Free S90.18 Practice Test Questions and Answers (2026) | Cert Empire

Service A contains a service capability that runs a complex mathematical function, which results in runtime failure if invalid input values are supplied by a service consumer. Security needs to be added so that it can be verified that message content received by Service A has not been altered since the message was sent by a legitimate service consumer. Which pattern needs to be applied to fulfill this security requirement?

Using transport-layer security, an active intermediary that takes possession of a message can compromise:

In order to express the order in which a message is signed and encrypted, the _________ industry standard can be used.

A service that was previously using a shared identity store is now given its own dedicated identity store instead. What are the likely impacts (positive or negative) that will result from this change?

Service A hashes a message, resulting in message digest X. Service A encrypts the message digest X with its private key, resulting ir ciphertext X1. Service A sends the message and X1 to Service B . Service B hashes the message, resulting in message digest Y. Service B decrypts X1 with Service A's public key, recovering message digest X. Service B compares Y with X and finds them to be equal. This proves that:

The more _____________ the security architecture is across services, the more ____________the service composition architecture.

Service A relies on a shared identity store. Service B has its own identity store. Service C also has its own identity store, but must also access the shared identity store used by Service A . Which service has the least reduction in autonomy as a result of its relationship with identity store mechanism(s)?

The communication between two services operating within the same organization needs to be protected using message-layer security. These services are only used within the organizational boundary. The question is raised as to whether to use self-signed certificates or certificates signed by a certificate authority. A security specialist states that only certificates signed by an external certificate authority can be used to fulfill this security requirement. Is this correct?

Username and X.509 token profiles can be combined so that a single message can contain a username token that is digitally signed.

When working with SAML, a Security Token Service (STS) and a Service Provider refer to the same service.