01. In the context of application architectures, what does the term 'scalability' refer to?
a) The ability to function without errors
b) The capacity to increase or decrease performance and cost in response to changes in application and system processing demands
c) The complexity of the user interface
d) The security measures integrated into the application
02. What is the primary goal of integrating security threat modeling in the plan stage of DevSecOps?
a) To identify potential security threats and vulnerabilities early in the development lifecycle.
b) To postpone security considerations until the testing phase.
c) To focus solely on external threats, ignoring internal security risks.
d) To implement threat modeling only after deployment.
03. How does integrating security into the CI/CD pipeline benefit DevSecOps?
a) It ensures security measures are only considered during post-deployment.
b) It embeds security practices throughout the software development lifecycle, enhancing security without slowing down operations.
c) It encourages ignoring security during early stages of development.
d) It isolates security practices from the rest of the development process.
04. Which development methodology emphasizes customer collaboration over contract negotiation?
a) Agile
b) Waterfall
c) V-model
d) Spiral
05. What is a key characteristic of modern application architectures compared to traditional ones?
a) Reduced scalability and adaptability
b) Longer development cycles
c) Increased dependency on monolithic structures
d) Emphasis on modularity and microservices
06. Which pillar of DevSecOps emphasizes ongoing assessment and adaptation of security practices?
a) Continuous Integration
b) Continuous Delivery
c) Continuous Monitoring
d) Continuous Development
07. How does Compliance as Code (Cac) facilitate regulatory compliance in DevSecOps?
a) By manually tracking compliance requirements.
b) By embedding compliance checks into the automation pipelines, ensuring continuous adherence to regulatory standards.
c) By eliminating the need for compliance monitoring.
d) By focusing only on compliance at the end of the development cycle.
08. Why is the use of Infrastructure as Code (Iac) tools important in DevSecOps?
a) To manually set up and manage infrastructure.
b) To increase the time required to provision infrastructure.
c) To automate the provisioning and management of infrastructure using code.
d) To eliminate the need for version control in infrastructure setups.
09. Which methodology introduced the concept of continuous integration and continuous deployment (CI/Cd)?
a) Waterfall
b) Agile
c) Spiral
d) DevOps
10. Why is threat modeling important in secure application development?
a) It is only useful after a breach has occurred.
b) It helps in identifying, evaluating, and mitigating potential security threats early in the development process.
c) It focuses exclusively on physical security threats.
d) It decreases the understanding of potential security issues.
The purpose of this Sample Question Set is to provide you with information about the EC-Council DevSecOps Essentials exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the 112-55 certification test. To get familiar with real exam environment, we suggest you try our Sample EC-Council DSE Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual EC-Council DevSecOps Essentials (DSE) certification exam.