The principle of “Security as a Service” states that business solution; must be designed to
consume common security services, where possible, as opposed to implementing custom security
logic and replicating copies of security data. Which of the following statements is not an
Implication of this principle?
A.
Security logic must be externalized as much as possible, i.e., developers must not hand-code
security logic into business solutions.
B.
Security enforcement, decisions, and management must be performed by dedicated, shared
services and Infrastructure.
C.
Wherever possible, security services must be built upon open standards.
D.
Security services must use Web Service (SOAP) interfaces and XML payloads in order to
promote Interoperability.
Explanation:
Rationale: Security services allow multiple solutions to share common
security logic, features, policies, and identity information. This
provides a more secure environment by eliminating
redundancies and associated risks. It also enables more effective
management of security in the IT environment.
Implications:
* Security logic must be externalized as much as possible, i.e.,
developers must not hand-code security logic into business
solutions.(A)
* Security enforcement, decisions, and management must be
performed by dedicated, shared services and infrastructure.(B)
* Security services must leverage open standards for interface
protocols and message formats where possible in order topromote interoperability.(C)
* The availability and performance characteristics of security
services must meet or exceed the specifications required to
support the business solutions.
Reference: Oracle Reference Architecture,Security, Release 3.1
The Question is checking which one is “NOT” an implication.
Which of the following statements is not an Implication of this principle?
So the Correct Answer is “D”.
All others are implication of “Security as a Service” principal, it is given in the show answer hints.