DevNet Associate (Version 1.0) – DevNet Associate Module 6 Exam Answers

Last Updated on June 27, 2021 by InfraExam

DevNet Associate (Version 1.0) – DevNet Associate Module 6 Exam Answers

1. Which technique is used to help mitigate SQL injection attacks?

   • assigning DBA or admin access rights to the application account
   • using stored procedures with the “db_owner” default role
   • limiting the read access to specific fields of a table or joins of tables
   • using the same owner or admin account in the web applications to connect to the database

2. In software development, what is the purpose of a jump box?

   • to act as a single trusted machine used to launch connections to sensitive systems
   • to make all requests originating from within a network look like they come from the same source IP address
   • to filter packets based on Layer 3 and Layer 4 addressing
   • to receive incoming requests and forward them to multiple servers

3. What is used to isolate the different parts of a running container?

   • namespaces
   • control groups
   • wrappers
   • union file systems

4. Which security device is used to make responses to client requests look like they all come from the same server?

   • forward proxy
   • reverse proxy
   • stateful firewall
   • jump box

5. Which attack involves the insertion of malicious code into SQL statements?

   • local file inclusion
   • SQL injection
   • brute force
   • cross-site scripting

6. Match the cloud model to its description. (Not all options are used.)

   

7. Which statement is a characteristic of the broken access control threat to web applications?

   • It allows attackers to access, and potentially change, serialized versions of data and objects.
   • It allows attackers to steal sensitive information such as passwords or personal information.
   • It allows users to circumvent existing authentication requirements.
   • It allows an attacker to use the dynamic functions of a site to inject malicious content into the page.

8. What is a characteristic of the blue-green upgrade deployment strategy?

   • The code changes are periodically rolled out in such a way that they do not impact current users.
   • The new code is deployed all at once to the old environment. If users experience no issues, it is then moved to the new environment.
   • The new code version is first rolled out to a subset of users. Changes can then be rolled back if the users experience any problems.
   • A new environment is created with the new code in it, while the old environment is held in reserve in case users experience problems.

9. Which characters are used to separate batched SQL statements?

   • parentheses ( )
   • semicolons ;
   • pound signs #
   • colons :

10. Which mitigation method is effective against cross-site scripting?

    • requiring multifactor authentication
    • using only necessary features and secure packages downloaded from official sources and verified with a signature
    • sanitizing untrusted content
    • consistent hardening of systems and applications

11. Match the OWASP resource with a description.

    

12. What is a characteristic of a virtual machine running on a PC?

    • A virtual machine needs a physical network adapter to connect to the Internet.
    • A virtual machine runs its own operating system.
    • A virtual machine is not susceptible to threats and malicious attacks.
    • The number of virtual machines that can be made available depends on the software resources of the host machine.

13. Match the environments in the four-tier development environment structure to the description.

    

14. What is a philosophy for software deployment used in the field of DevOps?

    • SOAP
    • CI/CD
    • OWASP
    • DevNet

15. Which technology is used to containerize applications and allows them to run in a variety of environments?

    • GitHub
    • VirtualBox
    • Docker
    • Cisco DNA