The database team has suggested deploying a SOA based system across the enterprise. The
Chief Information Officer (CIO) has decided to consult the security manager about the risk
implications for adopting this architecture. Which of the following are concerns that the security
manager should present to the CIO concerning the SOA system? (Select TWO).

A.
Users and services are centralized and only available within the enterprise.

B.
Users and services are distributed, often times over the Internet

C.
SOA centrally manages legacy systems, and opens the internal network to vulnerabilities.

D.
SOA abstracts legacy systems as a virtual device and is susceptible to VMEscape.

E.
SOA abstracts legacy systems as web services, which are often exposed to outside threats.