Exam 350-701 topic 1 question 163 discussion

As sis_net_sec an others wrote, it should be B

Like statikd about the mentioned DevSecOps manifesto wrote: "Enabling businesses to address their most critical security requirements over a checklist or security mandates." Which is an attribute listed in the DevSecOps manifesto. Development security is overall what DevSecOps does, it's a given. https://blogs.cisco.com/security/devsecops-win-win-for-all see also: https://www.base4sec.com/research/en/DevSecOps-Checklist/ and https://www.devsecops.org/blog/tag/DevSecOps+Explained

I'd go for B, even though it's not written in correct English, it should be security development: https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/devsecops-infographic.pdf "Using clearly defined guiding principles to drive security throughout the development process helps establish mutual trust among the Engineering, Operations and Security teams"

DevSecOps (development, security, and operations) is a concept used in recent years to describe how to move security activities to the start of the development life cycle and have built-in security practices in the continuous integration/continuous deployment (CI/CD) pipeline. Thus minimizing vulnerabilities and bringing security closer to IT and business objectives. Three key things make a real DevSecOps environment: + Security testing is done by the development team. + Issues found during that testing is managed by the development team. + Fixing those issues stays within the development team. https://blogs.cisco.com/security/devsecops-win-win-for-all

The drive toward shorter and more iterative development cycles, with a focus on delivering mission needs, is leading agencies to adopt DevSecOps (development, security, and operations) methodologies that enable development, security, and IT teams to work more closely and collaboratively. https://www.cisco.com/c/en/us/solutions/collateral/industries/government/cloud-ready-networks.html

It is B. D can never be because it goes againts the principles of Agile "mandate"

based on this both B and D are correct answers What is an attribute of the DevSecOps? What is an attribute of the DevSecOps process? security scanning and theoretical vulnerabilities. development security. isolated security team. mandated security controls and check lists

Just from a very basic angle, D is correct. "development security" is not proper grammar and broken English or something. Read the question then the answer, does it flow and sound like a Cisco answer? If i get this on the test and it really does say "development security" I am picking D. If it says "security development" I would pick B.

B. development security

B DevSecOps (development, security, and operations) is a concept used in recent years to describe how to move security activities to the start of the development life cycle and have built-in security practices in the continuous integration/continuous deployment (CI/CD) pipeline. Thus minimizing vulnerabilities and bringing security closer to IT and business objectives. Three key things make a real DevSecOps environment: + Security testing is done by the development team. + Issues found during that testing is managed by the development team. + Fixing those issues stays within the development team.

It is a terrible question. I could see it being either B or D. I would go with D though. DevOps is a deliberate effort to align the application development team with the application operations team, while SecDevOps introduces additional processes within the framework, to mitigate the chances that the Continuous Integration and Continuous Deployment (CI/CD) operational tempo will compromise application security.

If I get this question on the Exam, I will be answering B) Development Security. For reference, search "Cisco's DevSecOps Manifesto, where it explicitly states it's mission is to solve security problems with "Consumable Security Services over Mandated Security Controls" and "Collaboration to Securely enable Business, over Mandates" its a very Agile-ish manifesto. I found it here. https://blogs.cisco.com/security/devsecops-win-win-for-all