- SDN/NFV
- Zero Trust/Risk-based Access Control
- K8S/Docker
- AI/ML
- DevOps/DevSecOps
Hot Topics 2021
Reply
CISSP PRACTICE QUESTIONS – 20201016
An online store as a web application is protected by automated technical solutions that detect and prevent web-based attacks. However, the front end web application firewall seems not performing well so that the online store is suffering from TCP SYN flooding attacks. Which of the following is the most likely symptom?
A. The CPU utilization of the web server will surge.
B. The bandwidth of the public-facing connection gets exhausted.
C. The memory of the backlog queue to maintain all half-open connections depletes.
D. The hard drives of the web server will work at high utilization for memory paging.
TCP 3-Way Handshake Process
CISSP PRACTICE QUESTIONS – 20201015
An online store as a web application is protected by automated technical solutions that detect and prevent web-based attacks. As a security professional, you are hired to help them understand the Payment Card Industry Data Security Standard (PCI DSS) requirements and best practices. Which of the following is not true?
A. Web application assessments shall be conducted at least annually and after any changes.
B. A web application firewall is typically implemented in front of public-facing web applications.
C. Testing improper access control such as insecure direct object references must apply to all applications.
D. SQL injection is the most concern among injection flaws such as OS Command, LDAP, and XPath injection.
Network Segmentation and Microsegmentation
- How Microsegmentation Differs from Network Segmentation
https://www.zscaler.com/blogs/corporate/how-microsegmentation-differs-network-segmentation - What is Microsegmentation?
https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation - Lateral Movement
CISSP PRACTICE QUESTIONS – 20201014
As a developer, you want to connect to a remote code repository using SSH. Which of the following is least likely to happen?
A. Install your public key on the remote code repository.
B. Generate a public and private key pair on your own.
C. Open the TCP port 22 on your development environment.
D. Input your password to log in.
Jericho Forum and De-perimeterisation
CISSP PRACTICE QUESTIONS – 20201013
You are developing a contingency plan for an information system and considering system availability and product life and support. Which of the following is true?
A. Hard drives should be evaluated in terms of mean time to repair (MTTR).
B. A product is not available on the market if it is at the end of support
C. Product support is not available after the product is announced end-of-life.
D. Implementing a redundant site to meet the recovery time objective (RTO) is mandatory.
OWASP SAMM (Software Assurance Maturity Model) V2
Source: Minded Security
The following is an excerpt from OWASP SAMM v2.0 – Core Model Document:
The OWASP SAMM Model
SAMM is a prescriptive model, an open framework which is simple to use, fully defined, and measurable. The solution details are easy enough to follow even for non-security personnel. It helps organizations analyze their current software security practices, build a security program in defined iterations, show progressive improvements in secure practices, define, and measure security-related activities.
SAMM was defined with flexibility in mind so that small, medium, and large organizations using any style of development can customize and adopt it. It provides a means of knowing where your organization is on its journey towards software assurance and understanding what is recommended to move to the next level of
maturity.SAMM does not insist that all organizations achieve the maximum maturity level in every category. Each organization can determine the target maturity level for each Security Practice that is the best fit and adapt the templates provided for their specific needs.
OWASP SAMM structure
At the highest level, SAMM defines five critical business functions. Each business function is a category of activities related to the nuts-and-bolts of software development, or stated another way, any organization involved with software development must fulfill each of these business functions to some degree.
For each business function, SAMM defines three security practices. Each security practice is an area of security-related activities that build assurance for the related business function. There are fifteen security practices that are the independent silos for improvement that map to the five business functions of software development.
For each security practice, SAMM defines three maturity levels as objectives. Each level within a security practice is characterized by a successively more sophisticated objective defined by specific activities, and more stringent success metrics than the previous level. Additionally, each security practice can be improved independently, though related activities can lead to optimizations For each security practice, SAMM defines two streams. Each stream has an objective to be reached, and this objective can be reached in increasing levels of maturity. Streams align and link the activities in the practice over the different maturity levels.The structure and setup of the SAMM model support
- the assessment of the organization’s current software security posture
- the definition of the organization’s target
- the definition of an implementation roadmap to get there
- prescriptive advice on how to implement particular activities
CISSP PRACTICE QUESTIONS – 20201012
Which of the following is the best initiative that contributes to threat modeling the most?
A. Social engineering
B. Phishing
C. Security champions
D. Gamification