About Wentz Wu

Wentz is a co-founder of Amicliens, a company from Taiwan delivering business solutions. He enjoys applying IT technologies to solve business problems and has been working in the IT industry for over 20 years.

CISSP PRACTICE QUESTIONS – 20200921

Effective CISSP Questions

Alice and Bob work together to develop a log parser using C++.  Alice is linking the main program with the modules in object code developed by Bob. The log parser loads all the dependent modules when it starts. Which of the following best describes the role of Bob’s modules?
A. Software Development Kit (SDK)
B. Runtime library
C. Static library
D. Application Programming Interface (API)

Continue reading

CISSP PRACTICE QUESTIONS – 20200919

Effective CISSP Questions

An in-house development team in your organization is tasked to develop a new information system deployed to a public PaaS to support a new mission. A well-known consulting firm, enlisted in your organizational approved providers and offerings, is contracted to advise cloud services. Some of the tools used by developers are freeware downloaded from the internet. Which of the following acquisition sources is not used in this project?
A. Commercial-off-the-shelf (COTS)
B. Open Source
C. Managed services
D. Third-party

Continue reading

SDN, NFV, and SDS

  • Software-defined networking (SDN) abstracts the control over the flow of data by separating logical control rules from physical data forwarding into the control plane and the data plane. Logical control rules are programmable as software, while sophisticated data-plane functionality is virtualizable through Network function virtualization (NFV).
  • Software-defined security (SDS) is a security model that exploits SDN/NFV to enforce network security by security software on generic servers abstracting security appliances, such as Firewall, IDS, etc.

CISSP PRACTICE QUESTIONS – 20200918

Effective CISSP Questions

Software-defined networking (SDN) abstracts the control over the flow of data by separating logical control rules from physical data forwarding into the control plane and the data plane. Logical control rules are programmable as software, while sophisticated data-plane functionality is virtualizable through Network function virtualization (NFV). Software-defined security (SDS) is a security model that exploits SDN/NFV to enforce network security by security software on generic servers abstracting security appliances, such as Firewall, IDS, etc. Which of the following is not true about SDN, NFV, or SDS?
A. Controllers can impose flow rules or policies on physical devices via OpenFlow.
B. Switches at the data-plane implement the spanning-tree algorithm to prevent loops.
C. Software switches through NFV can be implemented independently without SDN.
D. Firewalls on generic servers as SDN applications can communicate with controllers through APIs.

Continue reading

CISSP PRACTICE QUESTIONS – 20200917

Effective CISSP Questions

Your company is developing a mobile app with the support of the RESTful backend API gateway which receives articles from the mobile app and posts them across social media on behalf of the author. The API gateway creates copies in the database server so that authors can manage them. As an architect, you are designing the system architecture. Which of the following is the most feasible design decision?
A. The mobile app shall invoke API through HTTP POST to create and share articles.
B. IP whitelisting on the API gateway shall be enabled to enforce the authenticity of origin.
C. Rate limits, such as throttling and quotas, shall be applied to prevent the race condition.
D. SAML shall be implemented for authentication.

Continue reading