ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 5 question 8 discussion

Actual exam question from Microsoft's SC-100
Question #: 8
Topic #: 5
[All SC-100 Questions]

HOTSPOT
-

You need to recommend a security methodology for a DevOps development process based on the Microsoft Cloud Adoption Framework for Azure.

During which stage of a continuous integration and continuous deployment (CI/CD) DevOps process should each security-related task be performed? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by aris at April 5, 2023, 11:53 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
technocorgi
Highly Voted 9 months, 1 week ago
Selected answers are correct! https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/devsecops-controls list them in the right place
upvoted 14 times
...
zellck
Highly Voted 8 months, 1 week ago
1. Plan and develop 2. Operate 3. Build and test https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/devsecops-controls#plan-and-develop Typically, modern development follows an agile development methodology. Scrum is one implementation of agile methodology that has every sprint start with a planning activity. Introducing security into this part of the development process should focus on: - Threat modeling to view the application through the lens of a potential attacker - IDE security plug-ins and pre-commit hooks for lightweight static analysis checking within an integrated development environment (IDE). - Peer reviews and secure coding standards to identify effective security coding standards, peer review processes, and pre-commit hooks.
upvoted 9 times
zellck
8 months, 1 week ago
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/devsecops-controls#actionable-intelligence The tools and techniques in this guidance offer a holistic security model for organizations who want to move at pace and experiment with new technologies that aim to drive innovation. A key element of DevSecOps is data-driven, event-driven processes. These processes help teams identify, evaluate, and respond to potential risks. Many organizations choose to integrate alerts and usage data into their IT service management (ITSM) platform. The team can then bring the same structured workflow to security events that they use for other incidents and requests.
upvoted 1 times
...
...
certma2023
Most Recent 5 months, 1 week ago
Correct
upvoted 1 times
...
Cock
7 months, 3 weeks ago
In the exam 29.05.2023
upvoted 3 times
...
aris
9 months, 2 weeks ago
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/devsecops-controls
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel