06. Which statements accurately describe DevSecOps?

(Choose two) a) It prioritizes

operational efficiency over security. b) It integrates security practices
throughout the DevOps lifecycle. c) It involves only the security and operations
teams. d) It aims to automate security validations as much as possible.

07. Integrating a DAST tool with AWS can help: (Choose two) a) Scan for
vulnerabilities in deployed applications. b) Automatically correct identified
vulnerabilities. c) Provide real-time monitoring of AWS resources. d) Enhance the
security of application deployment on AWS.

08. Pre-commit checks in a DevSecOps pipeline typically include: a) Checking for

code completeness b) Scanning for secrets or credentials in code c) Performance
benchmarking d) Final user acceptance testing

03. Benefits of integrating a SAST tool with Microsoft Azure include: (Choose two)
a) Leveraging Azure's built-in security controls for enhanced scanning b) Directly
deploying code from SAST to production c) Identifying Azure-specific security
concerns d) Streamlining the CI/CD pipeline

04. Effective monitoring in AWS should focus on what aspects? a) User interface
design b) Billing and cost management c) Application and infrastructure performance
d) Sales metrics

05. What is the key advantage of integrating AWS CloudFormation in the release and
deploy stage? a) To manage physical hardware setups b) To automate AWS resource
provisioning c) To centralize application logging d) To enhance cross-platform
mobile development

01. How does collaboration between development, security, and operations teams
enhance DevSecOps? a) By increasing team competition b) By reducing the need for
communication c) By fostering a culture of shared responsibility d) By isolating
team functions

02. Which are advantages of integrating a vulnerability scanning tool in the

release stage? (Choose two) a) Ensuring code quality b) Identifying security
vulnerabilities before live deployment c) Increasing deployment speed d) Reducing
manual testing requirements

09. A critical aspect of DevSecOps is the integration of tools. Which tool category
is essential for identifying known vulnerabilities in dependencies? a) Static
Application Security Testing (SAST) b) Dynamic Application Security Testing (DAST)
c) Software Composition Analysis (SCA) d) Interactive Application Security Testing
(IAST)

10. When should penetration testing be conducted in the release and deploy stage?
a) Before the deployment process begins b) After the deployment is complete c)
During the development phase d) At the initiation of the project

Answers:-
Answer 01:- c Answer 02:- b, d Answer 03:- a, c Answer 04:- c Answer 05:- b Answer
06:- b, d Answer 07:- a, d Answer 08:- b Answer 09:- c Answer 10:- a

Which development methodology emphasizes customer collaboration over contract

negotiation?

Choose one:
V-model

Spiral

Agile

Waterfall

How does integrating security into the CI/CD pipeline benefit DevSecOps?

Choose one:

It isolates security practices from the rest of the development process.

It encourages ignoring security during early stages of development.

It ensures security measures are only considered during post-deployment.

It embeds security practices throughout the software development lifecycle,

enhancing security without slowing down operations.

What is the primary goal of integrating security threat modeling in the plan stage
of DevSecOps?

Choose one:

To implement threat modeling only after deployment.

To identify potential security threats and vulnerabilities early in the development

lifecycle.

To focus solely on external threats, ignoring internal security risks.

To postpone security considerations until the testing phase.

How does Compliance as Code (CaC) facilitate regulatory compliance in DevSecOps?

Choose one:
By embedding compliance checks into the automation pipelines, ensuring continuous
adherence to regulatory standards.
By eliminating the need for compliance monitoring.
By focusing only on compliance at the end of the development cycle.
By manually tracking compliance requirements.

https://www.edusum.com/ec-council/112-55-ec-council-devsecops-essentials

Which pillar of DevSecOps emphasizes ongoing assessment and adaptation of security

practices?
Choose one:
Continuous Development
Continuous Integration
Continuous Delivery
Continuous Monitoring

Why is threat modeling important in secure application development?

Choose one:
It helps in identifying, evaluating, and mitigating potential security threats
early in the development process.
It decreases the understanding of potential security issues.
It is only useful after a breach has occurred.
It focuses exclusively on physical security threats.

In the context of application architectures, what does the term 'scalability' refer
to?
Choose one:
The security measures integrated into the application
The ability to function without errors
The capacity to increase or decrease performance and cost in response to changes in
application and system processing demands
The complexity of the user interface

What is a key characteristic of modern application architectures compared to

traditional ones?
Choose one:
Emphasis on modularity and microservices
Reduced scalability and adaptability
Increased dependency on monolithic structures
Longer development cycles

Which methodology introduced the concept of continuous integration and continuous

deployment (CI/CD)?
Choose one:
Waterfall
Spiral
DevOps
Agile

Why is the use of Infrastructure as Code (IaC) tools important in DevSecOps?

Choose one:
To increase the time required to provision infrastructure.
To manually set up and manage infrastructure.
To eliminate the need for version control in infrastructure setups.
To automate the provisioning and management of infrastructure using code.

Which of the following are Infrastructure-As-Code tools?

Terraform --
SVN
Kubernetes
AWS CloudFormation --