DevOps Security Interview Question-Answer

Q.1 In the DevSecOps, during which phase of the development cycle are the security aspects considered?

       A. During the development process

       B. At the end of the release cycle

       C. Throughout the application lifecycle

       D. During the testing phase

Ans : Throughout the application lifecycle

Q.2 Which is the software development approach that first emphasized on incorporating customer feedback early and often?

       A. Agile

       B. DevOps

       C. Lean

       D. Waterfall

Ans : Agile

Q.3 ________ procedure involves integrating secure development practices and methodologies into development and deployment processes that enforce DevOps.

       A. Application Security

       B. Software development security

       C. Security Testing

       D. DevSecOps

Ans : DevSecOps

Q.4 ____________ software development approach aims to enhance the collaboration between the software development and the IT operations team.

       A. Lean

       B. Waterfall

       C. Agile

       D. DevOps

Ans : DevOps

Q.5 _________ approach aims to include security in each phase of the development cycle.

       A. Consistent Security

       B. Shift Right Security

       C. Continuous Security

       D. Shift Left security

Ans : Shift Left security

Q.6 In DevSecOps, security-related activities are the sole responsibility of the security team.

       A. True

       B. False

Ans : False

Q.7 DevSecOps encourages creativity and experimentation.

       A. True

       B. False

Ans : True

Q.8 In modern software development, a large portion of code is reused from open source and third-party libraries.

       A. True

       B. False

Ans : True

Q.9 Which of the following can be used to ensure the security of the CI/CD pipeline?

       A. Authentication to push changes

       B. Login tracking

       C. Key management

       D. Secure storage of build artifacts

       E. All the options

Ans : All the options

Q.10 How many distinct areas does the AppSec pipeline comprise?

       A. Three

       B. Two

       C. Depends on the application

       D. Four

Ans : Four

Q.11 _________ testing strategy involves feeding malformed inputs to a software.

       A. Disruption Testing

       B. Chaos Testing

       C. Fuzz Testing

Ans : Fuzz Testing

Q.12 During which phase in the AppSec pipeline are the AppSec tools automated?

       A. Testing phase

       B. Intake phase

       C. Triage phase

       D. All the options

Ans : Triage phase

Q.13 _________ simulates failure by randomly terminating clusters.

       A. Chaos Monkey

       B. Chaos Gorilla

       C. Chaos Kong

       D. Latency Monkey

Ans : Chaos Monkey

Q.14 In _________ approach, the code is analyzed for security vulnerabilities, while the application is run either manually or by an automated test.

       A. DAST

       B. IAST

       C. RASP

       D. SAST

Ans : IAST

Q.15 RASP works as a network device.

       A. True

       B. False

Ans : False

Q.16 SAST requires the application to be running.

       A. True

       B. False

Ans : False

Q.17 Which of the following is used by IaC to code more versatile and adaptive provisioning and deployment processes?

       A. Programming scripts

       B. Descriptive language

       C. High-level or descriptive language

       D. High-level languages

Ans : High-level or descriptive language

Q.18 Which of the following can be considered as a sound monitoring approach?

       A. SEM

       B. SIEM

       C. SIM

Ans : SIEM

Q.19 In ________ type of IT setup, developers or operations teams automatically manage and provision the technology stack for an application through software.

       A. Infrastructure as Code

       B. Infrastructure automation

       C. Programming scripts

       D. Infrastructure as a Service

Ans : Infrastructure as Code

Q.20 Which of the following SAST tools analyze to uncover vulnerabilities?

       A. Source code

       B. Binaries

       C. Configuration files

       D. All the options

Ans : All the options

Q.21 In SAST, during which phases are the software artifacts analyzed to uncover vulnerabilities?

       A. Testing and deployment

       B. Analysis and coding

       C. Al the phases

       D. Coding and unit testing

Ans : Coding and unit testing

Q.22 SAST is also known as ____________.

       A. Black box testing

       B. White box testing

       C. Grey box testing

Ans : White box testing

Q.23 ____________ software development methodology characterizes security as a primary consideration throughout the processes of development and delivery of software.

       A. Continuous Security

       B. DevSecOps

       C. Rugged DevOps

       D. Secure Agile

Ans : Rugged DevOps

Q.24 Which of the following is the desirable characteristic of a useful monitoring framework?

       A. Correlation

       B. Data Aggregation

       C. Retention

       D. Alerting

       E. All the options

Ans : All the options

Q.25 What is the practice of testing the production environment continuously with different types of failure scenarios called?

       A. Chaos Testing

       B. RASP

       C. IAST

       D. Fuzz Testing

Ans : Chaos Testing

Q.26 _________ emphasizes increased trust, transparency, and a clearer understanding of probable risks.

       A. Rugged DevOps

       B. DevSecOps

Ans : Rugged DevOps

Leave a Comment