Which of the following best describes the primary security function of an API Gateway in a microservices architecture?
Think about how requests from users are controlled before reaching microservices.
The API Gateway serves as a centralized point to authenticate and authorize requests, ensuring only valid users access the microservices. It does not store credentials or replace security within microservices.
Which of the following is a common security risk unique to microservices architectures compared to monolithic applications?
Consider how having many small services affects security exposure.
Microservices communicate over networks, increasing the number of points where attackers can try to gain access. This is a unique risk compared to monolithic apps where components are internal.
Consider a microservices system using JSON Web Tokens (JWT) for authentication. What is a key security consideration when using JWTs in this context?
Think about how JWTs maintain trust between services.
JWTs must be signed and verified to ensure they are not altered by attackers. Storing tokens insecurely or allowing modification breaks security.
Which statement correctly compares the security roles of a Service Mesh and an API Gateway in microservices?
Consider where each component operates in the network.
The API Gateway controls access from outside clients, enforcing security at the edge. The Service Mesh secures communication between microservices inside the system.
In a microservices architecture, applying Zero Trust security means which of the following?
Think about the core idea of Zero Trust: trust no one by default.
Zero Trust means no implicit trust is given based on network location. Each service must verify every request to prevent breaches.