Final Exam: Introduction to DevSecOps

Intermediate
  • 1 video | 32s
  • Includes Assessment
  • Earns a Badge
Rating 5.0 of 2 users Rating 5.0 of 2 users (2)
Final Exam:Introduction to DevSecOps will test your knowledge and application of the topics presented throughout the Introduction to DevSecOps journey.

WHAT YOU WILL LEARN

  • Discuss the evolution and history of computer systems
    provide an overview of information security and how it impacts users and organizations
    discuss the basic tenants of information security: confidentiality, integrity, and availability
    discuss physical security principles such as access, control, surveillance, and security testing
    recognize different types of information security including application, cloud, and infrastructure security
    outline common information security risks including advanced persistent threats, insider threats, and ransomware
    provide an introduction of devops and describe how it can be leveraged by development and it teams
    list key benefits of devops including speed, reliability, and collaboration
    outline common devops practices including continuous integration, continuous delivery, and automation
    list common challenges of adopting devops
    provide an overview of the devops lifecycle
    differentiate between the waterfall model and the agile model for software development
    provide an overview of the continuous integration phase of the devops lifecycle
    provide an overview of the continuous testing phase of the devops lifecycle
    provide an overview of the continuous deployment phase of the devops lifecycle
    discuss the continuous operations phase of the devops lifecycle
    discuss the continuous monitoring phase of the devops lifecycle
    discuss factors that define devsecops as a methodology or framework
    provide an overview of the three ways framework
    provide an overview of the calms framework
    discuss reasons to integrate security into the application development lifecycle
    recognize key differences between agile and devsecops
    discuss considerations when migrating from devops lifecycle to devsecops lifecycle
    provide an overview of continuous integration / continuous delivery (ci/cd)
    describe the fundamental elements of ci/cd
    discuss security vulnerabilities associated with the threat modeling phase of the devsecops pipeline
    list common devsecops security recommendations such as implementing secure coding guidelines, building security into applications, and validating input data
    describe security vulnerabilities associated to the scanning phase of the devsecops pipeline
    differentiate between on-premise and cloud solutions and discuss how devsecops can influence each
    provide an overview of on-premise software
  • discuss measures to ensure security in devops
    provide an overview of test-driven security and why it has become a pillar of the devsecops model
    provide an overview on how to build a positive devsecops culture
    describe how devsecops teams can effectively monitor and respond to security incidents
    provide an overview of aws services used for ci/cd including aws codebuild, aws codecommit, and aws codedeploy
    outline tools used for continuous testing in aws
    outline approaches used to support digital transformation in aws using devsecops
    list components required for a successful devsecops implementation in aws including code analysis, change management, compliance, threat modeling, and security training
    outline common benefits of practicing devsecops in aws
    discuss how to build and deploy containers with azure pipelines
    provide an overview of the azure security center and discuss how it can provide unified security management across workloads
    recognize how to manage keys and secrets in azure using azure key vault
    describe how to manage identities and access with azure ad
    describe how azure devops can help plan tasks, collaborate, and build and deploy applications
    discuss the secure-by-design foundation and how it can be used to improve risk management
    recognize how the gcp security operations suite can be used to detect, investigate, and respond to threats
    outline the five layers of gcp security including cloud infrastructure, products and services, security blueprint, blueprints for security posture, workload, and applications, and solution packages
    discuss how gcp uses a hierarchy to organize resources allowing for greater job-specific access
    describe how gcp enables organizations to implement a zero-trust approach
    provide an overview of common security challenges presented by containers such as attack surface size
    list common goals of shifting toward devsecops including secure by design and secure by default
    discuss reasons why teams are adopting containers
    differentiate between kubernetes and docker container orchestration systems
    differentiate between virtualization and containerization and explain key benefits provided by both
    provide an overview of static analysis security testing (sast), or static analysis
    describe dynamic analysis security testing (dast), or dynamic analysis
    list common sast and dast devsecops tools including bandit, sonarqube, lgtm, owasp zap, and arachni
    describe how vulnerability management is used to identify, evaluate, treat and report on security vulnerabilities
    provide an overview of secrets management tools such as vault, torus, keywhiz, envkey, confidant, and aws secrets manager
    provide an overview of vulnerability assessment tools such as openvas and docker bench

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Rating 5.0 of 1 users Rating 5.0 of 1 users (1)
Rating 4.5 of 2 users Rating 4.5 of 2 users (2)
Rating 5.0 of 1 users Rating 5.0 of 1 users (1)