Oracle Identity and Access Management Suite 11g Essentials — Question 3
The principle of "Security as a Service" states that business solution; must be designed to consume common security services, where possible, as opposed to implementing custom security logic and replicating copies of security data. Which of the following statements is not an Implication of this principle?
Answer options
- A. Security logic must be externalized as much as possible, i.e., developers must not hand-code security logic into business solutions.
- B. Security enforcement, decisions, and management must be performed by dedicated, shared services and Infrastructure.
- C. Wherever possible, security services must be built upon open standards.
- D. Security services must use Web Service (SOAP) interfaces and XML payloads in order to promote Interoperability.
Correct answer: A, B, C
Explanation
The correct answer is A because it contradicts the principle of externalizing security logic. Options B and C align with the principle as they emphasize the use of shared services and open standards, while option D specifies a technical requirement that is not necessarily implied by the principle.