Question-55:
Your organization puts a high importance on being attentive to the requirements of your customers and responding to those demands in a timely manner. Their key business goals are to increase their speed of release and their agility. The speed, flexibility, and openness of software revisions are just few of the aspects that are included by release agility. It affords you, the leaders of the Agile team, the opportunity to differentiate your product and acquire a competitive advantage. You will want to lessen the likelihood that mistakes related to security may be made by accident. The process of preparing a product's iterative releases is known as agile release planning, and it is a product management strategy. Traditional software planning, in which the primary emphasis is placed on major releases, is not the same as this. When you plan an Agile release, you will first prepare for staged releases, and then you will divide each of those releases into a number of separate sprints or iterations. Which two courses of action are available to you? (Pick any two. )?
A. Make sure that a security SME looks over every piece of code that is checked in.
B. Use security analyzers for source code as part of your CI/CD pipeline.
C. Make sure you have stubs for all interfaces between components so you can unit test them.
D. Make sure your CI/CD pipeline has code signing and a trusted binary repository.
E. As part of your continuous integration and continuous delivery (CI/CD) pipeline, run a vulnerability security scanner.
Correct Answer
Get All 340 Questions and Answer for Google Professional Cloud Architect
: 2,5 Explanation: Code signing only verifies the author. In other words it only checks who you are, but not what you have done. But when we select Option-5 , it might auto include Option-2 . Some VA scanning tools also do SAST. Here the question is to provide a solution for Speed and Agility. The Binary authorization prevents unauthorized deployments in production for GKE, Anthos Servicemesh and Cloud run, however will add delay in deployment process. So Option-4 may not be suitable in this scenario. Speed will not get hampered if the images are verified and attested. Checks need to be there. There are many automated security analyzers available for different use case such as Static Application Security Testing(SAST), Dynamic Application Security Testing(DAST), Software Composition Analysis(SCA), Interactive Application Security Testing(IAST), Runtime Application Self Protection(RASP), etc. Based on the available options it is all about SAST and SCA, where SAST: Detects open source components with known vulnerabilities in the public domain. SCA: Detects potential vulnerabilities in the proprietary code, written in house. Can be integrated with IDEs for real time feedback. We can rule out Option A (manual) and Option C(stubs for integration testing which is not a kind of security testing). We are not left with: Option-2: SCA Option-4: SAST Option E: SAST Option Option-5 is a subset of Option-4, i.e. Binary Authorization in GCP covers SAST as one of the available features.