Which two statements are true about security strategies at the message level?

Which two statements are true about security strategies at the message level?

Which two statements are true about security strategies at the message level?

A.
Messages are secured during transport and after arrival at their destination

B.
Each portion of a compound message is secured.

C.
SSL is required to ensure authenticity, integrity, and confidentiality.

D.
Message attachments are secured without the need for a dedicated API.

E.
Security is dependent on the application environment or the transport protocol.



Leave a Reply 10

Your email address will not be published. Required fields are marked *


DonkeyNuts

DonkeyNuts

Wrong – E is not true.I would say A

Thomas

Thomas

i would say A and D

Erkin

Erkin

C and E are incorrect.

Since it says message level not transport or wire level, and message level security is independent of any transport protocol, C is incorrect.

A is correct, Since after arrival of the message, the security related info is not removed.

For B and D, D is closer to me. Because in B, it says each portion is secured. In WSS, the security is applied selectively. And, for D in order to secure attachments, no extra API is required, it is already in JDK.

Ashishkumar

Ashishkumar

AB

Why A ? – Message level security is end to end security
Why B ? – Can be selectively applied to diff portion of message and when using XML security , to message attachemnts.

Why not C – Its for Transport Layer Security
Why not D – Dedicated API is required. For example Message integrity using XML Signature API and Message Confidentiality using XML Encryption API
Why not E – Security is completely independent of application environment and transport protocol

Ashishkumar

Ashishkumar

Some confusion between B and D.
After reading multiple views , I would say A and Dis correct answer.

Why D ? – WS Security is part of JAX WS. i.e. no special api is required to secure message.

Why not B ? – it says each portion is secured. In WSS, the security is applied selectively.