CISSP PRACTICE QUESTIONS – 20210824

Effective CISSP Questions

When it comes to microservices-based applications, which of the following is the layer of the ISO OSI model to which the service mesh, aka sidecar proxy, belongs? (Wentz QOTD)
A. Application layer
B. Presentation layer
C. Session layer
D. Transport layer

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Session layer.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

API Gateway and Service Mesh
API Gateway and Service Mesh (Source: Liran Katz)

A service mesh is a dedicated infrastructure layer that facilitates service-to-service communication through service discovery, routing and internal load balancing, traffic configuration, encryption, authentication and authorization, metrics, and monitoring.

It provides the capability to declaratively define network behavior, node identity, and traffic flow through policy in an environment of changing network topology due to service instances coming and going offline and continuously being relocated.

It can be looked upon as a networking model that sits at a layer of abstraction above the transport layer of the Open System Interconnection (OSI) model (e.g., Transport Control Protocol/Internet Protocol (TCP/IP)) and addresses the service’s session layer (Layer 5 of the OSI model) concerns.

However, fine-grained authorization may still need to be performed at the microservice since that is the only entity that has the full knowledge of the business logic.

A service mesh conceptually has two modules—the data plane and the control plane. The data plane carries the application request traffic between service instances through service-specific proxies. The control plane configures the data plane, provides a point of aggregation for telemetry, and provides APIs for modifying the behavior of the network through various features, such as load balancing, circuit breaking, or rate limiting.

Source: NIST SP 800-204

Reference


對於基於微服務的應用程序,以下哪一層是 ISO OSI 模型的服務網格(即 sidecar 代理)所屬的層? (Wentz QOTD)
A. 應用層
B. 表示層
C. 會話層
D. 傳輸層


Leave a Reply