DOL DOL Security and Compliance

Question 1

What is the primary goal of integrating security into the DevOps pipeline (DevSecOps)?

Accepted Answer

Shifting security left to detect vulnerabilities earlier in the development lifecycle

Answer

Shifting security left means embedding security checks early in the pipeline so vulnerabilities are found and fixed at lower cost.

Question 2

Which practice best describes 'security as code' in a DevOps environment?

Accepted Answer

Storing security policies and configurations in version-controlled code repositories

Answer

Security as code means defining security policies, controls, and configurations in version-controlled scripts so they are auditable, repeatable, and automated.

Question 3

A DevOps Leader wants to ensure compliance checks do not slow deployments. Which approach is most effective?

Accepted Answer

Automate compliance validation as a gate in the CI/CD pipeline

Answer

Automating compliance checks as pipeline gates ensures every release is validated without adding manual delay.

Question 4

What does 'threat modeling' help a DevOps team accomplish?

Accepted Answer

Identifying potential security threats and mitigations early in the design phase

Answer

Threat modeling proactively identifies attack surfaces and vulnerabilities during design, reducing risk before code is written.

Question 5

Which tool category is commonly used in DevSecOps pipelines to scan container images for known vulnerabilities?

Accepted Answer

Container image vulnerability scanners

Answer

Container image vulnerability scanners (e.g., Trivy, Clair) inspect images against CVE databases before they are deployed.

(DOL) DevOps Leader Practice Test

(DOL) DevOps Leader Practice Test

DOL DOL Security and Compliance