Azure Fundamentals & Source Code Management (GitHub)
What payment model does Azure use?
Pay-as-you-go.
Kubernetes can group these microservices into 'what' of associated services.
Nodes.
Name three terraform commands
terraform init
terraform plan
terraform apply
terraform validate
What does Docker do?
Docker allows you to package an app into a container which contains the app itself as well as its dependencies, it encapsulates the app and its requirements so there is a consistent deployment across different environments.
SonarQube is a tool that performs 'what' and produces 'what'?
Static code analysis
It produces dashboards wallahi
How does a merge conflict occur?
When more than one person changes the same line in a file and tries to merge the change to the same branch.
What runs inside of pods?
Containers.
Containers run inside of pods, pods can have multiple containers.
What are Ansible playbooks?
Plain text YAML files that describe the desired range of your system, broken down into “plays” which are just a list of tasks to run
What does Packer do?
Packer is a tool that automates the creation of VM images (these are called “templates”).
What does SonarQube do?
Detects bugs, code vulnerabilities, “smells” which are potentially problematic characteristics, and it can also indicate if development constraints are followed through custom defined sets of rules which it weighs the code against (ban a certain type of function).
If you are using software as a service, what is the one thing that you manage but Azure doesn't?
Data and Access.
Each node contains 2-3 components, what are they?
1. Kubelet: Kubernetes main agent, ensures pods are running, including containers.
2. Container runtime: Software responsible for running containers, could be docker itself.
3. Kube-proxy: (OPTIONAL) Maintains network rules on nodes.
Ansible uses inventories that define hosts in 'what' format?
Static server IPs, IP ranges, or dynamic IP lists using AWS/Azure
What is the main artifact of the of a docker containerized project?
The docker file.
The docker file contains:
- the declaration of the base image (FROM: scratch) is a blank canvas image
- the installation of the additional middleware to be installed on the image
- only the files and binaries necessary for the application
- the network configuration of the ports
Devops is a set of practices that reduces the barrier between developers and operations managers, why is this?
Developers are interested in fast delivery and innovation but operations managers are interested in stability and quality.
What is the difference between a centralized and distributed VCS? (Version Control System).
A centralized version control system (VCS) is a singular remote server that centralizes the code of the project for all developers, every user commits directly to the main branch.
A distributed VCS is where a central repository exists, and in addition each developer has their own local repository which they can update by pulling from the central repository and make commits via changes they made in the local duplication.
How does Kubernetes work?
Kubernetes manages an app as a collection of “microservices”, (individual containerized apps with their own development and build pipelines independent of each other). These microservices might be an authentication system, inventory management system, and logging system as a part of an online retail app. They are coupled and interact with each other via APIs.
What config file do you use to define the provisioner of the infrastructure? (permitted with the presence of of your azure SP credentials)
In Packer, the builders section defines the name, type of image, and the cloud provider on which
the image will be generated, but what can you put in the provisioners section?
The provisioners section is optional and will contain custom scripts that are executed by packer while building the VM, this might be a shell script that contains functions that improve host hardening like minimum password lengths.
Describe the CI and CD phases (what they are/mean and what they do).
The CI phase (continuous integration) in essence is the automated process that allows you to check the completeness of an application’s code every time a team member makes a change.
The CD phase (continuous delivery) is where the package is deployed automatically to different
environments. This includes modifying the configuration of the app to suit the target
environment, this will involve using a configuration manager like azure pipelines.
State the full name of one of the acronyms below and what it does.
Iaas, Paas, SaaS or IaC.
IaaS: (Infrastructure) The provisioning of compute instances, the CPUs that your VMs run on, but not the VM itself, so azure VMs and amazon ec2 support this.
PaaS: (Platform) A platform where you write, test, deploy, update, and manage software in the cloud. Something like azure also supports this, by automatically scaling and managing the resources and operating systems that support your app. Including Kubernetes
clusters of containers and nodes with AKS.
SaaS: (Software) Something like draw.io, the entire application is hosted virtually, the only thing that concerns you is how your data is managed.
Infrastructure as code (IaC): A way to manage and provision networks, VM’s, and containers at scale through automation defined as code
Why should you use Kubernetes? Name 3 out of the 4 reasons.
1. Run applications at scale.
2. Seamlessly move applications. (containerized applications can be move from local developmental machines to production deployments on the cloud using the same tooling)
3. Can be run anywhere.
4. Add functionality. (Adding extensions/plugins etc. is easy)
If we apply identical Terraform configuration to the same environment, nothing will change. What is this concept called?
Idempotency.
Docker Containers run on the OS kernel and share the hosts OS while isolating from applications, why does it do this?
This is so you can run hundreds of containers at once typically. This makes it easier for it to scale, they have a shorter boot time and have a low storage requirement.
Name one security technique for every phase listed below in regards to DevSecOPS. (The final result should include 3 different techniques).
Test Phase, Deploy Phase and Operate Phase.
Test Phase
. Manual penetration testing
. DDoS load testing
. Fuzzing, which is inputting random, invalid, or unexpected data as inputs into your program, then monitoring what type of input structures cause code exceptions and failures
. Integration testing tests all system components at once
Deploy Phase
. SSL testing is to ensure all certificates are valid, this can be done automatically
. App hardening, using configured VM images which have things like more actions that require elevation, or increased credential requirements. Ready made hardened images exist too like Red Hat enterprise Linux 7 or Microsoft windows server 2016 CIS standard
hardened image.
Operate Phase
. monitoring tools, in the operation phase, it is not about the build quality of the app, but ensuring the active security of the application, having measures in place to detect whether it is under attack. Like using “Snort” for network intrusion protection