Agile & DevOps

1. From the options select the configuration items that are eligible for configuration management
Source code document, Test Report, SRS, Design Document
2. Tom and Peter works on the same project. Tom does his work and update the local copy back to the configuration
management server. This process is called as Check-in
3. ____________ ensures that when two different people does the work and update parallelly, one should not over write the
other Synchronization control
4. Which is the software configuration concept that ensures that change should be done in a controlled and authorized
environment Baseline
5. ________ is the process during which the changes of a system are implemented in a controllable manner by following a
predefined model, with some reasonable modifications. Change Management

6. State true or false. During agile development more emphasize is given for documentation FALSE
7. What are the roles in dynamic system development method? Scribe Facilitator, Technical Coordinator
8. _____ methodology focus on visualization flow Kanban
9. Which of the following agile methodologies depends on the cohesiveness of the team and individual commitment of the
team members? Lean Software Development
10. Which agile methodology divides the development into sprint cycles, in which a Specified set of features are delivered?
Choose from the following: SCRUM
11. __________ is an iterative and incremental approach that embraces principles of agile development, including continuous
user/customer involvement. Dynamic System Development Method

12. ____ layer in busness analytics indicate what is happening or what has happened Descriptive Layer
13. ____ layer describes what could happen Predictive Layer
14. Analytics reveal hidden patterns in _____ Data
15. An optimal solution is based on ___ Targets, Limits, Choices
16. _____ Allows decision makers at virtually all levels of the organization to gain insight into business performance and data to
support and guide actions. BPM

17. ______ is the Process of discovering various models, summaries and derived values from a given collection of data
Data Mining
18. By working to plan an information agenda, master information, and apply Business Analytics, organizations can take
advantage of the following areas Information Management, ECM
19. The challenge faced in Business Analytics are Volume of data, Variety of data, Velocity of data
20. _____ helps to uncover unexpected patterns and associations from all data within an organization Cognitive Layer
21. To understand the best course of action for a problem is ____ Prescriptive Layer

22. ____ reflect the success or failure after an event has been consumed Lagging KPI
23. Which is not a KPI Effort KPI
24. _____ helps an organization to define and measure progress towards organizational goals. KPI
25. Which of these are attributes of performance measure Strategic, Holistic, Relevant, Timely
26. Expand KSI Key Success Indicator
27. _____ is the subject matter area on which reports revolve around. Content
28. ____ is an important measure of how well an organization meets or exceeds a customer's expectations
Customer Satisfaction
29. A metric should be time bound 'True'.
30. Units per hour is an example of what KPI Quantitative KPI
31. The most common form of KPI reporting is ____ Dashboarding

32. ____ is an iterative process in which we understand the users clearly Design Thinking
33. Which is not a phase in design thinking Model
34. Stating Your Users' Needs and Problems is done in which phase Define
35. Sub phases of understand phase is ___ Empathize, Define
36. Design Thinking is focusing on the stated problem than to arrive at a solution immediately 'True'.

37. Which of the following is mapped by an empath map Says, Thinks, Does, Feels
38. _______in design thinking is a written, actionable statement that expresses the problem that the design team is trying to
address. POV
39. Researching Your Users' Needs is done in which phase Empathize
40. Challenge Assumptions and Create Ideas is done in Ideate
41. Analyzing how users interact with their environment is a ____ activity in Empathize Observer

DEVOPS
42. Which of the following CI/CD tools is a continuous integration server developed by Atlassian? Bamboo
43. Which of the following CI/CD tools is known for its ease of setup, out-of-the-box usability, and beautiful user interface?
TeamCity
44. In which of the following, there is no human intervention and only a failed test will prevent a new change to be deployed to
production? Continuous Deployment
45. Which of the following is the final phase of the DevOps cycle? Monitor
46. In which of the following pipelines, all the new changes run through a consistent set of quality checks?
AWS codpipeline
47. In YAML file used for BitBucket pipeline, you can use different types of container for each step by selecting different
images 'True'.
48. Which of the following CI/CD toolsprovides support for .Net framework? TeamCity
49. Before DevOps, there is a significant delay between development and operations 'True'.
50. The applications with Azure CI/CD pipelines can be deployed to multiple target environments 'True'.
51. Each service runs in its own process and communicates with other services through a well-defined interface in Microservice
'True'.

52. In _________, developed code is continuously delivered until the programmer considers it is ready to ship.
Continuous Delivery
53. In GitLab, pipes are agents that run the CI/CD Jobs 'False'.
54. The __________is used to record the code changes made by developers so that these changes can be shared to others
Version control system
55. Pipe uses a script that lives in a Docker container 'True'.
56. You can either define the pipeline using YAML syntax or through the user interface in Azure pipeline True'.
57. Which of the following uses a version control system and a central code repository for tracking the code changes made by
developers? Continuous Integration
58. Which of the following CI/CD tools is designed to handle anything from a simple CI server to a complete CD hub?
Jenkins
59. Which of the following CI/CD tools is suitable for small projects? CircleCI
60. In Continuous Integration, build status is reported to developers when they are changing the code. 'True'.
61. Which of the following are the services provided by Azure DevOps? Azure Boards, Azure Artifacts, Azure Repos

62. DevOps bridges the gap between development and operations teams. 'True'.
63. CAMS Stands for Culture, Automation, _________ and ________. Measurement, Sharing
64. A Blue/Green deployment is a deployment strategy in which you create two separate, but identical environments True
65. With Continuous Delivery, production happens automatically without explicit approval. 'False'.
66. Which of the following is a a software development practice where members of a team use a version control system and
frequently integrate their work to the same location like the main branch? Continuous Integration

67. Using a blue/green deployment strategy increases application availability and reduces deployment risk by simplifying the
rollback process if a deployment fails. 'True'.
68. Which of the following refers to automatically releasing a developer’s changes from the repository to production, where it is
usable by customers? Continuous Deployment
69. In the Blue/Green deployment, once testing has been completed on the blue environment, live application traffic is directed
to the blue environment and the green environment is deprecated. False'.
70. DevOps culture is about agility, scalability, continuous improvements in the delivery of services. 'True
71. In CAMS Model, ________ is all about monitoring and tracking the progress of various activities involved in the DevOps
environment. Measurement

72. ________ is the first phase of the pipeline, where developers put in their code and then again the code goes to the version
control system with a proper version tag. Build phase
73. Which of the following are the Test Automation tools? Selenium
74. Which of the following are the Software Configuration Management tools? Git, CVS
75. Infrastructure-as-Code tools are used to create software environments using predefined templates. 'True'.
76. Replacing or modifying older apps with newer microservices architecture can open up the doors to faster development and
quicker innovation. True'.

77. _________ and ________ are CI/CD software that automates tasks starting from development pipeline to deployment.
Jenkins, Bamboo
78. An Elastic stack can be created to automatically monitor the application and logs. 'True'.
79. Unit Testing tests individual units or components of a code written by the developer to validate if they perform as expected.
'True'.
80. Which of the following phases in the CI/CD pipeline get all the features of that code from various branches of the repository,
merge them and finally use a compiler to compile it? Build phase
81. Which of the following are Infrastructure-As-Code tools? AWS CloudFormation, Terraform

82. __________ refers to the process of tracking the identified vulnerabilities, the steps taken to mitigate and/or eliminate those
vulnerabilities, and the overall status of the application’s security. Monitor
83. A _________ is an application security solution that can help to find certain vulnerabilities in web applications while they
are running in production. Dynamic Analysis Security Testing
84. Vulnerability Scanning ensures that code is checked for vulnerabilities at every major stage of the delivery pipeline from the
time it is written to, when it is deployed into production. 'True'.
85. Which of the following DevSecOps tools allows an All-in-One website security scanner to support developers to detect
problems at the most advanced stage? Acunetix
86. Use a SAST tool to ensure that your code is secure, safe, and reliable. True'.

87. __________ provides a summary of possible attack scenarios, outlines the flow of sensitive data, and identifies
vulnerabilities and offers potential mitigation options. Threat Modeling
88. _______ is a web-based DevOps program that gives a full CI/CD toolchain out-of-the-box in one particular application.
GitLab
89. _________ is an enterprise-grade automated code review solution that uses static code analysis to provide comprehensive
vulnerability reporting. Codacy
90. Runtime protection means securing software against threats that can arise when your application starts running. False'.
91. ___________ is an application security methodology for managing open source components.
Software Composition Analysis

92. During the development phase in secure SDLC, teams need to make sure that they use secure coding standards. 'True'.
93. _________ is incorporated in the implementation phase of Secure SDLC. Static Analysis
94. Security issues can be addressed in the SDLC pipeline well before deployment to production. 'True'.
95. Which of the following are considered as the 4-Axes in DSOMM? Static Depth, Intensity
96. DSOMM Level 1 calls for the execution of static analysis tools without any changes to the tools or settings. True'.

97. Which of the following are the steps of Threat Modeling? Decomposing the application, Ranking Threats, Mitigation
98. Which of the following are the three critical areas focused by Security Monitoring/Compliance in Secure SDLC?
Shifting security left in the SDLC, Building security into policies, Creating an audit trail throughout the development
99. Employing both SAST and DAST in a pipeline would cover both codebase and runtime vulnerabilities. True'.
100. In which of the following phases of Secure SDLC, teams follow architecture and design guidelines to address risk?
Architecture And Design
101. DSOMM strives to incrementally increase the effectiveness of a security program from Level 1 to Level 4. 'True'.

102. Any component that has the potential to adversely impact cyber supply-chain risk is a candidate for Component Analysis.
'True'.
103. Which of the following are the Software Composition Analysis tools? WhiteSource, Dependency Checker
104. Bill Of Materials (BOM) describe the components included in applications, the version of the components used, and the
license types for each. 'True'.

105. __________is the process of identifying potential areas of risk from the use of third-party and open-source software and
hardware components. Component Analysis
106. Implementing SCA ensures that all of the components in your applications are secure and compliant. 'True'.
107. SAC tools can both spot any security weak points and suggest potential solutions based on the entire code base. 'True'.

108. __________ is an approach to detect dependency bugs in build systems. VeriBuild

109. Which of the following SAST tools is specifically built for NodeJS? Reshift
110. SAST is performed at the static level ensuring¬ that code guidelines are followed without actually executing the application.
'True'.
111. Which of the following problems can be identified by using static analysis?
Dead or unused code, Violation of code style guidelines
112. Which of the following rules comes under comprehensive rulesets while embedding SAST tools into the pipeline?
XML external entity, Header injection

113. ________ is designed for optimizing the performance for analyzing typestate problem Smoke
114. Static Application Security Testing (SAST) is also known as 'black box testing’. False'.
115. Which of the following SAST tools is designed for web applications? HCL AppScan
116. Static code analyzers help to define project specific rules to ensure that all developers follow them without any manual
intervention or sidetracking. True'.
117. SAST tools examine the source code at rest to detect and report on potential security vulnerabilities. True'.

118. In Push Based Configuration Management System, nodes pull the configuration information from the server. 'False'.
119. ___________ is a list of tasks that runs repeatedly in an order. Playbook
120. Configuration drift occurs when ad-hoc configuration changes and updates result in a mismatched development, test, and
deployment environments. 'True'.
121. You can also use Ansible Automation Platform for configuration management to maintain your systems in the desired state.
'True'.
122. Which of the following is an open-source configuration management tool based on Python? SaltStack

123. ________ allows you to create “recipes” and “cookbooks” using its Ruby-based DSL. Chef
124. Ansible leverages SSH to communicate between servers. 'True'.
125. Which of the following services natively integrates Role-Based Access Control (RBAC) into the management platform?
Azure Resource Manager
126. Ansible is an example of a pull based configuration management tool. 'False'.
127. _________ are the components required to operate and manage enterprise IT environments. Infrastructure

128. Vulnerability scanning tools can be used to identify specific local users and groups. 'True'.
129. InSpec tests can be easily added to act as a quality gate for compliance. True'.
130. With Chef Automate, you can run your InSpec compliance tests on demand, see the results on the dashboard, and remediate
the problem. True'.
131. ServerSpec lets you to include metadata about your compliance rules. False'.
132. ______ is a set of security tools that can be used to validate compliance against a set of policies. OpenSCAP

133. InSpec can also run as a series of automated tests that execute as part of your standard release pipelines. True'.
134. _________ was created to provide a standardized approach to maintain the security of systems. OpenSCAP
135. Chef Automate is an integrated solution for managing and deploying infrastructure and applications. True'.
136. Inspec uses a client-server model. True'.
137. Once you have categorized and prioritized vulnerabilities, break down your remediation process into bite-size chunks to
make them more manageable and effective. 'True'.