CAS-001 · Question #86
CAS-001 Question #86: Real Exam Question with Answer & Explanation
The correct answer is B: Users and services are distributed, often times over the Internet. B is correct because SOA (Service-Oriented Architecture) is inherently distributed, with services and consumers spread across networks and often accessible over the Internet. This broad accessibility increases the attack surface significantly compared to a tightly contained inter
Question
Options
- AUsers and services are centralized and only available within the enterprise.
- BUsers and services are distributed, often times over the Internet
- CSOA centrally manages legacy systems, and opens the internal network to vulnerabilities.
- DSOA abstracts legacy systems as a virtual device and is susceptible to VMEscape.
- ESOA abstracts legacy systems as web services, which are often exposed to outside threats.
Explanation
B is correct because SOA (Service-Oriented Architecture) is inherently distributed, with services and consumers spread across networks and often accessible over the Internet. This broad accessibility increases the attack surface significantly compared to a tightly contained internal system. E is correct because SOA commonly wraps legacy back-end systems as web services, exposing interfaces that were originally designed for trusted internal use to the broader network. Web services are subject to web-based attacks such as XML injection, SOAP manipulation, and unauthorized API access. Options A and C are incorrect because SOA is distributed-not centralized. Option D incorrectly conflates SOA with virtualization; VMEscape is a hypervisor vulnerability, not an SOA concern.
Community Discussion
No community discussion yet for this question.