2.3 Summarize secure application development, deployment, and automation concepts. Flashcards

1
Q

Elasticity

A

the ability to resize an environment based on the load. Elasticity is a part of virtualization and can reduce costs. A user can increase or decrease resources as necessary. It is commonly used with cloud technologies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Scalability

A

the capacity to resize current resources based on workload resources. It is commonly used on cloud technologies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Containers

A

use the kernel as a host, but do not host an operating system. A container isolates and protects applications from other parts of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Redundancy

A

the process of duplicating critical components to provide fault tolerance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An administrator reconfigured a system back to its baseline settings after a vulnerability scanner detected deviation from the baseline configuration to improve the overall security posture of the system. What did the admin exercise in the Group Policy?

A

Integrity measurements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is done to identify baseline deviations. Automated tools continuously monitor the system for any baseline changes. If changes are found, Group Policy will force the system back to its original state.

A

Integrity measurements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Least functionality

A

employs the principle of deploying systems with only the services and protocols required to perform the job. This is a component of system hardening but is not forced upon finding a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Blacklisting

A

Group Policy that blocks certain applications to be installed but allows all else.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Sandboxing

A

an isolated area for testing and developing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Code obfuscation

A

the method of disguising coding methods by way of renaming variables, replacing strings, and hiding comments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Continuous delivery

A

an agile software engineering approach that streamlines the processes of building, testing, and releasing software. This leads directly to faster delivery of software updates to the customer, reduced development risk through frequent, smaller updates, and cost reductions through process efficiency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Continuous deployment

A

automates the process of delivering software to a production environment, which can decrease the software development lifecycle. However, while this can indirectly lead to the benefits described in the question, it doesn’t directly answer the question’s focus on reducing risk, cutting cost, and faster delivery to the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Continuous integration

A

a method that frequently merges code changes into a main repository where it’s regularly built and tested. This practice reduces integration issues and bugs in the development phase, but it doesn’t directly address the reduction of risk, cost, and speed of delivery to the customer as described in the question.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

DevSecOps

A

more focused on integrating security considerations into every phase of the development process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

change management

A

process that follows a change to a system from identification to implementation. It is used for controlled identification and implementation of required changes within a computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Version control

A

tracks the versions of software in real time. It will record who has accessed the code, and what was changed. Version Control also allows for rollback if necessary.

17
Q

Waterfall

A

The waterfall method of development maintains a top to bottom approach. When one stakeholder has finished his or her piece of work, then another can begin.