CISSP PRACTICE QUESTIONS – 20211127

Effective CISSP Questions

You are developing a software solution with a service-oriented architecture. Which of the following is the most critical factor to enforce availability? (Wentz QOTD)
A. Discover and subscribe services from a well-known service registry using UDDI
B. Maintain and completely mediate sessions
C. Invoke services based on standard HTTP verbs
D. Invoke stateless services that follow the single-responsibility principle

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Invoke stateless services that follow the single-responsibility principle.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA)

When it comes to service-oriented architecture, a service can be treated as a process that provides interfaces to accept requests from and send responses to clients or other entities. A microservice is a fine-graned version of service that follows the single-responsibility principle and typically doesn’t maintain states. Microservices are typically deployed to containers and coordinated and managed by container orchestrators.

Container Technology Architecture
Container Technology Architecture (Source: NIST SP 800-190)
API Gateway and Service Mesh
API Gateway and Service Mesh (Source: Liran Katz)

Web Services

To discover and subscribe services from a well-known service registry using UDDI implies a dependency on outdated web services and external service providers. Your availability is subject to the availability of external dependant resources.

SOA's Find-Bind-Execute Paradigm
SOA’s Find-Bind-Execute Paradigm (Credit: Qusay H. Mahmoud)

RESTful API

To invoke services based on standard HTTP verbs implies invocation of RESTful API. This architectural style doesn’t relate to availability directly.

Reference


您正在開發具有服務導向架構(SOA)的軟件解決方案。 以下哪一項是強化可用性的最關鍵因素? (Wentz QOTD)
A. 使用 UDDI 從知名服務註冊中心發現和訂閱服務
B. 維持和完全調解會話(session)
C. 基於標準 HTTP 動詞調用服務
D. 調用遵循單一職責原則的無狀態服務



Leave a Reply