Online Resources for Web Developers and Professionals - BETA

  search
ASP.NET.
PHP
SEO
Referer Programs
Microsoft
Oracle
Adobe
Apple
BEA 1 Checkpoint
Cisco
CISSP
Citrix
CIW
CompTIA
DB/2
ECCOUNCIL
EMC
IBM
Linux
Lotus
McAfee
Network Appliance
Novell
PMI
Sun
Wireless
RSS
Events
Others
Invite Your Friend
Feedback

Exam : MCPD - Microsoft .NET Framework 2.0 - Distributed Application Development.

Decrypt XML Elements with X.509 Certificates

You can use the classes in the System.Security.Cryptography.Xml namespace to encrypt and decrypt an element within an XML document. XML Encryption is a standard way to exchange or store encrypted XML data, without worrying about the data being easily read. For more information about the XML Encryption standard, see the World Wide Web Consortium (W3C) specification for XML Encryption located at http://www.w3.org/TR/xmldsig-core/.

This is appropriate for situations where multiple applications need to share encrypted data or where an application needs to save encrypted data between the times that it runs.

For detail information about Encryption and Decryption of XML elements , please visit MSDN Library.

Exam Related Question:

You have a Web service that is deployed on an unsecured network. You need to
implement encryption on the Web service. The implementation must be configurable at
run time. What should you do?

A. Apply Web Services Enhancements (WSE) 3.0 security to the Web service that is
configured to use an X.509 certificate with the Sign-Only protection level.
B. Write custom code in each Web method of the Web service that encrypts the data by
using the DESCryptoServiceProvider class.
C. Write a custom SOAP extension attribute class to encrypt and decrypt the SOAP
message. Apply the attribute to the Web service class.
D. Apply Web Services Enhancements (WSE) 3.0 security to the Web service that is
configured to use an X.509 certificate with the Sign and Encrypt protection level.

Answer: D

Explanation:


Only by using an X.509 certificate with Sign and Encrypt protection (D) can the parties
of the message ensure that the message has not only not been tampered with, but that it
can only be read by parties with the appropriate certificate.
Encryption on Web Services that is configurable at runtime is done through Web
Services Enhancements (WSE) 3.0 security in 2.0, thus writing custom code (B) or using
a custom SOAP extension (C) is not the most efficient or correct answer.
Using an X.509 certificate with Sign-Only protection (A), makes a hash of the content,
and ensures at the other end that the message has not been tampered with - but does not
ensure that no-one has read it along the way.

References:


No reference found
Prev 1  2  3  4  5  6  7  8  9  10  11  Next

Exam related books