Q.1 In the DevSecOps, during which phase of the development cycle are the security aspects considered?
A. During the development process
B. At the end of the release cycle
C. Throughout the application lifecycle
D. During the testing phase
Ans : Throughout the application lifecycle
Q.2 Which is the software development approach that first emphasized on incorporating customer feedback early and often?
A. Agile
B. DevOps
C. Lean
D. Waterfall
Ans : Agile
Q.3 ________ procedure involves integrating secure development practices and methodologies into development and deployment processes that enforce DevOps.
A. Application Security
B. Software development security
C. Security Testing
D. DevSecOps
Ans : DevSecOps
Q.4 ____________ software development approach aims to enhance the collaboration between the software development and the IT operations team.
A. Lean
B. Waterfall
C. Agile
D. DevOps
Ans : DevOps
Q.5 _________ approach aims to include security in each phase of the development cycle.
A. Consistent Security
B. Shift Right Security
C. Continuous Security
D. Shift Left security
Ans : Shift Left security
Q.6 In DevSecOps, security-related activities are the sole responsibility of the security team.
A. True
B. False
Ans : False
Q.7 DevSecOps encourages creativity and experimentation.
A. True
B. False
Ans : True
Q.8 In modern software development, a large portion of code is reused from open source and third-party libraries.
A. True
B. False
Ans : True
Q.9 Which of the following can be used to ensure the security of the CI/CD pipeline?
A. Authentication to push changes
B. Login tracking
C. Key management
D. Secure storage of build artifacts
E. All the options
Ans : All the options
Q.10 How many distinct areas does the AppSec pipeline comprise?
A. Three
B. Two
C. Depends on the application
D. Four
Ans : Four
Q.11 _________ testing strategy involves feeding malformed inputs to a software.
A. Disruption Testing
B. Chaos Testing
C. Fuzz Testing
Ans : Fuzz Testing
Q.12 During which phase in the AppSec pipeline are the AppSec tools automated?
A. Testing phase
B. Intake phase
C. Triage phase
D. All the options
Ans : Triage phase
Q.13 _________ simulates failure by randomly terminating clusters.
A. Chaos Monkey
B. Chaos Gorilla
C. Chaos Kong
D. Latency Monkey
Ans : Chaos Monkey
Q.14 In _________ approach, the code is analyzed for security vulnerabilities, while the application is run either manually or by an automated test.
A. DAST
B. IAST
C. RASP
D. SAST
Ans : IAST
Q.15 RASP works as a network device.
A. True
B. False
Ans : False
Q.16 SAST requires the application to be running.
A. True
B. False
Ans : False
Q.17 Which of the following is used by IaC to code more versatile and adaptive provisioning and deployment processes?
A. Programming scripts
B. Descriptive language
C. High-level or descriptive language
D. High-level languages
Ans : High-level or descriptive language
Q.18 Which of the following can be considered as a sound monitoring approach?
A. SEM
B. SIEM
C. SIM
Ans : SIEM
Q.19 In ________ type of IT setup, developers or operations teams automatically manage and provision the technology stack for an application through software.
A. Infrastructure as Code
B. Infrastructure automation
C. Programming scripts
D. Infrastructure as a Service
Ans : Infrastructure as Code
Q.20 Which of the following SAST tools analyze to uncover vulnerabilities?
A. Source code
B. Binaries
C. Configuration files
D. All the options
Ans : All the options
Q.21 In SAST, during which phases are the software artifacts analyzed to uncover vulnerabilities?
A. Testing and deployment
B. Analysis and coding
C. Al the phases
D. Coding and unit testing
Ans : Coding and unit testing
Q.22 SAST is also known as ____________.
A. Black box testing
B. White box testing
C. Grey box testing
Ans : White box testing
Q.23 ____________ software development methodology characterizes security as a primary consideration throughout the processes of development and delivery of software.
A. Continuous Security
B. DevSecOps
C. Rugged DevOps
D. Secure Agile
Ans : Rugged DevOps
Q.24 Which of the following is the desirable characteristic of a useful monitoring framework?
A. Correlation
B. Data Aggregation
C. Retention
D. Alerting
E. All the options
Ans : All the options
Q.25 What is the practice of testing the production environment continuously with different types of failure scenarios called?
A. Chaos Testing
B. RASP
C. IAST
D. Fuzz Testing
Ans : Chaos Testing
Q.26 _________ emphasizes increased trust, transparency, and a clearer understanding of probable risks.
A. Rugged DevOps
B. DevSecOps
Ans : Rugged DevOps
