Exam SC-100 topic 5 question 9 discussion

Actual exam question from Microsoft's SC-100

Question #: 9
Topic #: 5

You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (CI/CD) workflows for the deployment of applications to Azure.

You need to recommend what to include in dynamic application security testing (DAST) based on the principles of the Microsoft Cloud Adoption Framework for Azure.

What should you recommend?

A. unit testing
B. penetration testing
C. dependency checks
D. threat modeling

Show Suggested Answer

Suggested Answer: B 🗳️

by janesb at April 11, 2023, 11:43 p.m.

Comments

Submit Cancel

zellck

Highly Voted 1 year ago

Selected Answer: B

B is the answer. https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/devsecops-controls#dynamic-application-security-testing A penetration test consists of several action points, one of which is dynamic application security testing (DAST). DAST is a web application security test that finds security issues in the running application by seeing how the application responds to specially crafted requests. DAST tools are also known as web application vulnerability scanners.

upvoted 8 times

zellck

1 year ago

Gotten this in May 2023 exam.

upvoted 6 times

...

smanzana

Most Recent 7 months, 2 weeks ago

B is ok

upvoted 2 times

...

still42

1 year, 1 month ago

The automated penetration testing (with manual assisted validation) should also be part of the DAST. Source: https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-devops-security#ds-5-integrate-dynamic-application-security-testing-into-devops-pipeline

upvoted 1 times

...

janesb

1 year, 1 month ago

Selected Answer: B

Penetration testing is apart of Dynamic Application Security Testing (DAST)

upvoted 2 times

...