Microservices are an architectural style that divides a monolithic application into a set of loosely coupled small services with well-defined interfaces and operations. The trend has grown popular in recent years as organizations look to become more Agile and move toward cloud services. Which of the following statements about microservices is correct? (Wentz QOTD)
A. Applications based on microservices have a smaller attack surface than the monolithic.
B. Firewalls are the primary control deployed to expose and throttle microservices.
C. Microservices keep HTTP connections alive to conduct complete mediation.
D. Microservices are typically deployed to immutable workloads to support elasticity.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Microservices are typically deployed to immutable workloads to support elasticity.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.

Microservices are typically deployed to immutable workloads to support elasticity so that workloads (VMs, hosts) can scale out and in (horizontally) based on various levels of client requests. To support elasticity (to scale out and in automatically), immutable workloads cannot be modified but dropped and recreated (or added) like cattle and chickens and don’t maintain states in the local repository.

• Applications based on microservices have a larger attack surface than the monolithic because they are distributed and communicating with each other through networks. Modules in a monolithic communicate by sharing memory or storage or through Inter-process communication (IPC) across applications.
• API Gateways are the primary control deployed to expose and throttle microservices.
• To support higher scalability, microservices typically won’t keep HTTP connections alive. However, they shall conduct complete mediation to enforce security. HTTP Keep-Alive is not required to implement complete mediation.

Attack Surface

• The set of points on the boundary of a system, a system component, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, component, or environment. (NIST SP 800-53 Rev. 5)
• set of attack points that an attacker can use in order to enter or capture data in an information system. (ISO/TS 12812-2:2017)

Reference

• Microservices, Containerization, and Serverless
• The Basics of Containerization
• Microservices (Wikipedia)
• Service-oriented architecture
• Pattern: Microservice Architecture
• Microservices by Martin Fowler
• What is Microservices? (Smart Bear)
• What are Microservices? Code Examples, Best Practices, Tutorials and More
• Microservices (IBM)
• What are microservices? (RedHat)
• The What, Why, and How of a Microservices Architecture
• Loose coupling
• Microservices Security (Pluralsight)
• API vs Microservices [What’s the Difference?]

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

• It is available on Amazon.
• Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

微服務(microservices)是一種架構風格，它將單體(monolithic)應用程序劃分為一組具有明確定義的接口和操作的鬆散耦合(loosely coupled)的小服務。 近年來，隨著組織希望變得更加敏捷並轉向雲服務，這一趨勢變得越來越流行。下列關於微服務的說法是正確的？(Wentz QOTD)
A. 基於微服務的應用比單體應用的攻擊面(attack surface)更小。
B. 防火牆是部署用於公開(expose)和限制(throttle)微服務的主要控制措施。
C. 微服務保持 HTTP 連接處於活動狀態(alive)以進行完整的中介(mediation)。
D. 微服務通常部署到不可變(immutable)的工作負載(workloads)以支持彈性(elasticity)。