Security Automation Flashcards
Checking access...
Test your understanding of the Security Automation module. Click a card to flip it between question and answer. Use the arrows, keyboard (← →), or swipe on mobile to move through the deck.
What does SOAR stand for?
Click to reveal answer
Security Orchestration, Automation, and Response.
Click to see question
What are the five core capabilities of a SOAR platform?
Click to reveal answer
Threat Intelligence ingestion, Incident Management, Orchestration (tool APIs), Automation (playbooks), Case Management (collaboration).
Click to see question
What is a SOAR playbook?
Click to reveal answer
An automated workflow defining trigger conditions, decision steps, and response actions — executed automatically or manually approved.
Click to see question
By what percentage can SOAR reduce SOC alert volume?
Click to reveal answer
Up to 60% — automated triage handles routine alerts without analyst involvement.
Click to see question
What is shift-left security?
Click to reveal answer
Integrating security testing earlier in the development lifecycle — finding vulnerabilities before they reach production.
Click to see question
What are the six stages of a DevSecOps pipeline?
Click to reveal answer
Commit → SAST → SCA → Build → Container Scan → Deploy → DAST → Compliance Check.
Click to see question
What is an SBOM?
Click to reveal answer
Software Bill of Materials — a machine-readable inventory of all components and dependencies in a software application.
Click to see question
What does SAST stand for?
Click to reveal answer
Static Application Security Testing — scanning source code for vulnerabilities without executing it.
Click to see question
What does DAST stand for?
Click to reveal answer
Dynamic Application Security Testing — scanning running applications for vulnerabilities.
Click to see question
What is the key weakness of SAST?
Click to reveal answer
False positives — SAST can flag code paths that are not actually exploitable in the runtime context.
Click to see question
What is the key weakness of DAST?
Click to reveal answer
Limited coverage — DAST can only find issues in code paths that are actually executed during scanning.
Click to see question
What does SCA stand for?
Click to reveal answer
Software Composition Analysis — scanning open source dependencies for known vulnerabilities.
Click to see question
What is a Semgrep rule?
Click to reveal answer
A pattern-based static analysis rule that matches code patterns to find security vulnerabilities.
Click to see question
What does OPA stand for?
Click to reveal answer
Open Policy Agent — an open-source policy engine for cloud-native environments.
Click to see question
What language does OPA use for writing policies?
Click to reveal answer
Rego — a declarative policy language designed for cloud-native environments.
Click to see question
What is Checkov?
Click to reveal answer
An IaC security scanner that checks Terraform, CloudFormation, and Kubernetes configurations for misconfigurations.
Click to see question
What is GitGuardian used for?
Click to reveal answer
Secret scanning — detecting API keys, passwords, tokens, and other credentials committed to code repositories.
Click to see question
What does trufflehog scan for?
Click to reveal answer
Secrets in git repositories, including historical commits and branches.
Click to see question
What is a security gate in CI/CD?
Click to reveal answer
A decision point in the pipeline that blocks or allows deployment based on security scan results.
Click to see question
What severity levels should block a CI/CD pipeline?
Click to reveal answer
Critical and High findings should block; Medium and Low should warn.
Click to see question
What is OWASP ZAP?
Click to reveal answer
Zed Attack Proxy — an open-source DAST tool for finding vulnerabilities in web applications.
Click to see question
What is Snyk?
Click to reveal answer
A developer security platform for SCA, SAST, and container scanning — integrates into CI/CD pipelines.
Click to see question
What is Dependabot?
Click to reveal answer
A GitHub-native dependency update tool that automatically creates PRs when vulnerable dependencies are detected.
Click to see question
What is Gitleaks?
Click to reveal answer
An open-source secret scanning tool for git repositories.
Click to see question
What is the SolarWinds supply chain attack?
Click to reveal answer
Attackers compromised the SolarWinds Orion build pipeline and injected a backdoor into software updates, affecting 18,000+ customers.
Click to see question
What is the purpose of a SAST false positive?
Click to reveal answer
A flagged vulnerability that is not actually exploitable — SAST tools sacrifice precision for coverage.
Click to see question
What command runs a Semgrep scan with community rules?
Click to reveal answer
semgrep --config=auto src/ — runs auto-detected community rules against the src/ directory.
Click to see question
What command generates an SBOM using CycloneDX?
Click to reveal answer
cyclonedx-bom -o bom.xml — generates a standardised SBOM in CycloneDX format.
Click to see question
What does the OPA deny keyword represent?
Click to reveal answer
A policy violation — any rule named deny that evaluates to true generates a denial message.
Click to see question
What is branch protection in GitHub?
Click to reveal answer
A repository setting that enforces rules before merging — required reviews, status checks, signed commits.
Click to see question
Tip
Review any cards you got wrong by navigating to the corresponding module page for a deeper explanation.