Table of Contents
Question#1 In the DevSecOps, during which phase of the development cycle are the security aspects considered?
1)During the development process
2)At the end of the release cycle
3)Throughout the application lifecycle
4)During the testing phase
Ans : Throughout the application lifecycle
Question#2 Which is the software development approach that first emphasized on incorporating customer feedback early and often?
1)Agile
2)DevOps
3)Lean
4)Waterfall
Ans : Agile
Question#3 __ procedure involves integrating secure development practices and methodologies into development and deployment processes that enforce DevOps.
1)Application Security
2)Software development security
3)Security Testing
4)DevSecOps
Ans : DevSecOps
Question#4 __ software development approach aims to enhance the collaboration between the software development and the IT operations team.
1)Lean
2)Waterfall
3)Agile
4)DevOps
Ans : DevOps
Question#5 _ approach aims to include security in each phase of the development cycle.
1)Consistent Security
2)Shift Right Security
3)Continuous Security
4)Shift Left security
Ans : Shift Left security
Question#6 In DevSecOps, security-related activities are the sole responsibility of the security team.
1)True
2)False
Ans : False
Question#7 DevSecOps encourages creativity and experimentation.
1)True
2)False
Ans : True
Question#8 In modern software development, a large portion of code is reused from open source and third-party libraries.
1)True
2)False
Ans : True
Question#9 Which of the following can be used to ensure the security of the CI/CD pipeline?
1)Authentication to push changes
2)Login tracking
3)Key management
4)Secure storage of build artifacts
5)All the options
Ans : All the options
Question#10 How many distinct areas does the AppSec pipeline comprise?
1)Three
2)Two
3)Depends on the application
4)Four
Ans : Four
Question#11 _ testing strategy involves feeding malformed inputs to a software.
1)Disruption Testing
2)Chaos Testing
3)Fuzz Testing
Ans : Fuzz Testing
Question#12 During which phase in the AppSec pipeline are the AppSec tools automated?
1)Testing phase
2)Intake phase
3)Triage phase
4)All the options
Ans : Triage phase
Question#13 _ simulates failure by randomly terminating clusters.
2)Chaos Gorilla
3)Chaos Kong
4)Latency Monkey
Ans : Chaos Monkey
Question#14 In _ approach, the code is analyzed for security vulnerabilities, while the application is run either manually or by an automated test.
1)DAST
2)IAST
3)RASP
4)SAST
Ans : IAST
Question#15 RASP works as a network device.
1)True
2)False
Ans : False
Question#16 SAST requires the application to be running.
1)True
2)False
Ans : False
Question#17 Which of the following is used by IaC to code more versatile and adaptive provisioning and deployment processes?
1)Programming scripts
2)Descriptive language
3)High-level or descriptive language
4)High-level languages
Ans : High-level or descriptive language
Question#18 Which of the following can be considered as a sound monitoring approach?
1)SEM
2)SIEM
3)SIM
Ans : SIEM
Question#19 In __ type of IT setup, developers or operations teams automatically manage and provision the technology stack for an application through software.
1)Infrastructure as Code
2)Infrastructure automation
3)Programming scripts
4)Infrastructure as a Service
Ans : Infrastructure as Code
Question#20 Which of the following SAST tools analyze to uncover vulnerabilities?
1)Source code
2)Binaries
3)Configuration files
4)All the options
Ans : All the options
Question#21 In SAST, during which phases are the software artifacts analyzed to uncover vulnerabilities?
1)Testing and deployment
2)Analysis and coding
3)Al the phases
4)Coding and unit testing
Ans : Coding and unit testing
Question#22 SAST is also known as __.
1)Black box testing
2)White box testing
3)Grey box testing
Ans : White box testing
Question#23 __ software development methodology characterizes security as a primary consideration throughout the processes of development and delivery of software.
1)Continuous Security
2)DevSecOps
3)Rugged DevOps
4)Secure Agile
Ans : Rugged DevOps
Question#24 Which of the following is the desirable characteristic of a useful monitoring framework?
1)Correlation
2)Data Aggregation
3)Retention
4)Alerting
5)All the options
Ans : All the options
Question#25 What is the practice of testing the production environment continuously with different types of failure scenarios called?
1)Chaos Testing
2)RASP
3)IAST
4)Fuzz Testing
Ans : Chaos Testing
Question#26 _ emphasizes increased trust, transparency, and a clearer understanding of probable risks.
1)Rugged DevOps
2)DevSecOps
Ans : Rugged DevOps
DevOps Security Interview Questions and Answers for Experience
- What is DevOps?
Your answer must be simple and straightforward. Begin by explaining the growing importance of DevOps in the IT industry. Discuss how such an approach aims to synergize the efforts of the development and operations teams to accelerate the delivery of software products, with a minimal failure rate. Include how DevOps is a value-added practice, where development and operations engineers join hands throughout the product or service lifecycle, right from the design stage to the point of deployment. - What are the difference between DevOps and agile methodology?
DevOps is a culture that allows the development and the operations team to work together. This results in continuous development, testing, integration, deployment, and monitoring of the software throughout the lifecycle.
DevOps different from Agile
Agile is a software development methodology that focuses on iterative, incremental, small, and rapid releases of software, along with customer feedback. It addresses gaps and conflicts between the customer and developers.
DevOps addresses gaps and conflicts between the Developers and IT Operations.
- Which are some of the most popular DevOps tools?
The most popular DevOps tools include:
- Selenium
- Puppet
- Chef
- Git
- Jenkins
- Ansible
- Docker
- What are the different phases in DevOps?
The various phases of the DevOps lifecycle are as follows:
- Plan – Initially, there should be a plan for the type of application that needs to be developed. Getting a rough picture of the development process is always a good idea.
- Code – The application is coded as per the end-user requirements.
- Build – Build the application by integrating various codes formed in the previous steps.
- Test – This is the most crucial step of the application development. Test the application and rebuild, if necessary.
- Integrate – Multiple codes from different programmers are integrated into one.
- Deploy – Code is deployed into a cloud environment for further usage. It is ensured that any new changes do not affect the functioning of a high traffic website.
- Operate – Operations are performed on the code if required.
- Monitor – Application performance is monitored. Changes are made to meet the end-user requirements.
Conclusion:
DevOps Security refers to the set of practices, approaches and tools that bring together software development, IT operations and security so as to increase the ability of an organization to deliver applications and services securely at a high velocity. The DevOps Security certification exam can prove to be a valuable addition to your skillset if you wish to excel in this field.
