30 Questions
Which of the following is the MOST important consideration when selecting a vendor for your application?
The vendor's security stance is at least equal to your own
What is the main risk of integrating a vendor-supplied library into your application?
The library may contain vulnerabilities that can be exploited to compromise your systems
Which of the following strategies can help mitigate the risk of vulnerabilities in a vendor-supplied library?
Sandboxing the library to isolate it from the rest of your application
Which of the following is the BEST way to integrate with a vendor's service while avoiding the risk of linking a proprietary library?
Use the vendor's API that exposes an open protocol like REST+JSON or gRPC
What is the main benefit of including a JavaScript library from a vendor in your web application client?
It allows you to avoid passing payment data through your own systems
Which of the following is the MOST important factor to consider when evaluating a vendor on an ongoing basis?
The vendor's track record of responding quickly to security vulnerabilities
What is the primary goal of the Google-internal framework for microservices and web applications?
To streamline the development and operation of applications and services for large organizations
Which of the following conformance checks does the Google-internal framework apply to ensure application code adheres to best practices?
Enforcing isolation constraints between components to prevent changes in one component from causing bugs in another
What is the key benefit of the conformance check that verifies all values passed between concurrent execution contexts are of immutable types?
It reduces the likelihood of concurrency bugs
Which of the following is NOT a key goal that the Google-internal framework aims to achieve?
Improving the overall user experience of the applications and services
What is the purpose of the conformance checks that enforce isolation constraints between components in the Google-internal framework?
To prevent changes in one component from causing bugs in another component
How does the Google-internal framework's approach to security and reliability align with general software quality attributes?
The framework's security and reliability goals are very much aligned with general software quality attributes
What is a potential risk associated with integrating a server-side library into your web application?
Risk of compromise if the library has vulnerabilities
How can you mitigate the risk of compromising your application due to a vulnerable server-side library?
Running the library in a separate web origin or sandboxed iframe
What can introducing sandboxed iframes for payment-related functionality lead to?
Increased failure modes in the application
Why might a payment vendor offer an integration based on HTTP redirects?
For a smoother user experience
What implications can design choices related to nonfunctional requirements have?
Implications in areas of web platform security
What is a consideration that can arise when thinking about handling payment data?
Introduction of contractual and regulatory concerns
What is one of the key benefits of using this framework?
It automates many common development and deployment tasks.
How did the framework development team ensure security and reliability were addressed?
They collaborated with SRE and security teams throughout the design and implementation phases.
How does the framework's web application support help prevent vulnerabilities?
Through API design and code conformance checks, it effectively prevents developers from accidentally introducing common web vulnerabilities.
What is one way the framework helps ensure reliability?
It automatically sets up monitoring for operational metrics and incorporates reliability features like health checking and SLA compliance.
What is one potential drawback of the framework's rigid and well-defined structure?
It can make it difficult to customize the framework to meet specific application needs.
How does the framework's approach to security and reliability differ from a traditional approach?
The framework integrates security and reliability best practices into its core design, rather than just adding them on later.
Which of the following is a key challenge in understanding and modifying existing code?
Lack of test coverage
What is the primary factor that determines deployment velocity?
The ease of understanding and modifying existing code
When dealing with feature requirements, what is the typical relationship between the requirements, the code, and the tests?
Straightforward and well-defined
What is the purpose of the integration test described in the text?
To test the overall user story step by step
What type of tests are likely present in addition to the integration test described?
Unit tests
What is the main challenge highlighted in the text regarding understanding and modifying existing code?
Insufficient testing
Learn about the risks associated with integrating third-party libraries in web applications and how to mitigate them. Understand the importance of sandboxing payment-related functionalities in separate web origins or iframes for enhanced security measures.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
