Question 1

(Jason Barry has been working as a DevSecOps engineer in an IT company that develops software products and applications for ecommerce companies. During the build-time check, Jason discovered SQL injection and XXS security issues in the application code. What action does the build-time check perform on the application code?.)

Options :

A : It will ignore the security issue and continue the build process.

B : It will send a message to issue and project management tool and continue with deploy-time check.

C : It will send an alert to SIEM and continue with test-time check.

D : It will stop the build process.

Answer: D

Question 2

(Orange International Pvt. Ltd. is an IT company that develops software products and web applications for Android phones. The organization recognizes the importance of secure coding principles and would like to enforce it. Therefore, Orange International Pvt. Ltd. established access management, avoided reinventing the wheel, secured the weak links, implemented in-depth defense, and reduced third-party involvement in the application. Based on the above-mentioned information, which of the following secure coding principles is achieved by the organization?.)

Options :

A : Secure by implementation.

B : Secure by default.

C : Secure by design.

D : Secure by communication.

Answer: C

Question 3

(Nicholas Cascone has recently been recruited by an IT company from his college as a DevSecOps engineer. His team leader asked him to integrate GitHub Webhooks with Jenkins. To integrate GitHub Webhooks with Jenkins, Nicholas logged in to GitHub account; he then selected Settings > Webhooks > Add Webhook. In the Payload URL field, he is supposed to add Jenkins URL. Which of the following is the final Jenkins URL format that Nicholas should add in Payload URL field of GitHub to configure GitHub Webhooks with Jenkins?.)

Options :

A : http://address:port/GiHhub-webhook/.

B : http://address:port/github_webhook/.

C : http://address:port/github-webhook/.

D : http://address:port/GitHub.webhook/.

Answer: C

Question 4

(SinCaire is a software development company that develops web applications for various clients. To measure the successful implementation of DevSecOps, the organization enforced U.S. General Service Administrator (GSA) high-value DevSecOps metrics. Which of the following metrics implemented by SinCaire can measure the time between the code commit and production, and tracks the bug fix and new features throughout the development, testing, and production phases?)

Options :

A : Mean time to recovery (for applications).

B : Change volume (for application).

C : Time to value.

D : Change lead time (for application).

Answer: D

Question 5

(Matt LeBlanc has been working as a DevSecOps engineer in an IT company that develops software products and web applications for IoT devices. His team leader has asked him to use GitRob tool to find sensitive data in the organizational public GitHub repository. To install GitRob, Matt ensured that he has correctly configured Go >= 1.8 environment and that $GOPATH/bin is in his $PATH. The GitHub repository URL from which he is supposed to install the tool is https://github.com/michenriksen/gitrob. Which of the following command should Matt use to install GitRob?.)

Options :

A : $ go get github.com/michenriksen/gitrob.

B : $ go get gitrob github.com/michenriksen/gitrob.

C : $ go git github.com/michenriksen/gitrob.

D : $ go git gitrob github.com/michenriksen/gitrob.

Answer: A