01. Which two actions help limit the attack surface of your Docker container?
a) Run only a single service in each container.
b) Run all services in a single image.
c) Use version tags for base images and dependencies.
d) Use Kali Linux as a base image.
e) Download images over HTTPS supporting sites.
02. How does eliminating hardcoded or default passwords help to secure an environment?
a) helps by enforcing your password in a repository and storing it in a secure vault
b) helps to manage passwords centrally
c) helps penetration testing team to focus on other issues more efficiently
d) helps by removing back doors in your environments
03. A developer is nearing the end of a software development cycle and is ready to deploy the software.
The customer wants to continue using a secure software development lifecycle methodology and must plan for postproduction components.
Which two areas should be the developer address?
a) performing code reviews
b) requirement gathering
c) change management process
d) new code scanning
e) rollback plans
04. The E-commerce application is being monitored using AppDynamics. AppDynamics has noticed that the application response has degraded and has identified some thread contention that might be the cause of the delays.
Where in the interface does AppDynamics bring this to your attention?
a) Potential Issues section of an individual transaction
b) Transaction Score graph of a business transaction
c) Code Deadlock section of the Event List
d) Slow Calls and Errors tab of the application
05. An end user is seeing long web page load times on the internal business application that they are trying to view. The user is seeing this issue across multiple web browsers, and other users encounter the same issue.
Which action should the system administrator take to start looking for the cause of this issue?
a) Check to make sure Nginx is running.
b) Check for response times in Nginx logs.
c) Check to make sure the web API response is coming back in JSON.
d) Check the size of the database that the application is using.
06. Microservices architecture pattern has been applied and the system has been architected as a set of services. Each service is deployed as a set of instances for throughput and availability.
In which two ways are these services packaged and deployed?
a) Service instances must be isolated from one another.
b) Service must be independently deployable and scalable.
c) Service are written using the same languages, frameworks, and framework versions.
d) Service must be dependent, deployable, and scalable.
e) Service instances do not need to be isolated from one another.
07. Which type of security testing should be performed as a part of a CI/CD pipeline by analyzing the source code itself without compiling the code into a running executable?
a) Dynamic Application Security Testing
b) Runtime Application Health-Protection
c) Continuous Application Security Testing
d) Static Analysis Security Testing
08. To make logging searches more efficient and useful in Kibana, an Administrator wants to implement index patterns around the hostname of some software systems.
Where should this be configured?
a) Configure a new JSON object in Kibana.
b) Create a search index in Logstash.
c) Create an index pattern in Kibana.
d) Create a time filter on Kibana to look at time only.
09. A user wants to deploy a new service to a Kubernetes cluster. Which two commands accomplish this goal?
10. Which interface is most commonly used to integrate logging, monitoring, and alerting applications into your CI/ CD pipeline?