Practice Test 1 | Designing and Implementing Microsoft DevOps Solutions | AZ-400 | Dumps | Mock Test
A team is currently building and deploying an application using Azure DevOps services. You have to use the right security tool during the following phase of the development lifecycle.
- After a pull request
- During the continuous integration phase
- During the continuous delivery phase
Which of the following would you use for the continuous integration phase?
A. Penetration Testing
B. Static Code Analysis
C. Threat Modeling
D. Load Testing
Answer – B
During the CI phase, it is always preferential to use static code analysis tools. The Microsoft documentation mentions the following.
Option A is incorrect since Penetration Testing should be used during the deployment phase.
Option B is CORRECT since in this phase code is merged in the master/main branch and is yet to be deployed, so it can be scanned for any quality issues or security issues in code before going for deployment and it’s as per Microsoft’s recommendation as well.
Option C is incorrect since the Threat Modeling tool should be used during the design phase.
Option D is incorrect since the Load Testing tool should be used during the deployment phase.
For more information on security during the DevOps lifecycle, please visit the below URL:
Comments are closed, but trackbacks and pingbacks are open.