You work as a Microsoft BizTalk Server 2006 Architect at Domain.com. You need to implement process isolation in the Domain.com BizTalk system. You plan on using multiple Hosts for accomplish process isolation.
The Domain.com CEO is concerned that the system you are designing may be vulnerable to Information Disclosure attacks. You need to address this concern in your design.
What should you do?
A.
You should create a separate service account for each Host.
B.
You should create a single service account for all Hosts and assign the account the minimal required permissions.
C.
You should place the username and password for all service account in a bindings file.
D.
You should use a single Host in your design.
Explanation:
The service account for a Host must have Log on as Service permissions on the system where the Host resides. Therefore you can mitigate the potential for information disclosure attacks by ensuring that each Host uses a separate service account.Incorrect Answers:
B: Using a single service account for all Hosts will mean that a malicious user will have access to all Hosts in the system as the service account for a Host must have Log on as Service permissions on the system where the Host resides.
C: Binding files do not encrypt service account credentials and do not protect them from malicious users.
D: A single Host will not provide process isolation.