AGILE & DEVOPS, DEVSECOPS

Introduction to Agile - Pre-Quiz

1. Which is the software configuration concept that ensures that
change should be done in a controlled and authorized
environment
Select one:
a.Baseline
b.Configuration database
c.Audit
d.SVN

2. From the options select the configuration items that are eligible
for configuration management
Select one or more:
a.Source code document
b.SRS
c.Test Report
d.Design Document

3. ____________ ensures that when two different people does

the work and update parallelly, one should not over write the other
Select one:
a.Check-in
b.Check-out
c.Baseline
d.Synchronization control
4. ________ is the process during which the changes of a system
are implemented in a controllable manner by following a
predefined model, with some reasonable modifications.
Select one:
a.Update Management
b.Modification Management
c.Change Management

5. Tom and Peter works on the same project. Tom does his work
and update the local copy back to the configuration management
server. This process is called as
Select one:
a.Check-out
b.Check-in
c.Management
d.Baseline

Introduction to Agile - Test Your Understanding

1. Collaborative and co-operative approach among all the stake
holders is important. This is a feature of the _______________
Agile Methodology

Select one:
a.Scrum
b.Lean Software Development
c.Dynamic system development method,

2. Which of these is not an agile methodology

a.CRYSTAL b.SPIRAL c.SCRUM d.DSDM
3. Scrum divides the development into short cycles called as
______

a.Stable Cycles
b.Risk Cycles
c.Spiral Cycles
d.Sprint Cycles

4. ________ methodology is useful when the client requirements

are not clear and stable
a.Waterfall Methodology
b.Prototype Methodology
c.Spiral Methodology
d.Agile Methodology

5. DSDM is iterative and incremental

Select one:
True
False

Intoduction to Agile--Post-Quiz
1. What are the roles in dynamic system development method?
Choose from the following:
Select one or more:
a.Technical Coordinator
b.Designer
c.Scribe Facilitator
d.System Analyst
2. Which agile methodology divides the development into sprint
cycles, in which a Specified set of features are delivered? Choose
from the following:
Select one:
a.SCRUM
b.Extreme programming
c.Lean Software Development

3. __________ is an iterative and incremental approach that

embraces principles of agile development, including continuous
user/customer involvement.
Select one:
a.Increment Method
b.Loop creation method
c.Dynamic System Development Method
d.Static System Development Method

4. State true or false. During agile development more emphasize

is given for documentation
Select one:
a.FALSE
b.TRUE

5. Which of the following agile methodologies depends on the

cohesiveness of the team and individual commitment of the team
members?
Select one:
a.Extreme programming
b.Lean Software Development
c.Feature Driven Development
 d.SCRUM

6. ____ methodology focus on visualization flow

a.Prototype
b.Scrum
c.Kanban
d.DSDM

Business Analytics Pre Quiz

1. _____ Allows decision makers at virtually all levels of the
organization to gain insight into business performance and data to
support and guide actions.
Select one:
BPM
ERP
SCM
CRM

2. ___ layer in busness analytics indicate what is happening or

what has happened
Select one:
Descriptive Layer
Predictive Layer
Cognitive Layer
Prescriptive Layer

3. An optimal solution is based on ___

Select one or more:
Limits
Targets
Choices
Source

4. Analytics reveal hidden patterns in _____

Select one:
Programs
Data
Functions
Solutions

5. ____ layer describes what could happen

Select one:
Cognitive Layer
Prescriptive Layer
Predictive Layer
Descriptive Layer

Business Analytics Post quiz

1. The challenge faced in Business Analytics are
Select one or more:
Velocity of data
Integral data
Variety of data
Volume of data
2. By working to plan an information agenda, master information,
and apply Business Analytics, organizations can take advantage
of the following areas
Select one or more:
Domain management
Source Control management
ECM
Information Management

3. ____ helps to uncover unexpected patterns and associations

from all data within an organization
Select one:
Cognitive Layer
Descriptive Layer
Prescriptive Layer
Predictive Layer

4. To understand the best course of action for a problem is ____

Select one:
Predictive Layer
Descriptive Layer
Prescriptive Layer
Cognitive Layer

5. ______ is the Process of discovering various models,

summaries and derived values from a given collection of data
Select one:
Data Warehouse
Data Mining
Cube
Data Mart

Business Analytics Techniques--Pre quiz

1. _____ helps an organization to define and measure progress
towards organizational goals.
Select one:
CRM
KPI
BPM
ERP

2. Which of these are attributes of performance measure

Select one or more:
Timely
Strategic
Relevant
Holistic

3. Which is not a KPI

Select one:
Leading KPI
Input KPI
Process KPI
Effort KPI
4. Expand KSI
Select one:
Key Success Index
Key Success Initiative
Key Source Indicator
Key Success Indicator

5. ___ reflect the success or failure after an event has been

consumed
Select one:
Leading KPI
Process KPI
Lagging KPI
Input KPI

Business Analytics Techniques Post quiz

1. The most common form of KPI reporting is ____
Select one:
Dashboarding
ERP
CRM
KPIs

2. Units per hour is an example of what KPI

Select one:
 Qualitative KPI
Quantitative KPI
Lagging KPI
Outcome KPI

3. _____ is the subject matter area on which reports revolve

around.
Select one:
Documents
Digital Files
Books
Content

4. ____ is an important measure of how well an organization

meets or exceeds a customer's expectations
Select one:
ERP
KPIs
CRM
Customer Satisfaction

5. A metric should be time bound

Select one:
True
False
Design thinking Pre quiz
1. Which is not a phase in design thinking
Select one:
Model
Understand
Explore
Materialize

2. Sub phases of understand phase is ___

Select one or more:
Empathize
Ideate
Prototype
Define

3. Design Thinking is focusing on the stated problem than to

arrive at a solution immediately
Select one:
True
False

4. ____ is an iterative process in which we understand the users

clearly
Select one:
Design Thinking
Artificial Intelligence
Designing
Machine Learning
5. Stating Your Users' Needs and Problems is done in which
phase
Select one:
Empathize
Prototype
Define
Ideate

Design thinking Post quiz

1. Challenge Assumptions and Create Ideas is done in
Select one:
Prototype
Ideate
Empathize
Define

2. _______in design thinking is a written, actionable statement

that expresses the problem that the design team is trying to
address.
Select one:
Bodystorm
Ideate
POV
Empathy

3. Which of the following is mapped by an empath map

Select one or more:
Thinks
Does
Feels
Says

4. Analyzing how users interact with their environment is a ____

activity in Empathize
Select one:
Ideate
Immerse
Observer
Engage

5. Researching Your Users' Needs is done in which phase

Select one:
Define
Empathize
Ideate
Prototype

Introduction to Devops – PreQuiz

1. Which of the following CI/CD tools is known for its ease of
setup, out-of-the-box usability, and beautiful user interface?
Select one:
TeamCity
Bamboo
 CircleCI
Jenkins

2. The applications with Azure CI/CD pipelines can be deployed

to multiple target environments
Select one:
True
False

3. Before DevOps, there is a significant delay between

development and operations
Select one:
True
False

4. Which of the following CI/CD toolsprovides support for .Net

framework?
Select one:
TeamCity
CircleCI
GitLab
Bamboo

5. Each service runs in its own process and communicates with

other services through a well-defined interface in Microservices
Select one:
True
 False

6. In which of the following pipelines, all the new changes run

through a consistent set of quality checks?
Select one:
AWS codpipeline
Azure pipeline
GitLab pipeline
Bitbucket pipeline

7. In which of the following, there is no human intervention and

only a failed test will prevent a new change to be deployed to
production?
Select one:
Continuous Delivery
Continuous monitoring
Continuous Integration
Continuous Deployment

8. Which of the following is the final phase of the DevOps cycle?

Select one:
Release
Operate
Deploy
Monitor
9. Which of the following CI/CD tools is a continuous integration
server developed by Atlassian?
Select one:
TeamCity
Bamboo
Jenkins
GitLab

10. In YAML file used for BitBucket pipeline, you can use different
types of container for each step by selecting different images
Select one:
True
False

Introduction to Devops – PostQuiz

1. In GitLab, pipes are agents that run the CI/CD Jobs
Select one:
True
False

2. In Continuous Integration, build status is reported to developers

when they are changing the code.
Select one:
True
False
3. Which of the following CI/CD tools is designed to handle
anything from a simple CI server to a complete CD hub?
Select one:
Jenkins
TeamCity
Bamboo
CircleCI

4. You can either define the pipeline using YAML syntax or

through the user interface in Azure pipeline
Select one:
True
False

5. Which of the following CI/CD tools is suitable for small

projects?
Select one:
CircleCI
GitLab
Bamboo
TeamCity

6. The __________is used to record the code changes made by

developers so that these changes can be shared to others
Select one:
Repository
Trello Board
 Change Control Board
Version control system

7. Which of the following are the services provided by Azure

DevOps?
Select one or more:
Azure Boards
Azure Agents
Azure Artifacts
Azure Repos

8. In _________, developed code is continuously delivered until

the programmer considers it is ready to ship.
Select one:
Continuous Monitoring
Continuous Deployment
Continuous Integration
Continuous Delivery

9. Which of the following uses a version control system and a

central code repository for tracking the code changes made by
developers?
Select one:
Continuous Deployment
Continuous Delivery
Continuous Monitoring
Continuous Integration
10. Pipe uses a script that lives in a Docker container
Select one:
True
False

DevsecOps Part 1 Pre quiz

1. With Continuous Delivery, production happens automatically
without explicit approval.
Select one:
True
False

2. A Blue/Green deployment is a deployment strategy in which

you create two separate, but identical environments.
Select one:
True
False

3. DevOps bridges the gap between development and operations

teams.
Select one:
True
False
4. Which of the following is a a software development practice
where members of a team use a version control system and
frequently integrate their work to the same location like the main
branch?

Continuous Deployment
Continuous Integration
Continuous Delivery
Continuous Monitoring

5. CAMS Stands for Culture, Automation, _________ and

________.

Measurement
Motivation
Sharing
Standard

DevsecOps Part 1 Post quiz

1. Using a blue/green deployment strategy increases application
availability and reduces deployment risk by simplifying the
rollback process if a deployment fails.
Select one:
True
False
2. Which of the following refers to automatically releasing a
developer’s changes from the repository to production, where it is
usable by customers?

Continuous Monitoring
Continuous Deployment
Continuous Delivery
Continuous Integration

3. DevOps culture is about agility, scalability, continuous

improvements in the delivery of services.
Select one:
True
False

4. In CAMS Model, ________ is all about monitoring and tracking

the progress of various activities involved in the DevOps
environment.

Measurement
Sharing
Automation
Culture

5. In the Blue/Green deployment, once testing has been

completed on the blue environment, live application traffic is
directed to the blue environment and the green environment is
deprecated.

Select one : True False

DevsecOps Part 2 Pre quiz
1. Infrastructure-as-Code tools are used to create software
environments using predefined templates.
Select one:
True False

2. Which of the following are the Test Automation tools?

AWS CloudFormation
Vagrant
Terraform
Selenium

3. Which of the following are the Software Configuration

Management tools?

CVS
Docker
Ansible
Git

4. Replacing or modifying older apps with newer microservices

architecture can open up the doors to faster development and
quicker innovation.
Select one:
True False
5. ________ is the first phase of the pipeline, where developers
put in their code and then again the code goes to the version
control system with a proper version tag.

Test phase
Validate phase
Deploy phase
Build phase

DevsecOps Part 2 Post quiz

1. Unit Testing tests individual units or components of a code
written by the developer to validate if they perform as expected.
Select one:
True
False

2. Which of the following phases in the CI/CD pipeline get all the
features of that code from various branches of the repository,
merge them and finally use a compiler to compile it?

Testing phase
Validation phase
Build phase
Deploy phase

3. An Elastic stack can be created to automatically monitor the

application and logs.
Select one:
 True False

4. Which of the following are Infrastructure-As-Code tools?

Terraform
Kubernetes
AWS CloudFormation
SVN

5. _________ and ________ are CI/CD software that automates

tasks starting from development pipeline to deployment.

Vagrant
Bamboo
Jenkins
Puppet

DevsecOps Part 3 Pre quiz

1. Which of the following DevSecOps tools allows an All-in-One
website security scanner to support developers to detect
problems at the most advanced stage?

Acunetix
Aqua Security
Codacy
GitLab

2. Use a SAST tool to ensure that your code is secure, safe, and
reliable.
Select one:

True False

3. __________ refers to the process of tracking the identified

vulnerabilities, the steps taken to mitigate and/or eliminate those
vulnerabilities, and the overall status of the application’s security.
Remediate
Scan
Analyze
Monitor

4. A _________ is an application security solution that can help to

find certain vulnerabilities in web applications while they are
running in production.

Static Analysis Security Testing

Dynamic Analysis Security Testing
Software Composition Analysis
Container security

5. Vulnerability Scanning ensures that code is checked for

vulnerabilities at every major stage of the delivery pipeline from
the time it is written to, when it is deployed into production.
Select one:
True False
DevsecOps Part 3 Post quiz
1. _______ is a web-based DevOps program that gives a full
CI/CD toolchain out-of-the-box in one particular application.

Aqua Security
Logz.io
Contrast Security
GitLab

2. __________ provides a summary of possible attack scenarios,

outlines the flow of sensitive data, and identifies vulnerabilities
and offers potential mitigation options.

Threat Modeling
Remediate
Scan
Monitor

3. Runtime protection means securing software against threats

that can arise when your application starts running.
Select one:
True
False

4. _________ is an enterprise-grade automated code review

solution that uses static code analysis to provide comprehensive
vulnerability reporting.

Aqua Security
 SonarQube
Acunetix
Codacy

5. ___________ is an application security methodology for

managing open source components.

Container security
Static Analysis Security Testing
Dynamic Analysis Security Testing
Software Composition Analysis

DevsecOps Part 4 Pre quiz

1. Which of the following are considered as the 4-Axes in
DSOMM?

Static Depth
Strategy
Collaboration
Intensity

2. During the development phase in secure SDLC, teams need to

make sure that they use secure coding standards.

True False

3. DSOMM Level 1 calls for the execution of static analysis tools

without any changes to the tools or settings.

True False
4. _________ is incorporated in the implementation phase of
Secure SDLC.

OS Hardening, Web/Application Hardening

Dynamic Analysis
Static Analysis
Security Monitoring/Compliance

5. Security issues can be addressed in the SDLC pipeline well

before deployment to production.
Select one:
True False

DevsecOps Part 4 Post quiz

1. In which of the following phases of Secure SDLC, teams follow
architecture and design guidelines to address risk?

Requirement Analysis
Architecture And Design
Development
Planning

2. Employing both SAST and DAST in a pipeline would cover both

codebase and runtime vulnerabilities.
Select one:
True
False
3. Which of the following are the steps of Threat Modeling?

Decomposing the application

Usecase Modeling
Ranking Threats
Mitigation

4. DSOMM strives to incrementally increase the effectiveness of a

security program from Level 1 to Level 4.
Select one:
True
False

5. Which of the following are the three critical areas focused by

Security Monitoring/Compliance in Secure SDLC?

Shifting security left in the SDLC

Hardening web applications
Building security into policies
Creating an audit trail throughout the development

DevsecOps Part 5 Pre quiz

1. Bill Of Materials (BOM) describe the components included in
applications, the version of the components used, and the license
types for each.
Select one:
True
False
2. Which of the following are the Software Composition Analysis
tools?

WhiteSource
Docker
Aqua Security
Dependency Checker

3. Any component that has the potential to adversely impact cyber

supply-chain risk is a candidate for Component Analysis.
Select one:
True
False

DevsecOps Part 5 Post quiz

1.SAC tools can both spot any security weak points and suggest
potential solutions based on the entire code base.
Select one:
True
False

2. Implementing SCA ensures that all of the components in your

applications are secure and compliant.
Select one:
True
False
3. __________is the process of identifying potential areas of risk
from the use of third-party and open-source software and
hardware components.

Configuration Management
Component Analysis
Dynamic Analysis
Static Analysis

DevsecOps Part 6 Pre quiz

1. SAST is performed at the static level ensuring¬ that code
guidelines are followed without actually executing the application.

True False

2. Which of the following rules comes under comprehensive

rulesets while embedding SAST tools into the pipeline?

Path manipulation
Header injection
XML external entity
Weak encryption

3. __________ is an approach to detect dependency bugs in build

systems.

Static code analyzer

Smoke
 VeriBuild
Reshift

4. Which of the following SAST tools is specifically built for

NodeJS?

Veracode
Checkmarx
Klocwork
Reshift

5. Which of the following problems can be identified by using

static analysis?

Input/Output Validation
Code Coverage
Violation of code style guidelines
Dead or unused code

DevsecOpsPart 6 Post quiz

1. Static code analyzers help to define project specific rules to
ensure that all developers follow them without any manual
intervention or sidetracking.
Select one:
True
False
2. ________ is designed for optimizing the performance for
analyzing typestate problem

VeriBuild
Smoke
Checkmarx
Static code analyzer

3. Which of the following SAST tools is designed for web

applications?

Klocwork
HCL AppScan
Veracode
Checkmarx

4. SAST tools examine the source code at rest to detect and

report on potential security vulnerabilities.
Select one:
True
False

5. Static Application Security Testing (SAST) is also known as

'black box testing’.
Select one:
True
False
DevsecOps Part 7 Pre quiz
1. ___________ is a list of tasks that runs repeatedly in an order.

Module
Role
Task
Playbook

2. Which of the following is an open-source configuration

management tool based on Python?

Puppet
Chef
SaltStack
Vagrant

3. Configuration drift occurs when ad-hoc configuration changes

and updates result in a mismatched development, test, and
deployment environments.
Select one:
True
False

4. In Push Based Configuration Management System, nodes pull

the configuration information from the server.
Select one:
True
False
5. You can also use Ansible Automation Platform for configuration
management to maintain your systems in the desired state.
Select one:
True
False

DevsecOps Part 7 Post quiz

1. Which of the following services natively integrates Role-Based
Access Control (RBAC) into the management platform?

Azure Resource Manager

AWS CloudFormation
Google Cloud Deployment Manager
CF Engine

2. _________ are the components required to operate and

manage enterprise IT environments.

Infrastructure
Playbook
Platform
Module

3. Ansible leverages SSH to communicate between servers.

Select one:
True False
4. Ansible is an example of a pull based configuration
management tool.
Select one:
True
False

5. _______ allows you to create “recipes” and “cookbooks” using

its Ruby-based DSL.

Vagrant
Chef
Puppet
Terraform

DevsecOps Part 8 Pre quiz

1. ______ is a set of security tools that can be used to validate
compliance against a set of policies.

OpenSCAP
ClientSpec
ServerSpec
Inspec

2. ServerSpec lets you to include metadata about your

compliance rules.
Select one:
True
False
3. With Chef Automate, you can run your InSpec compliance tests
on demand, see the results on the dashboard, and remediate the
problem.
Select one:
True
False

4. Vulnerability scanning tools can be used to identify specific

local users and groups.
Select one:
True
False

5. InSpec tests can be easily added to act as a quality gate for

compliance.
Select one:
True
False

DevsecOps Part 8 Post quiz

1. InSpec can also run as a series of automated tests that
execute as part of your standard release pipelines.
Select one:
True
 False

2. Chef Automate is an integrated solution for managing and

deploying infrastructure and applications.
Select one:
True
False

3. Inspec uses a client-server model.

Select one:
True
False

4. Once you have categorized and prioritized vulnerabilities, break

down your remediation process into bite-size chunks to make
them more manageable and effective.
Select one:
True
False

5. _________ was created to provide a standardized approach to

maintain the security of systems.

ServerSpec
OpenSCAP
Inspec
ClientSpec