According to Wikipedia, “DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality.” Which of the following doesn’t shorten the SDLC or accelerate the deployment process?
A. The design follows Zero Trust
B. The deployment package is containerized
C. The architecture is based on microservices
D. Serverless computing is utilized as a part of the solution
Monthly Archives: August 2020
Side-Channel Attack
About the Photo of EMI testing
I imported two models of integrated telephony cards, ten years ago, as PBX interfaces (FXO/FXS), voice recording, and FAX.
We sent sample products to the laboratory for certification and then applied for the approval to sell it on the market. It’s a typical C&A process for IT products. The certification standard is called PSTN01, defined by the Taiwan government.
Please refer to CISSP PRACTICE QUESTIONS – 20200827 for details.
Strategic Thinking and Planning
Mission and Vision
- An organization doesn’t exist for no reason. It is founded for purposes and tasked with missions. Its vision coined by leaders motivates people who conduct activities directed by objectives and measured against metrics and indicators to create value, achieve (strategic) goals, and fulfill the vision and missions.
- Business refers to the collection of activities that create value. It is driven by the internal and external context of an organization that imposes conditions and constraints and stakeholders who express expectations, needs, and requirements.
CISSP PRACTICE QUESTIONS – 20200827
According to ISO/IEC 29192-1:2012, a side-channel attack is an “attack based on information gained from the physical implementation of a cryptosystem.” Which of the following is not one of the information sources exploited to initiate side-channel attacks?
A. Timing information
B. Power consumption
C. Electromagnetic and acoustic emissions
D. Theoretical weaknesses of ciphers
CISSP Sudoku 365 is Coming!
The Effective CISSP: Practice Questions, also known as CISSP Sudoku 365, is coming!
-
Kindle ebook is scheduled to be published on 2020/08/27, pre-orders accepted. Promotion: Buy One, Get TWO!
-
Paperback will be available in late Aug or early Sep.
CISSP PRACTICE QUESTIONS – 20200826
Traditional cloud computing no longer meets the demands of high-performance computing from the ever-growing mobile and IoT devices. Edge computing offloads those computing requirements by placing edge servers and devices close to the user and origin of data, or as the last mile, to provide location-aware, bandwidth-sufficient, real-time, and low-cost services. Which of the following is the least common attack to the edge servers or devices?
A. DDoS attack
B. Side-channel attack
C. Malware Injection attack
D. Meet-in-the-middle attack
Some Authentication Terminologies
NIST Guidelines
- SP 800-63-3 – Digital Identity Guidelines
- SP 800-63A – Enrollment and Identity Proofing
- SP 800-63B – Authentication and Lifecycle Management
- SP 800-63C – Federation and Assertions
CISSP PRACTICE QUESTIONS – 20200825
DevOps is a set of practices that engages the development and operation team with the purpose of shortening the software development life cycle and delivering quality software continuously. Secure DevOps (DevSecOps) advances DevOps and emphasizes engaging more stakeholders and addressing security requirements. Which of the following is not true?
A. DevOps facilitates collaborations between stakeholders with no need for cultural changes.
B. DevOps streamlines pipelines and processes by automation and technologies.
C. DevSecOps can provide high visibility that helps the IT team monitors system operations.
D. DevSecOps can support continuous authorization.
Microservices, Containerization, and Serverless
Microservices
Microservice is a low-coupling architecture that can be achieved by refactoring a monolithic application, that is, turning in-proc application components into self-contained networked services suitable for being deployed in scalable or elastic containers or serverless environments.
CISSP PRACTICE QUESTIONS – 20200824
Your company decides to develop the CRM system by an in-house integrated product team (IPT) and deploy the solution to PaaS provisioned by a public cloud services provider. DevOps is implemented to support the software development life cycle. As a security professional, which of the following is the most concern?
A. The solution is continuously monitored and provides high visibility.
B. The solution is delivered to the staging system on the fly for manual testing.
C. The solution is built automatically once code is checked into the code repository.
D. The solution is deployed to the production system if continuous testing succeeded.