Which of the following is BEST described by the statement containers that access an disks mounted on the host and have read-write access to files”?
- A . A risk of using privileged containers
- B . A benefit of container credentials
- C . A requirement for container isolation
- D . A need for container immutability
Which of the following BEST describes the goal of the security principle of accountability and non-repudiation?
- A . Neither the sender nor the recipient of information or activity can later deny the transaction took place
- B . Trust between two parties is enhanced by a set of practices that validate integrity of data transmissions
- C . Corporate reputation is maintained when practicing good authentication and data validation procedures
- D . Confidence between consumer and provider is achieved when users manage passwords *i a defined way
Visual tactile, and auditory are modalities of formal learning
Which of the following is BEST described as the fourth major modality of formal learning?
- A . Story based
- B . Kinesthetic
- C . Demonstration
- D . Observe live
When of the following BEST describes now the security principle of validation of a user’s access and actions differ within a DevSecOps mindset versus a more traditional approach to this principle?
- A . The ad of validation is at the point of access
- B . The act of validation is at the point of request
- C . The act of validation is continuous and ongoing
- D . The act of validation focuses on credentials.
Which of the following is NOT a security requirement unique to mobile applications?
- A . Source code must be checked for programmatic and stylistic errors
- B . Secrets information must be stored for secure back-end service calls
- C . They must be designed to run safely outside of the secure network
- D . Data must be kept secure to prevent leaking to other applications
Which of the following is NOT a security requirement unique to mobile applications?
- A . Source code must be checked for programmatic and stylistic errors
- B . Secrets information must be stored for secure back-end service calls
- C . They must be designed to run safely outside of the secure network
- D . Data must be kept secure to prevent leaking to other applications
Which of the following is NOT a security requirement unique to mobile applications?
- A . Source code must be checked for programmatic and stylistic errors
- B . Secrets information must be stored for secure back-end service calls
- C . They must be designed to run safely outside of the secure network
- D . Data must be kept secure to prevent leaking to other applications
Which of the following is NOT a security requirement unique to mobile applications?
- A . Source code must be checked for programmatic and stylistic errors
- B . Secrets information must be stored for secure back-end service calls
- C . They must be designed to run safely outside of the secure network
- D . Data must be kept secure to prevent leaking to other applications
Which of the following is NOT a security requirement unique to mobile applications?
- A . Source code must be checked for programmatic and stylistic errors
- B . Secrets information must be stored for secure back-end service calls
- C . They must be designed to run safely outside of the secure network
- D . Data must be kept secure to prevent leaking to other applications
A. Ensures that customer input into functional requirements is translated into descriptive user stones
B. Ensures that the software is designed and written to support integrity and compliance requirements
C. Ensures that the Ague definition of done includes both functional and nonfunctional requirements for value
D. Ensures that architectural residence is built into software design to ensure high availability requirements
Which of the following BEST describes the meaning of DevSecOps?
- A . A security analysis of all software is performed prior to the release to ensure they are secure in operations.
- B . Security monitoring of software is performed during operations to detect security events more quickly.
- C . A security analysis of software is incorporated and automated throughout development and operations.
- D . Security events are analyzed after they occur to help understand how to prevent them in the future
The Open Web Application Security Project @ (OWASP) is a nonprofit and open community mat supports the goals of DevSecOps that provides many resources to the community.
Which of the following BEST represents a key resource that they make available to the community?
- A . Security and auditing guidelines
- B . Open-source testing procedures
- C . A maturity model for assessment
- D . Training and certification courses
DevSecOps requires many intersecting pans to collaborate and function together.
Which of the following BEST describes what an organization should focus on when starting their implementation?
- A . Process
- B . Governance
- C . Technology
- D . People