Free S90.19 Practice Test Questions and Answers (2026) | Cert Empire

Service A contains reporting logic that collects statistical data from different sources in order to produce a report document. One of the sources is a Web service that exists outside of the organizational boundary. Some of Service A's service consumers are encountering slow response times and periods of unavailability when invoking Service A . While investigating the cause, it has been discovered that some of the messages received from the external Web service contain excessive data and links to files (that are not XML schemas or policies). What can be done to address this issue?

The same security policy has been redundantly implemented as part of the service contracts for Web services A, B and C. In order to reduce the effort of maintaining multiple redundant service policies, it has been decided to centralize policy enforcement across these three services. Which of the following industry standards will need to be used for Web services A, B and C in order for their service contracts to share the same security policy document?

An alternative to using a ___________ is to use a __________.

The difference between the Exception Shielding and Message Screening patterns is in how the core service logic processes incoming messages received by malicious service consumers?

___________ is an industry standard that describes mechanisms for issuing, validating, renewing and cancelling security tokens.

How can the use of pre-compiled XPath expressions help avoid attacks?

A service is designed to respond to an error condition by issuing a message containing detailed error information. This message includes connection information for a database that is shared by numerous services within the service inventory. An attacker intentionally sends an invalid message to the service in order to trigger an error and receive the connection information. The attacker then proceeds to connect to the database and issues a series of malicious SQL queries that make the database non-responsive. As a result, a number of services within the service inventory are disabled. Which of the following types of attacks were successfully carried out?

Service A needs to be designed so that it supports message integrity and so that only part of the messages exchanged by the service are encrypted. You are asked to create the security policy for this service. What type of policy assertions should you use?

The use of session keys and symmetric cryptography results in:

The Service Perimeter Guard pattern is applied to position a perimeter service outside of the firewall. The firewall only permits the perimeter service to access services within a specific service inventory. Which of the following statements describes a valid problem with this security architecture?