Bash, the Crucial Exams Chat Bot
AI Bot
Security and Compliance Practices Flashcards
Microsoft DevOps Engineer Expert AZ-400 Flashcards
Study our Security and Compliance Practices flashcards for the Microsoft DevOps Engineer Expert AZ-400 exam with 30+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Advantages of pre-integrated security checks | Minimize risk by automating checks in CI/CD workflows |
| Azure DevOps compliance tools | Utilize built-in features like policies and governance controls |
| Benefits of automated security testing | Early detection of vulnerabilities during development |
| Benefits of penetration testing | Identify and address security vulnerabilities in systems and applications |
| Best practices for managing API keys | Rotate keys frequently and avoid hardcoding them |
| Configuring alerts for vulnerabilities | Ensure proactive notifications of risks in systems and code |
| Container security best practices | Use image scanning and runtime protection for containerized apps |
| Data loss prevention (DLP) strategies | Protect sensitive information from unauthorized exposure or breach |
| Dynamic secrets management | Generate temporary credentials for sensitive operations |
| Encrypting sensitive data in transit and at rest | Ensure data safety through comprehensive encryption practices |
| How to ensure compliance in DevOps | Regular audits aligned with regulatory frameworks |
| Implementing access control in pipelines | Use Azure DevOps permissions to protect critical components |
| Implementing multi-factor authentication (MFA) | Strengthen access security to Azure DevOps environments |
| Importance of audit trails in security | Maintain detailed records for accountability and investigation |
| Importance of least privilege access | Restrict user access based on role-specific requirements |
| Integrating security checks into the pipeline | Regularly perform static and dynamic code analysis during pipeline executions |
| Integrating security into DevOps culture | Promote collaborative focus on security across teams |
| Key Vault integration in Azure DevOps | Safeguard secrets by linking pipelines with Azure Key Vault |
| Maintaining up-to-date security patches | Continuously update dependencies and systems for improved security |
| Managing secrets effectively | Use secure tools like Azure Key Vault to manage sensitive information |
| Monitoring pipeline activities for anomalies | Enable logging and alerts for suspicious actions |
| Policy-driven pipelines | Enforce security and compliance rules at every stage of the workflow |
| Regular vulnerability assessment | Continuously scan for weaknesses in apps and infrastructure |
| Role of Secure SDLC in compliance | Incorporate security checkpoints throughout the software lifecycle |
| Roles of compliance automation tools | Streamline regulatory adherence through built-in checks and validations |
| Secrets scanning in code | Detect and mitigate exposed credentials in repositories |
| Tracking open-source licenses | Avoid legal and security risks in third-party dependencies |
| Using dependency scanning tools | Detect vulnerabilities in third-party libraries and packages |
| Using Infrastructure as Code (IaC) for security | Automate secured deployments with tools like Terraform or ARM templates |
| Using threat modeling for pipelines | Anticipate and mitigate risks in CI/CD workflows |
About the Flashcards
Flashcards for the Microsoft DevOps Engineer Expert exam provide a concise review of secure DevOps practices tested on the certification. Cards walk through integrating static and dynamic security checks into CI/CD pipelines, managing secrets with services like Key Vault, enforcing least-privilege access, and automating compliance policies that align deployments with regulatory frameworks.
Additional cards highlight dependency and container scanning, encryption for data in transit or at rest, continuous vulnerability assessments, threat modeling, logging, and alerting. By drilling these terms and scenarios, students can quickly recall key concepts, recognize exam-style questions, and strengthen their understanding of secure software development throughout the lifecycle.
Topics covered in this flashcard deck:
- Secure DevOps pipelines
- Secrets management
- Compliance & governance
- Vulnerability scanning
- Access control & MFA
- Encryption & DLP