nerdexam
ExamsCAS-002Questions#160
CompTIA

CAS-002 · Question #160

CAS-002 Question #160: Real Exam Question with Answer & Explanation

The correct answer is C: Service to service authentication for all workflows.. In a service-oriented architecture with a history of data injection attacks, service-to-service authentication ensures only trusted services can participate in workflows, directly mitigating injection threats.

Question

A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website. After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. The company has also been the victim of data injection attacks in the past and needs to build in mitigation features. Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA?

Options

  • APoint to point VPNs for all corporate intranet users.
  • BCryptographic hashes of all data transferred between services.
  • CService to service authentication for all workflows.
  • DTwo-factor authentication and signed code

Explanation

In a service-oriented architecture with a history of data injection attacks, service-to-service authentication ensures only trusted services can participate in workflows, directly mitigating injection threats.

Common mistakes.

  • A. Point-to-point VPNs protect network-layer communication for intranet users but do not authenticate individual services or prevent a compromised internal service from injecting malicious data.
  • B. Cryptographic hashes verify data integrity after the fact but do not authenticate the originating service or block a malicious service from injecting data before it is transmitted.
  • D. Two-factor authentication and signed code address user access and software integrity but do not establish the service-level trust needed to prevent injection attacks between SOA components.

Concept tested. Service-to-service authentication in SOA security

Reference. https://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/os/ws-securitypolicy-1.3-os.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice