strong suspicion that the request messages originated from an attacker attempting to carry out denial-of-service attacks on Service B .Additionally, several of the response messages that have been sent to Service A from Service B contained URI references to external XML schemas that would need to be downloaded in order to parse the message data. It has been confirmed that these external URI references originated with data sent to Service B by Service C .The XML parser currently being used by Service A is configured to download any required XML schemas by default. This configuration cannot be changed. What steps can be taken to improve the service composition architecture in order to avoid future denial-of-service attacks against Service B and to further protect Service A from data access-oriented attacks?
A) Apply the Data Origin Authentication pattern so that Service B can verify that request messages that claim to have been sent by Service A actually did originate from Service A .Apply-the Message Screening pattern to add logic to Service A so that it can verify that external URIs in response messages from Service B refer to trusted sources.
B) Apply the Service Perimeter Guard pattern to establish a perimeter service between Service B and Service C .Apply the-Brokered Authentication pattern by turning the perimeter service into an authentication broker that is capable of ensuring that only legitimate response messages are being sent to Service C from Service B Further apply the Data Origin Authentication pattern to enable the perimeter service to verify that messages that claim to have been sent by Service C actually originated from Service C .Apply the Message Screening pattern to add logic to the perimeter service to also verify that URIs in request messages are validated against a list of permitted URIs from where XML schema downloads have been pre-approved.
C) Apply the Service Perimeter Guard pattern and the Message Screening pattern together to establish a service perimeter guard that can filter response messages from Service C before they reach Services A and B .The filtering rules are based on the IP address of Service C .If a request message originates from an IP address not listed as one of the IP addresses associated with Service C .then the response message is rejected.
D) Apply the Direct Authentication pattern so that Service C is required to provide security credentials, such as Username tokens, with any response messages it sends to Service B .Furthermore, add logic to Service A so that it can validate security credentials passed to it via response messages from Service B .by using an identity store that is shared by Services A and B .

Arcitura Education S90.20 Exam - Topic 1 Question 6 Discussion

Actual exam question for Arcitura Education's S90.20 exam
Question #: 6
Topic #: 1
[All S90.20 Questions]

Service Consumer A sends a request message to Service A (1), after which Service A sends a request message to Service B (2). Service B forwards the message to have its contents calculated by Service C (3). After receiving the results of the calculations via a response message from Service C (4), Service B then requests additional data by sending a request message to Service D (5). Service D retrieves the necessary data from Database A (6), formats it into an XML document, and sends the response message containing the XML-formatted data to Service B (7). Service B appends this XML document with the calculation results received from Service C, and then records the entire contents of the XML document into Database B (8). Finally, Service B sends a response message to Service A (9) and Service A sends a response message to Service Consumer A (10). Services A, B and D are agnostic services that belong to Organization A and are also being reused in other service compositions. Service C is a publicly accessible calculation service that resides outside of the organizational boundary. Database A is a shared database used by other systems within Organization A and Database B is dedicated to exclusive access by Service B .Service B has recently been experiencing a large increase in the volume of incoming request messages. It has been determined that most of these request messages were auto-generated and not legitimate. As a result, there is a strong suspicion that the request messages originated from an attacker attempting to carry out denial-of-service attacks on Service B .Additionally, several of the response messages that have been sent to Service A from Service B contained URI references to external XML schemas that would need to be downloaded in order to parse the message data. It has been confirmed that these external URI references originated with data sent to Service B by Service C .The XML parser currently being used by Service A is configured to download any required XML schemas by default. This configuration cannot be changed. What steps can be taken to improve the service composition architecture in order to avoid future denial-of-service attacks against Service B and to further protect Service A from data access-oriented attacks?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Meaghan at May 07, 2022, 11:25 PM

Limited Time Offer

25%

Off

Get Premium S90.20 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Carmelina
7 months ago
Not sure if just filtering by IP is enough; attackers can spoof those easily.
upvoted 0 times
...
Virgie
7 months ago
I think the Data Origin Authentication pattern is a solid choice here.
upvoted 0 times
...
Louann
8 months ago
Wait, can we really trust Service C? Seems risky to rely on it.
upvoted 0 times
...
Cassi
8 months ago
Totally agree, implementing the Service Perimeter Guard is a must!
upvoted 0 times
...
Anabel
8 months ago
Sounds like a classic case of a DDoS attack on Service B.
upvoted 0 times
...
Keva
8 months ago
I'm a bit confused by the wording of the question. It's asking about the rate structures that are "all EXCEPT" something, which is a bit unusual. I'll have to read through the options carefully to make sure I understand what they're looking for.
upvoted 0 times
...
Alecia
8 months ago
Okay, let me see. A service-oriented architecture would typically involve multiple service inventories, not just one. I'm going with B.
upvoted 0 times
...
Sylvia
8 months ago
This is a tricky one. I'm not entirely sure about the proper way to handle the non-discretionary fee-paying portfolios in the composite.
upvoted 0 times
...
Lonny
8 months ago
The tree diagram could also be a good option. It would let us break down the ideas into a hierarchical structure.
upvoted 0 times
...
Dahlia
8 months ago
This seems like a straightforward question about improving information management at PorkyCo. I think the key is to identify the most efficient way to integrate the different IT systems across the organization.
upvoted 0 times
...

Save Cancel