CDM CDM Security & Compliance (DevSecOps)

Question 1

What does the term 'shift-left security' mean in a DevSecOps context?

Accepted Answer

Integrating security testing and practices early in the development lifecycle

Answer

Shift-left security means embedding security checks, code scanning, and threat modeling as early as possible in the SDLC rather than waiting until deployment.

Question 2

Which practice involves automatically scanning container images for known vulnerabilities before they are pushed to a registry?

Accepted Answer

Image vulnerability scanning

Answer

Image vulnerability scanning (using tools like Trivy, Clair, or Snyk) checks container images against CVE databases before they reach the registry or production.

Question 3

In DevSecOps, what is a Software Composition Analysis (SCA) tool primarily used for?

Accepted Answer

Identifying vulnerabilities in open-source libraries and dependencies

Answer

SCA tools scan a project's dependencies and open-source libraries against vulnerability databases to identify known CVEs and license risks.

Question 4

Which of the following is the best approach for managing secrets (API keys, passwords) in a CI/CD pipeline?

Accepted Answer

Use a dedicated secrets manager such as HashiCorp Vault or AWS Secrets Manager

Answer

Dedicated secrets managers provide access control, auditing, rotation, and dynamic secret generation, keeping credentials out of source control entirely.

Question 5

What is Static Application Security Testing (SAST)?

Accepted Answer

Analyzing source code or binaries for security flaws without executing the application

Answer

SAST tools analyze source code, bytecode, or binaries at rest to find security vulnerabilities such as SQL injection or buffer overflows before the code runs.

(CDM) Certified DevOps Master Practice Test

(CDM) Certified DevOps Master Practice Test

CDM CDM Security & Compliance (DevSecOps)