This is the fourth in a series of articles on the six sections of Cisco’s DevNet Associate Exam DEVASC 200-901, which leads to the Cisco Certified DevNet Associate certification.
Welcome to the fourth of the series of six articles where I will break down the blueprint sections for the DEVASC 200-901 exam. There are six major topic areas in this 120 minute exam.
If you’re interested in deploying applications securely then this is the section for you. The operative word here is “secure.” This section is worth 15% of the exam and will include heaps of moving parts so buckle up and enjoy the ride.
4.1 Describe benefits of edge computing
4.2 Identify attributes of different application deployment models (private cloud, public cloud, hybrid cloud, and edge)
4.3 Identify the attributes of these application deployment types
- 4.3.a Virtual machines
- 4.3.b Bare metal
- 4.3.c Containers
4.4 Describe components for a CI/CD pipeline in application deployments
4.5 Construct a Python unit test
4.6 Interpret contents of a Dockerfile
4.7 Utilize Docker images in local developer environment
4.8 Identify application security issues related to secret protection, encryption (storage and transport), and data handling
4.9 Explain how firewall, DNS, load balancers, and reverse proxy in application deployment
4.10 Describe top OWASP threats (such as XSS, SQL injections, and CSRF)
4.11 Utilize Bash commands (file management, directory navigation, and environmental variables)
4.12 Identify the principles of DevOps practices
Where do we deploy applications?
The days of planning and manually deploying applications exclusively in our brick and mortar data centers are done! Modern applications require infrastructure automation and map to different application deployment models (private cloud, public cloud, hybrid cloud, and edge). Private clouds are difficult to setup and manage but very flexible and customizable without sacrificing security. Suffice it to say many organizations are gravitating towards public cloud, which provides virtually instant scale and service with effectively no maintenance. Albeit there is a loss of control to the provider with security trust handled behind the scenes. Hybrid cloud leverages both models with a compromise on the pro and cons. Edge is effectively cloud in reverse by locating computing resources as close to the source of data as possible to reduce latency and bandwidth use.
What types of platforms to deploy applications?
When applications require specific hardware performance, then bare metal with dedicated resources is the best solution. However, many applications are more tolerant which allows for sharing compute resources. Virtual machines are separated from the underlying hardware resources and isolated between virtual machines by the hypervisor. Virtual machines need to load a guest operating system that one could argue is more overhead and slow to load. Enter containers that share a common kernel that affords a smaller footprint, and quicker spin-up times. There are many other trades between these types so make sure to do your research.
Continuous Integration/Continuous Delivery (CICD)
The use of DevOps best practices and continuous integration (CI) and continuous delivery (CD) is quite common. CI/CD is foundational for DevOps, and both CI and CD constitute two of the most important processes in any application development lifecycle based on automation.
Continuous Integration is a development practice that allows developers to continuously test and update code into a centralized repository. Continuous delivery (CD) is the ability to leverage automation to deploy your vetted code into production. This entire process is managed in an automated workflow known as a CICD Pipeline.
Paramount to providing secure application development and delivery is OWASP. The OWASP Top 10 standard for developers represents a broad consensus about the most critical security risks to applications.
Make sure to follow the links to learn more about the following:
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting XSS
- Insecure Deserialization
- Using Components with Known Vulnerabilities Insufficient Logging & Monitoring
Once again, thank you for reviewing this section on application delivery and security. Too many sub topics to cover in a brief blog so be sure to follow-up on each one. Remember, that these exam topics are also covered in the DEVASC Developing Applications and Automating Workflows Using Cisco Core Platforms class. Don’t stop now, it’s all downhill from here as you prepare to crush your exam!