Explore topic-wise InterviewSolutions in .

Dynamic testing can be performed on the principles of WHITE and black box testing.
Choose the correct OPTION from below list
(1)True
(2)False

Answer:-(1)True

____________ TOOL is used to identify any accidental leakage of security keys by performing high entropy CHECKS on the Git COMMIT history.
Choose the correct option from below list
(1)Checkmarx
(2)Nikto
(3)Pytaint
(4)TruffleHog

Answer:-(4)TruffleHog

Which of the following is the ideology to INTEGRATE security practices into the DEVOPS system?
Choose the correct option from below list
(1)Secure DEVELOPMENT
(2)SecOps
(3)DevOps
(4)DevSecOps

Answer:-(4)DevSecOps

How many components are there in the DevSecOps strategy?
CHOOSE the correct option from below list
(1)5
(2)3
(3)7
(4)6

Answer:-(4)6

_________ means specifying the criteria for enforcement in a language that can be READ by humans and machines. Configurations can then be deployed, tested, monitored, and REPORTED automatically throughout.
Choose the CORRECT option from below list
(1)DSOMM
(2)Security Compliance
(3)Compliance as Code
(4)OS Hardening

Answer:-(3)Compliance as Code

__________ of the application is the ACT of configuring an application SECURELY, updating it, creating rules and policies to help GOVERN the application in a secure manner, and removing unnecessary applications and services.
Choose the correct option from below list
(1)Compliance
(2)None of the options
(3)Monitoring
(4)Hardening

Answer:-(4)Hardening

How many PHASES are there in the Secure Software Development Life Cycle?
CHOOSE the CORRECT option from below list
(1)7
(2)5
(3)3
(4)6

Answer:-(4)6

________ is an operational FRAMEWORK that stimulates software consistency and standardization through automation while emphasizing collaboration between an ORGANIZATION's operations, development, testing, and SUPPORT teams.
Choose the correct option from below list
(1)All the options
(2)DevSecOps
(3)DevOps
(4)Automation

Answer:-(3)DevOps

Which of the following can be defined as a family of activities for enhancing SECURITY by identifying objectives and vulnerabilities
and then defining countermeasures to prevent or mitigate the effects of the threats to the system?
Choose the correct option from below list
(1)Threat modeling
(2)NONE of the options
(3)DYNAMIC Analysis
(4)Static Analysis

Answer:-(1)Threat modeling

__________ TOOL is designed to IDENTIFY common security problems in Python Code.
Choose the correct option from below LIST
(1)Bandit
(2)BURP Suite
(3)FindBugs
(4)Brakeman

Answer:-(1)Bandit

Static code ANALYSIS is PERFORMED before the ________ begins.
Choose the correct option from below list
(1)Testing
(2)Coding
(3)Monitoring
(4)Program execution

Answer:-(1)Testing

__________ is a STRUCTURE in which ORGANIZATIONS describe the MECHANISM used to CREATE an application from its inception to its decommissioning.
Choose the correct option from below list
(1)SDLC
(2)All the options
(3)DevOps
(4)DevSecOps

Answer:-(1)SDLC

_________ is a journey towards a frequent and more RELIABLE release pipeline, automation, and stronger COLLABORATION between DEVELOPMENT, IT, and business teams.
Choose the correct OPTION from below list
(1)OS Hardening
(2)All the options
(3)DSOMM
(4)Security Compliance

Answer:-(3)DSOMM

Threat modeling COMES under which PHASE of DevOps pipeline?
Choose the correct option from below LIST
(1)Code
(2)Plan
(3)Deploy
(4)Test

Answer:-(2)Plan

SonarQube, Checkmarx, FindBugs, and Fortify comes under which SOFTWARE Composition Application TOOL?
CHOOSE the correct option from below list
(1)DAST
(2)SAST

Answer:-(2)SAST

Which of the following is are the KEY benefit(s) of DAST?
Choose the correct OPTION from below list
(1)FLEXIBILITY and Coverage
(2)Consistency and Enablement
(3)SCALABILITY and Comprehensiveness
(4)All the options

Answer:-(4)All the options