A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system.
Which of the following security responsibilities will the DevOps team need to perform?
A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system.
Which of the following security responsibilities will the DevOps team need to perform?
In a Platform-as-a-Service (PaaS) model, the service provider is responsible for managing the underlying infrastructure, including the operating system, middleware, and runtime. The DevOps team is responsible for managing the applications and data. Among the given options, securely configuring the authentication mechanisms is a critical security responsibility that falls under the purview of the DevOps team. This is essential to ensure that only authorized users have access to the new billing system, protecting it from unauthorized access and potential breaches. Therefore, securely configuring the authentication mechanisms is the appropriate security responsibility for the DevOps team in this scenario.
All answers are correct and should be done, but it looks like the questions is asking for an answer that is specific to the DevOps role. The most important security responsibility for the DevOps team in this scenario would be to securely configure the authentication mechanisms. Patching the infrastructure at the operating system level, executing port scanning against the services, and upgrading the service as part of life-cycle management are all important security responsibilities, but they are not as critical as securely configuring the authentication mechanisms in this context.
in PaaS, end user manages Data, Applications ONLY. whilst provider of PaaS platform manage Middleware, Runtime, "O/S", Virtualization, Storage, Servers, Network
that's the key here
They ask what the devops need to do in a PaaS mode so patching the OS is not this responsibility model !
I think if anything it's A. I see people vote B but that's usually taken cared by sys admins.
It can't be B; Patching the infrastructure at the OS is done by the CSP in the PaaS model.
A. Patching is performed by the Sys admins, so wouldn't go with B
OS is IaaS
I agree. I'm also leaning towards A. DevOps team's number one responsibility is to ensure all the services/systems they deploy is configured securely before they can worry about patching. In this case A.
Service Provider manages OS
A. Securely configure the authentication mechanisms since it is a crucial security responsibility that DevOps teams need to perform to prevent unauthorized access to the billing system.
Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
B is the answer, I am responsible for patch installation as a DevOps
It makes the most sense. That or D. B more sounds like something an infrastructure team would do.
I would recommend "A. Securely configure the authentication mechanisms." Properly configuring the authentication mechanisms is critical for ensuring that only authorized users can access the billing system. If the authentication mechanisms are not properly configured, it could lead to security vulnerabilities and potentially allow unauthorized users to access the system. In contrast, the other options, while important for maintaining the security of the billing system, are not as crucial for ensuring that the system is only accessible to authorized users.
Again, this is AWS shit at its finest. You don't patch AWS Lambda/API Gateway/DynamoDB, they do. You do however need to make sure your code's auth functions are correct though.
In a PaaS environment, the DevOps team is responsible for configuring and managing the security aspects of the applications and services they deploy. This includes setting up and securing authentication mechanisms to ensure that only authorized users can access the services.