1. What is DevSecOps?
a. The practice of adding security to the development process
b. The practice of adding development to the security process
c. The practice of outsourcing security to a third-party provider
Answer: a
2. Which of the following is not a key principle of DevSecOps?
a. Automation
b. Collaboration
c. Isolation
Answer: c
3. Which of the following is not a tool used in DevSecOps?
a. Git
b. Jenkins
c. MySQL
Answer: c
4. Which of the following is not a benefit of DevSecOps?
a. Improved security
b. Faster time-to-market
c. Lower costs
Answer: c
5. What is the primary goal of DevSecOps?
a. To eliminate security vulnerabilities
b. To improve collaboration between development and security teams
c. To accelerate software delivery while maintaining security
Answer: c
6. Which of the following is not a common security tool used in DevSecOps?
a. Vulnerability scanner
b. Firewall
c. Load balancer
Answer: c
7. What is the purpose of a security audit in DevSecOps?
a. To identify and fix security vulnerabilities
b. To ensure compliance with regulatory requirements
c. To measure the effectiveness of security controls
Answer: b
8. Which of the following is not a common practice in DevSecOps?
a. Continuous testing
b. Continuous integration
c. Continuous deployment
Answer: c
9. What is the difference between DevOps and DevSecOps?
a. DevSecOps is focused on security, while DevOps is not
b. DevOps is focused on speed of delivery, while DevSecOps is focused on security
c. DevOps and DevSecOps are the same thing
Answer: b
10. What is a security risk assessment?
a. A process for evaluating security controls
b. A process for identifying and assessing potential security threats
c. A process for testing the effectiveness of security measures
Answer: b
11. Which of the following is not a common security vulnerability?
a. SQL injection
b. Cross-site scripting
c. Network congestion
Answer: c
12. What is the purpose of a security incident response plan?
a. To prevent security incidents from occurring
b. To minimize the impact of security incidents
c. To identify the root cause of security incidents
Answer: b
13. What is the difference between penetration testing and vulnerability scanning?
a. Penetration testing is automated, while vulnerability scanning is manual
b. Penetration testing attempts to exploit vulnerabilities, while vulnerability scanning only identifies them
c. Penetration testing is less comprehensive than vulnerability scanning
Answer: b
14. What is a threat model?
a. A model used to identify potential security threats
b. A model used to prioritize security controls
c. A model used to simulate security incidents
Answer: a
15. What is a security control?
a. A measure used to mitigate security risks
b. A measure used to create security risks
c. A measure used to detect security risks
Answer: a
16. What is the difference between symmetric and asymmetric encryption?
a. Symmetric encryption uses one key, while asymmetric encryption uses two
b. Symmetric encryption is more secure than asymmetric encryption
c. Symmetric encryption is faster than asymmetric encryption
Answer: a
17. What is the purpose of a security policy?
a. To establish security standards and guidelines
b. To enforce security controls
c. To respond to security incidents
Answer: a
18. What is the main goal of DevSecOps?
a) To increase speed of development
b) To improve security of applications
c) To reduce cost of development
d) To minimize downtime of applications
Answer: b) To improve security of applications
19. What is a threat model in DevSecOps?
a) A tool for automating security testing
b) A list of potential vulnerabilities in an application
c) A framework for identifying and assessing potential security risks
d) A methodology for patching security flaws in an application
Answer: c) A framework for identifying and assessing potential security risks
20. What is a security audit in DevSecOps?
a) A review of an application's security practices
b) A test to identify security vulnerabilities in an application
c) A tool for automating security testing
d) A methodology for patching security flaws in an application
Answer: a) A review of an application's security practices
21. What is a penetration test in DevSecOps?
a) A test to ensure the functionality of an application
b) A test to ensure the usability of an application
c) A test to identify security vulnerabilities in an application
d) A test to measure the performance of an application
Answer: c) A test to identify security vulnerabilities in an application
22. What is the main advantage of using infrastructure as code in DevSecOps?
a) It allows for greater flexibility and scalability
b) It makes it easier to deploy and manage infrastructure
c) It reduces the risk of configuration errors
d) It ensures that infrastructure is secure by default
Answer: c) It reduces the risk of configuration errors
23. What is the role of a security champion in DevSecOps?
a) To lead the development team
b) To provide guidance on security best practices
c) To develop security tools and frameworks
d) To manage the deployment and configuration of infrastructure
Answer: b) To provide guidance on security best practices
24. What is a security incident in DevSecOps?
a) A breach of security that results in data loss or theft
b) A failure of an application to perform as expected
c) A security vulnerability that has been identified
d) A security audit that has uncovered potential issues
Answer: a) A breach of security that results in data loss or theft
25. What is a security test in DevSecOps?
a) A test to ensure the functionality of an application
b) A test to ensure the usability of an application
c) A test to identify security vulnerabilities in an application
d) A test to measure the performance of an application
Answer: c) A test to identify security vulnerabilities in an application
26. What is the difference between a vulnerability and a threat?
a) A vulnerability is a weakness in a system that can be exploited by a threat actor, while a threat is an event or action that can cause harm to a system.
b) A vulnerability is an event or action that can cause harm to a system, while a threat is a weakness in a system that can be exploited by a threat actor.
c) There is no difference between a vulnerability and a threat.
Answer: a) A vulnerability is a weakness in a system that can be exploited by a threat actor, while a threat is an event or action that can cause harm to a system.
27. What is shift left security?
a. The practice of integrating security as early as possible in the software development life cycle
b. The process of shifting security concerns to the operations team
c. The use of automation tools to identify and mitigate security vulnerabilities
Answer: a
28. What is a security culture?
a. A set of policies and procedures for managing security
b. A set of values and beliefs about the importance of security
c. A set of technical controls for enforcing security
Answer: b
29. Which of the following is an example of a security control?
a. Firewall
b. Agile development
c. Continuous integration
Answer: a
30. What is a risk assessment?
a. A process for identifying potential security threats to a system
b. A process for evaluating the likelihood and impact of security threats
c. A document that outlines security requirements for a software project
Answer: b
31. What is a security baseline?
a. A set of minimum security requirements for a system
b. A tool for identifying potential security threats to a system
c. A process for testing the security of a system
Answer: a
Top comments (0)