Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > 2.3 Application dev, deployment and automation > Flashcards

2.3 Application dev, deployment and automation Flashcards

1
Q

Secure deployment: what is sandbxing ?

A

It refers to an isolated testing environment process that can be use by the dev to test different aspect of the application (code testing): no connection to the production system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Secure deployment: how to build an application securely ?

A
  • Development: secure environment, dev can test in their sandboxe
  • Test: dev if all of the pieces still work once put together
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Secure deployment: once the application is build by the dev, why the QA team need to verify it ?

A

The Quality Assurance team need to verify that the features work as expected and validate the new functionality.

Once it is fone, they put it in a staging environment which simulate a production env using production data. This is done to test the performance, usability and features of the app.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Secure deployment: what is a secure baseline?

A

It defines:
- the security of an application environment: firewall settings, patch levels, OS file versions
- peform an integrity check once the application is in production (check the environment and ensure it comply with the security baseline)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Provisioning & deprovisioning: what is provisioning ?

A

The process of making something available (deployment).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Provisioning & deprovisioning: what can be provisioned?

A
  • Application: web server, database server, middleware server, workstation, certificates …
  • Application software security: OS, app
  • Network security: secure VLAN for the deployed app, internal/external access
  • Software depoyed to workstations: check executable for malicious code
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Provisioning & deprovisioning: what is scalability ?

A

The ability to increase the workload in a given infrastructure. Ex: build an app instance that can handle 100k transactions/second

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Provisioning & deprovisioning: what is elasticity ?

A

The ability to increase or decrease available resources as the workload changes. Ex: deploy multiple app instances to handle 500k transactions/second

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Provisioning & deprovisioning: what is orchestration?

A

The automated process for provisioning and deprovisioning application in cloud computing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Provisioning & deprovisioning: what is deprovision?

A

The process of removing an application instance. This should be done in a secure way and firewall policies must also be reverted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Secure coding techniques: what is stored procedures ?

A

It is a way to make an application more secure by limiting the client interaction with the application. Ex: impossible to run certain sql query for DB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Secure coding techniques: what is obfuscation/camouflage?

A

It is a way to make an application more secure by making something normally understandable very difficult to understand. EX: take perfectly readle code and turn it into nonsense.
It helps prevent the search of vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Secure coding techniques: what is code reuse ?

A

The use of old code to build new application (copy/paste). However, if the code has security vulnerabilities, reusing the code spreads it to other applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Secure coding techniques: what is dead code ?

A

Code that is put in the application but the results aren’t used anywhere within the app

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Secure coding techniques: what is input validation ?

A

Input validation is performed to ensure only properly formed data is entering the workflow in an information system, preventing malformed data from persisting in the database and triggering malfunction of various downstream components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Secure coding techniques: what are the validation points in input validation ?

A

The dev can chose to validate the input in different locations :
- Server-side validation: all checks (data, code) occur on the server. It prevent to user to make changes to the data before it is send to the server.
- Client-side validation: the end-user’s app makes the validation of the input on the client machine and decide if it’s appropriate to send to the server.

Both can be use but the most important is server-side

17
Q

Secure coding techniques: what is the memory management in input validation ?

A

Dev must be midnful of how memory is used (ex: where the variable are stored, is the information available to the app) to prevent malicious attempt to circumvent the code (ex: doing a buffer overflows)

18
Q

Secure coding techniques: what are third-party libraries and Software Development Kits (SDK) ?

A

It is code that already been written by someone else. This represent a security risk because we don’t know how secure the library might be so extensive testing is required.

19
Q

Secure coding techniques: what are sensitive data and sensitve data exposure ?

A

Sensitive data can be card nb, social security nb, medical info, address details etc
Sensitive data exposure refers to exposes sensitive data or when a security incident leads to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to sensitive data.
It is important that data / network are encrypted

20
Q

Secure coding techniques: what is version control ?

A

The process of tracking the code changes. It is useful in security to compare or identify the important modifications

21
Q

Software diversity: what is software diversity ?

A

Each compiled application is little bit different (but functionnality is the same). So an attack against different binaries would only be successful on a fraction of users.

22
Q

Automation and scripting: what is continuous integration ?

A

When the app dev may constantly be updating an application and perhaps merging it into a central repository multiple times a day. So basic check of security should be in place and code should be validated in accordance with the security baseline

23
Q

Automation and scripting: what is continuous delivery/deployment ?

A
  • Delivery: Automation of the testing and release process of an application (click a button and deploy the app).
  • Deployment: Even more automation with automatic deploy to production (no human integration or anual checks)

Security+ (35 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions