ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 3 question 30 discussion

Actual exam question from Microsoft's SC-100
Question #: 30
Topic #: 3
[All SC-100 Questions]

HOTSPOT
-

Your company plans to follow DevSecOps best practices of the Microsoft Cloud Adoption Framework for Azure to integrate DevSecOps processes into continuous integration and continuous deployment (CI/CD) DevOps pipelines.

You need to recommend which security-related tasks to integrate into each stage of the DevOps pipelines.

What should recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by buguinha at Feb. 16, 2023, 9:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cyber_sa
Highly Voted 9 months ago
got this in exam 6oct23. passed with 896 marks. I answered as per given answer
upvoted 8 times
...
AbdallaAM
Highly Voted 9 months, 3 weeks ago
Correct https://learning.oreilly.com/api/v2/epubs/urn:orm:book:9780137997299/files/graphics/f0290-01.jpg
upvoted 5 times
...
zellck
Most Recent 1 year, 1 month ago
1. Build and test 2. Commit the code https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/devsecops-controls#commit-the-code Typically, developers create, manage, and share their code in repositories such as GitHub or Azure Repos. This approach provides a central, version-controlled library of code for developers to collaborate on easily. However, enabling many collaborators on a single codebase also runs the risk of changes being introduced. That risk can lead to vulnerabilities or unintentionally including credentials or tokens in commits. To address this risk, development teams should evaluate and implement a repository scanning capability. Repository scanning tools perform static code analysis on source code within repositories. The tools look for vulnerabilities or credentials changes and flag any items found for remediation. This capability acts to protect against human error and is a useful safeguard for distributed teams where many people are collaborating in the same repository.
upvoted 2 times
zellck
1 year, 1 month ago
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/devsecops-controls#cloud-configuration-validation-and-infrastructure-scanning https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/devsecops-controls#static-application-security-testing
upvoted 2 times
...
...
uffman
1 year, 2 months ago
Correct, https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/media/devsecops-controls.png
upvoted 2 times
...
awssecuritynewbie
1 year, 4 months ago
The answer is correct! The Infrastructure scanning is under the build and test phase Static application security testing is under the commit the code .
upvoted 2 times
...
buguinha
1 year, 4 months ago
It is correct https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/secure/devsecops-controls
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel