Agile, DevOps and DevSecOps

________ is the process during which the changes of a system are implemented in a controllable manner by following a predefined model, with some reasonable modifications.

From the options select the configuration items that are eligible for configuration management

Which is the software configuration concept that ensures that change should be done in a controlled and authorized environment

Tom and Peter works on the same project. Tom does his work and update the local copy back to the configuration management server. This process is called as

____________ ensures that when two different people does the work and update parallelly, one should not over write the other

Collaborative and co-operative approach among all the stake holders is important. This is a feature of the _______________ Agile Methodology

Which of these is not an agile methodology

Scrum divides the development into short cycles called as ______

________ methodology is useful when the client requirements are not clear and stable

DSDM is iterative and incremental

following: Which agile methodology divides the development into sprint cycles, in which a Specified set of features are delivered? Choose from the

What are the roles in dynamic system development method? Choose from the following:

_____ methodology focus on visualization flow

State true or false. During agile development more emphasize is given for documentation

__________ is an iterative and incremental approach that embraces principles of agile development, including continuous user/customer involvement.

Which of the following agile methodologies depends on the cohesiveness of the team and individual commitment of the team members?

____ layer in busness analytics indicate what is happening or what has happened

An optimal solution is based on ___

____ layer describes what could happen

_____ Allows decision makers at virtually all levels of the organization to gain insight into business performance and data to support and guide actions.

Analytics reveal hidden patterns in _____

The challenge faced in Business Analytics are

_____ helps to uncover unexpected patterns and associations from all data within an organization

______ is the Process of discovering various models, summaries and derived values from a given collection of data

To understand the best course of action for a problem is ____

By working to plan an information agenda, master information, and apply Business Analytics, organizations can take advantage of the following areas

Which is not a KPI

_____ helps an organization to define and measure progress towards organizational goals.

Which of these are attributes of performance measure

Expand KSI

____ reflect the success or failure after an event has been consumed

A metric should be time bound

____ is an important measure of how well an organization meets or exceeds a customer's expectations

The most common form of KPI reporting is ____

_____ is the subject matter area on which reports revolve around.

Units per hour is an example of what KPI

Design Thinking is focusing on the stated problem than to arrive at a solution immediately

Which is not a phase in design thinking

Stating Your Users' Needs and Problems is done in which phase

Sub phases of understand phase is ___

____ is an iterative process in which we understand the users clearly

_______in design thinking is a written, actionable statement that expresses the problem that the design team is trying to address.

Which of the following is mapped by an empath map

Analyzing how users interact with their environment is a ____ activity in Empathize

Researching Your Users' Needs is done in which phase

Challenge Assumptions and Create Ideas is done in

Before DevOps, there is a significant delay between development and operations

Which of the following CI/CD tools is a continuous integration server developed by Atlassian?

Which of the following CI/CD tools is known for its ease of setup, out-of-the-box usability, and beautiful user interface?

In YAML file used for BitBucket pipeline, you can use different types of container for each step by selecting different images

Which of the following is the final phase of the DevOps cycle?

Which of the following CI/CD toolsprovides support for .Net framework?

Each service runs in its own process and communicates with other services through a well-defined interface in Microservices

The applications with Azure CI/CD pipelines can be deployed to multiple target environments

In which of the following pipelines, all the new changes run through a consistent set of quality checks?

In which of the following, there is no human intervention and only a failed test will prevent a new change to be deployed to production?

In GitLab, pipes are agents that run the CI/CD Jobs

Pipe uses a script that lives in a Docker container

In Continuous Integration, build status is reported to developers when they are changing the code.

Which of the following uses a version control system and a central code repository for tracking the code changes made by developers?

Which of the following CI/CD tools is designed to handle anything from a simple CI server to a complete CD hub?

You can either define the pipeline using YAML syntax or through the user interface in Azure pipeline

The __________is used to record the code changes made by developers so that these changes can be shared to others

Which of the following are the services provided by Azure DevOps?

Which of the following CI/CD tools is suitable for small projects?

In _________, developed code is continuously delivered until the programmer considers it is ready to ship.

DevOps bridges the gap between development and operations teams.

Which of the following is a a software development practice where members of a team use a version control system and frequently integrate their work to the same location like the main branch?

A Blue/Green deployment is a deployment strategy in which you create two separate, but identical environments.

With Continuous Delivery, production happens automatically without explicit approval.

CAMS Stands for Culture, Automation, _________ and ________.

In CAMS Model, ________ is all about monitoring and tracking the progress of various activities involved in the DevOps environment.

DevOps culture is about agility, scalability, continuous improvements in the delivery of services.

Using a blue/green deployment strategy increases application availability and reduces deployment risk by simplifying the rollback process if a deployment fails.

In the Blue/Green deployment, once testing has been completed on the blue environment, live application traffic is directed to the blue environment and the green environment is deprecated.

Which of the following refers to automatically releasing a developer’s changes from the repository to production, where it is usable by customers?

Which of the following are the Test Automation tools?

Replacing or modifying older apps with newer microservices architecture can open up the doors to faster development and quicker innovation.

Which of the following are the Software Configuration Management tools?

Infrastructure-as-Code tools are used to create software environments using predefined templates.

version tag.

Which of the following phases in the CI/CD pipeline get all the features of that code from various branches of the repository, merge them and finally use a

Unit Testing tests individual units or components of a code written by the developer to validate if they perform as expected.

Which of the following are Infrastructure-As-Code tools?

_________ and ________ are CI/CD software that automates tasks starting from development pipeline to deployment.

An Elastic stack can be created to automatically monitor the application and logs.

A _________ is an application security solution that can help to find certain vulnerabilities in web applications while they are running in production.

Vulnerability Scanning ensures that code is checked for vulnerabilities at every major stage of the delivery pipeline from the time it is written to, when it is deployed into production.

Use a SAST tool to ensure that your code is secure, safe, and reliable.

Which of the following DevSecOps tools allows an All-in-One website security scanner to support developers to detect problems at the most advanced stage?

__________ refers to the process of tracking the identified vulnerabilities, the steps taken to mitigate and/or eliminate those vulnerabilities, and the overall status of the application’s security.

_________ is an enterprise-grade automated code review solution that uses static code analysis to provide comprehensive vulnerability reporting.

_______ is a web-based DevOps program that gives a full CI/CD toolchain out-of-the-box in one particular application.

Runtime protection means securing software against threats that can arise when your application starts running.

__________ provides a summary of possible attack scenarios, outlines the flow of sensitive data, and identifies vulnerabilities and offers potential mitigation options.

___________ is an application security methodology for managing open source components.

DSOMM Level 1 calls for the execution of static analysis tools without any changes to the tools or settings.

_________ is incorporated in the implementation phase of Secure SDLC.

Which of the following are considered as the 4-Axes in DSOMM?

Security issues can be addressed in the SDLC pipeline well before deployment to production.

During the development phase in secure SDLC, teams need to make sure that they use secure coding standards.

Employing both SAST and DAST in a pipeline would cover both codebase and runtime vulnerabilities.

Which of the following are the three critical areas focused by Security Monitoring/Compliance in Secure SDLC?

DSOMM strives to incrementally increase the effectiveness of a security program from Level 1 to Level 4.

Which of the following are the steps of Threat Modeling?

In which of the following phases of Secure SDLC, teams follow architecture and design guidelines to address risk?

Which of the following are the Software Composition Analysis tools?

Bill Of Materials (BOM) describe the components included in applications, the version of the components used, and the license types for each.

Any component that has the potential to adversely impact cyber supply-chain risk is a candidate for Component Analysis.

SAC tools can both spot any security weak points and suggest potential solutions based on the entire code base.

Implementing SCA ensures that all of the components in your applications are secure and compliant.

__________is the process of identifying potential areas of risk from the use of third-party and open-source software and hardware components.

Which of the following rules comes under comprehensive rulesets while embedding SAST tools into the pipeline?

__________ is an approach to detect dependency bugs in build systems.

SAST is performed at the static level ensuring¬ that code guidelines are followed without actually executing the application.

Which of the following SAST tools is specifically built for NodeJS?

Which of the following problems can be identified by using static analysis?

________ is designed for optimizing the performance for analyzing typestate problem

Static code analyzers help to define project specific rules to ensure that all developers follow them without any manual intervention or sidetracking.

Which of the following SAST tools is designed for web applications?

Static Application Security Testing (SAST) is also known as 'black box testing’.

SAST tools examine the source code at rest to detect and report on potential security vulnerabilities.

In Push Based Configuration Management System, nodes pull the configuration information from the server.

You can also use Ansible Automation Platform for configuration management to maintain your systems in the desired state.

Configuration drift occurs when ad-hoc configuration changes and updates result in a mismatched development, test, and deployment environments.

___________ is a list of tasks that runs repeatedly in an order.

Which of the following is an open-source configuration management tool based on Python?

Ansible is an example of a pull based configuration management tool.

Which of the following services natively integrates Role-Based Access Control (RBAC) into the management platform?

________ allows you to create “recipes” and “cookbooks” using its Ruby-based DSL.

Ansible leverages SSH to communicate between servers.

_________ are the components required to operate and manage enterprise IT environments.

Vulnerability scanning tools can be used to identify specific local users and groups.

ServerSpec lets you to include metadata about your compliance rules.

______ is a set of security tools that can be used to validate compliance against a set of policies.

With Chef Automate, you can run your InSpec compliance tests on demand, see the results on the dashboard, and remediate the problem.

InSpec tests can be easily added to act as a quality gate for compliance.

Once you have categorized and prioritized vulnerabilities, break down your remediation process into bite-size chunks to make them more manageable and effective.

InSpec can also run as a series of automated tests that execute as part of your standard release pipelines.

Inspec uses a client-server model.

Chef Automate is an integrated solution for managing and deploying infrastructure and applications.

_________ was created to provide a standardized approach to maintain the security of systems.