Cloud Security and Serverless Architecture Flashcards
You are developing a service that process user request and responds to the client with the result. Your service relies on another microservice that provides data to process user request. The client has strict SLAs of latency and your service needs to comply to it. You can not control the performance of the other microservice on which your processing depends. You can, however, respond to the client by serving data from cache if the other microservice doesn’t respond within SLAs. Which service microservice pattern helps you meet this requirement.
A) Circuit Breaking
B) Anti-Corruption pattern
C) Service discovery
A) Circuit Breaking.
Here’s a breakdown of why Circuit Breaking is the best choice:
Circuit Breaker Pattern:
Monitors the health of the dependent microservice (data provider).
If the dependent service consistently fails to respond within SLAs (trips the circuit), the circuit breaker initiates fallback behavior:
In your case, serving data from the cache.
This helps maintain low latency for the client by avoiding delays caused by a slow or unavailable dependent service.
Once the dependent service recovers, the circuit breaker can be reset, allowing your service to resume normal communication with it.
Explanation of why other options are not as suitable:
B) Anti-Corruption Pattern:
Focuses on adapting data formats and communication styles between different services to ensure compatibility.
While it might be relevant in general microservice communication, it doesn’t directly address the specific issue of handling slow or unavailable dependencies for maintaining low latency.
C) Service Discovery:
Helps locate and connect to instances of the dependent service.
Essential for service communication itself, but doesn’t provide a mechanism for handling slow responses or timeouts in the context of maintaining SLAs.
Additional Considerations:
Cache Invalidation Strategy:
Ensure your cache is invalidated or refreshed periodically to reflect updates in the dependent service’s data.
Consider cache invalidation mechanisms based on the data’s volatility and the impact of stale data on your application.
Circuit Breaker Configuration:
Fine-tune the circuit breaker parameters (e.g., timeout, number of retries) to balance responsiveness and resilience based on your specific SLAs and service behavior.
By effectively implementing the Circuit Breaking pattern, you can achieve:
Improved Client SLAs: Meeting the client’s strict latency requirements by serving cached data when the dependent service is slow.
Enhanced Service Resilience: Mitigating the impact of failures or slow responses in the dependent service on your service’s overall performance.
Which of these traits is a benefit of a serverless architecture?
A) Reduced cost because you only pay when your code runs
B) Improved scalability that enables you to serve extremely active traffic periods
C) Faster workflows for IT departments due to less worry about server obligations
D) All the above
D) All the above
Here’s why each trait is a benefit of serverless architecture:
Reduced cost because you only pay when your code runs: Serverless providers charge based on the execution time and resources used by your code. This eliminates the need to pay for idle servers, leading to significant cost savings, especially for applications with variable traffic.
Improved scalability that enables you to serve extremely active traffic periods: Serverless architecture automatically scales up or down based on demand. This ensures your application can handle spikes in traffic without manual intervention. You don’t have to worry about provisioning or managing servers, allowing your application to seamlessly handle high concurrency.
Faster workflows for IT departments due to less worry about server obligations: Serverless removes the burden of server management from IT teams. They can focus on developing and deploying code instead of managing infrastructure. This frees up valuable resources and accelerates development cycles.
Serverless is a good choice for an application in which of these cases?
A) When the app’s event processing is resource-intensive
B) When the app’s event processing is not resource-intensive
C) When you have an app that requires low latency
D) When you have an app that is consistently bombarded with events
B) When the app’s event processing is not resource-intensive
Explanation:
A) When the app’s event processing is resource-intensive:
Serverless architectures, such as AWS Lambda, are typically not well-suited for resource-intensive tasks due to limitations in execution time, memory, and CPU resources. For resource-intensive processing, dedicated servers or containers might be more appropriate.
B) When the app’s event processing is not resource-intensive:
Serverless is ideal for lightweight, short-lived tasks that don’t require significant computational resources. It allows you to scale automatically and only pay for the actual compute time consumed, making it cost-effective for such scenarios.
C) When you have an app that requires low latency:
Serverless functions can sometimes introduce latency, especially if the function has not been invoked recently and needs to be “warmed up.” For applications requiring consistently low latency, traditional server-based or containerized solutions might be more reliable.
D) When you have an app that is consistently bombarded with events:
While serverless can handle bursts of events efficiently due to its auto-scaling nature, consistently high event rates might lead to higher costs and potential throttling issues. In such cases, a more predictable and controlled environment might be preferable.
In summary, serverless is best suited for applications with non-resource-intensive event processing, providing cost efficiency and scalability for such use cases.
A serverless architecture can be problematic to debug.
A) False
B) True
B) True
Debugging in a serverless architecture can indeed be challenging due to factors like:
Decentralized Execution: Functions are often executed in a distributed environment, which can make it harder to trace the flow of execution and understand the interactions between different components.
Statelessness: Serverless functions are typically stateless, so debugging may involve reconstructing state from logs or external storage, which can be complex.
Cold Starts: The latency involved in cold starts can affect the debugging process and make it harder to reproduce specific issues consistently.
Limited Execution Context: The ephemeral nature of serverless functions means that you might have limited access to debugging tools or live execution contexts.
If the circuit in your code is closed. This indicates that your service is not responding to the clients with normal behavior.
A) False
B) True
B) False
In the context of microservices and distributed systems, a “circuit closed” state often refers to the Circuit Breaker pattern. When a circuit breaker is “closed,” it means the system is operating normally and requests are being allowed to pass through.
If the circuit were “open,” it would indicate that the service is currently not responding as expected, and requests are being blocked to prevent further strain on the failing service and to allow it time to recover.
So, if a circuit is in the “closed” state, it suggests that the service is behaving normally and is able to handle requests as expected. If it were in an “open” state, it would indicate a problem.
Which of the following is true for data governance and data management?
A) Data management is about the policies, procedures, and the work flows that support management of information.
B) Data Management falls more on the IT side helping to enable data governance.
C) Data governance falls more on the IT side helping to enable data governance.
D) Data Governance is about the policies, procedures, and the work flows that support management of information.
B) Data Management falls more on the IT side helping to enable data governance.
D) Data Governance is about the policies, procedures, and the workflows that support management of information.
A) Data management is about the policies, procedures, and the workflows that support management of information.
False. Data management typically focuses on the actual handling and processing of data, including its storage, organization, and retrieval. It deals with the practical aspects of data operations rather than the policies and procedures.
B) Data Management falls more on the IT side helping to enable data governance.
True. Data management is often associated with IT and involves the technical aspects of handling data. It supports data governance by implementing and enforcing the policies and procedures defined by data governance.
C) Data governance falls more on the IT side helping to enable data governance.
False. Data governance generally encompasses policies, procedures, and standards for data management and is often overseen by business leaders or data stewards rather than being solely an IT concern.
D) Data Governance is about the policies, procedures, and the workflows that support management of information.
True. Data governance involves defining and managing the policies, procedures, and standards for data management to ensure data quality, security, and compliance.
What goes into a Data Governance Framework?
A) Data Architecture
B) Metadata Management
C) Data Security and privacy
D) Data Quality
All Options
A Data Governance Framework typically includes the following components:
A) Data Architecture: Defines the structure of data, including how data is organized, stored, and accessed. It provides a blueprint for managing data assets and aligns with governance policies.
B) Metadata Management: Involves managing information about data, such as data definitions, sources, and relationships. It helps in understanding and controlling data assets and ensures consistency and quality.
C) Data Security and Privacy: Focuses on protecting data from unauthorized access and ensuring compliance with privacy regulations. It includes policies and practices to safeguard sensitive data and manage access controls.
D) Data Quality: Ensures that data is accurate, complete, and reliable. It involves implementing processes and standards to maintain and improve data quality over time.
So, all of the listed components—Data Architecture, Metadata Management, Data Security and Privacy, and Data Quality—are integral parts of a Data Governance Framework.
Consider the various issues relating to data privacy. Before undertaking anything regarding data privacy, which question should you ask if your concern is the impact an action will have on your company’s brand?
A) Is it desirable?
B) Is it ethical?
C) Is it legal?
D) Is it necessary?
When considering the impact of an action on your company’s brand, the most relevant question to ask is:
B) Is it ethical?
Understanding the ethical implications of an action helps you evaluate how it aligns with your company’s values and public perception. While legal compliance (C) and necessity (D) are important, and desirability (A) can be a factor, the ethical considerations directly address how the action will impact the company’s reputation and brand image. Ethics often drive public trust and can significantly influence brand strength and customer loyalty.
While all of the following are important elements in an information governance program, (which from the options below) is the most crucial. Someone must be invested long-term, own the business case, and clear obstacles for the IG lead.
A) Organization and classification
B) Data governance technique
C) Executive sponsorship
D) Policy communication
The most crucial element in an information governance (IG) program from the options provided is:
C) Executive sponsorship
Executive sponsorship is vital because:
Long-term Commitment: Executive sponsors are crucial for providing long-term commitment and support for the IG program.
Ownership: They own the business case and ensure that the program aligns with the company’s strategic goals.
Clearing Obstacles: They can help remove obstacles and secure necessary resources for the IG lead to successfully implement and manage the program.
While other elements like organization and classification, data governance techniques, and policy communication are important, they all benefit from strong executive sponsorship to be effective and sustainable.
Which one of the following is not a core goal of information security?
A) Confidentiality
B) Integrity
C) Authorization
D) Availability
C) Authorization is not a core goal but rather a process that supports the core goals. Authorization determines who is allowed to access or modify information based on their permissions, but the core goals focus on the protection and proper use of information: confidentiality, integrity, and availability.
The core goals of information security typically include:
A) Confidentiality: Ensuring that information is accessible only to those authorized to access it.
B) Integrity: Ensuring that information is accurate and complete, and protected from unauthorized modification.
D) Availability: Ensuring that information and resources are available to authorized users when needed.
A gap analysis of the Data architecture will reveal all of these except
A) data is created and not read
B) data is not created
C) data not located where it is needed
D) data tables that are improperly normalized
E) data not available when it is needed
Given these points, the correct answer is:
A) Data is created and not read
While this can be an issue, it is more related to data utilization rather than the structural and availability aspects that a gap analysis of data architecture typically focuses on.
A gap analysis of the data architecture typically aims to identify discrepancies between the current state and the desired future state of data management and utilization. It can reveal several issues related to data creation, location, availability, and structure. However, one of the options provided does not fit the typical scope of a gap analysis in data architecture.
Let’s review each option:
A) Data is created and not read: This can be identified in a gap analysis as it points to data that exists but is underutilized.
B) Data is not created: This can also be identified, as it indicates missing data that should be generated.
C) Data not located where it is needed: This is a common issue that a gap analysis would reveal, highlighting problems with data accessibility and distribution.
D) Data tables that are improperly normalized: This is a structural issue that a gap analysis would identify, focusing on the design and efficiency of data storage.
E) Data not available when it is needed: This is another common issue that a gap analysis would reveal, indicating problems with data availability and timeliness.
What are different components of Data Governance?
A) Data lineage
B) Data integrity
C) Data security
D) Data integration
All components
Data Governance encompasses several key components that ensure the effective management and control of data across an organization. The different components include:
A) Data Lineage: Tracks the flow and transformation of data through the system, from its origin to its final destination. It helps in understanding how data moves and changes over time.
B) Data Integrity: Ensures the accuracy, consistency, and reliability of data throughout its lifecycle. It involves measures to prevent data corruption and maintain data quality.
C) Data Security: Protects data from unauthorized access and breaches. It involves implementing policies and controls to safeguard data against threats and vulnerabilities.
D) Data Integration: Combines data from various sources into a unified view. It involves the processes and technologies that allow disparate data systems to work together and provide comprehensive insights.
All the listed components—Data Lineage, Data Integrity, Data Security, and Data Integration—are integral to a robust Data Governance framework.
(From the options below) is the degree to which data gives us confidence in its accuracy and integrity
A) Quality
B) Volume
C) Adherence
D) Compliance
The degree to which data gives us confidence in its accuracy and integrity is:
A) Quality
Data quality refers to how well data meets the requirements for accuracy, completeness, reliability, and consistency. It encompasses the degree of confidence users can have in the data’s accuracy and its ability to support decision-making and business processes effectively.
In order to be compliant with the GDPR regulation organizations what are good questions for self audit to gauge the preparedness?
A) Do we have access to data activities and data elements?
B) Do we have a breach management process in place?
C) Do we have information of Metadata?
D) Are we sure company management is in support of GDPR activities?
B) Do we have a breach management process in place?
D) Are we sure company management is in support of GDPR activities?
For a self-audit to gauge preparedness for GDPR compliance, important questions to ask include:
B) Do we have a breach management process in place?
GDPR requires organizations to have procedures for detecting, reporting, and responding to data breaches. A robust breach management process is essential for compliance.
D) Are we sure company management is in support of GDPR activities?
Support from company management is crucial for ensuring that GDPR compliance is integrated into the organization’s culture and operations. Management support ensures that resources are allocated and policies are enforced.
Additional considerations:
A) Do we have access to data activities and data elements?
This is important for understanding how data is processed and ensuring that data activities align with GDPR requirements, but it’s more about data management than direct compliance.
C) Do we have information of Metadata?
While metadata is useful for understanding and managing data, GDPR compliance is more focused on the handling of personal data and ensuring its protection and rights.
Why are metrics important in data governance?
A) Metrics indicate if data governance is adding value
B) Metrics make us understand if our process is working
C) Metrics assist with continuous improvement
D) All of the answers
D) All of the answers
Metrics are crucial in data governance for several reasons:
A) Metrics indicate if data governance is adding value: By measuring the effectiveness of data governance initiatives, metrics help determine if they are delivering the intended benefits and value to the organization.
B) Metrics make us understand if our process is working: Metrics provide insights into the performance of data governance processes, helping to assess whether they are functioning as intended and achieving their objectives.
C) Metrics assist with continuous improvement: By tracking performance over time, metrics identify areas for improvement, enabling organizations to refine and enhance their data governance practices continuously.
Metrics provide a comprehensive view of data governance effectiveness, helping organizations to evaluate, adjust, and improve their data management strategies.
In the Application Architecture phase, the checkpoint review should consider
A) the comparison of the Application-Business Function matrices and the Target Business Architecture
B) the cost-benefit and lifecycle cost of ownership of the proposed architecture
C) the priority of implementing the proposed application architecture
D) the fitness for purpose of the application architecture in supporting the baseline business architecture
E) the resources required to implement the proposed architecture
During the Application Architecture phase, the checkpoint review should consider:
D) the fitness for purpose of the application architecture in supporting the baseline business architecture: This ensures that the proposed application architecture aligns with and supports the current business needs and objectives. It assesses whether the architecture effectively addresses the requirements and challenges outlined in the baseline business architecture.
Other considerations, while important, may not be the primary focus of the checkpoint review:
A) the comparison of the Application-Business Function matrices and the Target Business Architecture: This is more about ensuring alignment with the target architecture, which is critical but may be more relevant in earlier stages of planning or design.
B) the cost-benefit and lifecycle cost of ownership of the proposed architecture: Important for evaluating the financial implications, but often reviewed as part of a more detailed financial analysis rather than the initial checkpoint review.
C) the priority of implementing the proposed application architecture: Prioritization is important for project planning but may be more relevant for implementation phases or project management reviews.
E) the resources required to implement the proposed architecture: This is essential for planning and execution but might be detailed in later stages rather than in the initial architecture review.
Effective architecture governance can be greatly enhanced by
A) employing “extreme architecture” methods that restrict architecture projects to very short timeframes
B) limiting the amount of information that is shared across architectue domains
C) maintaining one or more architecture repostiories that provide controlled access and versioning of architecture artifacts
D) ensuring that the architecture governance board strictly enforces the architecture and seldom issues dispensations
E) protecting the confidentiality of the architecture so that only members of the architecture governance board are aware of its contents
Effective architecture governance can be greatly enhanced by:
C) maintaining one or more architecture repositories that provide controlled access and versioning of architecture artifacts: This approach ensures that architecture artifacts are properly managed, versioned, and accessible to those who need them. It facilitates better communication, consistency, and control over architectural documentation and decisions.
Other options and their relevance:
A) employing “extreme architecture” methods that restrict architecture projects to very short timeframes: While this might accelerate delivery, it may not always lead to effective governance as it can compromise thoroughness and quality.
B) limiting the amount of information that is shared across architecture domains: This could hinder collaboration and the integration of different architecture domains, which is essential for cohesive governance.
D) ensuring that the architecture governance board strictly enforces the architecture and seldom issues dispensations: Strict enforcement can be important, but flexibility and the ability to issue dispensations when necessary are also crucial for practical governance.
E) protecting the confidentiality of the architecture so that only members of the architecture governance board are aware of its contents: While confidentiality is important, excessive secrecy can impede collaboration and transparency, which are essential for effective governance.
Which of the following is an example of an architecture framework?
A) Six Sigma
B) ITIL
C) TOGAF
D) COBIT
E) Balanced Scorecard
C) TOGAF
TOGAF (The Open Group Architecture Framework) is an example of an architecture framework. It provides a structured approach for designing, planning, implementing, and governing enterprise information architecture.
Here’s a brief overview of the other options:
A) Six Sigma: A methodology aimed at improving processes and reducing defects, but not specifically an architecture framework.
B) ITIL: Stands for Information Technology Infrastructure Library, which is a framework for IT service management, not an architecture framework.
D) COBIT: Stands for Control Objectives for Information and Related Technologies, which is a framework for IT governance and management, not specifically an architecture framework.
E) Balanced Scorecard: A strategic planning and management system used to align business activities to the vision and strategy of the organization, not an architecture framework.
A Technical Architecture Report should contain all of these items except
A) requirements traceability analysis
B) project impact analysis
C) gap analysis report
D) technology architecture models
E) technical specification for each building block
Based on the search results provided and the given options, the item that a Technical Architecture Report should NOT typically contain is:
E) technical specification for each building block
While the other options mentioned are generally important components of a Technical Architecture Report, the detailed technical specifications for each building block are usually not included in this type of high-level document.
Here’s why the other options are typically included:
A) Requirements traceability analysis: This is crucial for ensuring that the architecture meets all specified requirements.
B) Project impact analysis: This helps understand how the proposed architecture will affect existing projects and systems.
C) Gap analysis report: This identifies the differences between the current and target architectures, which is essential for planning.
D) Technology architecture models: These provide visual representations of the proposed technical architecture.
The technical specification for each building block (option E) is typically too detailed for a high-level Technical Architecture Report. Such specifications are usually part of more detailed design documents or implementation guides that follow the architectural planning phase.
It’s important to note that while the Technical Architecture Report should provide an overview of the technology components and their relationships, it generally doesn’t delve into the specific technical details of each building block. The report focuses more on the overall structure, alignment with business goals, and high-level technical decisions rather than detailed specifications.
Architecture governance should be guided by
A) architecture principles
B) procurement policies
C) marketing strategies
D) buy lists
E) accepted accounting practices
Architecture governance should be guided by:
A) Architecture principles
Architecture principles provide the foundational guidelines and rules that govern the design, development, and management of architecture within an organization. They help ensure consistency, alignment with business objectives, and adherence to best practices.
Other options and their relevance:
B) Procurement policies: Relevant for managing the acquisition of technology and services but not specifically guiding architecture governance.
C) Marketing strategies: Focus on market positioning and customer engagement, not on architecture governance.
D) Buy lists: Lists of preferred vendors or products, which are related to procurement decisions rather than governance of architecture.
E) Accepted accounting practices: Pertains to financial reporting and management, not directly related to architecture governance.
Effective governance should provide all of the following characteristics to the organization except
A) fairness
B) discipline
C) transparency
D) Accountability
E) all of these items
E) All of these items is the correct answer because all the listed characteristics—fairness, discipline, transparency, and accountability—are integral to effective governance. Each contributes to a well-functioning governance framework that promotes trust, reliability, and effective management.
Effective governance should provide the following characteristics to an organization:
A) Fairness: Ensures that decisions are made impartially and that all stakeholders are treated equitably.
B) Discipline: Involves adhering to established processes and standards, ensuring consistency and reliability.
C) Transparency: Ensures that decision-making processes and actions are open and visible, allowing stakeholders to understand and scrutinize them.
D) Accountability: Involves being responsible for actions and decisions, and being answerable to stakeholders for outcomes.
Which of the following is not part of a Request for Architecture Work document?
A) current IT architecture description
B) time constraints
C) budget and financial constraints
D) gap analysis
E) business goals and desired changes
D) Gap analysis
A Request for Architecture Work (RAFW) document typically includes:
A) Current IT architecture description: Provides context by detailing the existing architecture and its components.
B) Time constraints: Specifies deadlines and timeframes for completing the architecture work.
C) Budget and financial constraints: Outlines the financial resources available and any budgetary limitations for the project.
E) Business goals and desired changes: Defines the business objectives and the changes needed to align the architecture with these goals.
D) Gap analysis is generally not part of the RAFW document itself. Instead, a gap analysis is typically performed as part of the subsequent architecture analysis or design phases to identify discrepancies between the current and desired states.
Which of the following would be the best example of an infrastructure application?
A) A bank’s customer relationship management system
B) A retail firm’s order management system
C) A manufacturing firm’s internet e-mail server
D) An airline’s aircraft maintenance scheduling software
E) A software vendor’s custom software configuration software
C) A manufacturing firm’s internet e-mail server
An infrastructure application typically refers to software that provides foundational services or supports the underlying technology infrastructure rather than directly addressing specific business functions or processes.
Among the options provided:
A) A bank’s customer relationship management system: This is a business application focused on managing customer relationships and interactions, not an infrastructure application.
B) A retail firm’s order management system: This is a business application used to manage and process customer orders, not an infrastructure application.
C) A manufacturing firm’s internet e-mail server: This is an example of an infrastructure application. It provides essential communication services that support various business activities.
D) An airline’s aircraft maintenance scheduling software: This is a business application focused on scheduling and managing aircraft maintenance, not an infrastructure application.
E) A software vendor’s custom software configuration software: This is related to software development and configuration, but not specifically an infrastructure application.
In Phase E - Opportunities and Solutions, what would be the best example of a business driver that constrains the sequence of implementation?
A) robust authentication and authorization capabilities
B) innovative user interface
C) system instrumentation to enhance manageability
D) cost reduction through consolidation of services
E) advanced distributed computing technology
In Phase E - Opportunities and Solutions, the best example of a business driver that constrains the sequence of implementation would be:
D) Cost reduction through consolidation of services
This is because:
Cost reduction through consolidation of services: This business driver often dictates the prioritization and sequencing of projects to ensure that cost savings are realized as early as possible. It can constrain the sequence of implementation by prioritizing projects that offer immediate financial benefits or enable the consolidation of redundant services.
Other options and their relevance:
A) Robust authentication and authorization capabilities: While important for security, it is more of a technical requirement than a business driver that directly constrains the sequence of implementation.
B) Innovative user interface: This focuses on enhancing user experience but is less likely to constrain the implementation sequence compared to cost reduction imperatives.
C) System instrumentation to enhance manageability: This is a technical feature aimed at improving system management and monitoring rather than a business driver that dictates implementation sequence.
E) Advanced distributed computing technology: This is a technical capability that can be important for scalability and performance but is not a business driver that directly constrains the sequence of implementation.