Question 30
Domain 3: Infrastructure, Network, and Workload SecurityWhat is the PRIMARY objective of integrating security into the CI/CD pipeline (DevSecOps)?
Correct answer: B
Explanation
Integrating security into the CI/CD pipeline shifts testing and controls "early in the development lifecycle," so vulnerabilities are found before release. This supports DevSecOps by building security into each stage of delivery, making remediation faster and less costly than fixing issues after deployment.
Why each option is right or wrong
A. To eliminate the need for security professionals
B. To identify and remediate security issues early in the development lifecycle
DevSecOps embeds security checks into the CI/CD workflow so defects are caught during build, test, and integration rather than after deployment, when remediation is slower and more disruptive. In practical terms, this means vulnerabilities can be detected at the point code is committed or merged, allowing fixes before release and reducing the cost and risk of late-stage discovery.
C. To slow down deployment velocity
D. To remove all testing requirements