Which of the following is not a primary construct that supports containerization? (Wentz QOTD)
A. Partition kernel resources into namespaces
B. Limit the resource usage of a collection of processes
C. Connect containers across multiple hosts using overlay networks, e.g., VXLAN
D. Isolate containers through the bare metal hypervisor
Which of the following is a connectionless attack at the transport layer of the ISO OSI model? (Wentz QOTD)
A. Smurf
B. Teardrop
C. Fraggle
D. TCP SYN flood
Your organization is developing a microservices-based application. As a DevOps team member in charge of maintenance and operations, which of the following minimizes your workload the most? (Wentz QOTD)
A. Containerization
B. Serverless computing
C. Platform as a Service (PaaS)
D. Container orchestrator, such as K8S, Swarm, or Mesos
Which of the following statements about NFV, SDN, SDP, and Zero Trust is not true? (Wentz QOTD)
A. Network Function Virtualization (NFV) typically uses proprietary servers to run network services for performance.
B. Software-defined networking (SDN) decouples the network control and forwarding functions that communicate through application programming interfaces (APIs).
C. Software Defined Perimeters (SDP) leverages existing technologies, such as VPN, SDN, micro-segmentation, etc. to enforce security.
D. Zero Trust concepts can be implemented using SDP.
Which of the following processes help ensure the organization’s capability to acquire and supply products or services through the initiation, support, and control of projects and provide resources and infrastructure necessary to support projects? (Wentz QOTD)
A. Agreement processes
B. Organizational project-enabling processes
C. Technical management processes
D. Technical processes
Attribute-Based Access Control (ABAC) is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of the entity’s actions relevant to a request. Which of the following is not a source of attributes used in ABAC? (Wentz QOTD)
A. Security kernel
B. Environment
C. The active party of the request
D. The resource accessed by the subject
After risk assessment, your company plans to equip laptops used by sales representatives with FIPS 140-2 Level 3 compliant self-encrypting drives as a countermeasure to protect around 10% of confidential data stored on hard drives. You are analyzing the residual risk using a quantitative approach in another iteration of risk assessment after the risk treatment. Which of the following is the primary and direct factor subject to change due to the risk treatment? (Wentz QOTD)
A. Asset value
B. Exposure factor
C. Annual loss expectancy
D. Annualized rate of occurrence
An information system needs the official management decision given by a senior organizational official to authorize the operation and to accept the residual risk explicitly. Which of the following provides the final decision? (Wentz QOTD)
A. Risk-based auditing
B. Authoritative accreditation
C. Comprehensive security assessment
D. Third-party security evaluation using objective criteria
An employee reported a sexual harassment case to management. Which of the following should your organization conduct first? (Wentz QOTD)
A. Submit a change request
B. Respond to an E-Discovery request
C. Review the acceptable use policy
D. Initiate administrative investigation