CISSP PRACTICE QUESTIONS – 20200828

According to Wikipedia, “DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality.” Which of the following doesn’t shorten the SDLC or accelerate the deployment process?
A. The design follows Zero Trust
B. The deployment package is containerized
C. The architecture is based on microservices
D. Serverless computing is utilized as a part of the solution


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. The design follows Zero Trust.

A design based on Zero Trust enforces access control, but that doesn’t shorten the SDLC or accelerate the deployment process directly.

Zero Trust as Concepts and Ideas

An operative definition of zero trust and zero trust architecture is as follows:

  • Zero trust (ZT) provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.
  • Zero trust architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationshipsworkflow planning, and access policies.
  • Therefore, a zero trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a zero trust architecture plan.

Source: NIST SP 800-207

Please visit CISSP PRACTICE QUESTIONS – 20200822 for more.

Automation and DevOps Efficiency

Automation of the development and operations is the key to shorten or speed up the SDLC. Deployment is one of the critical activities that determine the length or efficiency of the SDLC.

Monolithic applications are clumsy to dynamic changes. Even a small change requires the whole application to be redeployed. Microservices features low-coupling that makes partial changes possible. Containerization automates and streamlines the deployment of applications and microservices. Serverless computing is one form of microservice implementations.

Please visit Microservices, Containerization, and Serverless for more.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

根據Wikipedia的說法,“ DevOps是將軟件開發(Dev)和IT操作(Ops)結合在一起的一組實踐。其目的是縮短系統開發生命週期,並提供高質量的連續交付。” 以下哪項不會縮短SDLC或加速部署過程?
A. 設計遵循零信任(Zero Trust)
B. 部署程序包已容器化(Containerization)
C. 該架構基於微服務(Microservices)
D. 無服務器(Serverless)計算被用作解決方案的一部分

Leave a Reply