Answer-first summary for fast verification
Answer: Use source code security analyzers as part of the CI/CD pipeline, Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline
The correct answers are B and E. Using source code security analyzers (B) as part of the CI/CD pipeline helps identify security vulnerabilities early in the development process. Running a vulnerability security scanner (E) as part of your CI/CD pipeline can help catch security issues before code is deployed to production. These automated tools minimize the risk of human error and help maintain release speed and agility. Manual code reviews (A) and unit testing (C) are important but may not be as scalable or directly focused on security. Code signing (D) ensures the integrity of code but does not actively find and fix security vulnerabilities.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility. As a cloud architect, you are tasked with reducing the chance of security errors being accidentally introduced during the release process. Which two actions can you take to achieve this? (Choose two.)
A
Ensure every code check-in is peer reviewed by a security SME
B
Use source code security analyzers as part of the CI/CD pipeline
C
Ensure you have stubs to unit test all interfaces between components
D
Enable code signing and a trusted binary repository integrated with your CI/CD pipeline
E
Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline
No comments yet.