6.6.2 Module 6: Application Deployment and Security Quiz

Explanation: In a serverless computing deployment model, the service provider provides resource capacity for customer applications. The resources and their capacity change as need changes and this is referred to as being elastic.

Explanation: Container engines create, run, and manage containers. Docker is a very popular container engine.

Explanation: Bash is the name of a Linux script engine that lets a user do things from the command line. It is the default shell for most Linux distributions.

Explanation: In the least connections request servicing method, the load balancer will check the load status of multiple hosting servers and send the next incoming request to the lowest load server.

Explanation: An insecure deserialization attack occurs when an attacker gains access to, and potentially changes, serialized versions of data and objects. This attack can be mitigated by ensuring validation before deserializing objects.

Explanation: Impersonation is a social engineering attack used to gain access to a system or network. Unlike other forms of social engineering attacks, impersonation occurs in person. The attacker impersonates someone whom others are likely to trust in an attempt to gain access to restricted resources.

Explanation: Data is vulnerable when it is transmitted over an insecure public network such as the internet. A company can use a virtual private network (VPN) to securely connect remote workers to the internal network and protect development and deployment resources as well as applications.

Explanation: When a web application uses input fields to collect data from clients, threat actors may exploit possible vulnerabilities for entering malicious commands. The malicious commands that are executed through the web application might affect the OS on the web server. SQL injection and cross-site scripting are two different types of command injection attacks.

Explanation: In a virtualization environment, containers are a specialized “virtual area” where multiple applications can run independently of each other while sharing the same OS and hardware. By sharing the host operating system, most of the software resources are reused, which leads to reduced boot time and optimized operation.

Explanation: Web front-end vulnerabilities apply to apps, APIs, and services. Some of the most significant vulnerabilities are as follows:

• Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor injects code, most often JavaScript, into the output of a web application. This forces client-side scripts to run the way that the threat actor wants them to run in the browser.
• SQL injections: In a SQLi the threat actor targets the SQL database itself, rather than the web browser. This allows the threat actor to control the application database.
• Broken authentication: Broken authentication includes both session management and protecting the identity of a user. A threat actor can hijack a session to assume the identity of a user especially when session tokens are left unexpired.
• Security misconfiguration: Security misconfiguration consists of several types of vulnerabilities all of which are centered on the lack of maintenance to the web application configuration.

Explanation: A virtual machine is a software emulation of a physical server including a CPU, memory, network interface, and operating system. The hypervisor is virtualization software that performs hardware abstraction. It allows multiple VMs to run concurrently in the virtual environment.

Explanation: There are four deployment environments: Development, testing, staging, and production. The first environment is the development environment which is where coding takes place.

Explanation: CI/CD (continuous integration/continuous delivery) is a philosophy for software deployment that figures prominently in the field of DevOps.