Certificate of Cloud Auditing Knowledge (CCAK) — Question 2

From the perspective of a senior cloud security audit practitioner in an organization of a mature security program with cloud adoption, which of the following statements BEST describes the DevSecOps concept?

Answer options

• A. Process of security integration using automation in software development
• B. Development standards for addressing integration, testing, and deployment issues
• C. Operational framework that promotes software consistency through automation
• D. Making software development simpler, faster, and easier using automation

Correct answer: A

Explanation

The correct answer, A, accurately captures the essence of DevSecOps by emphasizing the integration of security into the software development lifecycle through automation. Options B, C, and D focus on aspects of development and operational processes but do not specifically address the integration of security, which is a critical component of DevSecOps.