According to NIST, malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating system. Which of the following statements about malware is correct? (Wentz QOTD)
A. A virus is not self-replicating; it can be loaded and executed by an operating system only.
B. A worm can either actively exploit network service vulnerabilities or passively use mass mailing to propagate itself.
C. Malicious mobile code, as the mobile app, traverses across mobile devices without the user’s explicit instruction.
D. A Trojan horse is a self-replicating and self-contained program that appears to be benign but actually has a hidden malicious purpose.

A microservices-based architecture in applications and service mesh application infrastructure that provides various security services through service proxies has emerged as the widespread application environment for cloud-native applications. Which of the following is not a common type of authorization policy used in service mesh? (Wentz QOTD)
A. Service-level authorization policies
B. End user-level authorization policies
C. Model-based authorization policies
D. Circuit-level authorization policies

The head of the sales department purchased a batch of new mobile devices for sales representatives to facilitate the selling process without the approval of the IT department. Which of the following is the best security control to prevent this from recurring? (Wentz QOTD)
A. Mobile Device Security Policies
B. User Education
C. OS & Application Isolation
D. Application Vetting

You are implementing Zero Trust architecture. Which of the following is the best access control policy language for authorization? (Wentz QOTD)
A. Risk-based access control
B. Attribute-based access control
C. Security Assertion Markup Language (SAML)
D. eXtensible Access Control Markup Language (XACML)

Which of the following is least likely used to encrypt data in a VPN connection? (Wentz QOTD)
A. TLS/SSL
B. Secure Shell (SSH)
C. IPsec
D. L2TP

Which of the following is least likely to interact with clients directly in a microservices-based application? (Wentz QOTD)
A. Microservice instances
B. Service mesh
C. API gateway
D. Web application firewalls

You are evaluating authentication solutions. Which of the following is the best mechanism that supports single-factor authentication? (Wentz QOTD)
A. Password
B. Fingerprint
C. Iris
D. Retina

When it comes to microservices-based applications, which of the following is the layer of the ISO OSI model to which the service mesh, aka sidecar proxy, belongs? (Wentz QOTD)
A. Application layer
B. Presentation layer
C. Session layer
D. Transport layer