Effective CISSP Questions

You are evaluating cloud service models that support microservices architecture and have minimum administration overhead to deploy an enterprise-grade application. Which of the following is the best technology that meets your requirements? (Wentz QOTD)
A. PaaS
B. Zero Trust
C. Containerization
D. Serverless computing

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Serverless computing.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Building a Serverless Back-end with AWS

Microservices are typically hosted in containers deployed on-premises or on PaaS; they can also be implemented in a serverless back-end, aka Function as a Service (FaaS), which has lower administration overhead to deploy an enterprise-grade application than PaaS. Containerization itself involves much deployment work such as building images, registration, orchestration, etc.

PaaS and Serverless (aka FaaS)

PaaS is a good answer, but it’s not the best answer to this question because PaaS customers still need to configure for scalability or elasticity. That is, to automatically provision or de-provision instances of workloads depending on the number of requests.

Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.3 The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment

Source: NIST SP 800-145

On the contrary, serverless computing, aka Function as a Service (FaaS), uses the “pay-as-you-go” model. Customers are completely freed from the administration of backend servers and elasticity issues.


Container Technology Architecture
Container Technology Architecture (Source: NIST SP 800-190)


您正在評估支持微服務架構並具有最低額外管理負擔(overhead)來部署企業級應用程式的雲服務模型。 以下哪項是滿足您要求的最佳技術? (Wentz QOTD)
A. 平台即服務 (PaaS)
B. 零信任 (Zero Trust)
C. 容器化 (Containerization)
D. 無伺服器計算 (Serverless computing)

Leave a Reply