Which two statements are true about security strategies at the message level?
A.
Security is dependent on the application environment or the transport protocol.
B.
Each portion of a compound message is secured.
C.
Messages are secured during transport and after arrival at their destination
D.
Message attachments are secured without the need for a dedicated API.
E.
SSL is required to ensure authenticity, integrity, and confidentiality.
Answer should be B & C
BC
CD.
Why D ? – WS Security is already part of JAX WS API. No need of seperate API is required to secure message.
Option E seems wrong to me. Since the question specifically asks about message level security. The statement is not wrong, but its wrong in the context of the question. That leads me to believe D is right? If you interpret it as “You dont need a extra dedicated API because your message level security can secure attachments as well” it kinda makes sense