PrepIQ DevOps Specialist Ultimate Exam, Exams of Technology

Comprehensive preparation covering advanced DevOps practices, infrastructure automation, CI/CD implementation, containerization, and platform engineering.

Typology: Exams

2025/2026

Available from 06/13/2026

shilpi-jain-2
shilpi-jain-2 🇮🇳

1

(1)

25K documents

1 / 46

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
PrepIQ DevOps Specialist Ultimate
Exam
**Question 1. Which ISACA standard defines the mandatory requirements for
conducting an information systems audit?**
A) COBIT 2019
B) ISO/IEC 27001
C) ISACA Audit Standards (IS Auditing Standards)
D) NIST SP 800-53
Answer: C
Explanation: The ISACA Audit Standards (formerly IS Auditing Standards)
prescribe the mandatory requirements and professional guidelines for IS
auditors.
**Question 2. In the context of IS audit planning, what is the primary purpose of
a risk-based audit plan?**
A) To audit every control equally
B) To focus audit resources on areas with the highest risk exposure
C) To satisfy regulatory checklists
D) To reduce audit costs by auditing less frequently
Answer: B
Explanation: Risk-based audit planning allocates effort to processes and controls
that present the greatest risk to the organization’s objectives.
**Question 3. Which type of control is designed to detect and correct errors after
they have occurred?**
A) Preventive
B) Detective
C) Corrective
D) Compensating
Answer: B
Explanation: Detective controls identify undesirable events that have already
happened, enabling corrective action.
**Question 4. Which of the following is an example of a physical control?**
A) Firewall rule set
B) Separation of duties policy
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e

Partial preview of the text

Download PrepIQ DevOps Specialist Ultimate Exam and more Exams Technology in PDF only on Docsity!

Exam

Question 1. Which ISACA standard defines the mandatory requirements for conducting an information systems audit? A) COBIT 2019 B) ISO/IEC 27001 C) ISACA Audit Standards (IS Auditing Standards) D) NIST SP 800- 53 Answer: C Explanation: The ISACA Audit Standards (formerly IS Auditing Standards) prescribe the mandatory requirements and professional guidelines for IS auditors. Question 2. In the context of IS audit planning, what is the primary purpose of a risk-based audit plan? A) To audit every control equally B) To focus audit resources on areas with the highest risk exposure C) To satisfy regulatory checklists D) To reduce audit costs by auditing less frequently Answer: B Explanation: Risk-based audit planning allocates effort to processes and controls that present the greatest risk to the organization’s objectives. Question 3. Which type of control is designed to detect and correct errors after they have occurred? A) Preventive B) Detective C) Corrective D) Compensating Answer: B Explanation: Detective controls identify undesirable events that have already happened, enabling corrective action. Question 4. Which of the following is an example of a physical control? A) Firewall rule set B) Separation of duties policy

Exam

C) Biometric access to a data center D) Encryption of stored data Answer: C Explanation: Biometric access controls protect physical entry to facilities, making them physical controls. Question 5. What distinguishes an internal audit from an external audit? A) Internal audits are performed by regulatory agencies. B) External audits focus on financial statements only. C) Internal audits are conducted by the organization’s own audit function. D) External audits never assess IT controls. Answer: C Explanation: Internal audits are performed by staff within the organization, whereas external audits are performed by independent parties. Question 6. Which sampling method is most appropriate when the auditor needs to estimate the proportion of transactions containing a specific error? A) Judgmental sampling B) Random statistical sampling C) Cluster sampling D) Systematic sampling Answer: B Explanation: Random statistical sampling allows the auditor to infer population characteristics, such as error rates, with measurable confidence levels. Question 7. Which audit evidence technique involves the auditor performing the same procedures as the entity to verify results? A) Observation B) Inquiry C) Inspection D) Re-performance Answer: D

Exam

A) ISO/IEC 27002

B) COBIT 2019

C) ITIL v D) TOGAF Answer: B Explanation: COBIT provides governance and management objectives that bridge IT and business strategies. Question 12. The ISO/IEC 38500 standard primarily addresses: A) Information security controls B) IT service continuity C) Corporate governance of IT D. Cloud computing security Answer: C Explanation: ISO/IEC 38500 gives principles, definitions, and a model for governing IT at the corporate level. Question 13. In an organization’s hierarchy of policies, which document provides the most detailed, day-to-day operational instructions? A) Corporate policy B) Standard C) Procedure D) Guideline Answer: C Explanation: Procedures translate higher-level policies and standards into specific, actionable steps for staff. Question 14. Which role is typically responsible for approving major IT investment projects? A) Chief Information Security Officer (CISO) B) IT Service Desk Manager C) Board of Directors or Steering Committee D) Project Manager

Exam

Answer: C Explanation: The board or an IT steering committee provides strategic oversight and approval for significant investments. Question 15. Enterprise Architecture (EA) primarily helps an organization to: A) Reduce the number of servers B) Align business processes, data, and technology to achieve strategic goals C) Increase the number of vendor contracts D. Implement a single programming language Answer: B Explanation: EA creates a blueprint linking business, data, and technology architectures to support strategic objectives. Question 16. Within Enterprise Risk Management (ERM), which of the following best describes “risk appetite”? A) The total amount of risk an organization can tolerate B) The level of risk an organization is willing to accept to achieve objectives C) The probability of a risk occurring D. The cost of mitigating a risk Answer: B Explanation: Risk appetite defines the amount and type of risk an organization is prepared to pursue or retain. Question 17. Which of the following is a key performance indicator (KPI) for measuring IT service availability? A) Mean Time to Repair (MTTR) B) Number of user passwords reset per month C) Percentage of budget spent on hardware D. Number of software licenses purchased Answer: A Explanation: MTTR reflects how quickly services are restored after an outage, directly measuring availability.

Exam

B) Design C) Implementation D. Testing Answer: B Explanation: The design phase creates system architecture and detailed specifications based on gathered requirements. Question 22. DevSecOps extends DevOps by integrating which of the following into the development pipeline? A) Financial accounting B) Security controls and testing C) Human resources processes D. Marketing automation Answer: B Explanation: DevSecOps embeds security activities (e.g., static analysis, vulnerability scanning) throughout continuous integration/continuous delivery. Question 23. Which type of control is most effective when embedded during the system design phase rather than added after implementation? A) Detective control B) Preventive control C) Compensating control D. Corrective control Answer: B Explanation: Preventive controls designed early can stop errors or breaches before they occur, reducing reliance on later detection. Question 24. During User Acceptance Testing (UAT), the primary focus is: A) Verifying code compliance with coding standards B) Confirming that the system meets business requirements and is ready for production C) Measuring system performance under load D. Conducting security penetration tests

Exam

Answer: B Explanation: UAT involves end-users validating that the system fulfills functional and business needs. Question 25. Configuration management primarily ensures that: A) All software is open source B) System components are documented, version-controlled, and consistent across environments C. Only hardware is tracked D. Users can change configurations at will Answer: B Explanation: Configuration management tracks the state of hardware/software items and controls changes to maintain consistency. Question 26. Which risk is most associated with a data migration from a legacy system to a new platform? A. Physical theft of servers B. Data loss or corruption during conversion C. Inadequate network bandwidth D. Lack of user training Answer: B Explanation: Data migration carries the risk of losing or corrupting data if conversion scripts or mapping are flawed. Question 27. A Post-Implementation Review (PIR) should be conducted: A) Immediately after the project charter is approved B) At the end of the development phase before testing C) After the system has been in operation for a defined period to assess whether objectives were met D. Only when a project fails Answer: C Explanation: PIR evaluates actual performance against expected benefits after sufficient operational use.

Exam

C) A planned change to the IT environment D. A problem that requires root-cause analysis Answer: B Explanation: Incidents are unexpected events that disrupt service, requiring restoration. Question 32. The primary goal of problem management is to: A) Resolve incidents as quickly as possible B) Identify and eliminate the root cause of recurring incidents C) Deploy new hardware D. Track service level agreements (SLAs) Answer: B Explanation: Problem management seeks long-term solutions by addressing underlying causes, not just symptoms. Question 33. Which of the following best describes a “patch management” process? A) Installing new hardware components B. Updating software to fix vulnerabilities or bugs in a controlled, documented manner C. Backing up databases daily D. Developing new application features Answer: B Explanation: Patch management involves applying software updates to remediate security and functional issues. Question 34. In database management, the ACID property that ensures a transaction is either fully completed or not executed at all is: A) Consistency B) Isolation C) Durability D. Atomicity Answer: D

Exam

Explanation: Atomicity guarantees all-or-nothing execution of a transaction. Question 35. A Business Impact Analysis (BIA) primarily determines: A) The cost of a new ERP system B) Critical business processes and their acceptable downtime (RTO/RPO) C) The number of servers needed for cloud migration D. The best vendor for backup solutions Answer: B Explanation: BIA assesses impact of disruptions, defining Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). Question 36. Which architecture design provides high availability by distributing workloads across multiple nodes that can take over if one fails? A) Single-point-of-failure architecture B) Clustered architecture C) Monolithic architecture D. Tier-1 architecture Answer: B Explanation: Clustering enables failover and load balancing, enhancing system resilience. Question 37. The primary purpose of off-site backups is to: A) Reduce storage costs B) Ensure data can be restored after a site-wide disaster C. Improve network latency D. Provide faster access to frequently used files Answer: B Explanation: Off-site backups protect against loss from physical site failures such as fire or flood. Question 38. A Business Continuity Plan (BCP) differs from a Disaster Recovery Plan (DRP) in that the BCP: A) Focuses on restoring IT systems only

Exam

Answer: B Explanation: Fire suppression systems detect and extinguish fires, protecting equipment. Question 42. In IAM, which factor is considered “something you are”? A) Password B) Smart card C) Fingerprint or retinal scan D. Security token Answer: C Explanation: Biometric traits (fingerprint, retina) represent “something you are”. Question 43. Role-Based Access Control (RBAC) assigns permissions based on: A) Individual user identities only B) The user’s role within the organization C) Random selection D. Time of day Answer: B Explanation: RBAC maps privileges to job functions or roles, simplifying management. Question 44. Which technology provides secure, encrypted communication over an untrusted network? A) DNS B) VPN (Virtual Private Network) C. HTTP D. FTP Answer: B Explanation: VPNs create encrypted tunnels, protecting data in transit. Question 45. Data classification schemes typically include which of the following levels?

Exam

A) Public, Internal, Confidential, Restricted/Highly Confidential B. Low, Medium, High, Critical C) Gold, Silver, Bronze, Copper D. Tier-1, Tier-2, Tier-3, Tier- 4 Answer: A Explanation: Standard classifications distinguish data sensitivity and dictate handling requirements. Question 46. Which encryption method uses the same key for both encryption and decryption? A) Asymmetric encryption B) Symmetric encryption C. Hashing D. Digital signature Answer: B Explanation: Symmetric algorithms (e.g., AES) employ a single shared secret key. Question 47. Public Key Infrastructure (PKI) primarily provides: A) Physical security for servers B) A framework for issuing, managing, and revoking digital certificates for authentication and encryption C. Network routing protocols D. Backup storage management Answer: B Explanation: PKI enables trusted public-key cryptography through certificate authorities. Question 48. Which security control is most effective at preventing phishing attacks? A) Firewall rule blocking all email B) Security awareness training combined with email filtering C. Disk encryption

Exam

Question 52. The first phase of the NIST Incident Response Lifecycle is: A) Containment B) Eradication C) Preparation D. Recovery Answer: C Explanation: Preparation establishes policies, tools, and training before an incident occurs. Question 53. Chain of custody is critical in forensic investigations because it: A) Increases the speed of data recovery B) Documents the handling of evidence to ensure its integrity and admissibility C. Allows any employee to alter evidence D. Reduces the need for encryption Answer: B Explanation: Maintaining a documented trail of evidence handling preserves its credibility in legal contexts. Question 54. Which of the following is an example of a detective control for network security? A) Firewall rule blocking inbound traffic B) Intrusion Detection System (IDS) generating alerts on suspicious traffic C. Multi-factor authentication for remote access D. Regular software patching schedule Answer: B Explanation: IDS monitors traffic and alerts on anomalies, serving as a detective control. Question 55. Which of the following best describes “defense in depth”? A) Using a single, strong firewall to protect the network B) Implementing multiple, layered security controls across people, processes, and technology

Exam

C. Relying solely on encryption D. Outsourcing all security functions Answer: B Explanation: Defense in depth uses overlapping controls to provide redundancy and comprehensive protection. Question 56. Which control type is most appropriate to mitigate the risk of unauthorized physical access to a server room? A) Logical access control (password) B) Physical barrier (locked door) with access card authentication C. Encryption of server data D. Regular software updates Answer: B Explanation: Physical barriers directly prevent unauthorized entry, addressing the physical security risk. Question 57. In the context of cloud service models, which model provides the highest level of infrastructure control to the customer? A) Software as a Service (SaaS) B) Platform as a Service (PaaS) C) Infrastructure as a Service (IaaS) D. Function as a Service (FaaS) Answer: C Explanation: IaaS offers virtualized compute, storage, and networking, giving customers more control than PaaS or SaaS. Question 58. Which of the following is a key objective of a Service Level Agreement (SLA) in IT service management? A) Define the source code licensing terms B) Specify measurable performance targets (e.g., uptime) and penalties for non-compliance C. Outline employee benefits D. Describe the organization’s mission statement Answer: B

Exam

**Question 62. Which of the following best describes a “zero-day” vulnerability? ** A) A flaw that has been patched for many years B) A vulnerability that is publicly disclosed and has an available fix C. A previously unknown vulnerability with no patch available at the time of discovery D. An issue that only affects legacy systems Answer: C Explanation: Zero-day vulnerabilities are unknown to the vendor and lack an existing remediation. Question 63. In ITIL, which process is responsible for ensuring that changes are recorded, evaluated, authorized, prioritized, and reviewed? A) Incident Management B) Change Management C. Problem Management D. Service Catalog Management Answer: B Explanation: Change Management governs the lifecycle of all changes to the IT environment. Question 64. Which of the following is a primary benefit of containerization (e.g., Docker) in a DevOps pipeline? A) Guarantees 100 % security B. Provides consistent runtime environments across development, testing, and production C. Eliminates the need for any monitoring tools D. Replaces source-code version control Answer: B Explanation: Containers encapsulate dependencies, ensuring the same environment throughout the pipeline. Question 65. In a continuous integration (CI) pipeline, which stage typically runs automated unit tests after code is committed?

Exam

A) Build B. Test (CI) C. Deploy D. Release Answer: B Explanation: The test stage executes unit (and sometimes integration) tests automatically after each build. **Question 66. Which of the following is an example of a compensating control? ** A) Installing a firewall when a host-based IDS is unavailable B. Encrypting data at rest instead of using physical security locks C. Using multi-factor authentication to offset weak password policies D. All of the above Answer: D Explanation: Compensating controls provide alternative protection when primary controls cannot be implemented. Question 67. Which metric is most appropriate for measuring the effectiveness of a security awareness program? A) Number of servers patched per month B. Percentage of users who click on simulated phishing emails C. Average time to resolve incidents D. Mean time between failures (MTBF) Answer: B Explanation: Phishing simulation click rates directly reflect user susceptibility and training effectiveness. Question 68. Which of the following best describes “shadow IT”? A) Officially approved cloud services used by the IT department B. Unauthorized or unsanctioned IT resources and applications used by employees C. Legacy systems that are no longer supported