According to Wikipedia, “DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality.” Which of the following doesn’t shorten the SDLC or accelerate the deployment process?
A. The design follows Zero Trust
B. The deployment package is containerized
C. The architecture is based on microservices
D. Serverless computing is utilized as a part of the solution

Continue reading →

According to ISO/IEC 29192-1:2012, a side-channel attack is an “attack based on information gained from the physical implementation of a cryptosystem.” Which of the following is not one of the information sources exploited to initiate side-channel attacks?
A. Timing information
B. Power consumption
C. Electromagnetic and acoustic emissions
D. Theoretical weaknesses of ciphers

Continue reading →

Traditional cloud computing no longer meets the demands of high-performance computing from the ever-growing mobile and IoT devices. Edge computing offloads those computing requirements by placing edge servers and devices close to the user and origin of data, or as the last mile, to provide location-aware, bandwidth-sufficient, real-time, and low-cost services. Which of the following is the least common attack to the edge servers or devices?
A. DDoS attack
B. Side-channel attack
C. Malware Injection attack
D. Meet-in-the-middle attack

Continue reading →

DevOps is a set of practices that engages the development and operation team with the purpose of shortening the software development life cycle and delivering quality software continuously. Secure DevOps (DevSecOps) advances DevOps and emphasizes engaging more stakeholders and addressing security requirements. Which of the following is not true?
A. DevOps facilitates collaborations between stakeholders with no need for cultural changes.
B. DevOps streamlines pipelines and processes by automation and technologies.
C. DevSecOps can provide high visibility that helps the IT team monitors system operations.
D. DevSecOps can support continuous authorization.

Continue reading →

Your company decides to develop the CRM system by an in-house integrated product team (IPT) and deploy the solution to PaaS provisioned by a public cloud services provider. DevOps is implemented to support the software development life cycle. As a security professional, which of the following is the most concern?
A. The solution is continuously monitored and provides high visibility.
B. The solution is delivered to the staging system on the fly for manual testing.
C. The solution is built automatically once code is checked into the code repository.
D. The solution is deployed to the production system if continuous testing succeeded.

Continue reading →