M26 Practice Quiz

#automation #apps #APIs

Question 1

  1. Jessica, a cybersecurity analyst at Dion Training, wants to streamline the process of responding to incidents where employees click on links in phishing emails to ensure that certain steps are automated while others require human analysis. Which of the following should they utilize to achieve this?

    Options:

    • Playbook
    • Continuous integration
    • SIEM
    • Runbook

    Overall explanation:

    • A runbook is essentially an automated version of a playbook that includes clearly defined interaction points for human intervention and analysis, making it the ideal choice for Jessica's needs to automate certain steps in incident response while still requiring human judgment at specific stages.
    • A playbook is a set of manual steps or procedures used for responding to a security incident.
    • A SIEM (Security Information and Event Management) system integrates and analyzes activity from various resources across your IT infrastructure.
    • Continuous Integration is a part of the DevOps practice that involves automatically testing and building code every time a team member commits changes to version control.

    Tags: Automation and Orchestration (OBJ 4.7)

Question 2

  1. Michael, a lead software engineer at Dion Training, is tasked with optimizing a complex deployment process that involves coordinating multiple automated tasks across various systems to achieve a synchronized, efficient workflow. Which of the following should he focus on to ensure a seamless integration of these tasks?

    Options:

    • Automation
    • Provisioning
    • Escalation
    • Orchestration

    Overall explanation:

    • Orchestration involves the coordinated and sequenced execution of multiple automated tasks, ensuring they work harmoniously within a larger, complex process.
    • Automation pertains to making individual tasks autonomous, often without considering the broader workflow.
    • Escalation usually refers to raising an issue or concern through levels of authority, particularly in troubleshooting or incident response scenarios.
    • Provisioning involves the allocation of resources within an IT environment, which could be part of orchestration or automation but on its own does not involve coordinating multiple tasks.

    Tags: When to Automate and Orchestrate

Question 3

  1. Jordan, a system administrator at Dion Training, is tasked with optimizing the process of regularly updating software applications on all company workstations. These updates are released at predictable intervals and require the same series of repetitive and consistent steps to install the software updates across multiple systems. Which of the following strategies should they choose to ensure these updates are applied efficiently and reliably every time they are released?

    Options:

    • Manual updates
    • Automation
    • Orchestration
    • Ad-hoc scripting

    Overall explanation:

    • Given that the software updates are regular, predictable, and require the same steps for each system, setting up automation would allow these tasks to be completed efficiently without the need for manual intervention each time. Automation excels in managing repetitive tasks that do not require complex, multi-step solutions or human decision-making during each stage.
    • Orchestration is not required when conducting regular software updates since this is a straightforward process. Orchestration is more suited to complex workflows that involve multiple decision points or conditional tasks.
    • Performing manual updates on each workstation would be time-consuming and an inefficient use of resources given the consistent and repetitive nature of the task.
    • Ad-hoc scripting could partially automate the task but lacks the consistency, reliability, and repeatability provided by full automation.

    Tags: When to Automate and Orchestrate

Question 4

  1. Which of these practices specifically involves an administrator setting up a system to assign and manage system permissions. Once established, it won't require further administrative actions to ensure that consistent access controls based on individuals' roles within the organization are being utilized?

    Options:

    • Implementing guardrails
    • Enabling or disabling services
    • Automating RBAC assignments
    • Managing security groups

    Overall explanation:

    • Automating RBAC (Role-based Access Controls) directly relates to the systematic management of system permissions which is an essential aspect of an organization’s cybersecurity strategy. This automation ensures that individuals have appropriate access levels consistent with their roles to enhance your security by preventing unauthorized access. Automated provisioning and de-provisioning in RBAC allow for the dynamic updating of permissions when individuals join, change roles, or leave the organization to ensure that you maintain tight control over who has access to sensitive information and systems.
    • Implementing guardrails refers to the establishment of automated controls within an organization's technology environment to prevent deviations from security policies and protect against potential vulnerabilities.
    • Managing security groups involves the administration of virtual firewalls that dictate the inbound and outbound network traffic rules for server instances, enhancing protection for cloud-based resources.
    • Enabling or disabling services is the process of turning various system services or applications on or off, typically to control access, optimize resource usage, or minimize exposure to cyber threats.

    Tags: Automating Security

Question 5

  1. Which of the following best describes the difference between Continuous Delivery and Continuous Deployment in CI/CD?

    Options:

    • Continuous Delivery requires manual deployment to production, whereas Continuous Deployment automates the deployment process through to production
    • Continuous Deployment merges code changes in a central repository, while Continuous Delivery handles automated testing
    • Continuous Delivery merges code changes in a central repository, while Continuous Deployment handles automated testing
    • Continuous Deployment requires manual deployment to production, whereas Continuous Delivery automates the deployment process through to production

    Overall explanation:

    • Continuous Delivery is a software development practice where new code changes are automatically tested and prepared for a release that allows for reliable, manual deployments to a production environment at any chosen time.
    • Continuous Deployment is a practice that extends Continuous Delivery so that automatic deployment of every validated change is made directly to the production environment so that the time to go live is reduced while eliminating the need for manual interventions in deployments.

    Tags: Automating Application Development