DevSecOps Exam (DevOps Security) Set 2

DevSecOps and Cloud are conjoined twins and cannot be separated.


Options are :

  • TRUE
  • FALSE (Correct)

Answer :FALSE

DevSecOps requires tools for monitoring and analysis. Out of the list below which is a valid monitoring tool?


Options are :

  • Docker
  • Kubernetes
  • 0
  • 0
  • Hadoop
  • Splunk (Correct)

Answer :Splunk

DevSecOps Exam (DevOps Security) Set 2

Identify true statement(s) about security champions. Select all that apply:


Options are :

  • They may act as the voice of security for a given product or team (Correct)
  • They may help make decisions about when to engage the security team (Correct)
  • They must be able to code
  • They may assist in the triage of security bugs for their team or area (Correct)

Answer :They may act as the voice of security for a given product or team They may help make decisions about when to engage the security team They may assist in the triage of security bugs for their team or area

Identify the key characteristics of the User Datagram Protocol (UDP) from the following. (Select TWO responses)


Options are :

  • UDP does not implement a handshake (Correct)
  • Data transfer is acknowledged
  • UDP handles the retransmission of packets
  • Packets do not necessarily arrive in order (Correct)
  • UDP handles congestion automatically

Answer :UDP does not implement a handshake Packets do not necessarily arrive in order

A successful implementation of DevSecOps will require which of the following?


Options are :

  • Cross-training teams so that vulnerabilities can be identified early (Correct)
  • Promotion of collaboration and teamwork (Correct)
  • Elimination of silos (Correct)

Answer :Cross-training teams so that vulnerabilities can be identified early Promotion of collaboration and teamwork Elimination of silos

Identify the key driver for an organization choose to move from a traditional SDLC structure to a DevOps structure.


Options are :

  • Regulations and privacy laws are forcing them to change their SDLC
  • DevSecOps places more emphasis on software security than traditional SDLC
  • Deliver updates more reliably, in a cost-effective manner (Correct)
  • Deliver high-quality software updates more frequently (Correct)

Answer :Deliver updates more reliably, in a cost-effective manner Deliver high-quality software updates more frequently

What is the latest approach to driving DevSecOps?


Options are :

  • Embracing structured development methodologies since software became larger and more complex.
  • Embracing the waterfall model to meeting the needs of evolving business requirements.
  • Embracing service-oriented architecture to overcome the interoperability and reusability challenges.
  • Removing much of the latency that has existed for years around software development through automation. (Correct)

Answer :Removing much of the latency that has existed for years around software development through automation.

What is a LAMP stack?


Options are :

  • Lambda, Amplify, MySQL, and Python
  • Lambda, Apache, MongoDB, and Python
  • Linux, Apache, MongoDB, and Python
  • Linux, Apache, MySQL, and PHP (Correct)

Answer :Linux, Apache, MySQL, and PHP

DevSecOps requires implementation of a source code management tool. Out of the list below, which is not a valid source code tool?


Options are :

  • BitBucket
  • Subversion
  • Jenkins (Correct)
  • Visual SourceSafe

Answer :Jenkins

Identify the latest approach to driving DevOps out of the following.


Options are :

  • Embracing structured development methodologies since software became larger and more complex
  • Removing much of the latency that has existed for years around software development through automation. (Correct)
  • Embracing the waterfall model to meeting the needs of evolving business requirements
  • Embracing service-oriented architecture to overcome the interoperability and reusability challenges

Answer :Removing much of the latency that has existed for years around software development through automation.

Security of a Continuous Delivery (CD) pipeline may involve which of the following?


Options are :

  • Protecting credentials, keys, and other secrets (Correct)
  • Strong access control across the entire toolchain and access audits (Correct)
  • Protecting (i.e. digitally signing) binaries and other build artefacts against tamper, etc. (Correct)

Answer :Protecting credentials, keys, and other secrets Strong access control across the entire toolchain and access audits Protecting (i.e. digitally signing) binaries and other build artefacts against tamper, etc.

Identify the KPI that reveals the company's ability to react faster to threats.


Options are :

  • Vulnerability patching lead time (Correct)
  • Mean time to failure
  • Time to value
  • Defect density

Answer :Vulnerability patching lead time

DevSecOps and Agile are one and the same.


Options are :

  • TRUE
  • FALSE (Correct)

Answer :FALSE

Identify the primary reason for an organization to transition from DevOps to DevSecOps at this point.


Options are :

  • Bridge the gap between DevOps and security (Correct)
  • Bring the development team up to speed with the latest on application security
  • Drive further automation across the environment
  • Teach software developers how to think like attackers

Answer :Bridge the gap between DevOps and security

It is expected that the test-driven security tests will initially fail.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

Identify from following the right description of CI/CD.


Options are :

  • Cloud Integration, Cloud Development
  • Customer Information, Customer Data
  • Continuous Integration, Continuous Deployment
  • Continuous Implementation, Continuous Delivery (Correct)
  • Container Integration, Cloud Deployment

Answer :Continuous Implementation, Continuous Delivery

Island Bank is considering a quick movement of one of its applications from the local data center to the cloud. Identify the migration strategy from following that should fulfill the objective.


Options are :

  • Refactoring
  • Rehosting (Correct)
  • Repurchasing
  • Replatforming

Answer :Rehosting

Billy, a security architect in a customer advisory role, responding to a customer query regarding the benefits of using cloud computing compared to on-premises data centers. Identify the right benefit of NAT from the following. (Select TWO responses)


Options are :

  • Ability to outsource security to cloud provider
  • Allows for a pay as you go model (Correct)
  • Ability to use geo-dispersed regions (Correct)
  • Flexibility to manage and secure the physical infrastructure

Answer :Allows for a pay as you go model Ability to use geo-dispersed regions

The software development teams that has adopted the Agile approach to DevOps must include staff from the IT support team to ensure:


Options are :

  • Ease of operation is prioritized over the stability
  • Operational considerations are taken into account
  • Platform stability has a priority over the functionality (Correct)
  • The final design results into an acceptable business and end user product (Correct)

Answer :Platform stability has a priority over the functionality The final design results into an acceptable business and end user product

Which utility is best suited to migrate data from one location to another and modify the data during the process?


Options are :

  • ETL (Correct)
  • FTP
  • Rsync
  • Data Dump

Answer :ETL

Lisa, an application architect at Jamaica Coffee Trading, is working on re-architecting globally distributed and heavily used e-commerce application with an objective to accelerate it. Identify the right options from following to achieve the objective. (Select ALL that apply)


Options are :

  • Implement a disaster recovery site
  • Distribute the database globally (Correct)
  • Centralize logging and monitoring
  • Use a CDN to deliver content globally (Correct)
  • Use in-memory datastores to accelerate read operations (Correct)

Answer :Distribute the database globally Use a CDN to deliver content globally Use in-memory datastores to accelerate read operations

Benefits of a successful implementation of DevSecOps include which of the following:


Options are :

  • Streamlining of processes (Correct)
  • Increased level of automation (Correct)
  • Accelerated pace of interactions between the Development and Operations teams (Correct)

Answer :Streamlining of processes Increased level of automation Accelerated pace of interactions between the Development and Operations teams

DevSecOps requires implementation of a build management tool. Out of the list below, which is/are valid build tool(s)? Select all that apply:


Options are :

  • BitBucket
  • Bamboo (Correct)
  • Maven (Correct)
  • Gradle (Correct)

Answer :Bamboo Maven Gradle

The time between a feature request and the realization of business value from that feature is called:


Options are :

  • Deployment Frequency
  • Time to Value (Correct)
  • Mean Time to Recovery (MTTR)
  • Customer Issue Volume

Answer :Time to Value

What should be used to block attacks against websites?


Options are :

  • Machine learning technologies
  • NAT gateways
  • Application firewall (Correct)
  • Index technologies
  • Intrusion detection system

Answer :Application firewall

Securing a continuous delivery pipeline may involve which of the following? Select all that apply:


Options are :

  • Protecting (i.e. digitally signing) binaries and other build artefacts against tamper, etc. (Correct)
  • Protecting credentials, keys, and other secrets (Correct)
  • Strong access control across the entire toolchain and access audits (Correct)
  • Hardening various systems (Correct)

Answer :Protecting (i.e. digitally signing) binaries and other build artefacts against tamper, etc. Protecting credentials, keys, and other secrets Strong access control across the entire toolchain and access audits Hardening various systems

What is the minimum number of public IP addresses needed to run a single website on four webservers in a private subnet space, in which the website must be accessible from the Internet?


Options are :

  • 1 (Correct)
  • 4
  • 2
  • 0

Answer :1

The key performance indicator that reveals the company's ability to react faster to threats?


Options are :

  • Mean time to failure (MTTF)
  • Defect density
  • Vulnerability patching lead time (Correct)
  • Time to value

Answer :Vulnerability patching lead time

Alex, the business continuity and regulatory relations manager at Island Bank, wants to implement a Disaster Recovery approach that offers the shortest Recovery Time Objective (RTO). Identify the right option from the following.


Options are :

  • Hot Standby (Correct)
  • Backup and Restore
  • Pilot Light
  • Warm Standby

Answer :Hot Standby

Agile and DevOps, both, have their own set of objectives and methods of achieving their goals.


Options are :

  • TRUE (Correct)
  • FALSE

Answer :TRUE

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions