Devsecops — Microsoft Azure Solutions Architect (AZ-305) Practice Questions

DevSecOps is the practice of integrating security controls and testing directly into the software development and deployment lifecycle, rather than treating security as a separate phase. For AZ-305, architects must understand how to embed security into CI/CD pipelines through steps such as dependency scanning, container image vulnerability scanning with Microsoft Defender for Containers, and secrets management via Azure Key Vault. The exam also covers using Azure Policy and Microsoft Defender for Cloud to enforce compliance continuously across deployed resources. Candidates should be able to recommend DevSecOps tooling choices that meet specific compliance or risk requirements.

Free questions on devsecops

You need to implement a CI/CD pipeline that validates infrastructure changes before deployment to production. What approach integrates security and compliance validation?

Free question · hard · full answer + explanation

Practice Microsoft Azure Solutions Architect (AZ-305) Questions Free