The Basics of Containerization

Container Technology Architecture
Container Technology Architecture

A container image is a package created and registered by developers that contains all the files, typically organized in layers, required to run in a container. An image typically comprises layers, such as the minimum OS core (aka base layer), application frameworks, and custom code.

Even though a host could directly contact a registry for an image and deploy it into a container, orchestrators such as Kubernetes (K8S), Docker Swarm, Mesos, etc., can automate the deployment process to pull images from registries, deploy them into containers, and manage the container runtimes.

Continue reading

CISSP PRACTICE QUESTIONS – 20210409

Effective CISSP Questions

As a CISO, you frequently travel on business and connect to corporate mail servers through VPN for security. You’d like to send a strategic plan to the CEO from a luxury five-star hotel remotely. Which of the following best ensures non-repudiation of the email? (Wentz QOTD)
A. Asymmetric encryption using key pairs
B. Elliptic Curve Digital Signature Algorithm (ECDSA)
C. IPsec in transport mode using AH and certificates
D. IPsec in tunnel mode using ESP and shared secrets

Continue reading

CISSP PRACTICE QUESTIONS – 20210408

Effective CISSP Questions

Which of the following best aligns with the security principles of containerization? (Wentz QOTD)
A. Overlay networks are commonly used to monitor traffic between nodes.
B. Containers shall be deployed on the same host to impose the security baseline.
C. Containers are stateless and immutable, against which in-place patches are not allowed.
D. General-purpose OSs are more flexible and suitable for reducing attack surfaces of containers.

Continue reading

CISSP PRACTICE QUESTIONS – 20210406

Your organization implemented an anomaly-based Intrusion Detection System (IDS) designed to optimize false-negative probability and minimize potential losses. However, the IDS triggered too many false alarms. As the IDS administrator, you are evaluating the configuration change to reduce the number of false alarms. Which of the following is the least likely ramification of the change? (Wentz QOTD)
A. Zero-day exploits might increase
B. Investigation workload might decrease
C. The sensitivity of the IDS might be lowered
D. The detection threshold of IDS might be enlarged

Effective CISSP Questions
Continue reading

CISSP PRACTICE QUESTIONS – 20210405

Effective CISSP Questions

A tunnel is a logical link or point-to-point connection, established through tunneling protocols, that encapsulates payloads between two nodes over a public or shared network. Still, other security services or protocols protect data transmitted through the tunnel. Which of the following is not a tunneling protocol? (Wentz QOTD)
A. Virtual Extensible LAN (VXLAN)
B. Layer 2 Forwarding Protocol (L2F)
C. Generic Routing Encapsulation (GRE)
D. Encapsulating Security Payload (ESP)

Continue reading

CISSP PRACTICE QUESTIONS – 20210402

Effective CISSP Questions

A France computer manufacturer submits a trusted computer system for the Common Criteria evaluation and receives an EAL 7. The system supports the security policy that allows a user cleared as confidential to prepare reports to the supervisor at the secret level. Which of the following is least likely to be used in the design as a formal model? (Wentz QOTD)
A. Finite state machine
B. Information flow model
C. Non-interference model
D. Mandatory access control

Continue reading

CISSP PRACTICE QUESTIONS – 20210401

Effective CISSP Questions

According to Dorothy E. Denning, “the lattice properties permit concise formulations of the security requirements of different existing systems and facilitate the construction of mechanisms that enforce security.” Which of the following is not a lattice-based access control model? (Wentz QOTD)
A. Biba model
B. Clark-Wilson model
C. Brewer and Nash model
D. Bell-LaPadula (BLP) model

Continue reading