You are hosting a Windows Communication Foundation (WCF) service at http://www.contoso.com for a law enforcement agency.
The agency adds operations to support sending biometric fingerprint data via non-buffered streaming.
The service data is routed between intermediaries. The WCF binding you are using by default does not support encryption.
You need to ensure that the fingerprint data is not disclosed when passed over the network. What should you do?
A.
Use basicHttpBinding with message security to https://www.contoso.com
B.
Use basicHttpBinding with transport security to https://www.contoso.com
C.
Use wsHttpBinding with message security to https://www.contoso.com
D.
Use wsHttpBinding with transport security to http://www.contoso.com
answer is A. routed through intermediaries, therefore message level security needed – not transport (only point-to-point)
Use message security for the following scenarios:
You are sending a message to a WCF service, and the message is likely to be forwarded to other WCF services or may be routed through intermediate systems.
Your WCF clients are accessing the WCF service over the Internet, it is possible that other intermediate systems may be used in between, and security is your top consideration.
(Source : MSDN)
Hence A is Correct.
Just posting what others have stated. The answer is A. Source:
http://msdn.microsoft.com/en-us/library/ff650862.aspx
Transfer Security
You can provide security on transport level or the message level. Each option has its own advantages and disadvantages. For instance, transport security secures the entire communication channel (e.g., by using SSL) and therefore only supports point-to-point communication over a single transport. Message security protects each message individually and therefore supports multipoint communication, multiple transports, or even partial message encryption if necessary. Most scenarios are best supported by using transport security.
Why not B?