DevSecOps

Question 1

What is the mindset shift required in DevSecOps culture?

Answer 1

Assume breaches as well as prevent them

Question 2

List key components of a security strategy.

Answer 2

• Threat models
• War game exercises
• Code reviews
• Central security monitors
• Security testing
• Live site penetration tests
• Security development lifecycle (SDL)

Question 3

What is the focus of DevSecOps practices?

Answer 3

Improving mean time to detection and mean time to recovery

Question 4

Why is it important to assume system breaches?

Answer 4

It helps answer critical security questions proactively

Question 5

What common questions should teams consider regarding security?

Answer 5

• How will you detect an attack?
• How will you respond if there is an attack?
• How will you recover from an attack?

Question 6

What does ‘defense in depth’ involve?

Answer 6

Minimizing exposure to attackers who have breached internal networks

Question 7

What is a post-breach assessment?

Answer 7

Evaluating performance of security policies after a breach

Question 8

What are some common threats that need to be mitigated?

Answer 8

• Issues in dependencies like operating systems
• Bugs in system code
• Poor secret management
• Social engineering

Question 9

Fill in the blank: All secrets must be stored in a _______.

Answer 9

[protected vault]

Question 10

What is Microsoft Defender for Cloud?

Answer 10

A Cloud Native Application Protection Platform (CNAPP) for securing applications

Question 11

What are the core components of Defender for Cloud?

Answer 11

• Development Security Operations (DevSecOps)
• Cloud Security Posture Management (CSPM)
• Cloud Workload Protection Platform (CWPP)

Question 12

What does the term ‘war game exercises’ refer to?

Answer 12

Security testing events where red and blue teams simulate attacks

Question 13

Who comprises the red team in war game exercises?

Answer 13

Members simulating attackers to find security gaps

Question 14

Who comprises the blue team in war game exercises?

Answer 14

Members testing their ability to detect and respond to attacks

Question 15

True or False: War games should be a free-for-all.

Answer 15

False

Question 16

What should be documented after security risks are identified?

Answer 16

A backlog of repair items

Question 17

How often should teams practice war games?

Answer 17

Regularly, to enhance security posture and team readiness

Question 18

What is a key lesson learned from Microsoft’s war games?

Answer 18

Phishing attacks are very effective and should be taken seriously

Question 19

What is the purpose of the Cloud Security Posture Management (CSPM) component?

Answer 19

To check and improve the security posture of cloud resources

Question 20

What type of threats does Defender for Storage protect against?

Answer 20

• Malware
• Sensitive data leakage
• Storage specific threats

Question 21

What is the benefit of using a hierarchy of vaults for secret management?

Answer 21

To eliminate duplication of secrets

Question 22

What should be included in the report presented after a war game?

Answer 22

Lessons learned and vulnerabilities found

Question 23

What is the role of Microsoft Defender for APIs?

Answer 23

To improve API security posture and detect real-time threats

Question 24

What is the importance of multi-factor authentication in security?

Answer 24

It helps to limit access and enhance security

Question 25

Fill in the blank: Microsoft Defender for Cloud integrates security into _______.

Answer 25

[DevOps workflows]

Question 26

What does 'credential guard' help with?

Answer 26

Protecting against unauthorized access to credentials

Question 27

What should be the focus of security teams in DevSecOps?

Answer 27

To manage security across multi-pipeline environments

Question 28

What is the purpose of conducting a security pass before war games?

Answer 28

To identify and address issues before simulating attacks

Question 29

What does the acronym CNAPP stand for?

Answer 29

Cloud Native Application Protection Platform

Question 30

What does Infrastructure as Code (IaC) misconfigurations and exposed secrets correlate with?

Answer 30

Other contextual cloud security insights to prioritize remediation in code

Question 31

What platforms can be connected to Defender for Cloud?

Answer 31

Azure DevOps, GitHub, and GitLab repositories

Question 32

What is Cloud Security Posture Management (CSPM)?

Answer 32

A security strategy that ensures proper configuration and deployment of cloud and on-premises resources

Question 33

What does Defender for Cloud provide for Cloud Security Posture Management?

Answer 33

Free Foundational CSPM capabilities and advanced CSPM capabilities with the Defender CSPM plan

Question 34

What is the purpose of centralized policy management in Defender for Cloud?

Answer 34

Define security conditions and translate them into recommendations for resource configurations

Question 35

What is a secure score?

Answer 35

A summary of your security posture based on security recommendations

Question 36

What does multicloud coverage in Defender for Cloud allow you to connect?

Answer 36

Amazon AWS and Google GCP cloud resources

Question 37

What does advanced CSPM tools enable?

Answer 37

Identifying weaknesses, governance, regulatory compliance, and a comprehensive view of the environment

Question 38

What does Data Security Posture Management do?

Answer 38

Automatically discovers datastores with sensitive data and helps reduce risk of data breaches

Question 39

What is attack path analysis in Defender CSPM?

Answer 39

Modeling network traffic to identify potential risks before implementing changes

Question 40

What does Microsoft Entra Permissions Management provide?

Answer 40

Visibility and control over permissions for any identity and resource in Azure, AWS, and GCP

Question 41

What is the role of Cloud Workload Protection Platforms (CWPP)?

Answer 41

Provide workload-specific recommendations to protect workloads from threats

Question 42

What are security alerts?

Answer 42

Real-time notifications of events threatening your environment's security

Question 43

What is the function of source code analysis tools?

Answer 43

Analyze source code or compiled versions to find security flaws

Question 44

What are important selection criteria for SAST tools?

Answer 44

* Support for programming languages * Ability to detect vulnerabilities * Accuracy rates * Ease of setup/use

Question 45

What features are included in GitHub Code Security?

Answer 45

* Code scanning * CodeQL CLI * Copilot Autofix * Security campaigns

Question 46

What does GitHub Secret Protection include?

Answer 46

* Secret scanning * Push protection * Copilot secret scanning * Custom patterns

Question 47

What roles are involved in DevSecOps on Azure Kubernetes Service (AKS)?

Answer 47

* Developers * Cloud Engineers * Operations teams

Question 48

What is the purpose of Azure Policy in AKS?

Answer 48

To enforce policy compliance and security policies

Question 49

What is the significance of continuous monitoring in AKS?

Answer 49

To analyze performance metrics and security logs

Question 50

What is the role of the security team in DevSecOps?

Answer 50

Developing and enforcing security standards

Question 51

What are some best practices for the DevSecOps lifecycle stages?

Answer 51

* Design a secure application platform * Apply Azure Well Architect Framework * Use IDE tools for security checks * Perform Static Code Analysis (SAST)

Question 52

What does dynamic application security testing (DAST) aim to find?

Answer 52

Vulnerabilities in the running application

Question 53

Fill in the blank: The _______ is a map of your cloud environment that lets you build queries to find security risks.

Answer 53

Cloud Security Explorer

Question 54

What is a best practice for deploying container images?

Answer 54

Deploy container images from trusted registries only ## Footnote This helps ensure the integrity and security of the deployed applications.

Question 55

How can Microsoft Defender for Cloud be utilized in production environments?

Answer 55

Enable automated scanning and monitoring of your production configurations ## Footnote This enhances security by identifying vulnerabilities proactively.

Question 56

What role does Azure Policy play in securing AKS clusters?

Answer 56

Secures and governs your AKS clusters ## Footnote Azure Policy helps enforce compliance with organizational standards.

Question 57

What is the function of Azure Monitor?

Answer 57

Continuous monitoring and alerting ## Footnote It collects data to help detect irregular conditions in infrastructure.

Question 58

What does Microsoft Defender for Cloud provide for threat monitoring?

Answer 58

Active threat monitoring ## Footnote It continuously assesses deployed infrastructure for vulnerabilities.

Question 59

What is the importance of centralized log monitoring?

Answer 59

Enables monitoring for real-time security threats using SIEM products ## Footnote Centralized logging provides a comprehensive view of security events.

Question 60

Why is audit logging necessary in production clusters?

Answer 60

To monitor activity on your production clusters ## Footnote Audit logs help track changes and detect unauthorized access.

Question 61

What does DevSecOps for infrastructure as code (IaC) involve?

Answer 61

Using test-driven development to check code changes for IaC templates ## Footnote This approach ensures the quality and security of infrastructure definitions.

Question 62

What triggers automated unit testing in GitHub?

Answer 62

Pull requests ## Footnote This integration ensures that changes are tested before merging.

Question 63

What is the role of GitHub Actions in IaC?

Answer 63

Automates unit testing, security scanning, and infrastructure provisioning ## Footnote It streamlines the CI/CD process for infrastructure changes.

Question 64

How does GitHub CodeQL enhance security in IaC?

Answer 64

Analyzes IaC templates and detects potential security vulnerabilities ## Footnote Custom queries can be created to tailor the analysis.

Question 65

What happens if a vulnerability is detected by GitHub?

Answer 65

GitHub sends alerts to the organization or repository owners ## Footnote This prompt notification allows for quick remediation.

Question 66

What does the IaC tool do for each environment?

Answer 66

Provisions and modifies resources by tailoring size, instance count, and other properties ## Footnote This customization is essential for meeting specific environment needs.

Question 67

What should be done after a manual update to the infrastructure?

Answer 67

Elevated access is removed and a GitHub Issue is logged for reconciliation ## Footnote This ensures changes are documented and reviewed.

Question 68

What is the primary function of SecOps?

Answer 68

Continuously monitors and defends against security threats and vulnerabilities ## Footnote SecOps plays a crucial role in maintaining security posture.

Question 69

What is GitHub?

Answer 69

A code-hosting platform for version control and collaboration ## Footnote It serves as a central repository for development, testing, and governance workflows.

Question 70

What does GitHub Advanced Security provide?

Answer 70

A suite of security features, including static analysis and vulnerability detection ## Footnote This enhances the security of code stored in GitHub.

Question 71

What is CodeQL?

Answer 71

A semantic code analysis engine for detecting vulnerabilities and misconfigurations ## Footnote It enables custom queries for targeted security assessments.

Question 72

What is Terraform?

Answer 72

An open-source infrastructure automation tool developed by HashiCorp ## Footnote Terraform allows for declarative provisioning across cloud environments.

Question 73

What does Microsoft Sentinel do?

Answer 73

Monitors infrastructure activity and raises alerts or GitHub Issues when anomalies are detected ## Footnote It utilizes AI and analytics for threat detection.

Question 74

How does Azure Policy enforce governance?

Answer 74

Validates IaC deployments against organizational and workload standards ## Footnote It can block noncompliant configurations to ensure adherence.

Question 75

What is the purpose of Azure Monitor?

Answer 75

Collects performance metrics and activity logs from Azure resources ## Footnote It helps in detecting irregular conditions and triggering alerts.