Answer-first summary for fast verification
Answer: Commit the code: Static application security testing, Build and test: Infrastructure scanning
For integrating security-related tasks into DevOps pipelines as per DevSecOps best practices of the Microsoft Cloud Adoption Framework for Azure, the approach should be as follows: 1. For 'Commit the code' stage, Static Application Security Testing (SAST) should be performed. SAST involves scanning the source code to identify vulnerabilities early in the development cycle. This helps to prevent issues before they propagate further down the pipeline. 2. For 'Build and test' stage, Infrastructure Scanning should be performed. This entails validating the infrastructure configuration and ensuring that the infrastructure is secure, compliant, and free from vulnerabilities. Hence, the correct answers are: - Commit the code: Static application security testing - Build and test: Infrastructure scanning
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company is planning to implement DevSecOps best practices as outlined in the Microsoft Cloud Adoption Framework for Azure. The objective is to infuse security processes into the existing continuous integration and continuous deployment (CI/CD) DevOps pipelines. You need to identify and recommend the specific security-related tasks that should be integrated at each stage of the DevOps pipeline. Refer to the answer area and choose the appropriate options for each stage. NOTE: Each correct selection is worth one point. Correct Answer: 1. Build and test 2. Commit the code
A
Commit the code: Static application security testing
B
Commit the code: Infrastructure scanning
C
Build and test: Static application security testing
D
Build and test: Infrastructure scanning
No comments yet.