CERTIFIED DEVSECOPS PROFESSIONAL (CDP)
DEVOPS INSTITUTE PRACTICE EXAM
1. What is Session Jacking?
How can you prevent it? - ANSWERS-An attack where an intruder gains access
to a session ID to authenticate as the victim.
Prevention Methods: Encryption, Salting
2. COPE - ANSWERS-Corporate Owned, Personally Enabled: a mobile device management
strategy where an organization owns devices used by employees.
3. CYOD - ANSWERS-Choose Your Own Device: a policy allowing employees to select
approved devices for work purposes.
4. MDM - ANSWERS-Mobile Device Management: software for managing, securing, and
monitoring mobile devices.
5. BYOD - ANSWERS-Bring Your Own Device: a policy permitting employees to use personal
devices within an organization.
6. Impact Analysis - ANSWERS-A structured approach evaluating the effects of changes,
decisions, or events within an organization or system.
7. Blackout Plan - ANSWERS-Predefined procedures to reverse changes made during
planned activities.
8. Change Advisory Board - ANSWERS-It is a formal group within an organization
responsible for evaluating, prioritizing, approving, and overseeing changes to IT
infrastructure, systems, applications, and services.
9. Cryptographic Erasure - ANSWERS-Encrypting the data on the storage media and then
securely deleting the encryption key, rendering the encrypted data unreadable without
the key
10. Degaussing - ANSWERS-Erasing data by exposing storage media to a strong magnetic
field.
11. Attestation - ANSWERS-Provides an opinion of a companies' security positioning. A 3rd
party generally attests to a companies' security posture after testing the system
12. Passive Reconnaissance - ANSWERS-Gathering information about an organization
without network interaction. (using social media, dumpster diving, etc)
13. Active Reconnaissance - ANSWERS-Actively probing a target network to gather
information. (Using pings, Nmap, DNS Queries, etc.)