DevSecOps Exam (DevOps Security) Set 1

Adopting a DevSecOps approach may result into which of following business benefits? Select all that apply:


Options are :

  • Reduced mean time to recovery (MTTR) (Correct)
  • Quicker time to market (Correct)
  • Reduced lead time for fixes (Correct)
  • Fewer change failures (Correct)

Answer :Reduced mean time to recovery (MTTR) Quicker time to market Reduced lead time for fixes Fewer change failures

DevSecOps Exam (DevOps Security) Set 1

The Benefits of a successful implementation of DevOps include which of the following:


Options are :

  • Streamlining of processes (Correct)
  • Implementation of Cloud infrastructure
  • Increased level of automation (Correct)
  • Accelerated pace of interactions between the Development and Operations teams (Correct)

Answer :Streamlining of processes Increased level of automation Accelerated pace of interactions between the Development and Operations teams

Identify the KPI that describes the percentage of production deployments that failed.


Options are :

  • Change failure (Correct)
  • Change volume
  • Availability
  • Test coverage
  • Defect Burn Rate

Answer :Change failure

DevSecOps allows an organization to increase its ability to deliver applications and services at high velocity.


Options are :

  • TRUE (Correct)
  • FALSE

Answer :TRUE

DevOps Certification Training - Preparation Tests Set 2

Certain DevSecOps adoptions may require to implement a container orchestration tool. Out of the list below, which is/are valid orchestration tool(s)? Select all that apply:


Options are :

  • SaltStack (Correct)
  • 0
  • Kubernetes (Correct)
  • Helios (Correct)
  • 0
  • Apache Mesos (Correct)

Answer :SaltStack Kubernetes Helios Apache Mesos

Identify the KPI that measures the number of automated security tests for an application.


Options are :

  • Number of Passed/Failed Security Tests (Correct)
  • Defect Density
  • Number of Security Controls
  • Number of False Positives
  • Customer Issue Volume

Answer :Number of Passed/Failed Security Tests

DevSecOps requires to implement an automated deployment tool. Out of the below which are valid deployment tools? Select all that apply:


Options are :

  • AWS CloudDeploy (Correct)
  • Octopus Deploy (Correct)
  • CA Nolio (Correct)
  • Maven
  • Jenkins
  • Team City (Correct)

Answer :AWS CloudDeploy Octopus Deploy CA Nolio Team City

Security considerations are always at odds with those of Development and Operations.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

Identify the correct subnet from following that provides the minimum number of usable IP addresses to support seven virtual machines in a VPC.


Options are :

  • /30
  • /29
  • /27
  • /28 (Correct)

Answer :/28

Identify the difference between Agile and DevOps by picking the correct statements from the below.


Options are :

  • Agile is a change of thinking whereas DevOps is actual organisation cultural change
  • Agile is actual organisational cultural change whereas DevOps is a change of thinking
  • Agile is role driven whereas DevOps is process driven
  • Agile is process driven whereas DevOps is role driven (Correct)

Answer :Agile is process driven whereas DevOps is role driven

DevOps Certification Training - Preparation Tests Set 2

Island Bank wants to conduct a proof of concept on an appropriate migration strategy for one of its applications to start using native cloud services. They will be conducting the exercise on one of their application by moving it from its local data center to the cloud with the required modification performed. Identify the appropriate migration strategy from following that is suitable for the specified criteria and to fulfill the objective.


Options are :

  • Rehosting
  • Refactoring (Correct)
  • Replatforming
  • Repurchasing

Answer :Refactoring

Rapid Elasticity, Cost Reduction of Operating Infrastructure, and Flexibility are key characterstics of:


Options are :

  • Continuous Integration (CI)
  • Continuous Delivery (CD)
  • Cloud Environment (Correct)
  • Continuous Deployment (CICD)

Answer :Cloud Environment

DevSecOps for ease of understanding can be explained as:


Options are :

  • Collaboration and communication of software developers and operations staff while automating the process of delivering a software and infrastructure change
  • Developers become responsible for Operational and Security obligations
  • Automating the process of delivering a secure software and infrastructure change
  • Collaboration and communication of software developers, operational and security professionals while automating the process of delivering a secure software and infrastructure change (Correct)

Answer :Collaboration and communication of software developers, operational and security professionals while automating the process of delivering a secure software and infrastructure change

DevOps Certification Training - Preparation Tests Set 4

Creating a culture conducive to successful DevOps practices requires which of the following? Select all that apply:


Options are :

  • Training (Correct)
  • Abandoning software threat modelling
  • Avoiding application penetration testing
  • Security awareness (Correct)

Answer :Training Security awareness

What is the minimum number of public IP addresses needed to expose a service running on 10,000 IoT devices having private IP addresses?


Options are :

  • 1000
  • 1 (Correct)
  • 2
  • 10000

Answer :1

Identify the correct statements in the context of a successful DevSecOps implementation from the following. Select all that apply:


Options are :

  • Investments in culture change will enhance communication and collaboration between development, security, and operations, which in turn, could positively impact other areas such as processes (Correct)
  • Extensive additional automation may be required (Correct)
  • Adopting DevSecOps always results in reduced development costs for a software project
  • Establishing a culture of openness and collaboration is a requisite

Answer :Investments in culture change will enhance communication and collaboration between development, security, and operations, which in turn, could positively impact other areas such as processes Extensive additional automation may be required

DevOps Certification Training - Preparation Tests Set 5

DevSecOps requires to implement an automated deployment tool. Out of the below which are valid deployment tools? Select all that apply:


Options are :

  • Maven
  • Team City (Correct)
  • Octopus Deploy (Correct)
  • Jenkins
  • AWS CloudDeploy (Correct)
  • CA Nolio (Correct)

Answer :Team City Octopus Deploy AWS CloudDeploy CA Nolio

A continuous-delivery tool chain can be an attack target itself.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

DevOps teams rely on a variety of tools to help them deploy code faster. Which of the following types of tools are used by DevOps teams for that purpose?


Options are :

  • Automated test tools to verify code quality and provide quick feedback
  • Configuration management tools to define the server infrastructure as code (Correct)
  • Software application threat modelling tools to identify threats to the software
  • Continuous integration tools to ensure that every code change results in a new product build

Answer :Configuration management tools to define the server infrastructure as code

DevOps Certification Training - Preparation Tests Set 4

Identify the security controls in the application and infrastructure layers of a DevOps pipeline from the following. Choose three:


Options are :

  • TSA Security
  • CSA Security
  • Infrastructure Security (Correct)
  • Pipeline Security (Correct)
  • Application Security (Correct)
  • Test-driven Security

Answer :Infrastructure Security Pipeline Security Application Security

Certain DevSecOps adoptions may require to implement a container orchestration tool. Out of the list below, which is/are valid orchestration tool(s)? Select all that apply:


Options are :

  • Helios (Correct)
  • Kubernetes (Correct)
  • SaltStack (Correct)
  • Apache Mesos (Correct)

Answer :Helios Kubernetes SaltStack Apache Mesos

DevSecOps requires to implement a container vulnerability scan tool. Out of the list which are valid scan tools? Select all that apply:


Options are :

  • Clair (Correct)
  • OpenSCAP (Correct)
  • BlackDuck Docker Security (Correct)
  • 0
  • 0
  • Sysdig Falco (Correct)

Answer :Clair OpenSCAP BlackDuck Docker Security Sysdig Falco

Identify the true statement from following to define hot and warm sites.


Options are :

  • Hot sites are fully redundant sites with real-time data replication from the production site whereas warm sites are facilities with space and basic infrastructure and all of the IT and communications equipment required to support the critical applications
  • Hot sites are complete infrastructures but are partially configured in terms of IT, whereas warm sites are facilities with space and basic infrastructure and all of the IT and communications equipment required to support the critical applications
  • Warm sites are packaged, modular processing facilities mounted on transportable platforms and kept ready to be delivered, whereas hot sites are facilities with space and basic infrastructure and all of the IT and communications equipment required to support the critical applications
  • Warm sites are complete infrastructures but are partially configured in terms of IT, whereas hot sites are facilities with space and basic infrastructure and all of the IT and communications equipment required to support the critical applications (Correct)

Answer :Warm sites are complete infrastructures but are partially configured in terms of IT, whereas hot sites are facilities with space and basic infrastructure and all of the IT and communications equipment required to support the critical applications

Identify the KPI that communicates to management how a DevSecOps workflow results in higher customer satisfaction.


Options are :

  • Change Failure
  • Test Coverage
  • Logging Availability
  • Customer Issue Resolution Time (Correct)

Answer :Customer Issue Resolution Time

DevSecOps requires tools for monitoring and analysis. Out of the list below which is a valid monitoring tool?


Options are :

  • Splunk (Correct)
  • Hadoop
  • Kubernetes
  • Docker

Answer :Splunk

Billy, a security architect in a customer advisory role, responding to a customer query as to why they should use Network Address Translation (NAT). Identify the right benefit of NAT from the following.


Options are :

  • To increase network bandwidth through a single device
  • To conserve private IP address space
  • To increase security of networks by keeping internal addressing private (Correct)
  • To encrypt traffic between hosts

Answer :To increase security of networks by keeping internal addressing private

Identify the effective enabler of DevOps that focuses on small teams continually delivering high quality code.


Options are :

  • Agile Methodology (Correct)
  • Waterfall Methodology
  • Service-Oriented Architecture (SOA)
  • Structured Development Methodologies

Answer :Agile Methodology

DevSecOps requires to implement a software vulnerability scan tool. Following is/are valid implementation approach for such tool(s):


Options are :

  • Automatically scans the source code as soon as it is checked in (Correct)
  • Automatically scans the build before deployment to the live environment
  • Operations team can trigger the scanning in live environment on demand on an ad hoc basis
  • Automatically scans the binary after each successful build (Correct)

Answer :Automatically scans the source code as soon as it is checked in Automatically scans the binary after each successful build

Routinely integrating code change into a repository and testing the changes is called:


Options are :

  • Continuous Integration (Correct)
  • Continuous Delivery
  • Cloud Environment
  • Continuous Deployment

Answer :Continuous Integration

When a URL contains a "?" followed by a key value pair, what is this called?


Options are :

  • JSON
  • String
  • Parameters (Correct)
  • Query String

Answer :Parameters

Arrange the steps of AppSec pipeline in the correct order:


Options are :

  • Intake Process, Triage, Deliver, Test
  • Triage, Intake Process, Deliver, Test
  • Test, Intake Process, Triage, Deliver
  • Intake Process, Triage, Test, Deliver (Correct)

Answer :Intake Process, Triage, Test, Deliver

The Island Bank has a Recovery Time Objective (RTO) of 2 hours and a Recovery Point Objective (RPO) of 1 hour on a critical banking application. This application fails at 9:00 AM and is recovered at their Data Recovery (DR) site at 10:30 AM the same day, with data from 8:00 AM restored. Identify the true statement from the following.


Options are :

  • Both RTO and RPO were met (Correct)
  • RTO was met and RPO was not met
  • Both RTO and RPO were not met
  • RTO was not met and RPO was met

Answer :Both RTO and RPO were met

"Shifting security to the left" means:


Options are :

  • To leverage frameworks and libraries
  • To introduce security practices as early as possible (Correct)
  • To move security from a conservative to liberal perspective
  • To introduce security practices later in development

Answer :To introduce security practices as early as possible

Cloud infrastructure acts as a major enabler in DevSecOps by allowing which of the following? Select all that apply:


Options are :

  • Cost reduction of operating infrastructure (Correct)
  • Communication tools
  • Rapid elasticity (Correct)
  • Flexibility (Correct)
  • Automated archiving

Answer :Cost reduction of operating infrastructure Rapid elasticity Flexibility

Best description of the role of Change Management within a DevSecOps environment is described by:


Options are :

  • DevSecOps does not need a formal Change Management process
  • Developers to authorise an application change request and once authorised it goes to Operations for implementation
  • The application change request goes out to everyone on the team, no matter which IT discipline they work in (Correct)
  • A risk adverse Change Management approach is common between traditional software delivery and DevSecOps methods

Answer :The application change request goes out to everyone on the team, no matter which IT discipline they work in

Island Bank, motivated with its maiden successful Cloud migration for a small chunk of applications, wants to embark on the journey to identify the optimum strategy to quickly migrate the next set of its applications with bare necessary changes done for the applications to start using Cloud features. Identify the appropriate migration strategy from following that is suitable for the specified criteria and to fulfill the objective.


Options are :

  • Replatforming (Correct)
  • Rehosting
  • Repurchasing
  • Refactoring

Answer :Replatforming

Lisa, an application architect at Jamaica Coffee Trading, is working on a scalable compute architecture. She needs to identify how is vertical scaling different from horizontal scaling.


Options are :

  • Vertical Scaling adds more memory to an existing servers (Correct)
  • Horizontal scaling adds more CPU to existing servers
  • Vertical scaling adds more servers to scale
  • Both horizontal scaling and vertical scaling adds more memory but only vertical scaling adds more servers

Answer :Vertical Scaling adds more memory to an existing servers

A widely-accepted principle of security among practitioners is that security is a shared responsibility among many stakeholders


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

A company must always embed a SME from security into the development and operations teams for successful adoption of DevSecOps.


Options are :

  • TRUE
  • FALSE (Correct)

Answer :FALSE

What is a Blue/Green deployment?


Options are :

  • A deployment method that takes resources out of stack, deploys the new changes, and brings it back
  • A deployment model running two identical productions at any time, only one of which is live and serving production traffic (Correct)
  • A deployment pattern for rolling out releases to a subset of systems
  • A method of comparing two versions of an application against each other to determine which performs better

Answer :A deployment model running two identical productions at any time, only one of which is live and serving production traffic

Following act as a good inventory of cyber controls and provide useful guidelines. Select all that apply:


Options are :

  • Open Web Application Security Project (Correct)
  • ISO 27001 (Correct)
  • NIST Cyber Security Framework (Correct)
  • Centre of Internet Security (Correct)

Answer :Open Web Application Security Project ISO 27001 NIST Cyber Security Framework Centre of Internet Security

DevSecOps requires to implement a container vulnerability scan tool. Out of the list which are valid scan tools? Select all that apply:


Options are :

  • Sysdig Falco (Correct)
  • OpenSCAP (Correct)
  • Clair (Correct)
  • BlackDuck Docker Security (Correct)

Answer :Sysdig Falco OpenSCAP Clair BlackDuck Docker Security

Identify the KPI that indicates an overall increase in the speed of the software development life cycle.


Options are :

  • Change failure
  • Deployment frequency (Correct)
  • Security benchmark deviation

Answer :Deployment frequency

Alex, the business continuity and regulatory relations manager at Island Bank, is reviewing and updating the firm's data centre synchronization strategy. Alex recommends implementing the synchronous replication between data centers to meet some of the business objectives and regulatory requirements. Identify the primary objective for synchronous replication in terms of Recovery Time Objective (RTO) and Recovery Point Objective (RPO) from the following.


Options are :

  • Maximize RPO and RTO
  • Minimize RPO and RTO (Correct)
  • Minimize RTO with no Impact on RPO
  • Minimize RPO with No Impact on RTO

Answer :Minimize RPO and RTO

DevSecOps and Continuous Delivery (CD) are related in following manner:


Options are :

  • Continuous Delivery (CD) and DevSecOps are one and the same
  • Continuous Delivery (CD) and DevSecOps are mutually exclusive
  • Both share common processes and methods
  • Both share a background in Agile methods and LEAN thinking (Correct)

Answer :Both share a background in Agile methods and LEAN thinking

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions