AZ-400 Exam - Question 135

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You plan to update the Azure DevOps strategy of your company.

You need to identify the following issues as they occur during the company's development process:

✑ Licensing violations

✑ Prohibited libraries

Solution: You implement automated security testing.

Does this meet the goal?

Examice · Accepted Answer

Implementing automated security testing focuses on identifying vulnerabilities and security issues in the code, such as misconfigurations or malicious code. However, it does not specifically address licensing violations or the use of prohibited libraries, which are related to legal and compliance aspects of using open-source software. To identify these issues, a tool that scans the open-source components and their licenses in the application is needed, such as WhiteSource Bolt. Therefore, the solution provided does not meet the goal.

JimmyC · Answer

IMO this is the correct answer (it should be Yes). I've already explained in the previous answer why Continuous Integration is wrong, and that Whitesource Bolt is not necessarily part of CI. However, Whitesource Bolt *IS* an automated security testing solution (which is added to the build pipeline). This answer is more specific, and more correct, than the CI answer.

Mcs_ · Answer

No, this does not meet the goal. Automated security testing can help identify some security issues in the code, such as vulnerabilities, misconfigurations, or malicious code. However, automated security testing cannot detect licensing violations or prohibited libraries, which are related to the legal and compliance aspects of using open-source software. To identify these issues, you need to use a tool that can scan the open-source components and their licenses in your application, such as WhiteSource Bolt.

Ret2Me · Answer

In my opinion licensing violation is not mandatory part of the security test

nakedsun · Answer

"Licensing violations" is nothing to do with security, and "Prohibited libraries" is debateable, could be security if it is prohibitied due to vulnerability, or could be prohibited due to company policy.

The CI option from a previous question makes far more sense.

dmt6263 · Answer

From ChatGPT:

Implementing automated security testing can help to address the identified issues of licensing violations and prohibited libraries.

Automated security testing involves running automated tests that check for security vulnerabilities, such as those related to licensing or the use of prohibited libraries, in the code. By implementing this practice, the company can detect security issues early in the development process, allowing them to be addressed before the code is deployed to production.

Implementing continuous integration alone does not directly address the identified issues of licensing violations and prohibited libraries.

Continuous integration is a software development practice that involves automatically building, testing, and integrating code changes into a shared repository multiple times a day. This practice can help detect issues early in the development process and ensure that code changes do not break the application.

catfood · Answer

licencing issues isn't security scanning....

"finding and fixing open source vulnerabilities" using mend bolt, yes that would likely come under security scanning.

flafernan · Answer

B - No. Implementing automated security testing does not specifically address the issues of licensing violations and prohibited libraries. While automated security testing is important for identifying vulnerabilities and security issues in code, it is not focused on issues related to licenses and libraries.

4bd3116 · Answer

Automated Security Testing:
Set up automated security testing in your CI/CD pipeline.
Use tools like WhiteSource Bolt or Snyk to scan your codebase for vulnerabilities, security risks, and licensing issues.
Configure Licensing Compliance Checks:
Ensure that your automated tests also verify licensing compliance.
Address any licensing violations or prohibited libraries promptly.

surensaluka · Answer

https://www.braindump2go.com/free-online-pdf/AZ-400-PDF(178-188).pdf
I checked another dump as well. The answer is aligned with examtopics.

DGladiator · Answer

GPT4
Yes, implementing automated security testing with the right tools could meet the goal, but only partially. Automated security testing can help identify security vulnerabilities in your software, but on its own, it may not be fully equipped to identify licensing violations or usage of prohibited libraries.

flafernan · Answer

B - No.  Implementing automated security testing does not specifically address the issues of licensing violations and prohibited libraries. While automated security testing is important for identifying vulnerabilities and security issues in code, it is not focused on issues related to licenses and libraries.

Sukon_Desknot · Answer

The answer is B, security testing can be implemented and it still won't check the issue of prohibited libraries or licensing issues

AymanAkk · Answer

answer is A

chloaus · Answer

A. Here is an example: https://www.synopsys.com/software-integrity/software-composition-analysis-tools/black-duck-sca.html

Mattt · Answer

B is correct

UrbanRellik · Answer

WhiteSource, Mend Bolt supports automated security testing when integrated into a CI pipeline.

60ties · Answer

Answer is B.  Licensing violation is not a code security issue. It is a legal issue. The "solution: You implement automated security testing." is for code testing & not legalities.

AZ-400 Exam - Question 135

Discussion