Final Exam: Introduction to DevSecOps
Intermediate
- 1 video | 32s
- Includes Assessment
- Earns a Badge
Final Exam:Introduction to DevSecOps will test your knowledge and application of the topics presented throughout the Introduction to DevSecOps journey.
WHAT YOU WILL LEARN
-
Discuss the evolution and history of computer systems
provide an overview of information security and how it impacts users and organizations
discuss the basic tenants of information security: confidentiality, integrity, and availability
discuss physical security principles such as access, control, surveillance, and security testing
recognize different types of information security including application, cloud, and infrastructure security
outline common information security risks including advanced persistent threats, insider threats, and ransomware
provide an introduction of devops and describe how it can be leveraged by development and it teams
list key benefits of devops including speed, reliability, and collaboration
outline common devops practices including continuous integration, continuous delivery, and automation
list common challenges of adopting devops
provide an overview of the devops lifecycle
differentiate between the waterfall model and the agile model for software development
provide an overview of the continuous integration phase of the devops lifecycle
provide an overview of the continuous testing phase of the devops lifecycle
provide an overview of the continuous deployment phase of the devops lifecycle
discuss the continuous operations phase of the devops lifecycle
discuss the continuous monitoring phase of the devops lifecycle
discuss factors that define devsecops as a methodology or framework
provide an overview of the three ways framework
provide an overview of the calms framework
discuss reasons to integrate security into the application development lifecycle
recognize key differences between agile and devsecops
discuss considerations when migrating from devops lifecycle to devsecops lifecycle
provide an overview of continuous integration / continuous delivery (ci/cd)
describe the fundamental elements of ci/cd
discuss security vulnerabilities associated with the threat modeling phase of the devsecops pipeline
list common devsecops security recommendations such as implementing secure coding guidelines, building security into applications, and validating input data
describe security vulnerabilities associated to the scanning phase of the devsecops pipeline
differentiate between on-premise and cloud solutions and discuss how devsecops can influence each
provide an overview of on-premise software -
discuss measures to ensure security in devops
provide an overview of test-driven security and why it has become a pillar of the devsecops model
provide an overview on how to build a positive devsecops culture
describe how devsecops teams can effectively monitor and respond to security incidents
provide an overview of aws services used for ci/cd including aws codebuild, aws codecommit, and aws codedeploy
outline tools used for continuous testing in aws
outline approaches used to support digital transformation in aws using devsecops
list components required for a successful devsecops implementation in aws including code analysis, change management, compliance, threat modeling, and security training
outline common benefits of practicing devsecops in aws
discuss how to build and deploy containers with azure pipelines
provide an overview of the azure security center and discuss how it can provide unified security management across workloads
recognize how to manage keys and secrets in azure using azure key vault
describe how to manage identities and access with azure ad
describe how azure devops can help plan tasks, collaborate, and build and deploy applications
discuss the secure-by-design foundation and how it can be used to improve risk management
recognize how the gcp security operations suite can be used to detect, investigate, and respond to threats
outline the five layers of gcp security including cloud infrastructure, products and services, security blueprint, blueprints for security posture, workload, and applications, and solution packages
discuss how gcp uses a hierarchy to organize resources allowing for greater job-specific access
describe how gcp enables organizations to implement a zero-trust approach
provide an overview of common security challenges presented by containers such as attack surface size
list common goals of shifting toward devsecops including secure by design and secure by default
discuss reasons why teams are adopting containers
differentiate between kubernetes and docker container orchestration systems
differentiate between virtualization and containerization and explain key benefits provided by both
provide an overview of static analysis security testing (sast), or static analysis
describe dynamic analysis security testing (dast), or dynamic analysis
list common sast and dast devsecops tools including bandit, sonarqube, lgtm, owasp zap, and arachni
describe how vulnerability management is used to identify, evaluate, treat and report on security vulnerabilities
provide an overview of secrets management tools such as vault, torus, keywhiz, envkey, confidant, and aws secrets manager
provide an overview of vulnerability assessment tools such as openvas and docker bench
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.
