CISSP PRACTICE QUESTIONS – 20200425

Effective CISSP Questions

You are managing a software development project and considering implementing DevOps. After doing some research, you realized that ISO/IEC TS 23167:2020 defines DevOps as the “methodology which combines together software development and IT operations in order to shorten the development and operations lifecycle.” Which of the following statements about DevOps is not true?
A. DevOps relies heavily on tools for automation and streamlining the processes.
B. Agile addresses communication gaps between customers and developers, while DevOps addresses gaps between developers and IT operations.
C. DevOps relieves the burden of security professionals by central management.
D. In addition to developers and system administrators, DevOps also engages QA staff.


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. DevOps relieves the burden of security professionals by central management.

 

 

DevOps

ISO/IEC TS 23167:2020 defines DevOps as follows:

methodology which combines together software development and IT operations in order to shorten the development and operations lifecycle.

The Wikipeida also defines DevOps pretty well:

DevOps is a set of practices that combines software development (Dev) and information-technology operations (Ops) which aims to shorten the systems development life cycle and provide continuous delivery with high software quality.

Toolchains

DevOps relies heavily on tools for automation and streamlining the processes. As introduced in the Wikipedia, it employs “toolchains”:

  • Coding – code development and review, source code management tools, code merging
  • Building – continuous integration tools, build status
  • Testing – continuous testing tools that provide quick and timely feedback on business risks
  • Packaging – artifact repository, application pre-deployment staging
  • Releasing – change management, release approvals, release automation
  • Configuring – infrastructure configuration and management, infrastructure as code tools
  • Monitoring – applications performance monitoring, end-user experience

Source: Wikipedia

DevOps as a Security Challenge

DevSecOps is an augmentation of DevOps to allow for security practices to be integrated into the DevOps approach. The traditional centralised security team model must adopt a federated model allowing each delivery team the ability to factor in the correct security controls into their DevOps practices.

Source: Wikipedia

References

 

 

 

 

 

 

Leave a Reply