Jun 19, 2026 Reliable Study Materials for 312-97 Exam Success For Sure
100% Latest Most updated 312-97 Questions and Answers
ECCouncil 312-97 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
NEW QUESTION # 25
(William Friedkin has been working as a DevSecOps engineer in an IT company for the past 3 years. His team leader has asked him to validate the host configuration that runs the Docker containers and perform security checks at the container level by implementing Docker's CIS Benchmark Recommendations.
Therefore, William would like to integrate Docker Bench with Jenkins to incorporate security testing in DevOps workflow and secure the Docker Container. Before starting the procedure, he would like to install openssh on Ubuntu. Which of the following command should William run to install openssh on Ubuntu?)
- A. sudo apt-get install openssh-server.
- B. sudo apt.get -s install openssh-server.
- C. sudo apt.get install openssh-server.
- D. sudo apt-get -s install openssh-server.
Answer: A
Explanation:
Ubuntu systems use the Advanced Package Tool (APT) for installing and managing software packages. The correct syntax for installing a package is sudo apt-get install <package-name>. In this case, the OpenSSH server package required for secure remote access is named openssh-server, makingsudo apt-get install openssh-serverthe correct command. Options using apt.get are invalid because the command syntax is incorrect. Options that include the -s flag only simulate the installation process and do not actually install the package. Installing OpenSSH is often required when integrating Docker Bench with Jenkins, as it enables secure communication and remote execution of compliance checks. Performing this setup during the Build and Test stage ensures that container hosts comply with Docker CIS Benchmark recommendations, helping organizations identify misconfigurations and security weaknesses early in the pipeline.
========
NEW QUESTION # 26
(Kenneth Danziger is a certified DevSecOps engineer, and he recently got a job in an IT company that develops software products related to the healthcare industry. To identify security and compliance issues in the source code and quickly fix them before they impact the source code, Kenneth would like to integrate WhiteSource SCA tool with AWS. Therefore, to integrate WhiteSource SCA Tool in AWS CodeBuild for initiating scanning in the code repository, he built a buildspec.yml file to the source code root directory and added the following command to pre-build phase curl -LJOhttps://github.com/whitesource/unified-agent- distribution/raw/master/standAlone/wss_agent.sh. Which of the following script files will the above step download in Kenneth organization's CodeBuild server?.)
- A. ssw_agent.sh.
- B. aws_agent.sh.
- C. cbs_agent.sh.
- D. wss_agent.sh.
Answer: D
Explanation:
The command shown in the pre-build phase explicitly targets a script namedwss_agent.sh. The curl -LJO flags mean: -L follows redirects, -J honors the server-provided filename in the Content-Disposition header (when present), and -O writes output to a local file using the remote name. Since the requested path ends with wss_agent.sh, the downloaded file on the AWS CodeBuild server will be wss_agent.sh. This script is the WhiteSource (now commonly referred to as Mend in many environments) unified agent shell wrapper used to run SCA scans as part of a CI pipeline. Integrating SCA during the Build and Test stage helps detect vulnerable open-source dependencies and licensing/compliance issues early, when fixes are cheapest. The other filenames (ssw_agent.sh, cbs_agent.sh, aws_agent.sh) are distractors; they are not referenced by the provided command and would not be downloaded by that step.
========
NEW QUESTION # 27
(Nicholas Cascone has recently been recruited by an IT company from his college as a DevSecOps engineer.
His team leader asked him to integrate GitHub Webhooks with Jenkins. To integrate GitHub Webhooks with Jenkins, Nicholas logged in to GitHub account; he then selected Settings > Webhooks > Add Webhook. In the Payload URL field, he is supposed to add Jenkins URL. Which of the following is the final Jenkins URL format that Nicholas should add in Payload URL field of GitHub to configure GitHub Webhooks with Jenkins?.)
- A. http://address:port/github_webhook/.
- B. http://address:port/github-webhook/.
- C. http://address:port/GiHhub-webhook/.
- D. http://address:port/GitHub.webhook/.
Answer: B
Explanation:
Jenkins exposes a predefined endpoint for receiving GitHub webhook events. This endpoint is /github- webhook/ and must be appended to the Jenkins base URL in the GitHub webhook configuration. Option C correctly matches the required endpoint format. The other options use incorrect casing, separators, or naming conventions that Jenkins does not recognize. Correct webhook configuration ensures that Jenkins jobs are automatically triggered when code changes occur in GitHub repositories. This integration supports continuous integration and immediate feedback during the Code stage of the DevSecOps pipeline.
========
NEW QUESTION # 28
(Joe Adler has recently been offered a job as a DevSecOps engineer in an IT company that develops software products and web applications for the healthcare industry. He would like to implement DevSec Hardening Framework to add a layer into the automation framework that configures operating systems and services and takes care of difficult settings, compliance guidelines, cryptography recommendations, and secure defaults.
To apply DevSec Hardening Framework to the machine, he scanned the machine using Nessus scanning tool; he then checked the compliance results before using DevSec Hardening Framework. Which of the following commands should Joe use to run DevSec Hardening Framework?.)
- A. Chef-solo -h solo.rb -m solo.json.
- B. Chef-solo -m solo.rb -h solo.json.
- C. Chef-solo -j solo.rb -c solo.json.
- D. Chef-solo -c solo.rb -j solo.json.
Answer: D
Explanation:
The DevSec Hardening Framework is commonly implemented usingChef, and it is executed locally using the chef-solo command. The -c flag specifies the configuration file (solo.rb), and the -j flag specifies the JSON attributes file (solo.json). Option A correctly uses both required parameters in the proper format. The other options incorrectly swap or misuse flags that are not supported by Chef-solo. Running this command applies secure configurations, compliance controls, and cryptographic standards to the target system. Executing DevSec Hardening Framework during the Operate and Monitor stage ensures that systems remain secure, compliant, and resilient against misconfiguration-based attacks.
========
NEW QUESTION # 29
(David Paymer has been working as a senior DevSecOps engineer in an IT company over the past 5 years. His organization is using Azure DevOps service to produce software products securely and quickly. David's team leader asked him to publish a NuGet package utilizing a command line. Imagine you are in David's place; which command would you use to publish NuGet package into the feed?.)
- A. nuget.exe publish -Source "< YOUR_FEED_NAME >" -ApiKey < ANY_STRING > < PACKAGE_PATH >.
- B. nuget.exe push -Source "< YOUR_FEED_NAME >" -ApiKey < ANY_STRING > < PACKAGE_PATH >.
- C. nuget.exe push -Destination "< YOUR_FEED_NAME >" -ApiKey < ANY_STRING > < PACKAGE_PATH >.
- D. nuget.exe publish -Destination "< YOUR_FEED_NAME >" -ApiKey < ANY_STRING > < PACKAGE_PATH >.
Answer: B
Explanation:
Publishing a NuGet package to a feed is done using the nuget.exe push command. The -Source parameter specifies the target feed name or URL, and the -ApiKey parameter is required even if the feed ignores its value. The publish verb is not used for NuGet package uploads, and -Destination is not a valid parameter for pushing packages. Therefore, nuget.exe push -Source "<YOUR_FEED_NAME>" -ApiKey
<ANY_STRING> <PACKAGE_PATH> is the correct command. Using command-line publishing supports automation and consistency in DevSecOps workflows, enabling secure and repeatable artifact distribution as part of continuous delivery pipelines.
NEW QUESTION # 30
(Scott Morrison is working as a senior DevSecOps engineer at SUTRE SOFT Pvt. Ltd. His organization develops software and applications for IoT devices. Scott created a user story; he then created abuser stories under the user story. After that, he created threat scenarios under the abuser story, and then he created test cases for the threat scenarios. After defining the YAML, Scott would like to push the user-story driven threat model to the ThreatPlaybook server. Which of the following command Scott should use?.)
- A. playbook apply feature -y < path to the yaml file > -p test-project.
- B. playbook apply feature -f < path to the yaml file > -p test-project.
- C. playbook apply feature -p < path to the yaml file > -t test-project.
- D. playbook apply feature -f < path to the yaml file > -t test-project.
Answer: B
Explanation:
ThreatPlaybook uses the playbook apply feature command to push user-story-driven threat models to the server. The -f flag specifies the path to the YAML file containing the defined user stories, abuser stories, and threat scenarios, while the -p flag specifies the target project. Option C correctly combines these parameters.
The -y flag is invalid in this context, and options that misuse -t instead of -p do not correctly identify the project destination. Executing this command during the Plan stage enables teams to integrate threat modeling early, ensuring security risks are identified and addressed before development and deployment proceed.
NEW QUESTION # 31
(Erica Mena has been working as a DevSecOps engineer in an IT company that provides customize software solutions to various clients across United States. To protect serverless and container applications with RASP, she would like to create an Azure container instance using Azure CLI in Microsoft PowerShell. She created the Azure container instance and loaded the container image to it. She then reviewed the deployment of the container instance. Which of the following commands should Erica run to get the logging information from the Azure container instance? (Assume the resource group name as ACI and container name as aci-test- closh.))
- A. az get container logs --resource-group ACI --name aci-test-closh.
- B. az get container logs -resource-group ACI --name aci-test-closh.
- C. az container logs --resource-group ACI --name aci-test-closh.
- D. az container logs -resource-group ACI -name aci-test-closh.
Answer: C
Explanation:
Azure Container Instances provide built-in logging capabilities that can be accessed using the Azure CLI. To retrieve logs from a deployed container instance, the correct command isaz container logsfollowed by the resource group and container name. The proper syntax requires double-dash parameters:--resource-groupand
--name. In Erica's case, the correct command is az container logs --resource-group ACI --name aci-test-closh.
Options that use "az get container logs" are invalid because "get" is not a supported verb in this context.
Option C uses incorrect single-dash flags, which do not match Azure CLI standards. Accessing container logs during the Code stage helps engineers validate application behavior, identify runtime errors, and ensure that security instrumentation such as RASP agents are functioning correctly before progressing further in the pipeline.
========
NEW QUESTION # 32
(Kevin Williamson is working as a DevSecOps engineer in an IT company located in Los Angles, California.
His team has integrated Jira with Jenkins to view every issue on Jira, including the status of the latest build or successful deployment of the work to an environment. Which of the following can Kevin use to search issues on Jira?)
- A. Structured query language.
- B. Java query language.
- C. Jira query language.
- D. Atlassian query language.
Answer: D
Explanation:
Jira usesAtlassian Query Language, commonly referred to as JQL, to search, filter, and manage issues. This query language allows users to create advanced searches using fields such as project, status, assignee, priority, and custom attributes. Although often informally called Jira Query Language, the official name among the given options is Atlassian Query Language. SQL and Java query language are unrelated and not used for issue searching in Jira. Using JQL during the Code stage improves traceability between source code commits, builds, and tracked issues, enabling teams to monitor progress, validate deployment status, and maintain alignment between development and delivery activities.
========
NEW QUESTION # 33
(Charlotte Flair is a DevSecOps engineer at Egma Soft Solution Pvt. Ltd. Her organization develops software and applications related to supply chain management. Charlotte would like to integrate Sqreen RASP tool with Slack to monitor the application at runtime for malicious activities and block them before they can damage the application. Therefore, she created a Sqreen account and installed Sqreen Microagent. Now, she would like to install the PHP microagent. To do so, she reviewed the PHP microagent's compatibility, then she signed in to Sqreen account and noted the token in Notepad. Which of the following commands should Charlotte run in the terminal to install the PHP extension and the Sqreen daemon?.)
- A. curl -ihttps://download.sqreen.com/php/install.sh> sqreen-install.sh \ && bash sqreen-install.sh
[CHARLOTTE'S ORG TOKEN HERE] "[ CHARLOTTE'S APP NAME HERE]". - B. curl -shttps://download.sqreen.com/php/install.sh> sqreen-install.sh \ && bash sqreen-install.sh
[CHARLOTTE'S ORG TOKEN HERE] "[ CHARLOTTE'S APP NAME HERE]". - C. curl -shttps://download.sqreen.com/php/install.sh< sqreen-install.sh \ && bash sqreen-install.sh
[CHARLOTTE'S ORG TOKEN HERE] "[ CHARLOTTE'S APP NAME HERE]". - D. curl -ihttps://download.sqreen.com/php/install.sh< sqreen-install.sh \ && bash sqreen-install.sh
[CHARLOTTE'S ORG TOKEN HERE] "[ CHARLOTTE'S APP NAME HERE]".
Answer: B
Explanation:
The correct installation procedure for the Sqreen PHP microagent involves downloading the installer script and executing it with the organization token and application name. The curl -s option downloads the script silently, while the > redirection operator saves it locally as sqreen-install.sh. The script is then executed using bash, passing the required token and app name as parameters. Options using input redirection (<) are incorrect because they do not save the downloaded script to a file. The -i option includes HTTP headers in the output, which is unnecessary and could corrupt the script. Installing the microagent correctly enables runtime monitoring, attack detection, and automatic blocking, supporting strong runtime security during the Operate and Monitor stage.
========
NEW QUESTION # 34
(Jayson Smith is working as a DevSecOps engineer in an MNC company located in Tampa, Florida. The senior software developer of his company, Sandra Oliver, has uploaded an application in her GitHub repository that might contain security vulnerabilities and has provided the URL to the DevSecOps team.
Jayson would like to analyze the application developed by Sandra to detect and mitigate the security issues in the application code; therefore, he would like to clone Sandra's GitHub repository to his computer. Which of the following commands should Jayson use to clone the repository of another user to his computer?)
- A. $ github clonehttps://github.com/USERNAME/REPOSITORY.git.
- B. $ git clonehttps://github.com/USERNAME/REPOSITORY.git.
- C. $ git clonehttps://github.com/REPOSITORY/USERNAME.git.
- D. $ github clonehttps://github.com/REPOSITORY/USERNAME.git.
Answer: B
Explanation:
Cloning a GitHub repository requires the standard Git command git clone followed by the correct repository URL format. GitHub repositories are structured as https://github.com/USERNAME/REPOSITORY.git, where USERNAME represents the account or organization name and REPOSITORY represents the project name.
Option B follows this exact structure. Options using github clone are invalid because github is not a Git CLI command. Options that reverse the order of USERNAME and REPOSITORY do not match GitHub's repository structure and will fail. Cloning repositories during the Code stage allows DevSecOps engineers to run static analysis, dependency scanning, and other security checks locally without modifying the original repository, supporting secure and controlled analysis workflows.
========
NEW QUESTION # 35
(Evan Peters has been working as a DevSecOps engineer in an IT company located in Denver, Colorado. His organization has deployed various applications on Docker containers. Evan has been running SSH service inside the containers, and handling of SSH keys and access policies is a major security concern for him. What will be the solution for Evan security concern?)
- A. Run SSH on the docker build and utilize docker exec for interacting with the container.
- B. Run SSH on the client and utilize docker exec for interacting with the container.
- C. Run SSH on the host and utilize docker exec for interacting with the container.
- D. Run SSH on the registry and utilize docker exec for interacting with the container.
Answer: C
Explanation:
Running an SSH service inside Docker containers is considered a security anti-pattern because it increases the attack surface and complicates key and access management. Containers are designed to run a single primary process and be managed externally rather than accessed via SSH. The recommended solution is torun SSH on the host systemand use docker exec to interact with containers when administrative access is required.
This approach eliminates the need to manage SSH keys inside containers, reduces exposure to brute-force attacks, and simplifies access control. The other options incorrectly suggest running SSH in inappropriate locations such as the registry, client, or build process, which do not address the core security concern. During the Operate and Monitor stage, minimizing unnecessary services within containers is critical to enforcing least privilege and maintaining a secure runtime environment.
========
NEW QUESTION # 36
(Peter Dinklage has been working as a senior DevSecOps engineer at SacramentSoft Solution Pvt. Ltd. He has deployed applications in docker containers. His team leader asked him to check the exposure of unnecessary ports. Which of the following commands should Peter use to check all the containers and the exposed ports?)
- A. docker ps --quiet | xargs docker inspect --all --format ': Ports='.
- B. docker ps --quiet | xargs docker inspect --format ': Ports='.
- C. docker ps --quiet | xargs docker inspect --format : Ports.
- D. docker ps --quiet | xargs docker inspect --all --format : Ports=.
Answer: B
Explanation:
To inspect exposed ports for running Docker containers, the recommended approach is to first retrieve container IDs using docker ps --quiet and then pass them to docker inspect. The --format option allows selective output of container configuration details, including port mappings. The command docker ps --quiet | xargs docker inspect --format ': Ports=' correctly extracts port information for each container. Options that include the --all flag or incorrect formatting are not valid for this inspection use case. Checking exposed ports is an important activity in the Operate and Monitor stage because unnecessary open ports increase the attack surface and may violate container security best practices. Regular inspection helps ensure that only required ports are exposed, supporting secure runtime operations.
========
NEW QUESTION # 37
(Amy Ryan is a DevSecOps engineer in an IT company that develops software products and web applications related to cyber security. She is using Anchore tool for container vulnerability scanning and Software Bill of Materials (SBOM) generation. It helped her to perform quick scanning and generating a list of known vulnerabilities from an SBOM, container image, or project directory. Which of the following commands should Amy run to include software from all the image layers in the SBOM?.)
- A. syft packages < image > --scope all-layers Anchore.
- B. syft packages < image > scope all_layers SBOM.
- C. syft packages < image > --scope all-layers.
- D. syft packages < image > scope all_layers.
Answer: C
Explanation:
Syft is used by Anchore to generate Software Bill of Materials (SBOMs) from container images and directories. By default, Syft may only analyze the squashed image view. Using the --scope all-layers flag instructs Syft to include software components fromall image layers, ensuring comprehensive visibility into dependencies introduced at every stage of image creation. The other options use invalid syntax or unsupported flags. Including all layers during SBOM generation improves vulnerability detection accuracy and supports compliance requirements, making it a critical practice during the Build and Test stage.
NEW QUESTION # 38
(William Scott has been working as a senior DevSecOps engineer at GlobalSec Pvt. Ltd. His organization develops software products related to mobile apps. William would like to exploit Jenkins using Metasploit framework; therefore, he downloaded Metasploit. He would like to initiate an Nmap scan by specifying the target IP to find the version of Jenkins running on the machine. Which of the following commands should William use to find the version of Jenkins running on his machine using Nmap?.)
- A. Nmap -sN -sJ "Target IP".
- B. Nmap -sV -sS "Target IP".
- C. Nmap -sJ -sN "Target IP".
- D. Nmap -sS -sV "Target IP".
Answer: B
Explanation:
To identify the version of a service running on a target system, Nmap uses the -sV option, which enables service version detection. The -sS flag specifies a TCP SYN scan, which is a common and efficient scanning method. Combining these two flags allows Nmap to discover open ports and accurately identify the service versions running on those ports, such as Jenkins. Options A and B reference invalid scan types (-sJ) and do not enable version detection. Option C includes the correct flags but places them in a less conventional order; however, the commonly accepted and documented usage is -sV -sS. Running this scan during the Operate and Monitor stage helps security teams understand exposed services and assess potential attack surfaces.
========
NEW QUESTION # 39
(Steven Gerrard has been working as a DevSecOps engineer at an IT company that develops software products and applications related to the healthcare industry. His organization has been using Azure DevOps services to securely and quickly develop software products. To ensure that the deployed infrastructure is in accordance with the architecture and industrial standards and the security policies are appropriately implemented, she would like to integrate InSpec with Azure. Therefore, after installation and configuration of InSpec, she created InSpec profile file and upgraded it with personal metadata and Azure resource pack information; then she wrote the InSpec tests. Which of the following commands should Steven use to run InSpec tests to check the compliance of Azure infrastructure?)
- A. inspec exec inspec-tests/integration/ -t azure://.
- B. inspec exe inspec-tests/integration/ -it azure://.
- C. inspec exec inspec-tests/integration/ -it azure://.
- D. inspec exe inspec-tests/integration/ -t azure://.
Answer: A
Explanation:
Chef InSpec executes compliance tests using the inspec exec command. When testing Azure infrastructure, InSpec requires a target specification using the -t flag with the Azure transport identifier azure://. The correct command is inspec exec inspec-tests/integration/ -t azure://. Options using exe instead of exec are invalid due to incorrect command spelling. Options that use the -it flag misuse command-line parameters that are not intended for target selection. Running InSpec tests in this way allows DevSecOps teams to validate that Azure resources comply with architectural, security, and regulatory requirements. Integrating these checks into the Build and Test stage ensures continuous compliance and reduces the risk of insecure infrastructure reaching production environments.
========
NEW QUESTION # 40
(Kevin Ryan has been working as a DevSecOps engineer in an MNC company that develops various software products and web applications. For easy management of secret credentials in CI/CD pipeline, he would like to integrate Azure Key Vault with Jenkins. Therefore, he created an Azure Key Vault, noted down the credentials displayed on the screen, and created a secret in Azure Key Vault. Then, he used the secret key from the credentials obtained from creating the vault. Kevin went back to Jenkins and installed Azure Key Vault plugin. Then, he navigated to Configure System under Manage Jenkins and added the URL for Azure Key Vault. How can Kevin complete the integration of Azure Key Vault with Jenkins?.)
- A. By modifying old credentials in Global Credentials (restricted).
- B. By creating new credentials in Global Credentials (restricted).
- C. By creating new credentials in Global Credentials (unrestricted).
- D. By modifying old credentials in Global Credentials (unrestricted).
Answer: C
Explanation:
To complete Azure Key Vault integration with Jenkins, Kevin must createnew credentialsin Jenkins under Global Credentials (unrestricted). These credentials store the Azure client ID, client secret, tenant ID, and subscription details required by the Azure Key Vault plugin to authenticate securely. Modifying old credentials can lead to misconfiguration or credential reuse risks, while restricted credentials may prevent the plugin from accessing secrets across pipelines. Creating new unrestricted credentials ensures proper authentication and controlled access to secrets during the Code stage, supporting secure secret management across CI/CD workflows.
NEW QUESTION # 41
(William McDougall has been working as a DevSecOps engineer in an IT company located in Sacramento, California. His organization has been using Microsoft Azure DevOps service to develop software products securely and quickly. To take proactive decisions related to security issues and to reduce the overall security risk, William would like to integrate ThreatModeler with Azure Pipelines. How can ThreatModeler be integrated with Azure Pipelines and made a part of William's organization DevSecOps pipeline?)
- A. By using a unidirectional API.
- B. By using a bidirectional API.
- C. By using a bidirectional UI.
- D. By using a unidirectional UI.
Answer: B
Explanation:
ThreatModeler integration with Azure Pipelines is achieved using abidirectional API, which allows automated and continuous interaction between the pipeline and the threat modeling platform. This bidirectional communication enables Azure Pipelines to trigger threat modeling activities while also receiving results, risk scores, and actionable insights back from ThreatModeler. Such feedback loops are critical for proactive security decision-making during the Plan stage of DevSecOps. Unidirectional APIs or UI-based integrations limit automation and do not support continuous feedback, making them unsuitable for pipeline- driven workflows. UI-based approaches also introduce manual steps, which conflict with DevSecOps principles of automation and consistency. By using a bidirectional API, William's organization can embed threat modeling into the planning process, identify architectural risks early, and ensure security considerations are continuously enforced as part of the pipeline.
========
NEW QUESTION # 42
(Patrick Fisher is a DevSecOps engineer in an IT company that develops software products and web applications. He is using IAST to analyze code for security vulnerabilities and to view real-time reports of the security issues. Patrick is using IAST in development, QA, and production stages to detect the vulnerabilities from the early stage of development, reduce the remediation cost, and keep the application secure. How can IAST perform SAST on every line of code and DAST on every request and response?.)
- A. Because IAST has access to server and local machine.
- B. Because IAST has access to offline and runtime environment.
- C. Because IAST has access to the code and HTTP traffic.
- D. Because IAST has access to internal and external agents.
Answer: C
Explanation:
Interactive Application Security Testing (IAST) works by instrumenting the application at runtime, allowing it to observe both thesource code execution pathsand theHTTP requests and responsesflowing through the application. Because of this dual visibility, IAST can analyze every executed line of code (similar to SAST) while also monitoring real-time application behavior (similar to DAST). This unique capability enables highly accurate vulnerability detection with fewer false positives. The other options do not correctly explain how IAST achieves this hybrid analysis. Access to both code and HTTP traffic is what allows IAST to bridge static and dynamic testing techniques, making it highly effective across development, QA, and production environments.
========
NEW QUESTION # 43
(Terry Crews has been working as a DevSecOps engineer at an IT company that develops software products and web applications related to IoT devices. She integrated Sqreen RASP tool with Slack for sending notifications related to security issues to her team. How can Sqreen send notification alerts to Slack?)
- A. By creating a cookbook, defining a trigger, security response, and notification.
- B. By creating a playbook, defining a trigger, Alert a response, and notification.
- C. By creating a playbook, defining a trigger, security response, and notification.
- D. By creating a cookbook, defining a trigger, Alert a response, and notification.
Answer: C
Explanation:
Sqreen provides runtime application self-protection (RASP) capabilities that allow teams to detect and respond to security threats in real time. Sqreen uses a structured automation mechanism called aplaybookto define how security events are handled. A playbook consists of three key components: atriggerthat detects suspicious or malicious behavior, asecurity responsethat defines what action Sqreen should take (such as blocking a request or flagging an attack), and anotificationthat sends alerts to external systems like Slack.
The term "cookbook" is not used in Sqreen's alerting and response model, making options A and B incorrect.
Option C incorrectly uses the phrase "Alert a response" instead of "security response," which does not accurately describe Sqreen's configuration model. By using playbooks, Sqreen enables automated detection, response, and team notification during the Operate and Monitor stage, ensuring rapid awareness and collaboration when security incidents occur.
========
NEW QUESTION # 44
(William Scott, after completing his graduation in computer science, joined an IT company as a DevSecOps engineer. His team leader has asked him to use GitHub Code Scanning for evaluating the source code in his organization's GitHub repository to detect security issues and coding errors. How can William set up coding scanning in GitHub repository?)
- A. By using GitMiner.
- B. By using Gauntlt.
- C. By using CodeQL.
- D. By using OWASP ZAP.
Answer: C
Explanation:
GitHub Code Scanning is a built-in security capability designed to automatically analyze source code for security vulnerabilities and coding errors. The primary and officially supported engine for GitHub Code Scanning isCodeQL. CodeQL works by converting source code into a database and running security queries to detect issues such as injection flaws, insecure coding patterns, and logic errors. William can enable CodeQL by configuring GitHub Actions with either the default or advanced CodeQL workflow. Once enabled, CodeQL scans are triggered on events such as code pushes and pull requests, and the results appear as code scanning alerts in the repository's Security tab. Gauntlt is a security testing harness used mainly for infrastructure and application testing, GitMiner is used to discover sensitive data like secrets in repositories, and OWASP ZAP is a dynamic application security testing tool used against running applications. None of these tools configure GitHub's native Code Scanning feature. Therefore, CodeQL is the correct tool to set up GitHub Code Scanning in the Code stage of a DevSecOps pipeline.
========
NEW QUESTION # 45
(William Edwards is working as a DevSecOps engineer at SVR Software Solution Pvt. Ltd. His organization develops software products and applications related to digital marketing. William integrated Prisma Cloud with Jenkins to detect threat-intelligence based threat detection. This integration will allow him to scan container images and serverless functions for security issues in the CI/CD pipeline. Which of the following is employed by Prisma Cloud to understand the normal network behavior of each customer's cloud environment to detect network anomalies and zero-day attacks effectively with minimal false positives?.)
- A. Advanced supervised machine learning.
- B. Advanced supervised data mining.
- C. Advanced unsupervised data mining.
- D. Advanced unsupervised machine learning.
Answer: D
Explanation:
Prisma Cloud leveragesadvanced unsupervised machine learningto establish baselines of normal behavior within a customer's cloud environment. By analyzing patterns in network traffic, resource interactions, and workload behavior without relying on labeled training data, it can detect anomalies and potential zero-day attacks with minimal false positives. Supervised approaches require predefined labels and known attack patterns, which limits effectiveness against new or unknown threats. Unsupervised data mining alone lacks the adaptive intelligence provided by machine learning models. Using unsupervised machine learning during the Build and Test stage enables continuous, intelligent security analysis across dynamic cloud-native workloads, supporting proactive threat detection in DevSecOps pipelines.
NEW QUESTION # 46
(Brett Ryan has been working as a senior DevSecOps engineer in a multinational company that develops web applications. The team leader of the software development team requested Brett to detect insecure JavaScript libraries in the web application code. Brett would like to perform the vulnerability scanning on web application with grunt-retire. Which of the following commands would enable grunt plugin?)
- A. grunt-loadNpmTask('grunt-retire');.
- B. grunt.loadNpmTask('grunt-retire');.
- C. grunt.loadNpmTasks('grunt-retire');.
- D. grunt-loadNpmTasks('grunt-retire');.
Answer: C
Explanation:
In Grunt, plugins installed via npm must be explicitly loaded in the Gruntfile to make their tasks available.
This is done using the grunt.loadNpmTasks() function, which instructs Grunt to load tasks provided by a specific plugin package. For the grunt-retire plugin, which scans JavaScript libraries for known vulnerabilities, the correct command is grunt.loadNpmTasks('grunt-retire');. Options that omit the dot notation or use the singular form loadNpmTask are syntactically incorrect and will prevent the plugin from loading.
Enabling grunt-retire during the Code stage allows developers to identify insecure third-party JavaScript libraries early, supporting software composition analysis and reducing the risk of introducing vulnerable dependencies into the application.
========
NEW QUESTION # 47
(Craig Kelly has been working as a software development team leader in an IT company over the past 8 years.
His team is working on the development of an Android application product. Sandra Oliver, a DevSecOps engineer, used DAST tools and fuzz testing to perform advanced checks on the Android application product and detected critical and high severity issues. She provided the information about the security issues and the recommendations to mitigate them to Craig's team. Which type of security checks performed by Sandra involve detection of critical and high severity issues using DAST tools and fuzz testing?)
- A. Deploy-time checks.
- B. Commit-time checks.
- C. Test-time checks.
- D. Build-time checks.
Answer: C
Explanation:
Dynamic Application Security Testing (DAST) and fuzz testing require a running application in order to actively probe for vulnerabilities such as injection flaws, authentication bypasses, and improper input handling. These techniques are therefore performed after the application has been built and deployed to a testing environment, categorizing them astest-time checks. Commit-time and build-time checks rely primarily on static analysis and dependency scanning and do not exercise application behavior at runtime.
Deploy-time checks focus on configuration validation rather than aggressive attack simulation. Test-time checks are specifically designed to uncover critical and high-severity vulnerabilities by mimicking real-world attack scenarios. Performing DAST and fuzz testing during this stage allows teams to detect exploitable flaws before production release, significantly strengthening application security.
========
NEW QUESTION # 48
......
New ECCouncil 312-97 Dumps & Questions: https://actual4test.exam4labs.com/312-97-practice-torrent.html