SAFe® 5 DevOps Certification SAFe 5 DevOps Security and Compliance

Question 1

What does DevSecOps mean in the SAFe framework?

Accepted Answer

Integrating security practices throughout the entire DevOps pipeline rather than as a separate phase

Answer

DevSecOps integrates security throughout the development lifecycle — from design through deployment — making security a shared responsibility embedded in every pipeline stage rather than a gate at the end.

Question 2

What is shift-left security in the context of SAFe DevOps?

Accepted Answer

Moving security testing and considerations earlier in the development lifecycle

Answer

Shift-left security means incorporating security practices (static analysis, dependency scanning, threat modeling) early in the development process, catching vulnerabilities when they're cheaper and easier to fix.

Question 3

What is the purpose of static application security testing (SAST) in the CI/CD pipeline?

Accepted Answer

To analyze source code for security vulnerabilities without executing the application

Answer

SAST tools analyze source code, bytecode, or binary code to identify security vulnerabilities (SQL injection, XSS, buffer overflows) without running the application, enabling early detection during development.

Question 4

How should secrets management be handled in a DevOps pipeline?

Accepted Answer

Using dedicated secrets management tools (Vault, AWS Secrets Manager) with encrypted storage and access controls

Answer

Secrets (passwords, API keys, certificates) should be managed through dedicated tools that provide encrypted storage, access control, audit logging, automatic rotation, and dynamic secret generation.

Question 5

What is compliance as code in SAFe DevOps?

Accepted Answer

Automating compliance verification through code that enforces policies and generates audit evidence

Answer

Compliance as code automates the verification and enforcement of regulatory and organizational policies through executable code, automated tests, and continuous monitoring, producing auditable evidence at every pipeline stage.

SAFe® 5 DevOps Certification Practice Test

SAFe® 5 DevOps Certification Practice Test

SAFe® 5 DevOps Certification SAFe 5 DevOps Security and Compliance