DEVSECOPS – SECURING THE CI/CDPIPELINE & CONTINUOUS SECURITY

Questions and Answers

What method did the hackers use to compromise the SolarWinds software supply chain?

• Unauthorized access to SolarWinds servers
• Malicious injection into software updates (correct)
• Social engineering attacks on SolarWinds employees
• Denial of service attacks on SolarWinds infrastructure

What is the NPM Node Package Manager primarily used for?

• Managing financial transactions
• Storing personal documents
• Organizing email communication
• Exchanging software packages (correct)

What is the purpose of Scopes in NPM Node Package Manager?

• Creating data backups
• Monitoring system performance
• Grouping similar software development packages (correct)
• Managing user profiles

How did the attackers achieve unfettered package change under a Scope in NPM?

Using a specially written pull request (D)

What type of vulnerability led to remote code execution in Cloudflare?

Unsafe zip archive extraction (A)

What is the primary goal of security in the pipeline (SIP) according to the text?

Discovering defects and errors in the code (A)

What are some of the important benefits of continuous integration and continuous delivery/deployment (CI/CD)?

Saves time for developers and allows more time for code creation (C)

Why is security often a concern in the CI/CD pipeline?

CI/CD is quick, but security measures are typically slow (D)

How does DevSecOps aim to change the speed and delivery of software security?

By integrating security controls as part of the software being developed (C)

Why is it critical for developers to understand what is happening during software development and deployment in the context of security?

To ensure that security is not compromised in the development and deployment process (B)

What role does DevSecOps play in the development and deployment process?

It aims to integrate security as a design constraint in the software being developed (D)

What does CI/CD save an enormous amount of for developers?

Time (C)

What makes CI/CD pipelines a desirable target for adversaries?

They manage the whole software lifecycle (A)

How can attackers potentially exploit the trust connection between code repositories and servers in CI/CD pipelines?

By exploiting code modifications and commits (A)

Why are containers considered a secure solution for executing programs in CI/CD pipelines?

They are isolated from each other (C)

What is a supply chain assault in the context of CI/CD pipeline security?

An attempt to spoof users through third-party software (D)

What is the significance of the SolarWinds Orion supply chain breach?

It infiltrated networks, systems, and data of thousands of organizations (C)

What made SolarWinds a valuable target for the supply chain assault?

Its privileged access to IT systems and extensive deployment (D)

What is the purpose of a Web Application Firewall (WAF)?

To safeguard web applications by filtering, monitoring, and blocking harmful HTTP/S traffic (B)

Which type of WAF implementation is typically the most expensive and requires physical equipment?

Network-based WAF (A)

What is the main advantage of a cloud-based WAF?

Low upfront cost and continuous updates without additional effort or cost (C)

What does Runtime Application Self-Protection (RASP) technology perform?

A server-based technique that activates when an application is launched to identify and stop real-time attacks (D)

What is the purpose of Continuous esecurity?

To swiftly identify, prioritize, diagnose, and fix performance problems interfering with regular service operation (B)

What does Hypertext Transfer Protocol Secure (HTTPS) refer to?

HTTP over transport layer security (TLS) or HTTP over secure socket layer (SSL) (C)

What is the main purpose of Cloud Security Posture Management (CSPM)?

Automating risk assessment and mitigation across different cloud systems (C)

What is the primary focus of Security Around the Pipeline (SAP)?

Protecting the pipeline from being bypassed (D)

Why is continuous security integration crucial for contemporary systems?

To continually safeguard infrastructure and applications (B)

What is the primary function of Kubernetes in the context of software security?

Simplifying container orchestration technology (D)

Why is it necessary to include continuous security validation into CI/CD pipelines?

To detect holes and misconfigurations in the code (D)

What does Security of the Pipeline (SOP) primarily focus on protecting?

The posture of system processes targeted by malware (D)

What is the primary function of RASP in the context of application security?

To identify and resolve security issues within the application (A)

In which mode does RASP attempt to prevent security issues from occurring?

Protective mode (B)

How do developers implement RASP using function calls found in an app’s source code?

By accessing the RASP technology (D)

What is the ultimate effect of implementing RASP in an application's security?

It combines a firewall with the program’s runtime environment (B)

What is the primary purpose of application security monitoring?

To notify administrators of malicious activity (D)

What capability is unavailable to security solutions that operate 'outside' apps?

Identifying strange activities that contradict business principles (D)

What advantage do application security monitoring solutions have over embedding monitoring code into each application?

They have extensive knowledge and expertise on attacks and abuses (A)

What is the primary function of logging in an application?

To ensure compliance with security laws (C)

What is the primary purpose of Incident Response?

To promptly detect and stop attacks (A)

What is the primary objective when Containment of attackers and incident activity is performed?

To reach this level as soon as possible to limit the amount of damage caused (D)

What is the significance of Incident Response Frameworks?

They assist companies in the creation of standardized response strategies (A)

Why is a risk assessment conducted during the Preparation of processes and systems phase of Incident Response?

To prioritize the protection of high-priority assets (D)

What is the main focus during the Identification of occurrences phase of Incident Response?

To detect and identify any unusual behavior using tools and processes specified during the planning phase (A)

What is typically performed during Short-term containment as part of Incident Response?

Imminent threats are contained in situ (A)

What is the primary function of the National Institute of Standards and Technology (NIST) incident response methodology?

To develop an IR plan and an IR team (B)

1

It provides instructions on how to develop a communication plan and training scenarios. (B)

What is typically performed during Short-term containment as part of Incident Response?

Imminent threats are contained in situ. (A)

What is the primary responsibility of a cloud computing provider according to the shared responsibility model?

Providing services and storage such as the virtualization layer, disks, and networks (B)

What is the primary role of bug bounty programs in proactive security management?

Crowdsourcing security knowledge via a formal program and paying rewards for defects discovered (C)

What is the responsibility of users in the software as a service (SaaS) model of cloud computing?

Protecting the security of the subscriptions and login credentials of their users (A)

What is the primary function of Red teaming exercises in cybersecurity?

Simulating cyberattacks to identify vulnerabilities (D)

Which type of cloud service model places more security responsibilities on the users as they go from SaaS to PaaS and to IaaS?

Infrastructure as a service (IaaS) (A)

What is the purpose of hiring white-hat hackers in bug bounty programs?

Uncovering previously undisclosed vulnerabilities (B)

What is the main responsibility of a company's IT staff and employees in a shared responsibility model for cloud security?

Accountable for the security of that infrastructure, as well as the applications and data that run on it (B)

What is the primary focus of Red Hat’s Ansible Playbook in the context of patching process automation?

Ensuring correct and consistent application of fixes by automating patching process (B)

"Traditional information security checked for security at the conclusion of an application, whereas continuous security tests for security in parallel from start to finish" – Which concept does this statement refer to?

Continuous security (C)

What are the four stages of the incident response framework according to Cichonsk et al. (2012)?

Preparation, Detection and analysis, Containment, Post-incident activity (A)

What is a key contribution to cybersecurity by SANS?

Incident Response Framework (B)

What is the process of revealing security vulnerabilities in computer software or hardware known as?

Vulnerability Disclosures (B)

What do patches modify in an operating system, platform, or application?

Existing software (C)

What is the primary purpose of patch management in systems administration?

To protect against malware and cyberattacks (B)

Which entity implemented the coordinated vulnerability disclosure (CVD) concept?

Microsoft (B)

What does automating patch management help to reduce?

Human errors (D)

What is the primary advantage of combining patch management with automation technologies?

Limited human errors (D)

What type of vulnerabilities do bug bounties and vulnerability rewards programs aim to address?

Software vulnerabilities (A)

Which organization collaborated on security-related research and public education to present the SANS incident response framework?

SANS (D)

What is the main benefit of using logs to test apps prior to deploying them into production?

Identifying security flaws before they become exploitable vulnerabilities (D)

What is the direct impact of the length of time a vulnerability remains exploitable?

Financial, brand, and consumer trust costs (A)

How does logging and effective log management contribute to improving collaboration between teams?

By enabling real-time monitoring and coordination of modifications (B)

What is the primary role of logs in the context of application security?

Identifying security flaws before deployment (D)

Why is the use of logs important in the context of software development and deployment?

To prevent vulnerabilities from entering production environments (C)

What aspect does effective log management aim to enhance in the context of application development?

Coordination between development and IT operations teams (A)

What impact does the presence of vulnerabilities in deployed applications have on other team members?

It saves time that would have been spent detecting them (D)

Why might vulnerabilities delivered into production remain exploitable for several hours or even days?

Owing to the absence of effective log management (A)

What is the primary purpose of a top-tier log management application in the context of application security?

To identify security flaws before deploying apps into production (D)

How does log management contribute to reducing costs related to security flaws?

By minimizing financial costs through efficient log analysis (D)