1. What is the primary goal of integrating security into DevOps (DevSecOps)?
A) To slow down the development process for security checks
B) To introduce security at the end of the development lifecycle
C) To embed security practices throughout the software development and deployment pipeline
D) To rely only on penetration testing for security
β
Answer: C) To embed security practices throughout the software development and deployment pipeline
π Explanation: DevSecOps integrates security at every stage of the development pipeline, ensuring that vulnerabilities are detected and mitigated early rather than addressing them only at the end.
2. In a CI/CD pipeline, which of the following tools is commonly used for static code analysis?
A) SonarQube
B) Docker
C) Jenkins
D) Kubernetes
β
Answer: A) SonarQube
π Explanation: SonarQube is a popular tool for Static Application Security Testing (SAST), which helps identify vulnerabilities in the source code before deployment.
3. What does “Shift Left Security” mean in DevSecOps?
A) Delaying security checks until production
B) Moving security testing earlier in the development lifecycle
C) Relying solely on manual security reviews
D) Ignoring security in the early development stages
β
Answer: B) Moving security testing earlier in the development lifecycle
π Explanation: “Shift Left Security” emphasizes incorporating security measures at the earliest phases of development to identify and fix vulnerabilities sooner, reducing risks and costs.
4. Which of the following is a key benefit of Infrastructure as Code (IaC) from a security perspective?
A) Increased manual intervention
B) Reduced security automation
C) Consistent and repeatable infrastructure deployment
D) Delayed security testing
β
Answer: C) Consistent and repeatable infrastructure deployment
π Explanation: IaC ensures that security configurations are consistent and repeatable, reducing the risk of human errors and misconfigurations.
5. In a DevSecOps workflow, which type of security test is best suited for detecting runtime vulnerabilities?
A) Static Application Security Testing (SAST)
B) Dynamic Application Security Testing (DAST)
C) Code Review
D) Dependency Scanning
β
Answer: B) Dynamic Application Security Testing (DAST)
π Explanation: DAST scans running applications to identify security vulnerabilities that only become visible at runtime, such as SQL injection and XSS.
6. What is the role of a Software Composition Analysis (SCA) tool in DevSecOps?
A) To analyze and secure software dependencies and third-party libraries
B) To scan container images for malware
C) To analyze network traffic for security threats
D) To monitor system logs for anomalies
β
Answer: A) To analyze and secure software dependencies and third-party libraries
π Explanation: SCA tools (e.g., Snyk, Dependabot, Black Duck) identify security vulnerabilities in open-source dependencies used in applications.
7. Which security risk is most commonly associated with misconfigured CI/CD pipelines?
A) SQL Injection
B) Privilege escalation due to excessive permissions
C) Cross-Site Scripting (XSS)
D) Brute force attacks
β
Answer: B) Privilege escalation due to excessive permissions
π Explanation: If CI/CD pipelines have overly permissive access controls, attackers could escalate privileges and gain unauthorized access.
8. What is the purpose of using secrets management tools like HashiCorp Vault in a CI/CD pipeline?
A) To store and manage sensitive credentials securely
B) To track source code changes
C) To automate software deployment
D) To manage application logs
β
Answer: A) To store and manage sensitive credentials securely
π Explanation: Tools like HashiCorp Vault, AWS Secrets Manager, and CyberArk ensure that sensitive data (API keys, passwords) are securely stored and not hardcoded.
9. Which DevOps security practice helps prevent the use of outdated and vulnerable dependencies?
A) Manual dependency updates
B) Software Composition Analysis (SCA)
C) Static Code Analysis
D) Containerization
β
Answer: B) Software Composition Analysis (SCA)
π Explanation: SCA tools scan third-party libraries to detect vulnerabilities and outdated components.
10. What is the main purpose of using signed container images in DevOps?
A) To improve performance
B) To ensure that the images have not been tampered with
C) To increase storage efficiency
D) To enable auto-scaling
β
Answer: B) To ensure that the images have not been tampered with
π Explanation: Signed container images help verify image integrity and authenticity, preventing supply chain attacks.
11. What type of security testing detects misconfigurations in cloud environments?
A) Static Code Analysis
B) Infrastructure as Code (IaC) Security Scanning
C) Fuzz Testing
D) Load Testing
β
Answer: B) Infrastructure as Code (IaC) Security Scanning
π Explanation: Tools like Checkov, TFSec, and KICS scan IaC templates (Terraform, CloudFormation) to detect misconfigurations.
12. Which security principle should be followed when granting permissions in a CI/CD pipeline?
A) Least Privilege Principle
B) Open Access Principle
C) Full Administrator Access
D) Default Allow Policy
β
Answer: A) Least Privilege Principle
π Explanation: The least privilege principle ensures that each component has only the permissions necessary to perform its function, reducing the risk of unauthorized access.
13. What is the purpose of implementing a Web Application Firewall (WAF) in a CI/CD pipeline?
A) To block DDoS attacks
B) To protect applications from web-based threats
C) To encrypt network traffic
D) To detect network intrusions
β
Answer: B) To protect applications from web-based threats
π Explanation: A WAF filters and monitors HTTP traffic, protecting against SQL Injection, XSS, and other web application attacks.
14. Which security issue arises from storing API keys in source code repositories?
A) Memory leaks
B) Credential leaks and unauthorized access
C) Buffer overflow
D) Code injection
β
Answer: B) Credential leaks and unauthorized access
π Explanation: Exposed API keys in repositories can be exploited by attackers to gain unauthorized access to services.
15. What is the primary risk of using outdated container base images?
A) Increased CPU usage
B) Security vulnerabilities and exploits
C) Higher cloud costs
D) Slower application performance
β
Answer: B) Security vulnerabilities and exploits
π Explanation: Old container images often contain known vulnerabilities that attackers can exploit.
16. What is a major security risk when using open-source container images from public repositories?
A) Increased application startup time
B) Potential inclusion of vulnerabilities or malware
C) Larger image size
D) Faster build times
β
Answer: B) Potential inclusion of vulnerabilities or malware
π Explanation: Public container images may contain known vulnerabilities, misconfigurations, or even malware if not verified properly. Always use trusted and signed images.
17. What is the primary function of an artifact repository in a secure CI/CD pipeline?
A) To store and manage application logs
B) To scan source code for vulnerabilities
C) To securely store and distribute build artifacts
D) To perform penetration testing
β
Answer: C) To securely store and distribute build artifacts
π Explanation: Artifact repositories (e.g., JFrog Artifactory, Nexus, GitHub Packages) store and manage compiled binaries, libraries, and other dependencies securely.
18. Which DevSecOps tool is best suited for detecting security vulnerabilities in Docker images?
A) SonarQube
B) Trivy
C) Jenkins
D) Kubernetes
β
Answer: B) Trivy
π Explanation: Trivy, Clair, and Anchore are commonly used container security scanners that check for vulnerabilities in Docker images.
19. Why is code signing important in DevSecOps?
A) It improves code execution speed
B) It ensures code integrity and authenticity
C) It reduces network bandwidth
D) It allows for automatic scaling
β
Answer: B) It ensures code integrity and authenticity
π Explanation: Code signing ensures that software or scripts have not been tampered with after being signed by a trusted developer or organization.
20. In secure CI/CD, why should build environments be ephemeral (temporary)?
A) To increase deployment speed
B) To prevent long-term persistence of secrets and vulnerabilities
C) To reduce cloud costs
D) To avoid logging errors
β
Answer: B) To prevent long-term persistence of secrets and vulnerabilities
π Explanation: Ephemeral build environments (e.g., using containers) reduce the risk of storing secrets, credentials, and vulnerabilities over time.
21. What is the primary purpose of security gates in a CI/CD pipeline?
A) To stop development if vulnerabilities are found
B) To prevent automatic deployment
C) To enforce security checks before proceeding to the next stage
D) To allow only developers with admin access
β
Answer: C) To enforce security checks before proceeding to the next stage
π Explanation: Security gates are automated checks (e.g., SAST, DAST, dependency scanning) that ensure security policies are met before the pipeline moves forward.
22. What is the role of OWASP Dependency-Check in DevSecOps?
A) To find security misconfigurations in network infrastructure
B) To identify vulnerabilities in third-party libraries
C) To perform real-time threat detection
D) To encrypt application logs
β
Answer: B) To identify vulnerabilities in third-party libraries
π Explanation: OWASP Dependency-Check is a Software Composition Analysis (SCA) tool that detects known vulnerabilities in dependencies.
23. Why should secrets (e.g., API keys, credentials) not be stored in CI/CD environment variables?
A) Because they take up too much memory
B) Because they can be exposed to unauthorized users or logs
C) Because they slow down deployments
D) Because they increase cloud costs
β
Answer: B) Because they can be exposed to unauthorized users or logs
π Explanation: Secrets should be stored securely using vaults (e.g., HashiCorp Vault, AWS Secrets Manager) instead of CI/CD environment variables, which can be leaked in logs.
24. What is the purpose of an allowlist in a CI/CD pipeline?
A) To prevent unauthorized IP addresses from accessing CI/CD environments
B) To allow any user to push code to production
C) To restrict the deployment of patches
D) To increase the speed of builds
β
Answer: A) To prevent unauthorized IP addresses from accessing CI/CD environments
π Explanation: An allowlist ensures that only trusted IPs or users can access the CI/CD infrastructure, reducing security risks.
25. Why is runtime security monitoring essential in DevSecOps?
A) To detect security threats in running applications
B) To speed up deployments
C) To reduce build times
D) To improve system performance
β
Answer: A) To detect security threats in running applications
π Explanation: Runtime security monitoring (e.g., Falco, Sysdig) detects live threats, intrusions, and malicious activities in production environments.
26. What is an SBOM (Software Bill of Materials) used for in DevSecOps?
A) To list all software dependencies and components
B) To manage application performance
C) To automate testing
D) To speed up deployment
β
Answer: A) To list all software dependencies and components
π Explanation: An SBOM helps track and manage software dependencies, ensuring security compliance and reducing supply chain risks.
27. Which type of attack is most likely if an insecure artifact repository is used?
A) SQL Injection
B) Dependency Confusion Attack
C) Cross-Site Scripting (XSS)
D) Buffer Overflow
β
Answer: B) Dependency Confusion Attack
π Explanation: Attackers can inject malicious dependencies into public repositories, tricking systems into installing compromised packages.
28. What is one way to secure Kubernetes in a DevSecOps pipeline?
A) Disable authentication
B) Use Role-Based Access Control (RBAC)
C) Store secrets in YAML files
D) Use default namespace for all deployments
β
Answer: B) Use Role-Based Access Control (RBAC)
π Explanation: RBAC ensures that users and services have minimal required privileges, reducing security risks in Kubernetes environments.
29. How can you prevent supply chain attacks in CI/CD?
A) Use signed dependencies and verify package integrity
B) Disable security testing
C) Allow all dependencies without verification
D) Store credentials in public repositories
β
Answer: A) Use signed dependencies and verify package integrity
π Explanation: Using signed dependencies (e.g., Sigstore, SLSA framework) helps prevent malicious tampering in supply chains.
30. Why is automated rollback important in secure CI/CD?
A) To improve system performance
B) To revert to a previous stable version if security issues are detected
C) To increase deployment frequency
D) To reduce server load
β
Answer: B) To revert to a previous stable version if security issues are detected
π Explanation: Automated rollback ensures that deployments revert to a secure state if vulnerabilities or failures occur.
31. What is the primary advantage of using immutable infrastructure in a CI/CD pipeline?
A) Reduces the need for security updates
B) Prevents unauthorized changes to running systems
C) Allows direct modification of servers in production
D) Makes deployment slower
β
Answer: B) Prevents unauthorized changes to running systems
π Explanation: Immutable infrastructure ensures that once a system is deployed, it cannot be altered, reducing security risks associated with unauthorized modifications.
32. Why should CI/CD pipelines avoid running with root privileges?
A) Running as root can slow down deployment
B) It increases the risk of privilege escalation attacks
C) Root access improves security
D) It prevents code compilation errors
β
Answer: B) It increases the risk of privilege escalation attacks
π Explanation: Running CI/CD pipelines with root privileges makes them vulnerable to privilege escalation attacks if a security flaw is exploited.
33. What is an effective way to prevent supply chain attacks in DevOps?
A) Use unverified third-party dependencies
B) Always trust public repositories
C) Implement strict dependency management and verification
D) Disable security checks for faster deployment
β
Answer: C) Implement strict dependency management and verification
π Explanation: Supply chain attacks often involve injecting malicious code into third-party libraries. Strict dependency management ensures only verified, signed, and trusted components are used.
34. What is the purpose of implementing a Canary Deployment in a secure CI/CD pipeline?
A) To test new releases in production with a small set of users before full deployment
B) To accelerate security updates
C) To prevent DDoS attacks
D) To store application logs securely
β
Answer: A) To test new releases in production with a small set of users before full deployment
π Explanation: Canary deployments gradually roll out new updates to a small subset of users, allowing detection of issues before a full-scale release.
35. Why is Just-In-Time (JIT) access control important in DevSecOps?
A) Reduces attack surface by granting temporary privileged access when needed
B) Allows unrestricted admin access
C) Speeds up deployments by reducing authentication time
D) Stores user credentials in plain text for easy retrieval
β
Answer: A) Reduces attack surface by granting temporary privileged access when needed
π Explanation: JIT access control provides temporary access to critical resources only when needed, reducing exposure to security threats.
36. Which of the following best describes Zero Trust security in DevSecOps?
A) Trusting all internal network traffic
B) Assuming all users, devices, and services could be compromised and requiring verification
C) Allowing all requests from authenticated users
D) Using only firewall-based security
β
Answer: B) Assuming all users, devices, and services could be compromised and requiring verification
π Explanation: Zero Trust follows the principle of βNever trust, always verifyβ, meaning all access requests must be continuously validated.
37. What is the role of Git hooks in secure CI/CD pipelines?
A) To enforce security checks before commits or pushes
B) To increase deployment speed
C) To encrypt repository files
D) To manage user permissions in a Git repository
β
Answer: A) To enforce security checks before commits or pushes
π Explanation: Git hooks can be used to run security checks (e.g., secrets scanning, linting, and static analysis) before allowing commits or pushes.
38. How can DevSecOps teams detect vulnerabilities in Infrastructure as Code (IaC) templates?
A) Manual code reviews
B) Using automated security scanning tools like Checkov, TFSec, or KICS
C) Running only functional tests
D) Avoiding Terraform and using manual infrastructure setup
β
Answer: B) Using automated security scanning tools like Checkov, TFSec, or KICS
π Explanation: Tools like Checkov, TFSec, and KICS scan IaC files (e.g., Terraform, CloudFormation, Kubernetes manifests) to detect security misconfigurations.
39. What is a common security risk in serverless CI/CD environments?
A) Long build times
B) Insecure function permissions
C) High CPU usage
D) Increased server costs
β
Answer: B) Insecure function permissions
π Explanation: Serverless functions (e.g., AWS Lambda, Azure Functions) should follow the least privilege principle to avoid security risks like overly permissive IAM roles.
40. What is the primary risk of failing to rotate access keys in a CI/CD pipeline?
A) Increased storage usage
B) Risk of unauthorized access if credentials are exposed
C) Slower pipeline execution
D) More expensive cloud bills
β
Answer: B) Risk of unauthorized access if credentials are exposed
π Explanation: Long-lived access keys increase the risk of security breaches if they are leaked or exposed. Frequent rotation of secrets and credentials is essential.
41. How does Runtime Application Self-Protection (RASP) enhance security in DevSecOps?
A) By encrypting application logs
B) By detecting and mitigating threats during application runtime
C) By improving build speed
D) By reducing cloud infrastructure costs
β
Answer: B) By detecting and mitigating threats during application runtime
π Explanation: RASP solutions (e.g., Contrast Security, Imperva) protect applications by detecting and preventing real-time attacks while the application is running.
42. What is an effective way to prevent credential leaks in Git repositories?
A) Use tools like GitLeaks, TruffleHog, and pre-commit hooks
B) Store credentials in README files for easy access
C) Disable authentication mechanisms
D) Allow all developers to commit secrets
β
Answer: A) Use tools like GitLeaks, TruffleHog, and pre-commit hooks
π Explanation: Tools like GitLeaks and TruffleHog scan repositories for hardcoded secrets and API keys, helping prevent credential leaks.
43. What is the best practice for handling expired security certificates in CI/CD pipelines?
A) Ignore the expired certificates
B) Manually renew certificates when issues arise
C) Automate certificate renewal using services like Letβs Encrypt
D) Remove certificate validation
β
Answer: C) Automate certificate renewal using services like Letβs Encrypt
π Explanation: Automating SSL/TLS certificate renewal reduces the risk of service disruptions and security vulnerabilities.
44. What is a key security benefit of ephemeral CI/CD runners?
A) They improve build performance
B) They eliminate persistent security vulnerabilities
C) They increase storage costs
D) They prevent container networking issues
β
Answer: B) They eliminate persistent security vulnerabilities
π Explanation: Ephemeral CI/CD runners are destroyed after each build, ensuring no residual security risks remain.
45. What is a major risk of failing to log security events in CI/CD pipelines?
A) Increased build time
B) Reduced compliance and undetected security incidents
C) Slower server response
D) Increased network traffic
β
Answer: B) Reduced compliance and undetected security incidents
π Explanation: Logging security events is critical for threat detection, forensic analysis, and compliance audits.
46. Which tool helps secure API endpoints in a CI/CD pipeline?
A) Burp Suite
B) OWASP ZAP
C) Postman Security Scanner
D) All of the above
β
Answer: D) All of the above
π Explanation: Burp Suite, OWASP ZAP, and Postman Security Scanner help identify API vulnerabilities like injection attacks and authentication flaws.
47. What is a common misconfiguration in Kubernetes that leads to security issues?
A) Running all workloads as root
B) Using RBAC for access control
C) Encrypting all secrets
D) Enforcing network policies
β
Answer: A) Running all workloads as root
π Explanation: Running Kubernetes workloads as root increases security risks. Best practices include RBAC, network policies, and pod security policies.
48. Why is implementing Multi-Factor Authentication (MFA) critical for securing CI/CD pipeline access?
A) It prevents brute force attacks by requiring multiple forms of authentication
B) It eliminates the need for encryption
C) It speeds up the development process
D) It removes the need for passwords
β
Answer: A) It prevents brute force attacks by requiring multiple forms of authentication
π Explanation: MFA adds an extra layer of security by requiring at least two factors (password + OTP, biometrics, etc.), preventing unauthorized access even if credentials are stolen.
49. What is the purpose of enforcing security policies using Open Policy Agent (OPA) in DevSecOps?
A) To automate and enforce security policies in CI/CD pipelines
B) To increase deployment speed
C) To remove the need for authentication in CI/CD
D) To slow down deployments for security review
β
Answer: A) To automate and enforce security policies in CI/CD pipelines
π Explanation: Open Policy Agent (OPA) allows organizations to define and enforce security policies across Kubernetes, CI/CD, and cloud environments, preventing misconfigurations.
50. How can CI/CD pipelines prevent insecure configurations from reaching production?
A) By using Infrastructure as Code (IaC) security scanners
B) By skipping security testing to speed up deployment
C) By using default configurations without review
D) By disabling audit logs
β
Answer: A) By using Infrastructure as Code (IaC) security scanners
π Explanation: IaC security scanners (e.g., Checkov, TFSec) detect misconfigurations before deployment, ensuring secure cloud and infrastructure setups.
51. What is the risk of using default credentials in a CI/CD environment?
A) They can be brute-forced or exploited by attackers
B) They improve authentication speed
C) They are safer than using API keys
D) They prevent security vulnerabilities
β
Answer: A) They can be brute-forced or exploited by attackers
π Explanation: Default credentials (e.g., admin/admin) are commonly known and can be easily exploited in automated attacks.
52. How does container runtime security improve security in DevSecOps?
A) By monitoring and detecting malicious activity within running containers
B) By scanning application source code
C) By replacing the need for encryption
D) By disabling authentication requirements
β
Answer: A) By monitoring and detecting malicious activity within running containers
π Explanation: Container runtime security tools like Falco, Aqua Security, and Sysdig monitor real-time container activity to detect anomalies and threats.
53. What is the benefit of using a secure build agent in CI/CD pipelines?
A) Reduces the risk of compromised builds
B) Speeds up build times
C) Allows developers to bypass security policies
D) Removes the need for logging
β
Answer: A) Reduces the risk of compromised builds
π Explanation: Secure build agents prevent the execution of malicious code or tampering within CI/CD environments.
54. What is a common risk when using self-hosted CI/CD runners instead of cloud-managed ones?
A) Increased security responsibility, including patching and hardening
B) Faster build times
C) More secure than cloud-managed runners
D) Easier to configure
β
Answer: A) Increased security responsibility, including patching and hardening
π Explanation: Self-hosted runners require regular updates, security hardening, and access control to avoid security risks compared to managed CI/CD services.
55. What is a primary security concern when using third-party CI/CD integrations?
A) Unauthorized access due to excessive permissions
B) Increased deployment speed
C) Improved application performance
D) Reduced cloud storage costs
β
Answer: A) Unauthorized access due to excessive permissions
π Explanation: Third-party integrations often request excessive permissions, which can lead to unauthorized access if not properly restricted.
56. What is an effective way to prevent privilege escalation in CI/CD pipelines?
A) Implement Role-Based Access Control (RBAC) and least privilege access
B) Grant admin access to all developers
C) Disable authentication for faster builds
D) Store secrets in environment variables
β
Answer: A) Implement Role-Based Access Control (RBAC) and least privilege access
π Explanation: RBAC and least privilege access ensure that users and processes only have the necessary permissions, reducing the risk of privilege escalation.
57. How does Secure Boot enhance security in a DevOps environment?
A) It verifies that only trusted OS and firmware components are loaded
B) It speeds up deployment times
C) It removes the need for access controls
D) It allows unverified software to execute
β
Answer: A) It verifies that only trusted OS and firmware components are loaded
π Explanation: Secure Boot ensures that only digitally signed and verified OS components run on a system, preventing malware from tampering with boot processes.
58. Why is automatic secret scanning necessary in a CI/CD pipeline?
A) To detect and remove hardcoded credentials before they are exposed
B) To speed up deployments
C) To reduce cloud costs
D) To prevent log file generation
β
Answer: A) To detect and remove hardcoded credentials before they are exposed
π Explanation: Automated secret scanning tools (e.g., GitLeaks, TruffleHog, AWS Secret Scanner) detect and prevent accidental exposure of sensitive data in repositories.
59. What security risk arises if a CI/CD pipeline lacks audit logging?
A) Inability to track security incidents and unauthorized changes
B) Reduced deployment costs
C) Faster application builds
D) Increased system performance
β
Answer: A) Inability to track security incidents and unauthorized changes
π Explanation: Audit logs provide traceability, helping detect and investigate security incidents or unauthorized changes.
60. What is a critical step to securing CI/CD pipelines from insider threats?
A) Implementing access controls, monitoring, and audit logs
B) Granting admin access to all developers
C) Removing all authentication requirements
D) Disabling logging to save storage space
β
Answer: A) Implementing access controls, monitoring, and audit logs
π Explanation: Insider threats can be mitigated by strict access control, continuous monitoring, and maintaining detailed audit logs.
61. Why is network segmentation important in securing CI/CD pipelines?
A) It isolates sensitive environments from potential threats
B) It speeds up network traffic
C) It reduces deployment costs
D) It eliminates the need for firewalls
β
Answer: A) It isolates sensitive environments from potential threats
π Explanation: Network segmentation ensures that different parts of the infrastructure (e.g., build servers, production systems) are isolated, reducing the impact of security breaches.
62. What is the best way to prevent unauthorized container access in a CI/CD pipeline?
A) Use container signing and enforce image provenance
B) Disable authentication for faster access
C) Store container images in public repositories
D) Use only default Kubernetes configurations
β
Answer: A) Use container signing and enforce image provenance
π Explanation: Signing container images (e.g., using Cosign or Notary) ensures that only trusted, verified images are deployed.
63. What security risk does a misconfigured CI/CD webhook introduce?
A) It allows unauthorized code execution via forged webhook requests
B) It increases deployment speed
C) It reduces security logging requirements
D) It automatically grants admin access
β
Answer: A) It allows unauthorized code execution via forged webhook requests
π Explanation: Misconfigured webhooks can allow attackers to send forged requests, triggering unintended deployments or malicious actions.
64. What is the function of an API Gateway in securing CI/CD environments?
A) To manage API requests and enforce security policies
B) To store CI/CD pipeline logs
C) To replace firewalls
D) To encrypt all application data
β
Answer: A) To manage API requests and enforce security policies
π Explanation: API Gateways (e.g., Kong, AWS API Gateway) help enforce authentication, rate limiting, and access control to prevent API abuse.
65. How does enforcing signed commits improve security in a CI/CD pipeline?
A) It verifies the identity of the code author
B) It speeds up repository cloning
C) It allows anonymous commits
D) It eliminates the need for version control
β
Answer: A) It verifies the identity of the code author
π Explanation: Signed commits ensure that code changes come from trusted contributors, preventing unauthorized or malicious modifications.
66. Why should CI/CD logs be stored securely?
A) To detect security incidents and maintain audit trails
B) To increase system performance
C) To remove the need for real-time monitoring
D) To speed up deployments
β
Answer: A) To detect security incidents and maintain audit trails
π Explanation: Secure log storage helps investigate security breaches, detect anomalies, and ensure compliance.
67. What is the role of least privilege access in securing DevOps workflows?
A) It grants only the necessary permissions to users and services
B) It speeds up authentication
C) It allows developers to have full access by default
D) It replaces the need for authentication
β
Answer: A) It grants only the necessary permissions to users and services
π Explanation: Least privilege access reduces the risk of unauthorized actions and limits damage in case of a breach.
68. What is a major security risk of using shared credentials in a CI/CD pipeline?
A) Multiple users can access secrets without traceability
B) It speeds up deployments
C) It increases developer collaboration
D) It improves authentication
β
Answer: A) Multiple users can access secrets without traceability
π Explanation: Shared credentials lack individual accountability, making it difficult to track unauthorized actions and increasing security risks.
69. How does Zero Trust security benefit CI/CD pipelines?
A) It requires continuous verification of users, devices, and workloads
B) It removes all security checks
C) It allows unrestricted access to pipeline environments
D) It replaces firewalls
β
Answer: A) It requires continuous verification of users, devices, and workloads
π Explanation: Zero Trust assumes that every request is untrusted until verified, reducing the risk of internal and external threats.
70. What is the purpose of automated rollback in CI/CD security?
A) To revert deployments automatically in case of security issues
B) To disable logging
C) To remove the need for monitoring
D) To replace authentication mechanisms
β
Answer: A) To revert deployments automatically in case of security issues
π Explanation: Automated rollback ensures rapid response to failed or compromised deployments, maintaining application stability.
71. How does container image scanning enhance CI/CD security?
A) By identifying vulnerabilities before deployment
B) By reducing image file sizes
C) By improving network speed
D) By eliminating access control
β
Answer: A) By identifying vulnerabilities before deployment
π Explanation: Container scanning tools (e.g., Trivy, Clair) detect security vulnerabilities in images before they are deployed.
72. What is the function of an immutable CI/CD pipeline?
A) It prevents unauthorized modifications to infrastructure and build artifacts
B) It speeds up deployments
C) It increases disk space usage
D) It removes the need for logging
β
Answer: A) It prevents unauthorized modifications to infrastructure and build artifacts
π Explanation: Immutable CI/CD pipelines ensure that once something is deployed, it cannot be changed, reducing attack surfaces.
73. What is the risk of exposing sensitive environment variables in CI/CD logs?
A) Attackers can access API keys, credentials, and secrets
B) It speeds up log analysis
C) It reduces security risks
D) It improves authentication
β
Answer: A) Attackers can access API keys, credentials, and secrets
π Explanation: Exposed environment variables can leak sensitive data, allowing unauthorized access or privilege escalation.
74. How does Rate Limiting help secure CI/CD pipelines?
A) It prevents API abuse and brute force attacks
B) It speeds up deployments
C) It increases log retention
D) It removes authentication
β
Answer: A) It prevents API abuse and brute force attacks
π Explanation: Rate limiting restricts excessive requests, protecting APIs and CI/CD services from abuse.
75. Why should outdated dependencies be removed from CI/CD pipelines?
A) They may contain known security vulnerabilities
B) They improve deployment speed
C) They reduce cloud costs
D) They remove the need for monitoring
β
Answer: A) They may contain known security vulnerabilities
π Explanation: Outdated dependencies often contain exploitable vulnerabilities, making applications a target for attackers.
76. What is the primary purpose of vulnerability management in DevSecOps?
A) To identify, assess, and remediate security vulnerabilities
B) To increase build speed
C) To remove authentication mechanisms
D) To optimize storage
β
Answer: A) To identify, assess, and remediate security vulnerabilities
π Explanation: Vulnerability management ensures continuous monitoring and fixing of security flaws.
77. How does Runtime Application Self-Protection (RASP) enhance CI/CD security?
A) By detecting and preventing attacks during runtime
B) By replacing CI/CD logging
C) By improving file compression
D) By reducing deployment speed
β
Answer: A) By detecting and preventing attacks during runtime
π Explanation: RASP solutions protect applications in real time, detecting and blocking security threats.
78. Why is periodic penetration testing important in CI/CD pipelines?
A) To simulate real-world attacks and find vulnerabilities
B) To increase network speed
C) To replace authentication
D) To reduce deployment time
β
Answer: A) To simulate real-world attacks and find vulnerabilities
π Explanation: Regular penetration testing helps identify weaknesses before attackers exploit them.
79. What is an effective way to secure CI/CD pipeline artifacts?
A) Use artifact repositories with access controls and scanning
B) Store artifacts in unsecured locations
C) Allow all users unrestricted access
D) Disable encryption
β
Answer: A) Use artifact repositories with access controls and scanning
π Explanation: Secure artifact repositories prevent unauthorized modifications and detect vulnerabilities.
80. What is a major risk of failing to monitor security alerts in CI/CD?
A) Delayed detection of security incidents
B) Faster deployments
C) Reduced compliance costs
D) Increased build speed
β
Answer: A) Delayed detection of security incidents
π Explanation: Continuous monitoring ensures early threat detection, preventing major security breaches.
81. Why should you avoid hardcoding credentials in source code?
A) Hardcoded credentials can be easily extracted and misused by attackers
B) It speeds up the CI/CD process
C) It helps developers avoid authentication errors
D) It improves deployment speed
β
Answer: A) Hardcoded credentials can be easily extracted and misused by attackers
π Explanation: Hardcoded credentials (API keys, passwords) can be extracted from repositories, leading to security breaches. Secure them using secrets management tools like HashiCorp Vault or AWS Secrets Manager.
82. What security control prevents unauthorized software from running in a CI/CD pipeline?
A) Code Signing and Execution Policies
B) Disabling security updates
C) Running all code as root
D) Using open-source dependencies without verification
β
Answer: A) Code Signing and Execution Policies
π Explanation: Code signing ensures that only trusted, digitally signed software is executed, preventing unauthorized scripts from running in the pipeline.
83. What is a key reason for using Just-In-Time (JIT) access for CI/CD users?
A) It grants temporary privileged access only when needed
B) It increases development speed
C) It allows developers to skip authentication
D) It stores credentials in plain text
β
Answer: A) It grants temporary privileged access only when needed
π Explanation: JIT access minimizes attack surfaces by granting temporary privileged access instead of long-term elevated privileges.
84. Why should you perform periodic security reviews of CI/CD configurations?
A) To identify and remediate security misconfigurations
B) To improve deployment speed
C) To reduce cloud costs
D) To eliminate the need for authentication
β
Answer: A) To identify and remediate security misconfigurations
π Explanation: Periodic security reviews help detect and fix misconfigurations in CI/CD pipelines before they are exploited.
85. What is a major security risk when using unverified third-party plugins in CI/CD tools?
A) They may introduce backdoors and malicious code
B) They increase deployment efficiency
C) They help reduce security costs
D) They improve build speed
β
Answer: A) They may introduce backdoors and malicious code
π Explanation: Unverified third-party plugins can be malicious or vulnerable, leading to supply chain attacks.
86. How does enforcing Role-Based Access Control (RBAC) improve CI/CD security?
A) It restricts access based on user roles and permissions
B) It increases system speed
C) It allows all users full access
D) It eliminates the need for authentication
β
Answer: A) It restricts access based on user roles and permissions
π Explanation: RBAC ensures that users have only the permissions they need, reducing the risk of privilege escalation attacks.
87. What is an advantage of automating security updates in CI/CD pipelines?
A) It ensures timely patching of vulnerabilities
B) It reduces the need for compliance monitoring
C) It allows administrators to disable security controls
D) It speeds up CI/CD deployments
β
Answer: A) It ensures timely patching of vulnerabilities
π Explanation: Automating security updates ensures known vulnerabilities are patched before they can be exploited.
88. How can you prevent excessive privilege escalation in a CI/CD pipeline?
A) Use the principle of least privilege and enforce access controls
B) Grant all users administrator access
C) Disable logging to avoid detecting privilege escalations
D) Store credentials in public repositories
β
Answer: A) Use the principle of least privilege and enforce access controls
π Explanation: Excessive privileges create security risks; enforcing least privilege access minimizes exposure.
89. Why should developers use ephemeral CI/CD runners instead of persistent ones?
A) They eliminate security risks associated with long-lived systems
B) They slow down build times
C) They require manual updates
D) They remove the need for authentication
β
Answer: A) They eliminate security risks associated with long-lived systems
π Explanation: Ephemeral runners are destroyed after each job, preventing long-term persistence of vulnerabilities.
90. How does enforcing Multi-Factor Authentication (MFA) for CI/CD access enhance security?
A) It requires additional verification before granting access
B) It removes the need for passwords
C) It speeds up authentication
D) It reduces build times
β
Answer: A) It requires additional verification before granting access
π Explanation: MFA reduces unauthorized access risks by requiring multiple authentication factors.
91. What is an effective way to secure pipeline secrets?
A) Use a secrets manager like AWS Secrets Manager or HashiCorp Vault
B) Hardcode them in source code
C) Store them in CI/CD environment variables
D) Share them via email
β
Answer: A) Use a secrets manager like AWS Secrets Manager or HashiCorp Vault
π Explanation: Secrets managers provide secure storage and access control for sensitive credentials.
92. What security risk arises from using outdated CI/CD dependencies?
A) They may contain unpatched vulnerabilities
B) They improve performance
C) They reduce security testing needs
D) They increase network speed
β
Answer: A) They may contain unpatched vulnerabilities
π Explanation: Outdated dependencies are a major attack vector for supply chain attacks.
93. How does integrating security gates in a CI/CD pipeline improve security?
A) It enforces security checks before allowing deployment
B) It speeds up builds
C) It reduces security logging
D) It removes the need for authentication
β
Answer: A) It enforces security checks before allowing deployment
π Explanation: Security gates prevent deployment if vulnerabilities or compliance issues are detected.
94. What is a major benefit of monitoring security logs in a CI/CD pipeline?
A) It helps detect unauthorized access and security incidents
B) It reduces cloud storage costs
C) It improves CI/CD performance
D) It eliminates the need for MFA
β
Answer: A) It helps detect unauthorized access and security incidents
π Explanation: Continuous monitoring of logs ensures early detection of security threats.
95. How can DevOps teams protect against dependency confusion attacks?
A) Use private package registries and verify dependencies
B) Always use the latest version of packages
C) Allow all dependencies without verification
D) Store dependency files in public repositories
β
Answer: A) Use private package registries and verify dependencies
π Explanation: Dependency confusion attacks exploit package name collisions to inject malicious code.
96. How can DevOps teams reduce the risk of insider threats in CI/CD?
A) Implement strict access controls and logging
B) Grant admin access to all users
C) Disable logging for privacy
D) Store secrets in shared files
β
Answer: A) Implement strict access controls and logging
π Explanation: Strict access control, monitoring, and logging help detect and prevent insider threats.
97. Why should CI/CD environments be regularly patched?
A) To fix known vulnerabilities before they are exploited
B) To remove the need for authentication
C) To speed up deployments
D) To reduce network traffic
β
Answer: A) To fix known vulnerabilities before they are exploited
π Explanation: Regular patching ensures security vulnerabilities are mitigated before attackers can exploit them.
98. What is the primary purpose of using integrity checks in CI/CD?
A) To verify that code and artifacts have not been tampered with
B) To speed up deployments
C) To reduce disk usage
D) To remove authentication
β
Answer: A) To verify that code and artifacts have not been tampered with
π Explanation: Integrity checks ensure that code remains unaltered and secure throughout the pipeline.
99. How does container runtime security improve DevSecOps?
A) By detecting malicious activity in running containers
B) By reducing build times
C) By disabling security logs
D) By improving network speed
β
Answer: A) By detecting malicious activity in running containers
π Explanation: Runtime security tools (e.g., Falco, Aqua Security) detect malicious behaviors inside running containers.
100. What is the benefit of using automated rollback in CI/CD pipelines?
A) It ensures quick recovery from security failures
B) It disables authentication
C) It increases deployment costs
D) It removes logging requirements
β
Answer: A) It ensures quick recovery from security failures
π Explanation: Automated rollback minimizes downtime by reverting to the last secure deployment in case of failures.
101. Why is automated security testing critical in a CI/CD pipeline?
A) It ensures vulnerabilities are detected early before deployment
B) It slows down deployments
C) It eliminates the need for manual security reviews
D) It removes authentication requirements
β
Answer: A) It ensures vulnerabilities are detected early before deployment
π Explanation: Automated security testing (SAST, DAST, SCA, etc.) ensures issues are identified and mitigated early, reducing security risks.
102. What is a major security benefit of using ephemeral CI/CD environments?
A) They are automatically destroyed after execution, reducing attack surfaces
B) They increase CI/CD execution time
C) They allow persistent access to production environments
D) They require manual updates
β
Answer: A) They are automatically destroyed after execution, reducing attack surfaces
π Explanation: Ephemeral environments prevent long-lived vulnerabilities by ensuring that each CI/CD job runs in a fresh, isolated instance.
103. What type of attack does implementing an allowlist in CI/CD environments help prevent?
A) Unauthorized access by limiting approved entities
B) SQL Injection
C) Cross-Site Scripting (XSS)
D) Buffer Overflow
β
Answer: A) Unauthorized access by limiting approved entities
π Explanation: Allowlisting ensures that only trusted users, IPs, and applications can access critical CI/CD infrastructure, preventing unauthorized access.
104. What is the primary security risk associated with using default container images?
A) They may contain vulnerabilities or outdated software
B) They improve build speeds
C) They reduce security logging
D) They eliminate runtime security issues
β
Answer: A) They may contain vulnerabilities or outdated software
π Explanation: Default or unverified container images often contain known vulnerabilities, which can lead to security breaches.
105. What is an effective way to prevent tampering in CI/CD pipeline artifacts?
A) Use cryptographic signing for build artifacts
B) Store them in unprotected locations
C) Disable logging to improve performance
D) Allow open access to artifact repositories
β
Answer: A) Use cryptographic signing for build artifacts
π Explanation: Digitally signing artifacts ensures that only verified, untampered artifacts are deployed.
106. Why should API keys and secrets not be stored in Git repositories?
A) They can be exposed if the repository is public or compromised
B) It increases repository size
C) It slows down authentication
D) It improves security logging
β
Answer: A) They can be exposed if the repository is public or compromised
π Explanation: Secrets in Git repositories can be leaked, allowing attackers to exploit API keys, credentials, and sensitive data.
107. What is the role of policy-as-code in securing DevOps workflows?
A) It automates enforcement of security policies across CI/CD pipelines
B) It removes authentication requirements
C) It speeds up deployment
D) It disables logging
β
Answer: A) It automates enforcement of security policies across CI/CD pipelines
π Explanation: Policy-as-Code (e.g., Open Policy Agent, HashiCorp Sentinel) allows automatic security compliance enforcement in infrastructure and applications.
108. What is a critical benefit of using immutable infrastructure in CI/CD security?
A) It prevents unauthorized changes to running systems
B) It allows direct modifications in production
C) It increases security costs
D) It slows down deployments
β
Answer: A) It prevents unauthorized changes to running systems
π Explanation: Immutable infrastructure ensures that all deployments are standardized and secure, reducing risks of unauthorized modifications.
109. How does dependency scanning improve CI/CD security?
A) It detects vulnerabilities in third-party libraries before deployment
B) It eliminates the need for logging
C) It reduces deployment times
D) It prevents runtime attacks
β
Answer: A) It detects vulnerabilities in third-party libraries before deployment
π Explanation: Dependency scanning (SCA tools like Snyk, OWASP Dependency-Check) detects and mitigates vulnerable third-party libraries.
110. What is a major security risk of using shared credentials in a CI/CD pipeline?
A) They allow unauthorized access due to lack of accountability
B) They improve security auditing
C) They increase deployment speed
D) They eliminate authentication issues
β
Answer: A) They allow unauthorized access due to lack of accountability
π Explanation: Shared credentials make it difficult to track user actions, increasing the risk of security incidents.
111. What is a primary risk of storing environment variables in CI/CD logs?
A) Sensitive data like credentials may be exposed
B) It increases log file size
C) It improves debugging
D) It speeds up authentication
β
Answer: A) Sensitive data like credentials may be exposed
π Explanation: CI/CD logs may capture sensitive environment variables, leading to potential security breaches if exposed.
112. How does shifting security left in DevSecOps benefit development teams?
A) It detects security issues earlier in the development process
B) It delays security testing until production
C) It eliminates the need for security testing
D) It speeds up deployments by skipping security checks
β
Answer: A) It detects security issues earlier in the development process
π Explanation: Shift-left security integrates security testing early, reducing risks and costs by catching vulnerabilities sooner.
113. What is a key reason to enforce audit logging in a CI/CD pipeline?
A) To track changes and detect security incidents
B) To speed up deployments
C) To reduce cloud storage costs
D) To eliminate authentication
β
Answer: A) To track changes and detect security incidents
π Explanation: Audit logging provides visibility into security events, helping teams investigate and mitigate risks.
114. What is the best way to ensure that container images are secure?
A) Use vulnerability scanning tools before deployment
B) Use the latest image version without verification
C) Allow all images from public repositories
D) Store images without access controls
β
Answer: A) Use vulnerability scanning tools before deployment
π Explanation: Scanning images before deployment ensures that vulnerabilities are identified and mitigated.
115. How does enforcing signed commits help secure CI/CD workflows?
A) It ensures that only authorized developers contribute code
B) It speeds up commit processing
C) It eliminates authentication requirements
D) It increases storage usage
β
Answer: A) It ensures that only authorized developers contribute code
π Explanation: Signed commits verify the identity of contributors, preventing unauthorized changes.
116. What is an effective way to prevent unauthorized access to a CI/CD pipeline?
A) Implement multi-factor authentication (MFA) and access controls
B) Allow all users unrestricted access
C) Disable authentication mechanisms
D) Store credentials in configuration files
β
Answer: A) Implement multi-factor authentication (MFA) and access controls
π Explanation: MFA and access control policies prevent unauthorized access and reduce insider threats.
117. How does rate limiting enhance CI/CD security?
A) It prevents abuse and brute-force attacks on APIs
B) It speeds up deployments
C) It eliminates authentication
D) It reduces storage costs
β
Answer: A) It prevents abuse and brute-force attacks on APIs
π Explanation: Rate limiting controls the number of requests, protecting CI/CD APIs from abuse and DDoS attacks.
118. What is the primary risk of not rotating access keys in a CI/CD environment?
A) Compromised credentials could provide long-term unauthorized access
B) It improves authentication speed
C) It speeds up deployments
D) It reduces security logging requirements
β
Answer: A) Compromised credentials could provide long-term unauthorized access
π Explanation: Regularly rotating access keys reduces the risk of long-term unauthorized access.
119. Why is it important to enforce branch protection rules in CI/CD pipelines?
A) To prevent unauthorized modifications to critical branches
B) To improve build speed
C) To allow developers to bypass code reviews
D) To disable authentication requirements
β
Answer: A) To prevent unauthorized modifications to critical branches
π Explanation: Branch protection rules ensure that code changes go through required reviews and security checks before merging, reducing security risks.
120. How does encrypting data at rest in a CI/CD pipeline enhance security?
A) It prevents unauthorized access to stored data
B) It improves deployment speed
C) It reduces cloud storage costs
D) It eliminates the need for authentication
β
Answer: A) It prevents unauthorized access to stored data
π Explanation: Encrypting data at rest ensures that sensitive information is protected from unauthorized access, even if storage is compromised.
121. Why should you monitor CI/CD pipeline activity for anomalies?
A) To detect unauthorized access or suspicious behavior
B) To speed up deployments
C) To reduce CPU usage
D) To prevent error logging
β
Answer: A) To detect unauthorized access or suspicious behavior
π Explanation: Monitoring pipeline activity helps identify security threats, such as compromised credentials or unauthorized changes.
122. What is the primary benefit of using Infrastructure as Code (IaC) security scanning?
A) It identifies security misconfigurations in infrastructure code before deployment
B) It speeds up application performance
C) It allows unrestricted access to infrastructure
D) It eliminates the need for compliance audits
β
Answer: A) It identifies security misconfigurations in infrastructure code before deployment
π Explanation: IaC scanning tools detect security misconfigurations in Terraform, CloudFormation, and Kubernetes manifests, preventing security flaws from reaching production.
123. How does implementing automated secret rotation improve CI/CD security?
A) It reduces the risk of long-lived secrets being exposed
B) It speeds up API authentication
C) It removes the need for encryption
D) It eliminates the need for logging
β
Answer: A) It reduces the risk of long-lived secrets being exposed
π Explanation: Automatically rotating secrets ensures that credentials are changed periodically, reducing the risk of misuse if they are compromised.
124. What security risk does failing to validate input data in CI/CD introduce?
A) Injection attacks, such as SQL Injection and Command Injection
B) Faster build times
C) Improved authentication
D) Reduced logging requirements
β
Answer: A) Injection attacks, such as SQL Injection and Command Injection
π Explanation: Unvalidated input can lead to injection attacks, where attackers manipulate input data to execute malicious commands.
125. How does enforcing TLS encryption in CI/CD pipelines enhance security?
A) It secures data transmission between CI/CD components
B) It speeds up authentication
C) It eliminates the need for access controls
D) It reduces cloud storage costs
β
Answer: A) It secures data transmission between CI/CD components
π Explanation: TLS encryption protects data in transit, preventing attackers from intercepting sensitive information.
126. Why should developers avoid using “latest” tags in Docker images?
A) It may introduce unverified updates or vulnerabilities
B) It improves application security
C) It speeds up build times
D) It removes the need for dependency management
β
Answer: A) It may introduce unverified updates or vulnerabilities
π Explanation: Using specific, tested versions of Docker images ensures that the application runs on a known secure version, rather than an unexpected or vulnerable update.
127. What is a key security risk when using third-party CI/CD services?
A) Potential exposure of sensitive data to external providers
B) Faster deployment times
C) Reduced need for authentication
D) Improved network speeds
β
Answer: A) Potential exposure of sensitive data to external providers
π Explanation: Third-party CI/CD services may introduce security risks if sensitive data is not properly protected.
128. How can security misconfigurations in cloud-based CI/CD environments be mitigated?
A) By regularly auditing permissions and security settings
B) By allowing full administrative access to all users
C) By disabling encryption
D) By not enforcing multi-factor authentication
β
Answer: A) By regularly auditing permissions and security settings
π Explanation: Regular audits help detect misconfigurations in cloud environments, ensuring compliance with security best practices.
129. Why should you avoid running containers with root privileges in CI/CD pipelines?
A) It reduces the risk of privilege escalation attacks
B) It improves application performance
C) It speeds up deployment
D) It eliminates authentication requirements
β
Answer: A) It reduces the risk of privilege escalation attacks
π Explanation: Running containers with root privileges increases the risk of attackers gaining full control over the container and potentially the host system.
130. What security benefit does using signed container images provide?
A) It verifies the integrity and authenticity of the image
B) It speeds up build times
C) It reduces CPU usage
D) It improves network speed
β
Answer: A) It verifies the integrity and authenticity of the image
π Explanation: Signed container images ensure that only verified, trusted images are deployed, preventing tampering.
131. What is an effective way to prevent data leakage in CI/CD pipelines?
A) Mask sensitive data in logs and restrict access to logs
B) Store all secrets in plain text in configuration files
C) Allow unrestricted access to pipeline logs
D) Use public artifact repositories without access control
β
Answer: A) Mask sensitive data in logs and restrict access to logs
π Explanation: Data masking ensures that sensitive data is not exposed in logs, reducing the risk of data leaks.
132. What is the role of Continuous Compliance in CI/CD security?
A) It ensures security policies and regulations are automatically enforced throughout the pipeline
B) It slows down deployments
C) It replaces authentication mechanisms
D) It reduces storage costs
β
Answer: A) It ensures security policies and regulations are automatically enforced throughout the pipeline
π Explanation: Continuous Compliance ensures that security standards and regulations are met at every stage of the CI/CD process.
133. How does API security testing improve CI/CD security?
A) It detects vulnerabilities such as broken authentication and authorization issues
B) It reduces the need for rate limiting
C) It eliminates the need for API monitoring
D) It speeds up API performance
β
Answer: A) It detects vulnerabilities such as broken authentication and authorization issues
π Explanation: API security testing ensures that API endpoints are protected from common vulnerabilities such as unauthorized access.
134. Why should you regularly update security policies in a CI/CD pipeline?
A) To adapt to emerging threats and compliance requirements
B) To increase deployment frequency
C) To disable security scanning
D) To reduce network traffic
β
Answer: A) To adapt to emerging threats and compliance requirements
π Explanation: Security policies should be regularly updated to address new security challenges and ensure compliance.
135. What is the purpose of using an Application Firewall (WAF) in CI/CD security?
A) To protect applications from web-based attacks like SQL Injection and XSS
B) To speed up web page loading
C) To reduce cloud storage usage
D) To eliminate the need for authentication
β
Answer: A) To protect applications from web-based attacks like SQL Injection and XSS
π Explanation: A WAF filters and monitors HTTP traffic, preventing web attacks from reaching applications.
136. What is the best practice for securing CI/CD credentials used in automation scripts?
A) Store credentials in a secure vault and retrieve them dynamically
B) Hardcode credentials in automation scripts for easy access
C) Store credentials in plain text in environment variables
D) Share credentials with all team members
β
Answer: A) Store credentials in a secure vault and retrieve them dynamically
π Explanation: Using a secrets management solution (e.g., AWS Secrets Manager, HashiCorp Vault) ensures that sensitive credentials are securely stored and retrieved only when needed.
137. Why is continuous security monitoring necessary in a CI/CD pipeline?
A) To detect and respond to security threats in real-time
B) To speed up deployment
C) To remove the need for security patches
D) To reduce cloud storage costs
β
Answer: A) To detect and respond to security threats in real-time
π Explanation: Continuous security monitoring helps detect suspicious activities, unauthorized access, and vulnerabilities before they are exploited.
138. What is the security risk of using outdated plugins in a CI/CD tool like Jenkins?
A) They may contain unpatched vulnerabilities that can be exploited
B) They improve security by reducing dependency management
C) They reduce the need for authentication
D) They eliminate the need for security testing
β
Answer: A) They may contain unpatched vulnerabilities that can be exploited
π Explanation: Outdated plugins often contain security flaws that attackers can exploit to gain unauthorized access to the CI/CD pipeline.
139. How does Role-Based Access Control (RBAC) enhance CI/CD security?
A) It ensures that only authorized users have access to specific CI/CD resources
B) It grants admin access to all users by default
C) It eliminates the need for authentication
D) It reduces security monitoring needs
β
Answer: A) It ensures that only authorized users have access to specific CI/CD resources
π Explanation: RBAC ensures that each user has the minimum necessary permissions, preventing unauthorized modifications to the pipeline.
140. What is the primary risk of not enforcing strong authentication for CI/CD pipeline users?
A) Unauthorized users may gain access and compromise the pipeline
B) It reduces security logging requirements
C) It speeds up deployment
D) It allows for easier developer access
β
Answer: A) Unauthorized users may gain access and compromise the pipeline
π Explanation: Without strong authentication (e.g., MFA, SSO), attackers can exploit weak credentials to access and manipulate CI/CD systems.
141. How can DevOps teams secure CI/CD pipelines from insider threats?
A) Implement strict access controls, monitoring, and audit logs
B) Grant admin access to all team members
C) Disable logging for privacy reasons
D) Use shared credentials for easy access
β
Answer: A) Implement strict access controls, monitoring, and audit logs
π Explanation: Insider threats can be mitigated by implementing strict access control, continuous monitoring, and maintaining detailed audit logs.
142. What is a major benefit of using infrastructure immutability in a CI/CD pipeline?
A) It prevents unauthorized changes and ensures consistency across deployments
B) It increases deployment frequency
C) It eliminates the need for security reviews
D) It reduces network traffic
β
Answer: A) It prevents unauthorized changes and ensures consistency across deployments
π Explanation: Immutable infrastructure ensures that once an environment is deployed, it cannot be modified, reducing security risks.
143. What is the primary security advantage of using ephemeral build environments in CI/CD?
A) They eliminate persistent security vulnerabilities by creating a new instance for every build
B) They increase system performance
C) They store logs indefinitely for auditing
D) They allow for direct manual modifications
β
Answer: A) They eliminate persistent security vulnerabilities by creating a new instance for every build
π Explanation: Ephemeral environments prevent persistent threats by ensuring each build runs in a fresh, secure instance.
144. Why is software bill of materials (SBOM) important for CI/CD security?
A) It provides a complete list of dependencies to identify vulnerabilities
B) It speeds up the CI/CD pipeline
C) It reduces network latency
D) It eliminates the need for dependency management
β
Answer: A) It provides a complete list of dependencies to identify vulnerabilities
π Explanation: An SBOM helps track all software components, making it easier to detect and patch vulnerabilities in third-party dependencies.
145. How does enforcing digital signatures on deployment artifacts improve security?
A) It ensures that only verified, untampered artifacts are deployed
B) It reduces system performance
C) It speeds up application execution
D) It removes the need for logging
β
Answer: A) It ensures that only verified, untampered artifacts are deployed
π Explanation: Digital signatures verify the authenticity and integrity of deployment artifacts, preventing tampering and supply chain attacks.
146. What is the role of a Web Application Firewall (WAF) in CI/CD security?
A) It protects deployed applications from web-based attacks
B) It increases deployment speed
C) It reduces cloud storage costs
D) It disables logging
β
Answer: A) It protects deployed applications from web-based attacks
π Explanation: A WAF filters and monitors HTTP traffic to prevent attacks like SQL Injection, XSS, and CSRF.
147. What is the primary benefit of integrating security tools into the CI/CD pipeline?
A) It ensures security vulnerabilities are detected and mitigated before deployment
B) It eliminates the need for developers to follow security best practices
C) It speeds up deployment times
D) It reduces security requirements
β
Answer: A) It ensures security vulnerabilities are detected and mitigated before deployment
π Explanation: Integrating security tools (SAST, DAST, SCA) helps detect vulnerabilities early, reducing security risks in production.
148. Why should security misconfigurations in cloud-based CI/CD environments be regularly audited?
A) To identify and remediate security risks before they are exploited
B) To increase deployment frequency
C) To reduce security alerts
D) To disable authentication
β
Answer: A) To identify and remediate security risks before they are exploited
π Explanation: Regular audits help detect misconfigurations in cloud CI/CD environments, ensuring compliance and security best practices.
149. What is a major risk of storing API tokens in plaintext in a CI/CD pipeline?
A) They can be exposed and misused by attackers
B) They improve authentication speed
C) They enhance system performance
D) They reduce security monitoring needs
β
Answer: A) They can be exposed and misused by attackers
π Explanation: API tokens should be stored securely using vaults or environment variables to prevent unauthorized access.
150. How does adopting the Zero Trust model improve CI/CD security?
A) It requires continuous authentication and least-privilege access control
B) It allows unrestricted access to CI/CD resources
C) It eliminates the need for authentication
D) It reduces deployment times
β
Answer: A) It requires continuous authentication and least-privilege access control
π Explanation: Zero Trust ensures that every request is authenticated and authorized, reducing the risk of insider threats and unauthorized access.
151. Why should CI/CD pipeline logs be protected with access controls?
A) To prevent unauthorized access to sensitive information in logs
B) To speed up deployment times
C) To reduce cloud storage usage
D) To eliminate the need for encryption
β
Answer: A) To prevent unauthorized access to sensitive information in logs
π Explanation: CI/CD logs may contain sensitive data, including API keys, credentials, or environment variables, making access control crucial.
152. What security risk arises from not verifying the source of open-source dependencies in CI/CD?
A) Supply chain attacks where malicious packages are introduced
B) Faster build times
C) Improved system performance
D) Reduced need for authentication
β
Answer: A) Supply chain attacks where malicious packages are introduced
π Explanation: Unverified open-source dependencies can contain malicious code, leading to software supply chain attacks.
153. How does implementing automated rollback in a CI/CD pipeline improve security?
A) It quickly reverts to a previous secure version if vulnerabilities are detected
B) It speeds up deployment times
C) It removes the need for monitoring
D) It eliminates the need for logging
β
Answer: A) It quickly reverts to a previous secure version if vulnerabilities are detected
π Explanation: Automated rollback ensures that if a security issue or failure is detected, the system can revert to a safe state.
154. Why is it important to use a private container registry for storing container images?
A) To prevent unauthorized access to images and reduce supply chain risks
B) To make container images public for faster downloads
C) To reduce the need for security policies
D) To allow unrestricted modification of images
β
Answer: A) To prevent unauthorized access to images and reduce supply chain risks
π Explanation: Private container registries ensure that only authorized users can push or pull container images, preventing unauthorized modifications.
155. What is the main reason for enforcing network segmentation in CI/CD environments?
A) To isolate different environments and limit the impact of security breaches
B) To increase deployment speeds
C) To reduce cloud costs
D) To allow unrestricted access across networks
β
Answer: A) To isolate different environments and limit the impact of security breaches
π Explanation: Network segmentation prevents lateral movement in case of a security breach, protecting critical resources.
156. How does implementing a Just-In-Time (JIT) access model improve security in CI/CD pipelines?
A) It grants temporary, time-bound access to sensitive resources only when needed
B) It eliminates the need for authentication
C) It allows developers to have persistent admin access
D) It speeds up CI/CD execution
β
Answer: A) It grants temporary, time-bound access to sensitive resources only when needed
π Explanation: JIT access reduces the attack surface by ensuring that privileged access is only granted when required, minimizing risks.
157. What is the purpose of enforcing audit logging in a CI/CD pipeline?
A) To track security events and detect unauthorized activities
B) To reduce deployment times
C) To improve system performance
D) To eliminate the need for compliance
β
Answer: A) To track security events and detect unauthorized activities
π Explanation: Audit logging provides visibility into security events, helping teams detect, investigate, and respond to potential threats.
158. Why should security policies be version-controlled in a CI/CD pipeline?
A) To track changes and ensure compliance over time
B) To speed up pipeline execution
C) To remove the need for access controls
D) To disable logging
β
Answer: A) To track changes and ensure compliance over time
π Explanation: Version-controlling security policies ensures that all changes are auditable and compliant with security standards.
159. What is the benefit of using ephemeral infrastructure in a CI/CD pipeline?
A) It reduces persistent attack surfaces by destroying instances after use
B) It increases build time
C) It reduces logging requirements
D) It eliminates the need for authentication
β
Answer: A) It reduces persistent attack surfaces by destroying instances after use
π Explanation: Ephemeral infrastructure prevents long-term security vulnerabilities by ensuring each build runs in a fresh, temporary instance.
160. Why is implementing a Web Application Firewall (WAF) recommended in CI/CD security?
A) To filter and block malicious web traffic before it reaches the application
B) To speed up application load times
C) To reduce cloud storage costs
D) To eliminate the need for secure coding practices
β
Answer: A) To filter and block malicious web traffic before it reaches the application
π Explanation: A WAF helps protect web applications from SQL Injection, XSS, and other common web-based attacks.
161. What is the role of Static Application Security Testing (SAST) in a CI/CD pipeline?
A) It scans source code for security vulnerabilities before deployment
B) It eliminates the need for runtime security monitoring
C) It reduces application performance
D) It removes logging requirements
β
Answer: A) It scans source code for security vulnerabilities before deployment
π Explanation: SAST tools analyze source code during development to detect vulnerabilities early in the CI/CD lifecycle.
162. What is the security risk of using weak or default passwords in CI/CD tools?
A) Attackers can easily compromise accounts through brute force or credential stuffing
B) It speeds up authentication
C) It reduces network latency
D) It eliminates the need for multi-factor authentication
β
Answer: A) Attackers can easily compromise accounts through brute force or credential stuffing
π Explanation: Weak or default passwords make CI/CD environments vulnerable to brute-force and credential-based attacks.
163. Why should you scan Infrastructure as Code (IaC) templates before deployment?
A) To detect misconfigurations and security vulnerabilities before provisioning infrastructure
B) To speed up CI/CD pipeline execution
C) To improve application response times
D) To reduce logging requirements
β
Answer: A) To detect misconfigurations and security vulnerabilities before provisioning infrastructure
π Explanation: Scanning IaC templates ensures that security misconfigurations are identified and fixed before deployment.
164. What is an effective way to prevent API abuse in CI/CD pipelines?
A) Implement rate limiting and authentication controls
B) Allow unrestricted API access
C) Disable logging for API requests
D) Use default API keys for all users
β
Answer: A) Implement rate limiting and authentication controls
π Explanation: Rate limiting and authentication mechanisms prevent API abuse and unauthorized access to CI/CD APIs.
165. How does digital signature verification enhance security in CI/CD pipelines?
A) It ensures that only authenticated and untampered artifacts are deployed
B) It eliminates the need for secure coding practices
C) It improves system performance
D) It speeds up deployment
β
Answer: A) It ensures that only authenticated and untampered artifacts are deployed
π Explanation: Digital signatures verify the integrity and authenticity of build artifacts, reducing the risk of supply chain attacks.
166. What is a major risk of storing unencrypted secrets in CI/CD environment variables?
A) Attackers can extract and misuse secrets if logs or configurations are exposed
B) It improves pipeline execution speed
C) It reduces cloud costs
D) It eliminates the need for access controls
β
Answer: A) Attackers can extract and misuse secrets if logs or configurations are exposed
π Explanation: Storing unencrypted secrets in environment variables increases the risk of credential leaks if logs or debugging output is compromised.
167. What is the primary security benefit of using Multi-Factor Authentication (MFA) in CI/CD systems?
A) It prevents unauthorized access by requiring multiple forms of authentication
B) It speeds up deployment times
C) It eliminates the need for access logs
D) It removes the need for secure coding practices
β
Answer: A) It prevents unauthorized access by requiring multiple forms of authentication
π Explanation: MFA enhances security by requiring a second form of authentication (e.g., OTP, biometric, hardware token), reducing the risk of credential-based attacks.
168. Why should least privilege access be enforced in CI/CD environments?
A) To minimize the risk of unauthorized access and privilege escalation attacks
B) To allow all users full access to improve efficiency
C) To eliminate the need for authentication
D) To reduce cloud storage costs
β
Answer: A) To minimize the risk of unauthorized access and privilege escalation attacks
π Explanation: Enforcing the principle of least privilege ensures that users and processes only have the permissions they need, reducing security risks.
169. How does automated security scanning benefit CI/CD pipelines?
A) It detects vulnerabilities before code reaches production
B) It speeds up network communication
C) It eliminates the need for human security review
D) It improves storage efficiency
β
Answer: A) It detects vulnerabilities before code reaches production
π Explanation: Automated security scanning (SAST, DAST, SCA) ensures security issues are identified and fixed before deployment.
170. What is the main risk of exposing CI/CD pipeline logs to unauthorized users?
A) Sensitive data like secrets and environment variables may be leaked
B) It slows down application performance
C) It increases cloud storage costs
D) It reduces logging efficiency
β
Answer: A) Sensitive data like secrets and environment variables may be leaked
π Explanation: CI/CD logs can contain sensitive data (API keys, credentials), and exposing them can lead to data breaches and unauthorized access.
171. What is the security risk of not restricting outbound internet access from CI/CD environments?
A) It increases the risk of data exfiltration or malicious connections
B) It speeds up build processes
C) It improves system performance
D) It eliminates the need for firewalls
β
Answer: A) It increases the risk of data exfiltration or malicious connections
π Explanation: Restricting outbound internet access prevents unauthorized data leaks and blocks potential communication with malicious servers.
172. What is a key benefit of using role-based authentication for CI/CD users?
A) It ensures users only have access to the resources they need
B) It speeds up authentication
C) It allows all users full administrative privileges
D) It reduces API call overhead
β
Answer: A) It ensures users only have access to the resources they need
π Explanation: Role-based authentication (RBAC) follows the principle of least privilege, restricting user permissions to minimize security risks.
173. Why is encrypting data in transit essential for secure CI/CD pipelines?
A) It prevents attackers from intercepting and tampering with data
B) It increases deployment speed
C) It reduces cloud storage costs
D) It eliminates the need for authentication
β
Answer: A) It prevents attackers from intercepting and tampering with data
π Explanation: Encrypting data in transit (e.g., TLS/SSL) ensures secure communication between CI/CD components, protecting against interception attacks.
174. How does implementing an allowlist for CI/CD access improve security?
A) It restricts access to only trusted IPs and users
B) It speeds up deployment times
C) It improves logging efficiency
D) It allows unrestricted access to all users
β
Answer: A) It restricts access to only trusted IPs and users
π Explanation: Using an allowlist ensures that only authorized users and IPs can access CI/CD environments, reducing the attack surface.
175. What is the primary reason for using API gateways in a CI/CD pipeline?
A) To enforce security policies, authentication, and rate limiting for API requests
B) To increase system performance
C) To improve database efficiency
D) To eliminate the need for authentication
β
Answer: A) To enforce security policies, authentication, and rate limiting for API requests
π Explanation: API gateways (e.g., Kong, AWS API Gateway) control and secure API traffic, preventing abuse and unauthorized access.
176. Why should you regularly rotate access keys in CI/CD environments?
A) To reduce the risk of compromised credentials being used for unauthorized access
B) To improve system performance
C) To increase deployment speed
D) To eliminate the need for encryption
β
Answer: A) To reduce the risk of compromised credentials being used for unauthorized access
π Explanation: Regular rotation of access keys ensures that even if credentials are exposed, they become unusable after a short period.
177. What is a key benefit of implementing infrastructure immutability in CI/CD security?
A) It ensures that once a system is deployed, it cannot be modified, reducing attack surfaces
B) It allows developers to make real-time changes to production servers
C) It improves system performance
D) It eliminates the need for monitoring
β
Answer: A) It ensures that once a system is deployed, it cannot be modified, reducing attack surfaces
π Explanation: Immutable infrastructure prevents unauthorized changes and ensures that deployments are consistent and secure.
178. How does container runtime security enhance CI/CD security?
A) It monitors running containers for anomalies and security threats
B) It improves build speeds
C) It reduces API call overhead
D) It eliminates the need for authentication
β
Answer: A) It monitors running containers for anomalies and security threats
π Explanation: Container runtime security tools (e.g., Falco, Aqua Security) detect malicious activity within running containers, protecting against runtime threats.
179. What is a major security risk of using self-hosted CI/CD runners instead of managed cloud CI/CD services?
A) They require regular patching, security hardening, and monitoring
B) They reduce cloud costs
C) They eliminate the need for authentication
D) They improve performance
β
Answer: A) They require regular patching, security hardening, and monitoring
π Explanation: Self-hosted runners provide greater control but also require regular security updates and monitoring to prevent exploits.
180. Why should security teams conduct penetration testing on CI/CD environments?
A) To identify security weaknesses before attackers exploit them
B) To increase build speeds
C) To reduce system load
D) To remove authentication requirements
β
Answer: A) To identify security weaknesses before attackers exploit them
π Explanation: Penetration testing simulates real-world attacks to uncover vulnerabilities in CI/CD pipelines before they can be exploited by malicious actors.
181. Why should security teams use threat modeling in CI/CD pipelines?
A) To proactively identify and mitigate potential security threats
B) To eliminate the need for logging
C) To increase deployment speed
D) To reduce authentication requirements
β
Answer: A) To proactively identify and mitigate potential security threats
π Explanation: Threat modeling helps identify security risks in CI/CD pipelines early, allowing teams to mitigate potential threats before they are exploited.
182. What is the security risk of using hardcoded secrets in CI/CD scripts?
A) Attackers can extract and misuse secrets if the code is exposed
B) It speeds up authentication
C) It reduces system overhead
D) It increases deployment speeds
β
Answer: A) Attackers can extract and misuse secrets if the code is exposed
π Explanation: Hardcoded secrets in CI/CD scripts can be easily accessed if the source code is leaked or compromised, leading to unauthorized access.
183. How does implementing automated security gates improve CI/CD security?
A) It enforces security checks before allowing deployments to proceed
B) It increases deployment speed
C) It eliminates the need for compliance monitoring
D) It allows all code changes to bypass security reviews
β
Answer: A) It enforces security checks before allowing deployments to proceed
π Explanation: Security gates ensure that code meets security and compliance standards before being deployed, preventing vulnerabilities from reaching production.
184. Why should organizations perform regular security audits on CI/CD pipelines?
A) To identify misconfigurations and vulnerabilities before attackers exploit them
B) To eliminate the need for secure coding practices
C) To increase deployment frequency
D) To reduce cloud storage costs
β
Answer: A) To identify misconfigurations and vulnerabilities before attackers exploit them
π Explanation: Regular security audits help uncover potential weaknesses in CI/CD pipelines, ensuring compliance with security best practices.
185. What is the primary function of runtime security monitoring in a CI/CD environment?
A) To detect and respond to security threats during application execution
B) To improve system performance
C) To eliminate the need for authentication
D) To increase build speeds
β
Answer: A) To detect and respond to security threats during application execution
π Explanation: Runtime security monitoring detects threats in real-time, allowing teams to take immediate action against active security incidents.
186. How does implementing Zero Trust security in CI/CD pipelines improve security?
A) It requires continuous verification of every request, reducing attack surfaces
B) It eliminates the need for authentication
C) It speeds up deployments
D) It allows unrestricted access to all users
β
Answer: A) It requires continuous verification of every request, reducing attack surfaces
π Explanation: Zero Trust security ensures that all users, devices, and services are verified at every step, preventing unauthorized access.
187. Why is it important to use signed commits in CI/CD pipelines?
A) To verify the authenticity and integrity of code changes
B) To speed up code reviews
C) To allow anonymous commits
D) To reduce security monitoring needs
β
Answer: A) To verify the authenticity and integrity of code changes
π Explanation: Signed commits ensure that only authorized contributors make changes to the repository, preventing unauthorized modifications.
188. What is the purpose of implementing API rate limiting in CI/CD environments?
A) To prevent API abuse and protect against brute-force attacks
B) To increase API request speed
C) To allow unlimited API calls from all users
D) To eliminate the need for authentication
β
Answer: A) To prevent API abuse and protect against brute-force attacks
π Explanation: Rate limiting helps prevent excessive API calls, protecting services from DoS attacks and unauthorized access attempts.
189. How does container image provenance improve security in CI/CD?
A) It ensures that only verified, trusted container images are used
B) It speeds up deployment times
C) It eliminates the need for logging
D) It increases API response times
β
Answer: A) It ensures that only verified, trusted container images are used
π Explanation: Image provenance verifies the source of container images, ensuring they have not been tampered with before deployment.
190. Why should security teams use anomaly detection in CI/CD pipelines?
A) To identify suspicious behavior and potential security breaches
B) To reduce network traffic
C) To eliminate the need for logging
D) To increase deployment speed
β
Answer: A) To identify suspicious behavior and potential security breaches
π Explanation: Anomaly detection uses machine learning and behavioral analysis to detect deviations from normal activity, identifying potential security incidents.
191. What is the primary benefit of using Software Composition Analysis (SCA) tools in CI/CD pipelines?
A) To identify security vulnerabilities in third-party libraries and dependencies
B) To speed up build times
C) To eliminate the need for dependency management
D) To improve system performance
β
Answer: A) To identify security vulnerabilities in third-party libraries and dependencies
π Explanation: SCA tools scan open-source dependencies for known vulnerabilities, helping teams remediate issues before deployment.
192. Why should security teams enforce immutable infrastructure in CI/CD?
A) To prevent unauthorized modifications and ensure consistency in deployments
B) To allow real-time changes to production servers
C) To speed up authentication
D) To reduce security monitoring needs
β
Answer: A) To prevent unauthorized modifications and ensure consistency in deployments
π Explanation: Immutable infrastructure ensures that once a system is deployed, it cannot be changed, reducing security risks.
193. How does integrating security testing into CI/CD pipelines benefit development teams?
A) It helps identify vulnerabilities early in the software development lifecycle
B) It eliminates the need for security monitoring
C) It increases deployment speed
D) It allows code changes to bypass security policies
β
Answer: A) It helps identify vulnerabilities early in the software development lifecycle
π Explanation: By integrating security testing early, teams can catch and fix vulnerabilities before they reach production, reducing costs and risks.
194. Why should CI/CD security logs be stored in a centralized logging system?
A) To facilitate threat detection, auditing, and compliance monitoring
B) To reduce network latency
C) To eliminate the need for access controls
D) To improve build times
β
Answer: A) To facilitate threat detection, auditing, and compliance monitoring
π Explanation: Centralized logging ensures that all security events are monitored and analyzed for potential security threats.
195. What is the role of a security champion in a DevSecOps team?
A) To advocate for security best practices and improve collaboration between security and development teams
B) To speed up deployments by skipping security checks
C) To eliminate the need for authentication
D) To reduce compliance requirements
β
Answer: A) To advocate for security best practices and improve collaboration between security and development teams
π Explanation: A security champion helps bridge the gap between security and development teams, ensuring security is a priority throughout the software lifecycle.
196. Why should security patches be applied automatically in CI/CD environments?
A) To reduce the risk of known vulnerabilities being exploited
B) To speed up authentication processes
C) To reduce cloud storage costs
D) To eliminate the need for monitoring
β
Answer: A) To reduce the risk of known vulnerabilities being exploited
π Explanation: Automated patching ensures that security updates are applied promptly, reducing the risk of attackers exploiting known vulnerabilities.
197. How does implementing security policies as code improve CI/CD security?
A) It enforces security policies automatically and consistently across environments
B) It increases deployment speeds by reducing security checks
C) It eliminates the need for authentication
D) It allows unrestricted access to infrastructure
β
Answer: A) It enforces security policies automatically and consistently across environments
π Explanation: Security policies as code enable automated enforcement of security rules, reducing human error and ensuring compliance.
198. What is the purpose of enforcing time-based access restrictions in CI/CD environments?
A) To limit access to critical systems based on predefined schedules
B) To speed up user authentication
C) To reduce system load
D) To eliminate the need for API security
β
Answer: A) To limit access to critical systems based on predefined schedules
π Explanation: Time-based access restrictions prevent unauthorized access by limiting user privileges to only the times they are needed.
199. Why should container security scanning be performed before deployment?
A) To identify vulnerabilities in container images before they are deployed
B) To increase deployment speed
C) To improve API response times
D) To eliminate the need for runtime security monitoring
β
Answer: A) To identify vulnerabilities in container images before they are deployed
π Explanation: Container security scanning tools detect vulnerabilities in images, ensuring they are addressed before deployment.
200. How does implementing Just-In-Time (JIT) privileged access improve CI/CD security?
A) It grants temporary elevated access only when needed, reducing attack surfaces
B) It eliminates the need for role-based access control
C) It speeds up deployment processes
D) It allows unrestricted access to all users
β
Answer: A) It grants temporary elevated access only when needed, reducing attack surfaces
π Explanation: JIT privileged access ensures that users have privileged access only when required, reducing the risk of credential misuse.
201. What is the security risk of using outdated base images in a CI/CD pipeline?
A) They may contain known vulnerabilities that can be exploited
B) They improve system performance
C) They increase build times
D) They eliminate the need for runtime security
β
Answer: A) They may contain known vulnerabilities that can be exploited
π Explanation: Outdated base images often contain unpatched vulnerabilities, making them a security risk if used in production.
202. Why should automated security testing be integrated into CI/CD pipelines?
A) To identify and fix vulnerabilities before deployment
B) To reduce authentication time
C) To speed up application performance
D) To eliminate the need for compliance auditing
β
Answer: A) To identify and fix vulnerabilities before deployment
π Explanation: Integrating security testing (SAST, DAST, SCA) into CI/CD pipelines ensures security issues are detected and remediated early in the development process.
203. What is a common risk associated with misconfigured CI/CD pipeline permissions?
A) Unauthorized users may gain access and modify critical build and deployment settings
B) It reduces API request latency
C) It improves deployment speeds
D) It eliminates the need for security monitoring
β
Answer: A) Unauthorized users may gain access and modify critical build and deployment settings
π Explanation: Improperly configured permissions can allow unauthorized changes to the CI/CD pipeline, leading to security breaches.
204. Why is audit logging important in CI/CD environments?
A) To track user activities and detect unauthorized access or suspicious changes
B) To speed up build execution
C) To reduce network traffic
D) To eliminate the need for authentication
β
Answer: A) To track user activities and detect unauthorized access or suspicious changes
π Explanation: Audit logging provides visibility into security events, helping teams detect, investigate, and respond to security incidents.
205. How does using immutable artifacts in CI/CD improve security?
A) It ensures that once an artifact is built, it cannot be modified, preventing tampering
B) It eliminates the need for encryption
C) It speeds up deployment
D) It allows unrestricted access to stored artifacts
β
Answer: A) It ensures that once an artifact is built, it cannot be modified, preventing tampering
π Explanation: Immutable artifacts ensure that the build outputs remain unchanged, reducing the risk of malicious alterations in the pipeline.