A general insurance company wants to set up a new online business. The requirements are that
the solution needs to be:
Extendable for new products to be developed and added
Externally facing for customers and business partners to login
Usable and manageable
Be able to integrate seamlessly with third parties for non core functions such as document
printing
Secure to protect customer’s personal information and credit card information during transport
and at rest
The conceptual solution architecture has specified that the application will consist of a traditional
three tiered architecture for the front end components, an ESB to provide services, data
transformation capability and legacy system integration and a web services gateway.
Which of the following security components will BEST meet the above requirements and fit into the
solution architecture? (Select TWO).
A.
Implement WS-Security for services authentication and XACML for service authorization.
B.
Use end-to-end application level encryption to encrypt all fields and store them encrypted in the
database.
C.
Implement a certificate based solution on a smart card in combination with a PIN to provide
authentication and authorization of users.
D.
Implement WS-Security as a federated single sign-on solution for authentication authorization
of users.
E.
Implement SSL encryption for all sensitive data flows and encryption of passwords of the data
at rest.
F.
Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows,
and database encryption for sensitive data storage.