Question 1

Which of the following would be a logical starting point for an auditor who has been engaged to assess the security of an organization’s DevOps pipeline?

Options :

A : Verify the inclusion of security gates in the pipeline.

B : Conduct an architectural assessment.

C : Review the CI/CD pipeline audit logs.

D : Verify separation of development and production pipelines.

Answer: C

Question 2

Which of the following controls is MOST relevant for identifying cases of misuse when scripts are running in the background with minimal human oversight?

Options :

A : Additional manual testing

B : Segregation of duties

C : Increased regression testing

D : Additional monitoring

Answer: D

Question 3

As a developer building codes into a container in a DevSecOps environment, which of the following is the appropriate place(s) to perform security tests?

Options :

A : Within developer’s laptop

B : Within the CI/CD server

C : Within version repositories

D : Within the CI/CD pipeline

Answer: D

Question 4

During the course of a web application review, a cloud auditor identified minor weakness in a relevant database that is out of scope for the audit. Which of the following is the BEST course of action?

Options :

A : Include review of database controls in the scope.

B : Report the weakness as observed

C : Document for future review

D : Work with database administrators to rectify the issue.

Answer: B

Question 5

In an organization, how are policy violations MOST likely to occur?

Options :

A : By accident

B : Deliberately by the ISP

C : Deliberately

D : Deliberately by the cloud provider

Answer: A

Higher Test Marks with Free Online CCAK Exam Practice

Buying Options: