Multiple choice Questions and Answers on SOA Security of Cloud Computing for Freshers

1. Which of the following is policy based XML security service by Cisco ?

a) Application Oriented Manager
b) Application Oriented Networking
c) Application Process Networking
d) All of the mentioned

Answer: b

Explanation: Cisco has a family of products that enforce rules and policies for the transmission of XML messaging.

2. Point out the wrong statement:

a) SOA eliminates the use of application boundaries, the traditional methods where security is at the application level aren’t likely to be effective
b) An atomic service cannot be decomposed into smaller services that provide a useful function
c) XML security service may be found in Citrix’s NetScaler 9.0
d) None of the mentioned

Answer: d

Explanation: Citrix NetScaler platforms ensure the best delivery, performance and security for any web, mobile and cloud application.

3. Which of the following is not a OASIS standard for SOA Security ?

a) Security Assertion Markup Language
b) Synchronized Multimedia Integration Language
c) WS-SecureConversion
d) All of the mentioned

Answer: b

Explanation: SMIL (Synchronized Multimedia Integration Language), is a language that allows Web site creators to be able to easily define and synchronize multimedia applications.

4. Which of the following provides data authentication and authorization between client and service ?

a) SAML
b) WS-SecureConversion
c) WS-Security
d) All of the mentioned

Answer: a

Explanation: The SAML technology is used as part of Single Sign-on Systems (SSO) and allows a user logging into a system from a Web browser to
have access to distributed SOA resources.

5. Point out the wrong statement:

a) To address SOA security, a set of OASIS standards have been created
b) WS-SecureConversion attaches a security context token to communications such as SOAP used to transport messages in an SOA enterprise
c) WS-Trust is an extension of SOA that enforces security by applying tokens such as Kerberos, SAML, or X.509 to messages
d) None of the mentioned

Answer: c

Explanation: WS-Security (WSS) is an extension of SOA that enforces security by applying tokens such as Kerberos, SAML, or X.509 to messages.

6. Which of the following is web services protocol for creating and sharing security context ?

a) WS-Trust
b) WS-SecureConversion
c) WS-SecurityPolicy
d) All of the mentioned

Answer: b

Explanation: WS-SecureConversion is meant to operate in systems where WS-Security, WS-Trust, and WS-Policy are in use.

7. Which of the following is part of a general WS-Policy framework ?

a) WS-Trust
b) WS-SecureConversion
c) WS-SecurityPolicy
d) All of the mentioned

Answer: c

Explanation: WS-SecurityPolicy provides a set of network policies that extend WS-Security, WS-Trust, and WS-SecureConversion so messages complying to a policy must be signed and encrypted.

8. Which of the following extends WS-Security to provide a mechanism to issue, renew, and validate security tokens ?

a) WS-Trust
b) WS-SecureConversion
c) WS-SecurityPolicy
d) All of the mentioned
d) None of the mentioned

Answer: a

Explanation: A Web service using WS-Trust can implement this system through the use of a Security Token Service (STS).

9. __________ is a mechanism for attaching security tokens to messages.

a) STT
b) STS
c) SAS
d) All of the mentioned

Answer: b

Explanation: STS stands for Security Token Service.

10. Providing XML Gateway SOA security requires a _________ so that encryption is enforced by digital signatures.

a) Public Key Infrastructure
b) Private Key Infrastructure
c) Hybrid Key Infrastructure
d) None of the mentioned

Answer: a

Explanation: Another approach to enforcing security in SOA is to use an XML gateway that intercepts XML messages transported by SOAP or REST.