Implementing DevOps Solutions and Practices Using Cisco Platforms (DEVOPS) — Question 1

Which two practices help make the security of an application a more integral part of the software development lifecycle? (Choose two.)

Answer options

• A. Add a step to the CI/CD pipeline that runs a dynamic code analysis tool during the pipeline execution.
• B. Add a step to the CI/CD pipeline that runs a static code analysis tool during the pipeline execution.
• C. Use only software modules that are written by the internal team.
• D. Add a step to the CI/CD pipeline to modify the release plan so that updated versions of the software are made available more often.
• E. Ensure that the code repository server has enabled drive encryption and stores the keys on a Trusted Platform Module or Hardware Security Module.

Correct answer: A, E

Explanation

The correct answers, A and E, focus on integrating security practices into the development process. Option A promotes proactive identification of vulnerabilities through dynamic analysis during CI/CD, while E emphasizes securing the code repository with encryption. Options B, C, and D do not directly enhance security integration in the development lifecycle.