Chapter 6 Application deployment and security Flashcards
Typically, large organizations use a four-tier structure
Development, testing, staging, and production.
What are the most common deployment models?
- Bare Metal
- Virtual Machine
- Container-based infraestructure
- serveless computing
Is software that creates and manages VMs
Hipervisor
The total amount of virtual memory allocated to these three VMs is greater than the amount of RAM available on the host machine. This is called
Overcommiting
What are types of infraestructures
- On-Premises
- On-Line
- Private Cloud
- Working-Cloud
- Public-Cloud
- Hybrid-Cloud
- Static-Cloud
- Edge-Cloud
1, 2, 3, 5, 6, 7
Infraestructure any system that is literally withim the confines of your building
On-premises
Infraestructure that is a system that provides self-service provisioning for compute resources, networking, and storage.
Private Cloud
Infraestructure that is gaining popularity because of the growth of the Internet of Things (IoT). These connected devices, such as connected cameras, autonomous vehicles, and even smartphones, increasingly benefit from computing power that exists closer to them on the network.
Edge Cloud
Is a format that wraps a number of different technologies to create what we know today as containers
Dockers
Is a philosophy for software deployment that figures prominently in the field of DevOps. DevOps itself is about communication and making certain that all members of the team are working together to ensure smooth operation.
Continuous Integration/Continuous Deployment (CI/CD)
In CI/CD In order to avoid impacting users, or at least to limit the impact, you can use deployment strategies such as:
- Rolling upgrade
- Canary pipeline
- Blue-green deployment
Deploymente strategy/ In this case, the new version is rolled out to a subset of users (or servers, depending on the architecture). If these users experience problems, the changes can be easily rolled back. If these users do not experience problems, the changes are rolled out to the rest of production.
Canary pipeline
This is the most straightforward version of Continuous Delivery, in which changes are periodically rolled out in such a way that they do not impact current users, and nobody should have to “reinstall” the software.
Rolling upgrade
In this case, an entirely new environment (Blue) is created with the new code on it, but the old environment (Green) is held in reserve. If users on the new environment experience problems, traffic can be diverted back to the original environment
Blue / Green deployment
Integration with agile methofdology
Shorter Mean Time to resolution
Automated deployment
Less disruptive feature releases
Improve quality
Improve time to market
CI/CD Benefits
What are some of the applications you need to consider when it comes to cloud deployment:
- Firewalls
- Load balancers
- DNS
- Reverse proxies
Different ways that a Load Balancer manage a particular request….
- Persist session
- Rounf Robin
- Least connection
- Ip hash
Works to make sure responses look like they all come from the same server.
Reverse Proxy
is a code injection technique that is used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’
SQL Injection
Examples of SQL Injection detection tools
- SQLmap
- SQLninja
Are designed to analyze source code and/or compiled versions of code to help find security flaws.
Static Application Security Testing (SAST)
Detect SQL injections based on the number of invalid queries from a host, while there are OR and UNION blocks inside of the request, or others.
Database firewalls
This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.
Use prepared statements
Happen when user-submitted content that has not been sanitized is displayed to other users. The most obvious version of this exploit is where one user submits a comment that includes a script that performs a malicious action, and anyone who views the comments page has that script executed on their machine.
Cross-Site Scripting (XSS)
Sometimes pronounced “Sea Surf.” In both cases, the attacker intends for the user to execute the attacker’s code, usually without even knowing it. The difference is that CSRF attacks are typically aimed not at the target site, but rather at a different site, one into which the user has already authenticated.
Cross-Site Request Forgery (CSRF)
Refers to “chopping something into small pieces” to make it look like a “confused mess”.
Hashing
A company has remote employees who need to connect to the company network in order to participate in meetings and to share the data and progress of application development. Which data transportation security technique can be implemented to allow remote employees to securely connect to the company private network?
Virtual Private Network (VPN)
What type of test is used to identify the possible weak spots in applications, servers,
or networks?
a. Pen
b. White box
c. Eraser
d. Unit
A
Which of the following is a tool that can be used for network discovery and security
auditing?
a. Nslookup
b. Nmap
c. ps
d. curl
B
What is the minimum number of identity components MFA uses to authenticate a
user’s identity?
a. One
b. Two
c. Three
d. Four
B
Which of the following is used for fingerprinting of data to detect whether the data
has been modified?
a. Private key
b. Public key
c. One-way hash
d. Certificate
A,C
Data needs to be secured in multiple locations. Which of the following are the correct
locations?
a. Memory, storage, and network
b. Flash, wire, and optics
c. Hard disk, database, and analytics
d. AWS, Google Cloud, and Azure
A
Which modes best describe IDSs and IPSs, respectively?
a. Passive, passive
b. Passive, active
c. Active, passive
d. Active, active
B
Which characteristic matches an SaaS deployment model?
a. Provider deploys your software customizations.
b. Any update to the software requires a new license.
c. You can recommend tweaks to the underlying infrastructure.
d. None of the above
D
Which is a good deployment model for real-time IoT sensors?
a. SaaS model
b. Edge computing model
c. Private cloud model
d. Hybrid cloud model
B
In which of the following ways are containers different from virtual machines?
(Choose two.)
a. Containers have less storage requirements than VMs.
b. VMs can run any operating system, but containers run only on Linux.
c. Containers start in 500 ms, and VMs start in minutes.
d. VMs are better if you have a microservice architecture.
A,C
Which deployment method is best for processes that are run periodically?
a. Serverless
b. Containers
c. Virtual machines
d. All of the above
A
What is the second way of DevOps?
a. Automation
b. Continuous learning and experimentation
c. Culture
d. Feedback loop
D
What is continuous integration?
a. Automated software delivery and deployment
b. An Agile software development technique
c. The process of merging development work with the code base for automated
testing
d. None of the above
C
A Docker images uses what type of file system?
a. Layered file system
b. NFS
c. XFS
d. Union file system
D
What command do you use to launch an nginx container on port 80 of the host file
system?
a. docker image build -p 80 nginx
b. docker start -it -d nginx -p 80|80
c. docker container run -p 80:80 -d nginx
d. None of the above
C
- Cost
- Scalability
- easy to use and write code for
Advantages of serveless deployment
