What is a Domain Model in Domain-Driven Design (DDD)?

a9092d0a55648f5687b20c2a7aa82e09a1790688

Domain Model

I would define a domain as a collection of entities. A domain model is a structural representation of entities and the relationship among them to describe a problem or solution.

Entity

An entity is anything in real life that has a unique identity to distinguish from one another. It comprises a set of attributes to describe its characteristics and operations to achieve one or more stated purposes.

Relationships

Common relationships between entities are containment, aggregation, inheritance, implementation, and use or invocation.

CISSP PRACTICE QUESTIONS – 20191121

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. A team in-house is in charge of developing an E-Commerce system that supports the new business. The testing team was conducting dynamic application security testing (DAST) and activated the Calculator app, one of the Windows accessories, on one of the web servers through an input field in an HTML form. This test demonstrated a successful attempt of intrusion. Which of the following is least feasible to prevent the attack?
A. Apply limit of the input length.
B. Enable Data Execution Prevention (DEP)
C. Enable Address Space Layout Randomization (ASLR)
D. Conduct Time-of-check to time-of-use (TOC/TOU) check

Continue reading

CISSP PRACTICE QUESTIONS – 20191120

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. A team in-house is in charge of developing an E-Commerce system that supports the new business. The project team is evaluating secure information system development processes to follow. Which of the following is least applicable to the system engineering for this project?
A. System Security Engineering Capability Maturity Model (SSE-CMM).
B. INCOSE Systems Engineering Handbook
C. NIST SP 800-160 (Systems Security Engineering)
D. ISO/IEC/IEEE 15288 (Systems and software engineering — System life cycle processes)

Continue reading

CISSP PRACTICE QUESTIONS – 20191119

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. A team in-house is in charge of developing an E-Commerce system that supports the new business. SSL/TLS protects communication between browsers and web server farms. The performance tester observed that the CPU utilization of web servers kept as high as 100%, and some connections will time out. However, the webserver farms work fine under HTTP connections. Moreover, the web servers are I/O bound in nature; they mostly accept file requests and dispatch transactions to the application server clusters.  Which of the following is most feasible to address the time-out and improve availability?
A. Increase the bandwidth, e.g., from T1 to T3.
B. Add more RAM/memory to improve system performance
C. Implement hardware security modules to offload processing
D. Upgrade to faster CPUs on each web server to speed up the processing

Continue reading

Hardware Security Module

1920px-luna_sa_hardware_security_module

Hardware security module

The functions of an HSM are:

  • onboard secure cryptographic key generation
  • onboard secure cryptographic key storage, at least for the top level and most sensitive keys, which are often called master keys
  • key management
  • use of cryptographic and sensitive data material, for example, performing encryption or digital signature functions
  • offloading application servers for complete asymmetric and symmetric cryptography.

CA HSMs

In PKI environments, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle asymmetric key pairs.

SSL/TLS HSMs

Performance critical applications that have to use HTTPS (SSL/TLS), can benefit from the use of an SSL Acceleration HSM by moving the RSA operations, which typically requires several large integer multiplications, from the host CPU to the HSM device.

Bank HSMs

HSMs support both general-purpose functions and specialized functions required to process transactions and comply with industry standards.

Source: Hardware security module

References