nerdexam
ExamsCAS-001Questions#313
CompTIA

CAS-001 · Question #313

CAS-001 Question #313: Real Exam Question with Answer & Explanation

The correct answer is A: Implement WS-Security for services authentication and XACML for service authorization.. Answer A is correct because the architecture uses an ESB and web services gateway, making WS-Security (a SOAP/web services security standard) the appropriate mechanism for service-to-service authentication, and XACML (eXtensible Access Control Markup Language) provides fine-grain

Question

A general insurance company wants to set up a new online business. The requirements are that the solution needs to be: - Extendable for new products to be developed and added - Externally facing for customers and business partners to login - Usable and manageable - Be able to integrate seamlessly with third parties for non core functions such as document printing - Secure to protect customer's personal information and credit card information during transport and at rest The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system integration and a web services gateway. Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO).

Options

  • AImplement WS-Security for services authentication and XACML for service authorization.
  • BUse end-to-end application level encryption to encrypt all fields and store them encrypted in the database.
  • CImplement a certificate based solution on a smart card in combination with a PIN to provide authentication
  • DImplement WS-Security as a federated single sign-on solution for authentication authorization of users.
  • EImplement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest.
  • FUse application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and

Explanation

Answer A is correct because the architecture uses an ESB and web services gateway, making WS-Security (a SOAP/web services security standard) the appropriate mechanism for service-to-service authentication, and XACML (eXtensible Access Control Markup Language) provides fine-grained, policy-based authorization - both align with the ESB/SOA layer. Answer F is correct because it uses application-level encryption on sensitive fields (protecting PCI/PII data at rest in the database) combined with SSL/TLS on sensitive data flows (protecting data in transit). Answer B (end-to-end encryption of all fields) is overly broad and operationally impractical. Answer C (smart card + PIN) only addresses strong authentication, not the broader data protection requirements. Answer D mischaracterizes WS-Security - it is not a federated SSO solution. Answer E partially overlaps with F but omits field-level encryption of data at rest.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice