Which two statements are true about security strategies at the message level?
A.
Messages are secured during transport and after arrival at their destination
B.
Each portion of a compound message is secured.
C.
SSL is required to ensure authenticity, integrity, and confidentiality.
D.
Message attachments are secured without the need for a dedicated API.
E.
Security is dependent on the application environment or the transport protocol.
Wrong – E is not true.I would say A
i would say A and D
I found some users saying the correct answer is A and C.
http://www.coderanch.com/t/626067/java-Architect-SCEA/certification/SCEA-preparation-book-prepared-OCMJEA
Ssl is not about authenticity.
I vote for A and C. Here is why C is correct http://www-01.ibm.com/support/knowledgecenter/#!/SSFKSJ_7.5.0/com.ibm.mq.sec.doc/q009940_.htm
AB
A and C are correct answers.
http://docs.oracle.com/cd/E19798-01/821-1841/bnbxd/index.html
C and E are incorrect.
Since it says message level not transport or wire level, and message level security is independent of any transport protocol, C is incorrect.
A is correct, Since after arrival of the message, the security related info is not removed.
For B and D, D is closer to me. Because in B, it says each portion is secured. In WSS, the security is applied selectively. And, for D in order to secure attachments, no extra API is required, it is already in JDK.
AB
Why A ? – Message level security is end to end security
Why B ? – Can be selectively applied to diff portion of message and when using XML security , to message attachemnts.
Why not C – Its for Transport Layer Security
Why not D – Dedicated API is required. For example Message integrity using XML Signature API and Message Confidentiality using XML Encryption API
Why not E – Security is completely independent of application environment and transport protocol
Some confusion between B and D.
After reading multiple views , I would say A and Dis correct answer.
Why D ? – WS Security is part of JAX WS. i.e. no special api is required to secure message.
Why not B ? – it says each portion is secured. In WSS, the security is applied selectively.