Bash, the Crucial Exams Chat Bot
AI Bot
Security and Compliance Practices Flashcards
Microsoft DevOps Engineer Expert AZ-400 Flashcards
| Front | Back |
| Advantages of pre-integrated security checks | Minimize risk by automating checks in CI/CD workflows |
| Azure DevOps compliance tools | Utilize built-in features like policies and governance controls |
| Benefits of automated security testing | Early detection of vulnerabilities during development |
| Benefits of penetration testing | Identify and address security vulnerabilities in systems and applications |
| Best practices for managing API keys | Rotate keys frequently and avoid hardcoding them |
| Configuring alerts for vulnerabilities | Ensure proactive notifications of risks in systems and code |
| Container security best practices | Use image scanning and runtime protection for containerized apps |
| Data loss prevention (DLP) strategies | Protect sensitive information from unauthorized exposure or breach |
| Dynamic secrets management | Generate temporary credentials for sensitive operations |
| Encrypting sensitive data in transit and at rest | Ensure data safety through comprehensive encryption practices |
| How to ensure compliance in DevOps | Regular audits aligned with regulatory frameworks |
| Implementing access control in pipelines | Use Azure DevOps permissions to protect critical components |
| Implementing multi-factor authentication (MFA) | Strengthen access security to Azure DevOps environments |
| Importance of audit trails in security | Maintain detailed records for accountability and investigation |
| Importance of least privilege access | Restrict user access based on role-specific requirements |
| Integrating security checks into the pipeline | Regularly perform static and dynamic code analysis during pipeline executions |
| Integrating security into DevOps culture | Promote collaborative focus on security across teams |
| Key Vault integration in Azure DevOps | Safeguard secrets by linking pipelines with Azure Key Vault |
| Maintaining up-to-date security patches | Continuously update dependencies and systems for improved security |
| Managing secrets effectively | Use secure tools like Azure Key Vault to manage sensitive information |
| Monitoring pipeline activities for anomalies | Enable logging and alerts for suspicious actions |
| Policy-driven pipelines | Enforce security and compliance rules at every stage of the workflow |
| Regular vulnerability assessment | Continuously scan for weaknesses in apps and infrastructure |
| Role of Secure SDLC in compliance | Incorporate security checkpoints throughout the software lifecycle |
| Roles of compliance automation tools | Streamline regulatory adherence through built-in checks and validations |
| Secrets scanning in code | Detect and mitigate exposed credentials in repositories |
| Tracking open-source licenses | Avoid legal and security risks in third-party dependencies |
| Using dependency scanning tools | Detect vulnerabilities in third-party libraries and packages |
| Using Infrastructure as Code (IaC) for security | Automate secured deployments with tools like Terraform or ARM templates |
| Using threat modeling for pipelines | Anticipate and mitigate risks in CI/CD workflows |
This deck highlights integrating security checks into the pipeline, managing secrets, and ensuring compliance with Azure DevOps tools.