Your organization is a well-known software development organization aiming to improve development processes and deliver quality software. Which of the following is the best instrument to benchmark how well your organization performs against other organizations in terms of security? (Wentz QOTD) A. Capability Maturity Model Integration (CMMI) B. Cybersecurity Maturity Model Certification (CMMC) C. Building Security In Maturity Model (BSIMM) D. Software Assurance Maturity Model (SAMM)
Which of the following is not a primary construct that supports containerization? (Wentz QOTD) A. Partition kernel resources into namespaces B. Limit the resource usage of a collection of processes C. Connect containers across multiple hosts using overlay networks, e.g., VXLAN D. Isolate containers through the bare metal hypervisor
Your organization is developing a microservices-based application. As a DevOps team member in charge of maintenance and operations, which of the following minimizes your workload the most? (Wentz QOTD) A. Containerization B. Serverless computing C. Platform as a Service (PaaS) D. Container orchestrator, such as K8S, Swarm, or Mesos
Which of the following statements about NFV, SDN, SDP, and Zero Trust is not true? (Wentz QOTD) A. Network Function Virtualization (NFV) typically uses proprietary servers to run network services for performance. B. Software-defined networking (SDN) decouples the network control and forwarding functions that communicate through application programming interfaces (APIs). C. Software Defined Perimeters (SDP) leverages existing technologies, such as VPN, SDN, micro-segmentation, etc. to enforce security. D. Zero Trust concepts can be implemented using SDP.
Which of the following processes help ensure the organization’s capability to acquire and supply products or services through the initiation, support, and control of projects and provide resources and infrastructure necessary to support projects? (Wentz QOTD) A. Agreement processes B. Organizational project-enabling processes C. Technical management processes D. Technical processes
Attribute-Based Access Control (ABAC) is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of the entity’s actions relevant to a request. Which of the following is not a source of attributes used in ABAC? (Wentz QOTD) A. Security kernel B. Environment C. The active party of the request D. The resource accessed by the subject
After risk assessment, your company plans to equip laptops used by sales representatives with FIPS 140-2 Level 3 compliant self-encrypting drives as a countermeasure to protect around 10% of confidential data stored on hard drives. You are analyzing the residual risk using a quantitative approach in another iteration of risk assessment after the risk treatment.Which of the following is the primary and direct factor subject to change due to the risk treatment? (Wentz QOTD) A. Asset value B. Exposure factor C. Annual loss expectancy D. Annualized rate of occurrence