Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

XML Exam I10-003 Topic 5 Question 37 Discussion

Actual exam question for XML's I10-003 exam
Question #: 37
Topic #: 5
[All I10-003 Questions]

A certain store engages in Internet commerce, managing customer information via XMLDB. Customers register as a user through a webpage, and are allowed to view their own information so they can edit their information themselves through a webpage interface. The store's Web application saves the customer information in an XMLDB, and retrieves data from the XMLDB as necessary. The XML data including customer information is as shown in [CUSTOMER.xml] referenced in a separate window.

The XMLDB account when the Web application connects to the XMLDB is WEBAPP.

A person at the store is in charge of processing payments (access to all registered customer information), and this person's XMLDB account is COUNTER.

A person at the store is in charge of product shipments (access to all registered customer information except for payment information ("payment element")), and this person's XMLDB account is SHIPPER.

Do not consider XMLDB accounts other than those noted above.

Each account authorization in the XMLDB is presently configured as follows: The WEBAPP account has permission to update and view [CUSTOMER xml]

Other accounts have permission to view [CUSTOMER.xml]

Which is the most appropriate method in this situation regarding XMLDB account authorizations'?

Assume that this XMLDB has a view creation function (function to show only certain XML data in response to a certain query)

Show Suggested Answer Hide Answer
Suggested Answer: D

Contribute your Thoughts:

Mariann
6 months ago
Creating a view to show information other than payment elements and restricting access to the SHIPPER account seems more secure to me.
upvoted 0 times
...
Lucia
7 months ago
Why do you think that, Charlie?
upvoted 0 times
...
Mariann
7 months ago
I disagree, I believe option D is better.
upvoted 0 times
...
Lucia
7 months ago
Because creating a view for the payment element information ensures that only the person in charge of processing payments (COUNTER) can access it.
upvoted 0 times
...
Adelina
7 months ago
Why do you think that, Alice?
upvoted 0 times
...
Lucia
7 months ago
I think option C is the most appropriate method.
upvoted 0 times
...
Sheron
8 months ago
I'm with you on that. D seems like the most well-rounded solution. It addresses the security concerns while still allowing the necessary access for each role. Plus, it's more future-proof if we need to add more user types later on.
upvoted 0 times
...
Lorrine
8 months ago
Option C is interesting, but I'm not convinced it's the best solution. Creating a separate view just for payment info feels a bit like a workaround. I'd prefer a more comprehensive approach like option D.
upvoted 0 times
...
Karan
8 months ago
Hmm, I'm not sure about option A. Encrypting everything might cause more hassle than it's worth, especially if the WEBAPP account still needs to be able to update the data. Let's stick to the more targeted approaches in B and D.
upvoted 0 times
...
Youlanda
8 months ago
Option D also sounds promising. Creating views to control access to different parts of the data is a smart way to handle this. The SHIPPER account shouldn't need to see the payment info, so restricting their access to that specific view is a good idea.
upvoted 0 times
...
Britt
8 months ago
I agree. Option B seems like the most appropriate approach. Encrypting just the payment element and only giving the COUNTER account decryption access makes sense. That way, the other users can still access the necessary customer information without compromising the sensitive payment data.
upvoted 0 times
...
Dalene
8 months ago
This is a tricky question. We need to balance security and accessibility for different user roles. Encrypting all user data might be overkill, but we definitely need to protect the payment information.
upvoted 0 times
Kris
7 months ago
I agree, we should only give permission to decrypt payment information to the COUNTER account.
upvoted 0 times
...
Graciela
7 months ago
I think option B is the best choice.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77