Graded Quiz: Introduction To Security For Application Development » Week 1 » Application Security And Monitoring

Q: How can you avoid treating security like an afterthought for application development?

Correct! You can use DevSecOps practices to collaborate with the security team during development. (practice/graded)

Q: Which answer best describes DevSecOps?

Correct! DevSecOps integrates security, development, and operations in every stage across the SDLC.

Q: Which answer is the correct order of the five stages of the Software Development Lifecycle (SDLC)?

Correct! Requirements, Design, Develop, Test, Deploy are the correct order for the five stages of the Software Development Lifecycle (SDLC).

Q: Where does vulnerability scanning take place?

Correct! Vulnerability scanning is the search for security vulnerabilities from within the code and from the outside of an application.

Q: What do threat modeling diagrams represent?

Correct! Threat models use diagrams to represent data flows within software applications.

Q: Rapid management of newly discovered security flaws is a characteristic of which benefit of DevSecOps?

Correct! Vulnerability patching at an accelerated pace allows you to manage recently discovered security flaws and strengthens accessibility and transparency from the beginning of the development cycle.

Q: What is security by design?

Correct! Security by design involves security testing and best practices throughout the software development lifecycle (SDLC).

Q: Why should container scanning check the base image and all other layered container images?

Correct! Container images are usually built from other container images that may have vulnerabilities. Container scanning must include not only the base image but all other layered container images. Monitoring all container images helps reduce security risks.