Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

AZ-400: Implement security and validate code bases for compliance Microsoft Quiz Answers

Get AZ-400: Implement security and validate code bases for compliance Microsoft Quiz Answers

This learning path explores an infrastructure and configuration strategy and appropriate toolset for a release pipeline and application infrastructure. It explains compliance and security implementation in your application infrastructure.

This learning path helps prepare you for Exam AZ-400: Designing and Implementing Microsoft DevOps Solutions.

Prerequisites:

None

Enroll on Microsoft

Module 1: Introduction to Secure DevOps

This module introduces DevSecOps concepts, SQL injection attacks, threat modeling, and security for continuous integration.

Learning objectives:

By the end of this module, you’ll be able to:

  • Identify SQL injection attack
  • Understand DevSecOps
  • Implement pipeline security
  • Understand threat modeling

Quiz 1: Knowledge check

Q1. Which of the following two elements Secure DevOps combines?

  • DevOps, Security.
  • SCA, OSS.
  • Development, Operations.

Q2. Which of the following choices is the term that broadly defines what security means in Secure DevOps?

  • Access Control.
  • Securing the pipeline.
  • Perimeter protection.

Q3. Which of the following choices is a type of attack that makes it possible to execute malicious SQL statements?

  • Man-in-the-Middle (MitM).
  • Denial-of-Service (DOS).
  • SQL Injection.

Q4. Which of the following choices is a principle or process that Threat Modeling is a core element?

  • Microsoft Solutions Framework (MSF).
  • Microsoft Security Development Lifecycle (SDL).
  • Application Lifecycle Management (ALM).

Q5. Which of the following choices isn’t one of the five major threat modeling steps?

  • Don’t deploy with less than 90% of code quality.
  • Defining security requirements.
  • Mitigating threats.

Module 2: Implement open-source software

This module explores open-source software and corporate concerns with software components. Also, it explains common open-source licenses, license implications, and ratings.

Learning objectives:

By the end of this module, you’ll be able to:

  • Implement open-source software
  • Explain corporate concerns for open-source components
  • Describe open-source licenses
  • Understand the license implications and ratings

Quiz 1: Knowledge check

Q1. Which of the following license type is considered viral in nature?

  • Downstream.
  • Attribution.
  • Copyleft.

Q2. Which of the following choices best describes open-source software?

  • A type of software where code users can review, modify and distribute the software.
  • It’s a type of software where code users can use anywhere without license restrictions or pay for it.
  • A type of software where the license describes usage only for non-profit organizations.

Q3. Which of the following choices isn’t an issue often associated with the use of open-source libraries?

  • Bugs.
  • Code property.
  • Security Vulnerabilities.

Module 3: Software Composition Analysis

This module explains Composition Analysis, how to inspect and validate code bases for compliance, integration with security tools, and integration with Azure Pipelines.

Learning objectives:

By the end of this module, you’ll be able to:

  • Inspect and validate code bases for compliance
  • Integrate security tools like WhiteSource with Azure DevOps
  • Implement pipeline security validation
  • Interpret alerts from scanning tools
  • Configure GitHub Dependabot alerts and security

Quiz 1: Knowledge check

Q1. Which of the following description best describes the term software composition analysis?

  • Assessment of production hosting infrastructure just before deployment.
  • Analyzing open-source software after it has been deployed to production to identify security vulnerabilities.
  • Analyzing open-source software (OSS) to identify potential security vulnerabilities and provide validation that the software meets a defined criterion to use in your pipeline.

Q2. Which of the following tools can be used to assess open-source security and licensing compliance?

  • SonarCloud.
  • Mend Bolt.
  • OWASP.

Q3. Which of the following situations GitHub Dependabot detects vulnerable dependencies and send Dependabot alerts about them?

  • A new vulnerability is added to the GitHub Advisory database.
  • A new code is committed to the repository.
  • A deployment succeeds.

Module 4: Static analyzers

This module introduces the static analyzers SonarCloud and CodeQL in GitHub.

Learning objectives:

By the end of this module, you’ll be able to:

  • Understand Static Analyzers
  • Work with SonarCloud
  • Work with CodeQL in GitHub
  • Interpret alerts from scanning tools

Prerequisites:

None

Quiz 1: Knowledge check

Q1. Which of the following tools helps discover vulnerabilities by letting you query code as though it were data?

  • SonarCloud.
  • OWASP ZAP.
  • CodeQL.

Q2. Which of the following choices is a static analysis tool that scans binary files?

  • Azure Artifacts.
  • SonarCloud.
  • BinSkim.

Q3. Which of the following tools can you use to do code quality checks?

  • Veracode.
  • SonarCloud.
  • Microsoft Defender for Cloud.

Module 5: OWASP and Dynamic Analyzers

This module explores OWASP and Dynamic Analyzers for penetration testing, results, and bugs.

Learning objectives:

By the end of this module, you’ll be able to:

  • Understand OWASP and Dynamic Analyzers
  • Implement OWASP Security Coding Practices
  • Understand compliance for code bases

Prerequisites:

None

Quiz 1: Knowledge check

Q1. Which of the following choices describe OWASP ZAP?

  • Security Testing Tool.
  • Code Quality Tool.
  • A non-profit foundation.

Q2. Which of the following choices isn’t a Secure Coding Practice guideline that OWASP regularly publishes?

  • Authentication and Password Management.
  • Code Smells.
  • Error Handling and Logging.

Q3. Which of the following steps represents the correct sequence of OWASP ZAP execution in a pipeline?

  • Pull OWASP Zap Weekly, Start Container, Run Baseline, Report Results and Create Bugs.
  • Start Container, Report Results, Run Baseline, Pull OWASP ZAP.
  • Start Container, Pull OWASP ZAP Weekly, Run Baseline, Spider Site, Report Results, Create Bugs.

Module 6: Security Monitoring and Governance

This module describes security monitoring and governance with Microsoft Defender for Cloud and its usage scenarios, Azure Policies, Microsoft Defender for Identity, and security practices related to the tools.

Learning objectives:

By the end of this module, you’ll be able to:

  • Configure Microsoft Defender for Cloud
  • Understand Azure policies
  • Describe initiatives, resource locks and Azure Blueprints
  • Work with Microsoft Defender for Identity

Prerequisites:

None

Quiz 1: Knowledge check

Q1. Which of the following choices is a monitoring service that can provide threat protection and security recommendations across all your services in Azure and on-premises?

  • Azure Policy.
  • Microsoft Defender.
  • Azure Key Vault.

Q2. Which of the following choices can you use to create, assign and manage policies?

  • Azure Machine Learning.
  • Microsoft Defender.
  • Azure Policy.

Q3. Which of the following choices is a tool to prevent accidental deletion of Azure resources?

  • Locks.
  • Policy.
  • Key Vault.
Conclusion:

I hope this AZ-400: Implement security and validate code bases for compliance Microsoft Quiz Answers would be useful for you to learn something new from this problem. If it helped you then don’t forget to bookmark our site for more Coding Solutions.

This Problem is intended for audiences of all experiences who are interested in learning about Data Science in a business context; there are no prerequisites.

Keep Learning!

More Coding Solutions >>

LeetCode Solutions

Hacker Rank Solutions

CodeChef Solutions

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *