Which two practices help make the security of an application a more integral part of the software development lifecycle? (Choose two.)
Add a step to the CI/CD pipeline that runs a dynamic code analysis tool during the pipeline execution.
Add a step to the CI/CD pipeline that runs a static code analysis tool during the pipeline execution.
Use only software modules that are written by the internal team.
Add a step to the CI/CD pipeline to modify the release plan so that updated versions of the software are made available more often.
Ensure that the code repository server has enabled drive encryption and stores the keys on a Trusted Platform Module or Hardware Security Module.
Correct answer: AE
Question 2
Which type of testing should be integrated into a CI/CD pipeline to ensure the correct behavior of all of the modules in the source code that were developed using TDD?
soak testing
unit testing
load testing
volume testing
Correct answer: B
Question 3
Configuration changes to the production network devices are performed by a CI/CD pipeline. The code repository and the CI tool are running on separate servers. Some configuration changes are pushed to the code repository, but the pipeline did not start. Why did the pipeline fail to start?
The CI server was not configured as a Git remote for the repository.
The webhook call from the code repository did not reach the CI server.
Configuration changes must be sent to the pipeline, which then updates the repository.
The pipeline must be started manually after the code repository is updated.