Learning Path review questions: LP06

Written by

Rajnish Kumar Jha

Under the topic

Azure DevOps

Dated:

May 30, 2024

Table Of Content

Learning Path review questions

1. Secure DevOps combines which two elements?

Answer:

Secure DevOps combines security practices with DevOps practices. It integrates security into the DevOps process to ensure that security is considered at every stage of the software development lifecycle.

2. Which term broadly defines what security means in Secure DevOps?

Answer:

DevSecOps. It is a term that broadly defines the practice of integrating security practices into the DevOps pipeline, ensuring that security is not an afterthought but a part of the entire development process.

Answer:

Azure Artifacts. Azure Artifacts allows teams to store and share packages (e.g., NuGet, npm, Maven, Python) and integrate them into CI/CD pipelines in Azure DevOps.

4. What describes the term software composition analysis?

Answer:

Software Composition Analysis (SCA) is the process of identifying and managing the components and dependencies used in a software project, specifically focusing on open-source libraries and their vulnerabilities, licensing issues, and version management. It helps to assess the security, compliance, and quality of third-party components.

5. From where can extensions be sourced from, to be integrated into Azure DevOps CI/CD pipelines and help provide security composition analysis?

Answer:

Azure DevOps Marketplace. Extensions for security composition analysis can be sourced from the Azure DevOps Marketplace, where a wide range of third-party tools and services are available for integration into CI/CD pipelines.

6. Which products are available as extensions in Azure DevOps Marketplace, and can provide either OSS or source code scanning as part of an Azure Pipeline?

Answer:

Some of the popular products available as extensions in the Azure DevOps Marketplace for OSS or source code scanning include:

SonarCloud (for static analysis of source code to identify bugs, vulnerabilities, and code smells).
WhiteSource (for open-source security and license compliance).
Checkmarx (for static application security testing).
Snyk (for finding and fixing vulnerabilities in open-source dependencies).

7. Which Azure service is a monitoring service that can provide threat protection and security recommendations across all your services both in Azure and on-premises?

Answer:

Microsoft Defender for Cloud (formerly Azure Security Center). It provides unified security management and advanced threat protection for cloud and hybrid environments.

8. Which Azure service should you use from the below list to monitor all unencrypted SQL databases in your organization?

Answer:

Azure Defender for SQL. This service is part of Microsoft Defender for Cloud and helps monitor SQL databases, including identifying unencrypted databases, misconfigurations, and potential vulnerabilities.

9. Which facility allows you to prevent accidental deletion of resources in Azure?

Answer:

Azure Resource Locks. Resource locks can be applied to prevent resources from being accidentally deleted or modified. The two types of locks are CanNotDelete (prevents deletion) and ReadOnly (prevents modification and deletion).

10. What issues are often associated with the use of open-source libraries?

Answer:

Common issues with open-source libraries include:

Security vulnerabilities: Open-source libraries may contain known security vulnerabilities that can be exploited.
Licensing concerns: Open-source licenses may impose restrictions on how the software can be used or distributed.
Lack of support or maintenance: Some open-source libraries may no longer be maintained or supported, which could lead to compatibility or security issues.
Incompatibility with other libraries: Dependencies in open-source libraries may conflict with each other or with other parts of the software.

11. How can an open-source library cause licensing issues if it is free to download?

Answer:

An open-source library can cause licensing issues because, even though it is free to download, its license may impose restrictions on how it can be used, modified, or distributed. For example:

The GPL (General Public License) requires any derivative works to also be open-sourced.

Proprietary licenses may restrict the use of the library in commercial products without a paid license.

Failure to comply with the licensing terms can lead to legal consequences, even if the library is free to download.

12. What is open-source software?

Answer:

Open-source software (OSS) is software that is released with a license that allows users to view, modify, and distribute the source code. It is typically developed collaboratively, and anyone can contribute to its development. Examples of open-source software include Linux, Apache HTTP Server, and VLC media player. The open-source model promotes transparency, innovation, and community involvement.

Course Navigation Learn Azure DevOps from scratch

Exploring Jobs in GitHub

Exploring Jobs in GitHub In GitHub Actions, jobs are es…

Exploring Packages in Azure DevOps

Exploring Packages in Azure DevOps In software developm…

Exploring GitHub and its Components

Exploring GitHub and its Components GitHub Overview Git…

Automating inspection of health in Azure DevOps

Automating inspection of health in Azure DevOps Automat…

Tags attached to this Post

About the Author

Rajnish Kumar Jha

MCT, MCSA, MCSE, MCAD, MCPD, MCTS, MCSD

My name is Rajnish Kumar Jha. I am Technical architect on Azure Cloud and .NET since 21+ years. I’ve worked for pioneer companies and as freelance trainer/consultant helping my clients to achieve their IT goals.

I find blogging, a great way to share back what I’ve learned all through my professional journey. You are welcome to connect or share feedback/suggestion here or through an email.