EC Council 312-97

Rockmond Dunbar is a senior DevSecOps engineer in a software development company. His organization develops customized software for retail industries. Rockmond would like to avoid setting mount propagation mode to share until it is required because when a volume is mounted in shared mode, it does not limit other containers to mount and modify that volume. If mounted volume is sensitive to changes, then it would be a serious security concern. Which of the following commands should Rockmond run to list out the propagation mode for mounted volumes?. docker ps --quiet --all | xargs docker inspect --format ‘:Propagation’. docker ps --quiet --all | xargs docker inspect --format ‘:Propagation’. docker ps --quiet --all | xargs docker inspect --format ‘:Propagation=’. docker ps -quiet -all | xargs docker inspect -format ‘:Propagation’.

Scott Adkins has recently joined an IT company located in New Orleans, Louisiana, as a DevSecOps engineer. He would like to build docker infrastructure using Terraform; therefore, he has created a directory named terraform-docker-container. He then changed into the directory using the command: cd terraform-docker-container. Now, Scott wants to create a file to define the infrastructure. Which of the following commands should Scott use to create a file to define the infrastructure?. sudo main.tf. cat main.tf. echo main.tf. touch main.tf.

GainInsights is an IT company that develops mobile applications software. On February 11, 2022, the organization became a victim of a cyber-attack. The attacker targeted the organization’s application and compromised some important functionality. After the incident, the DevSecOps team of GainInsights identified the cause of the security issue, resolved it, and noted it for future reference. Based on this information, which of the following set of tests was conducted by GainInsights?. Security smoke tests. Security acceptance tests. White box testing. Blameless post-mortem.

Christopher Brown has been working as a DevSecOps engineer in an IT company that develops software and web applications for an ecommerce company. To automatically detect common security issues and coding error in the C++ code, she performed code scanning using CodeQL in GitHub. Which of the following entries will Christopher find for CodeQL analysis of C++ code?. CodeQL/Analyze (cpp) (push-request). CodeQL/Analyze (cpp) (pull-request). CodeQL/Analyze (cp) (push-request). CodeQL/Analyze (cp) (pull-request).

Scott Morrison is working as a senior DevSecOps engineer at SUTRE SOFT Pvt. Ltd. His organization develops software and applications for IoT devices. Scott created a user story; he then created abuser stories under the user story. After that, he created threat scenarios under the abuser story, and then he created test cases for the threat scenarios. After defining the YAML, Scott would like to push the user-story driven threat model to the ThreatPlaybook server. Which of the following command Scott should use?. playbook apply feature -f < path to the yaml file > -t test-project. playbook apply feature -y < path to the yaml file > -p test-project. playbook apply feature -f < path to the yaml file > -p test-project. playbook apply feature -p < path to the yaml file > -t test-project.

Sofia Coppola has been working as a senior DevSecOps engineer in an MNC company located in Denver, Colorado. In January of 2020, her organization migrated all the workloads from on-prem to AWS cloud environment due to the robust security feature and cost-effective services offered by AWS. Which of the following is an Amazon Web Services-hosted version control tool that Sofia can use to manage and store assets in the AWS cloud?. AWS CodeCommit. AWS CodePipeline. AWS CodeDeploy. AWS CodeBuild.

Timothy Dalton has been working as a senior DevSecOps engineer in an IT company located in Auburn, New York. He would like to use Jenkins for CI and Azure Pipelines for CD to deploy a Java-based app to an Azure Container Service (AKS) Kubernetes cluster. Before deploying Azure Kubernetes Service (AKS) Cluster, Timothy wants to create a Resource group named Jenkins in southindia location. az grp create --n Jenkins --loc southindia. azure group create --name Jenkins --location southindia. az group create --name Jenkins --location southindia. azure group create --n Jenkins --loc southindia.

Matt LeBlanc has been working as a DevSecOps engineer in an IT company that develops software products and web applications for IoT devices. His team leader has asked him to use GitRob tool to find sensitive data in the organizational public GitHub repository. To install GitRob, Matt ensured that he has correctly configured Go >= 1.8 environment and that $GOPATH/bin is in his $PATH. The GitHub repository URL from which he is supposed to install the tool is https://github.com/michenriksen/gitrob. Which of the following command should Matt use to install GitRob?. $ go git gitrob github.com/michenriksen/gitrob. $ go get github.com/michenriksen/gitrob. $ go get gitrob github.com/michenriksen/gitrob. $ go git github.com/michenriksen/gitrob.

Jordon Garrett is working as a DevSecOps engineer in an IT company situated in Chicago, Illinois. His team prefers to use PowerShell for utilizing Git hooks because Bash and Windows are not compatible for advanced executions. For calling PowerShell script from Bash shell, Jordon wrote a PowerShell script using pre-commit logic such as pre-commit.ps1 and then executed the following commands #!C:/Program\Files/Git/usr/bin/sh.exe exec powershell.exe -NoProfile -ExecutionPolicy Bypass -File “..git\hooks\pre-commit.ps1” How would Jordon know that the commit is successful?. If the code exits with 3, then the commit is successful. If the code exits with 0, then the commit is successful. If the code exits with 2, then the commit is successful. If the code exits with 1, then the commit is successful.

James Harden has been working as a senior DevSecOps engineer in an IT company located in Oakland, California. To detect vulnerabilities and to evaluate attack vectors compromising web applications, he would like to integrate Burp Suite with Jenkins. He downloaded the Burp Suite Jenkins plugins and then uploaded the plugin and successfully integrated Burp Suite with Jenkins. After integration, he would like to scan web application using Burp Suite; therefore, he navigated to Jenkins’ dashboard, opened an existing project, and clicked on Configure. Then, he navigated to the Build tab and selected Execute shell from Add build step. Which of the following commands should James enter under the Execute shell?. sudo BURP_SCAN_URL = http://target-website.com. grep BURP_SCAN_URL = http://target-website.com. cat BURP_SCAN_URL = http://target-website.com. echo BURP_SCAN_URL = http://target-website.com.

Debra Aniston has recently joined an MNC company as a DevSecOps engineer. Her organization develops various types of software products and web applications. The DevSecOps team leader provided an application code and asked Debra to detect and mitigate security issues. Debra used w3af tool and detected cross-site scripting and SQL injection vulnerability in the source code. Based on this information, which category of security testing tools is represented by w3af?. DAST. SAST. IAST. SCA.

Alex Hales has been working as a DevSecOps in an IT company that develops software products and web applications for visualizing scientific data. He would like to trigger a Jenkins build job using Git post commit script or hooks that helps his team in saving time by automating commit. Therefore, before triggering the build job, Alex made changes and saved the code in the respective IDE under Git repository and added the changes in the master branch using git add command and ran the post commit script to check the status of the build. Then, he navigated to the Jenkins project and selected the “Trigger build remotely from Build triggers” radio button. It would automate the trigger every time a change gets committed to the project. Alex navigated back to Bash terminal to trigger the build job. Which of the following commands should Alex use in Bash terminal to trigger the build job?. github commit -m “commit from terminal”. git commit -b “commit from terminal”. git commit -m “commit from terminal”. github commit -b “commit from terminal”.

Allen Smith has been working as a senior DevSecOps engineer for the past 4 years in an IT company that develops software products and applications for retail companies. To detect common security issues in the source code, he would like to integrate Bandit SAST tool with Jenkins. Allen installed Bandit and created a Jenkins job. In the Source Code Management section, he provided repository URL, credentials, and the branch that he wants to analyze. As Bandit is installed on Jenkins’ server, he selected Execute shell for the Build step and configure Bandit script. After successfully integrating Bandit SAST tool with Jenkins, in which of the following can Allen detect security issues?. Ruby code. Python code. C++ code. Java code.

Curtis Morgan has been working as a software developer in an MNC company. His team has developed a NodeJS application. While doing peer review of the NodeJS application, he observed that there are insecure libraries in the application. Therefore, he approached, Teresa Lisbon, who is working as a DevSecOps engineer, to detect the insecure libraries in the NodeJS application. Teresa used a SCA tool to find known vulnerabilities in JavaScript libraries for Node.JS applications and detected all the insecure libraries in the application. Which of the following tools did Teresa use for detecting insecure libraries in the NodeJS application?. Bundler-Audit. Retire.js. Tenable.io. Bandit.

Alex Hales recently joined TAVR Software Solution Pvt. Ltd. As a DevSecOps engineer. To automatically detect security loopholes in the web applications while building and testing them, he integrated OWASP ZAP DAST Plugin with Jenkins. How can Alex uniquely identify every build in the project?. By specifying a file name followed by ${Build_ID} in Post-build Actions tab. By specifying a file name followed by ${ZAPROXY_HOME} in Post-build Actions tab. By specifying a file name followed by ${zap_scan} in Post-build Actions tab. By specifying a file name followed by ${Profile_ID} in Post-build Actions tab.

BVR Pvt. Ltd. is an IT company that develops software products and applications related to IoT devices. The software development team of the organization is using Bitbucket repository to plan projects, collaborate on code, test, and deploy. The repository provides teams a single place for projects planning and collaboration on coding, testing, and deploying the software application. Which of the following is offered by Bitbucket to BVR Pvt. Ltd.? D. Free unlimited private repositories. Free unlimited public repositories. Free limited private repositories. Free limited public repositories.

David Paymer has been working as a senior DevSecOps engineer in an IT company over the past 5 years. His organization is using Azure DevOps service to produce software products securely and quickly. David’s team leader asked him to publish a NuGet package utilizing a command line. Imagine you are in David’s place; which command would you use to publish NuGet package into the feed?. nuget.exe push -Destination “< YOUR_FEED_NAME >” -ApiKey < ANY_STRING > < PACKAGE_PATH >. nuget.exe push -Source “< YOUR_FEED_NAME >” -ApiKey < ANY_STRING > < PACKAGE_PATH >. nuget.exe publish -Source “< YOUR_FEED_NAME >” -ApiKey < ANY_STRING > < PACKAGE_PATH >. nuget.exe publish -Destination “< YOUR_FEED_NAME >” -ApiKey < ANY_STRING > < PACKAGE_PATH >.

William Scott has been working as a senior DevSecOps engineer at GlobalSec Pvt. Ltd. His organization develops software products related to mobile apps. William would like to exploit Jenkins using Metasploit framework; therefore, he downloaded Metasploit. He would like to initiate an Nmap scan by specifying the target IP to find the version of Jenkins running on the machine. Which of the following commands should William use to find the version of Jenkins running on his machine using Nmap?. Nmap -sN -sJ “Target IP”. Nmap -sS -sV “Target IP”. Nmap -sJ -sN “Target IP”. Nmap -sV -sS “Target IP”.

Jordon Garrett has recently joined a startup IT company located in Chicago, Illinois, as a DevSecOps engineer. His team leader asked him to find a SAST tool that can secure the organization Azure environment. Which of the following is a SAST tool that Jordon can select to secure his organization’s Azure environment?. Tenable.io. Coverity. DevSkim. Accurics.

PentaByte is a software product development company located in Austin, Texas. The organization would like to secure communication methods to maintain confidentiality and security. How can PentaByte achieve secure by communication secure coding principle?. By maintaining secure trust relationships. By maintaining defense by depth and reducing attack surface area. By preventing cyber security breach. By balancing the default configuration settings.