Exam AZ-400 All QuestionsBrowse all questions from this exam
Go to Exam
Question 135

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You plan to update the Azure DevOps strategy of your company.

You need to identify the following issues as they occur during the company's development process:

✑ Licensing violations

✑ Prohibited libraries

Solution: You implement automated security testing.

Does this meet the goal?

    Correct Answer: B

    Implementing automated security testing focuses on identifying vulnerabilities and security issues in the code, such as misconfigurations or malicious code. However, it does not specifically address licensing violations or the use of prohibited libraries, which are related to legal and compliance aspects of using open-source software. To identify these issues, a tool that scans the open-source components and their licenses in the application is needed, such as WhiteSource Bolt. Therefore, the solution provided does not meet the goal.

Discussion
JimmyCOption: A

IMO this is the correct answer (it should be Yes). I've already explained in the previous answer why Continuous Integration is wrong, and that Whitesource Bolt is not necessarily part of CI. However, Whitesource Bolt *IS* an automated security testing solution (which is added to the build pipeline). This answer is more specific, and more correct, than the CI answer.

CyberLumi

I agree with you Jimmy

Ret2MeOption: B

In my opinion licensing violation is not mandatory part of the security test

Mcs_Option: B

No, this does not meet the goal. Automated security testing can help identify some security issues in the code, such as vulnerabilities, misconfigurations, or malicious code. However, automated security testing cannot detect licensing violations or prohibited libraries, which are related to the legal and compliance aspects of using open-source software. To identify these issues, you need to use a tool that can scan the open-source components and their licenses in your application, such as WhiteSource Bolt.

4bd3116Option: A

Automated Security Testing: Set up automated security testing in your CI/CD pipeline. Use tools like WhiteSource Bolt or Snyk to scan your codebase for vulnerabilities, security risks, and licensing issues. Configure Licensing Compliance Checks: Ensure that your automated tests also verify licensing compliance. Address any licensing violations or prohibited libraries promptly.

flafernanOption: B

B - No. Implementing automated security testing does not specifically address the issues of licensing violations and prohibited libraries. While automated security testing is important for identifying vulnerabilities and security issues in code, it is not focused on issues related to licenses and libraries.

catfoodOption: B

licencing issues isn't security scanning.... "finding and fixing open source vulnerabilities" using mend bolt, yes that would likely come under security scanning.

dmt6263Option: A

From ChatGPT: Implementing automated security testing can help to address the identified issues of licensing violations and prohibited libraries. Automated security testing involves running automated tests that check for security vulnerabilities, such as those related to licensing or the use of prohibited libraries, in the code. By implementing this practice, the company can detect security issues early in the development process, allowing them to be addressed before the code is deployed to production. Implementing continuous integration alone does not directly address the identified issues of licensing violations and prohibited libraries. Continuous integration is a software development practice that involves automatically building, testing, and integrating code changes into a shared repository multiple times a day. This practice can help detect issues early in the development process and ensure that code changes do not break the application.

catfood

i wish people would stop posting chat GPT. Its confidently wrong on many things. Go read the microsoft documentation

nakedsunOption: B

"Licensing violations" is nothing to do with security, and "Prohibited libraries" is debateable, could be security if it is prohibitied due to vulnerability, or could be prohibited due to company policy. The CI option from a previous question makes far more sense.

xRiot007

Why ? CI does not require static scanning to be done.

60tiesOption: B

Answer is B. Licensing violation is not a code security issue. It is a legal issue. The "solution: You implement automated security testing." is for code testing & not legalities.

UrbanRellikOption: A

WhiteSource, Mend Bolt supports automated security testing when integrated into a CI pipeline.

MatttOption: B

B is correct

chloausOption: A

A. Here is an example: https://www.synopsys.com/software-integrity/software-composition-analysis-tools/black-duck-sca.html

AymanAkkOption: A

answer is A

Sukon_DesknotOption: B

The answer is B, security testing can be implemented and it still won't check the issue of prohibited libraries or licensing issues

flafernanOption: B

B - No. Implementing automated security testing does not specifically address the issues of licensing violations and prohibited libraries. While automated security testing is important for identifying vulnerabilities and security issues in code, it is not focused on issues related to licenses and libraries.

DGladiatorOption: A

GPT4 Yes, implementing automated security testing with the right tools could meet the goal, but only partially. Automated security testing can help identify security vulnerabilities in your software, but on its own, it may not be fully equipped to identify licensing violations or usage of prohibited libraries.

surensalukaOption: B

https://www.braindump2go.com/free-online-pdf/AZ-400-PDF(178-188).pdf I checked another dump as well. The answer is aligned with examtopics.

resonant

I wouldn't trust answers from most dumps because I have understood they only copy questions and answers from each other. ExamTopics might copy from braindump2go, braindump2go might copy the dumps from somewhere else, etc.