Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

XML Exam I10-003 Topic 9 Question 43 Discussion

Actual exam question for XML's I10-003 exam
Question #: 43
Topic #: 9
[All I10-003 Questions]

A certain store engages in Internet commerce, managing customer information via XMLDB. Customers register as a user through a webpage, and are allowed to view their own information so they can edit their information themselves through a webpage interface. The store's Web application saves the customer information in an XMLDB, and retrieves data from the XMLDB as necessary. The XML data including customer information is as shown in [CUSTOMER.xml] referenced in a separate window.

The XMLDB account when the Web application connects to the XMLDB is WEBAPP.

A person at the store is in charge of processing payments (access to all registered customer information), and this person's XMLDB account is COUNTER.

A person at the store is in charge of product shipments (access to all registered customer information except for payment information ("payment element")), and this person's XMLDB account is SHIPPER.

Do not consider XMLDB accounts other than those noted above.

Each account authorization in the XMLDB is presently configured as follows: The WEBAPP account has permission to update and view [CUSTOMER xml]

Other accounts have permission to view [CUSTOMER.xml]

Which is the most appropriate method in this situation regarding XMLDB account authorizations'?

Assume that this XMLDB has a view creation function (function to show only certain XML data in response to a certain query)

Show Suggested Answer Hide Answer
Suggested Answer: D

Contribute your Thoughts:

Tamar
4 months ago
I'm going with option C. It's the most targeted approach to controlling access to the sensitive payment data.
upvoted 0 times
...
Edna
4 months ago
Haha, the store should just hire a wizard to cast a spell and protect the payment info. Abracadabra, no more worries!
upvoted 0 times
Louvenia
3 months ago
True, limiting access to certain information is important for security.
upvoted 0 times
...
Pete
3 months ago
Creating a view for payment information and limiting access could also work.
upvoted 0 times
...
Patrick
4 months ago
Yeah, encryption sounds like a safer option for protecting payment info.
upvoted 0 times
...
Arlette
4 months ago
That would be cool, but I think encryption might be more practical.
upvoted 0 times
...
...
Elmira
5 months ago
Encrypting all user element content is overkill. Option B is more reasonable, since only the payment information needs to be protected.
upvoted 0 times
Valentin
4 months ago
Encrypting all user element content is overkill. Option B is more reasonable, since only the payment information needs to be protected.
upvoted 0 times
...
Lashanda
4 months ago
B) When saving data into the XMLDB, all payment element content should be encrypted, and only the COUNTER account should be given permission for decryption
upvoted 0 times
...
...
Lynda
5 months ago
Creating a view to show information other than payment element and restricting access for the SHIPPER account seems more secure to me.
upvoted 0 times
...
Laurel
5 months ago
Why do you think option D is better?
upvoted 0 times
...
Lynda
6 months ago
I disagree, I believe option D is the best choice.
upvoted 0 times
...
Glory
6 months ago
Option D seems like a good solution too. Limiting the SHIPPER account's access to the payment element information makes sense.
upvoted 0 times
Francine
5 months ago
Yes, it's important to restrict access to sensitive payment information. Creating a separate view for the SHIPPER account is a good way to ensure data security.
upvoted 0 times
...
Arthur
5 months ago
I agree, option D seems like the most appropriate method in this situation. Limiting access to payment information for the SHIPPER account is important.
upvoted 0 times
...
...
Domingo
6 months ago
I think option C is the most appropriate. Creating a view for payment information and giving the COUNTER account access to it is a good way to control access to sensitive data.
upvoted 0 times
Jean
5 months ago
That's a good point. Option B could also be a valid choice for ensuring security of payment information.
upvoted 0 times
...
Jerilyn
5 months ago
But wouldn't it be better to encrypt the payment element content and only give the COUNTER account permission for decryption?
upvoted 0 times
...
Lynsey
5 months ago
I agree, option C seems like the best choice. It limits access to sensitive payment information.
upvoted 0 times
...
...
Laurel
6 months ago
I think the most appropriate method is option C.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77