Premium Partner

0 Login Registrieren

Store 0
Bibliothek
Info
Abos
Partner

CCAK

cloud auditing knowledge

Frage zuerst
Antwort zuerst
Selbsttest

0.0 (0)

Nicht sichtbar

Lernen

Nicht sichtbar

Kartei Details

Karten	45
Sprache	English
Kategorie	Technik
Stufe	Andere
Erstellt / Aktualisiert	29.11.2023 / 30.11.2023
Lizenzierung	Keine Angabe
Weblink	https://card2brain.ch/box/20231129_ccak
Einbinden	<iframe src="https://card2brain.ch/box/20231129_ccak/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>

Flip-Modus

Some of the reasons to integrate security in the early stages of the systems development life cycle include (select all that apply):

It can help reduce costs, as security vulnerabilities can be identified before code is deployed in production, reducing the possibility of potential issues and costly fixes.

It helps remediate security vulnerabilities in the infrastructure layers.

It is difficult to understand application requests in order to detect and block attacks outside the application. It is more effective to fix vulnerable code and close off attack vectors.

It helps reduce time for development and deployment of code.

What are example benefits of including dynamic application security testing (DAST) in software security testing? (Select all that apply.)

DAST can simulate the actions of a malicious user trying to exploit undetected infrastructure vulnerabilities or low patch levels.

DAST can create an open source code inventory and a list of associated vulnerabilities.

DAST has a low rate of false positives.

DAST can simulate how an application reacts to various inputs.

Which of the following is not a primary function of a version control repository? (Select the BEST answer.)

IAM and approval processes

Source code management

Identifying vulnerabilities and exposures (CVEs) in code

Creating digital fingerprints of known good versions of code

What technology should be considered and assessed to manage the extensive credentials typically embedded and used by CI/CD pipelines?

A. Federated identity brokers to manage user connectivity.

B. Data encryption for the credential files

C. Secrets managers

D. Password managers

5. On what elements should the auditor rely for auditability and accountability in a DevSecOps approach? (Select all that apply.)

A. Major architectural decisions and changes being reflected in the version control system or the issue tracker

B. Logs of structural changes in the integration pipeline and logs of changes in the build jobs.

C. Logs of the continuous integration and continuous delivery servers.

D. Logs of modifications to the application once registry of the organization.

In continuous integration pipelines, pull requests refer to what type of operations?

Making changes to code and submitting for approval before deployment

Requesting sections of code for testing in development

Changing files that contain configurations or infrastructure templates

Committing changes to code bypassing the review and approval process

Which of the following is not primarily a security-specific type of test?

Fuzzing

Regression testing

Dynamic application security testing

Static application security testing

Which of the following is a key concept for auditors regarding testing in a continuous integration/continuous deployment (CI/CD) pipeline?

Verifying that required security gates exist

Verifying that security gates are located properly

Finding ways to speed up security testing

Ensuring that security testing is running in parallel

4 anzeigen
16 anzeigen
32 anzeigen

Klick dich schlau.

Gemeinsam lernen - einfach und effizient.

Jetzt registrieren Zum Login

Funktionen

Abos
Bibliothek
Card Store
Mobile App

Hilfe

Info
Kontakt
Feedback
Blog

Partner

Premium Partner
Bildungspartner
Verlagspartner

Sprachen

Deutsch
Français
English

Kontakt & Feedback

AGB
Datenschutz
Urheberrecht
Impressum
Team
Kontakt