CISSP PRACTICE QUESTIONS – 20210823

Effective CISSP Questions

API gateway and service mesh are two main architectural elements that ensure reliable, resilient, and secure communication in a microservices-based application. Which of the following is not a core feature of an API gateway? (Wentz QOTD)
A. Facilitate service-to-service communication.
B. Ensure a reasonable rate of requests.
C. Redirect requests from old clients to a new version of the service.
D. Avoid the possibility of a cascaded failure.

Continue reading

CISSP PRACTICE QUESTIONS – 20210822

Effective CISSP Questions

Microservices are a separate architectural style, an SOA pattern, or a refined SOA. Both microservices and SOA emphasize self-contained services, high interoperability, loose coupling (minimal dependency) between them. Which of the following is not an advantage of microservices? (Wentz QOTD)
A. The development teams can work independently.
B. The presence of multiple components enhances availability.
C. The independence of services improves the reusability of the code.
D. The overall architecture of the system can be aligned with the organizational structure.

Continue reading

Service-Oriented Architecture (SOA), Web Services, and Microservices

Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA)

Service-oriented architecture (SOA) can be fulfilled by web services or Microservices. The web services approach leads to the SOA, while the microservices architecture is an extension to the SOA. Enterprise application integration (EAI) based on SOA typically implements a shared enterprise service bus (ESB) for enterprise applications to exchange messages. Microservices are hosted in one or more containers collaborating under the orchestration of Google Kubernetes (K8S), Docker Swarm, or Apache Mesos.

Continue reading

CISSP PRACTICE QUESTIONS – 20210821

Effective CISSP Questions

An Authorization to Operate (ATO) is the official management decision to authorize the operation of a system. Which of the following is least significant to the authorization decision? (Wentz QOTD)
A. All identified risks are addressed.
B. Safeguards operate as intended.
C. Residual risk is at an acceptable level.
D. The system operates per the stated policies and practices.

Continue reading

CISSP PRACTICE QUESTIONS – 20210820

Effective CISSP Questions

A policy is an aggregate of management intent, directives, rules, and practices, which specifies the correct or expected behavior. It’s written at a broad level and needs other artifacts, such as standards, procedures, and guidelines, for elaboration. Which of the following statements is incorrect? (Wentz QOTD)
A. A policy is always created by senior management only.
B. Standards are normally compulsory within an organization.
C. Policy, standards, procedures, and guidelines can be mixed in one manual.
D. Policy can be used to establish an organization’s information security program.

Continue reading

Program Analysis

Gartner’s Magic Quadrant for Application Security Testing (AST)

In computer scienceprogram analysis is the process of automatically analyzing the behavior of computer programs regarding a property such as correctness, robustness, safety and liveness. Program analysis focuses on two major areas: program optimization and program correctness. The first focuses on improving the program’s performance while reducing the resource usage while the latter focuses on ensuring that the program does what it is supposed to do.

Program analysis can be performed without executing the program (static program analysis), during runtime (dynamic program analysis) or in a combination of both.

Source: Wikipedia

References

CISSP PRACTICE QUESTIONS – 20210818

Effective CISSP Questions

Terms such as out-of-band transmission, D channel, signaling channel, control plane, etc., depict the idea of separating data flow from control flow. Which of the following is least related to the idea in terms of its design? (Wentz QOTD)
A. Voice over Internet Protocol (VoIP)
B. Integrated Services Digital Network (ISDN)
C. Software Defined Perimeter (SDP)
D. Open Shortest Path First (OSPF)

Continue reading