最新的ECCouncil EC-Council Certified DevSecOps Engineer (ECDE) - 312-97免費考試真題
問題1
(Thomas Gibson has been working as a DevSecOps engineer in an IT company that develops software products and web applications related to law enforcement. To automatically execute a scan against the web apps, he would like to integrate InsightAppSec plugin with Jenkins. Therefore, Thomas generated a new API Key in the Insight platform. Now, he wants to install the plugin manually. How can Thomas install the InsightAppSec plugin manually in Jenkins?)
正確答案: D
說明:(僅 VCESoft 成員可見)
問題2
(Rahul Mehta is working as a DevSecOps engineer in an IT company that develops cloud-native web applications. His organization follows a strict DevSecOps practice and wants to ensure that third-party open- source dependencies used in the application do not introduce known security vulnerabilities. Rahul decided to integrate a Software Composition Analysis (SCA) tool into the CI pipeline so that every build is automatically scanned. During one of the builds, the SCA tool detects a critical vulnerability in a transitive dependency.
What should ideally happen in a mature DevSecOps pipeline when such a critical vulnerability is detected at build time?.)
What should ideally happen in a mature DevSecOps pipeline when such a critical vulnerability is detected at build time?.)
正確答案: B
說明:(僅 VCESoft 成員可見)
問題3
(Richard Harris carries an experience of 5 years as a DevSecOps engineer. On February 1, 2022, he got the job of senior DevSecOps engineer in an IT company located Raleigh, North Carolina. He would like to trigger scan on each build in Jenkins, run customize scans for some specific vulnerabilities, fail the build process if a particular threat-level is reached, and generate reports automatically by integrating Acunetix DAST Tool with Jenkins. Richard installed Acunetix plugin successfully in Jenkins, after which he restarted Jenkins. He would like to find the path and install the certificate in Linux. Which of the following commands should Richard execute to find out the currently running Java binary in the Jenkins service?.)
正確答案: A
說明:(僅 VCESoft 成員可見)
問題4
(Lara Grice has been working as a DevSecOps engineer in an IT company located in Denver, Colorado. Her team leader has told her to save all the container images in the centos repository to centos-all.tar. Which of the following is a STDOUT command that Lara can use to save all the container images in the centos repository to centos-all.tar?.)
正確答案: C
說明:(僅 VCESoft 成員可見)
問題5
(Curtis Morgan is working as a DevSecOps engineer at Orchid Pvt. Ltd. His organization develops online teaching software. Beth McCarthy is working in a software development team, and she requested Curtis to help her in making pre-commit hooks executable on her local machine. Curtis went through the "repo.
git\hooks" directory and removed the ".sample" extension from "pre-commit.sample" file by using "chmod
+x filename" command and made the pre-commit hook executable on Beth's local machine. On the next day while developing the code for the software product, Beth accidentally committed the code with sensitive information. What will be the result of this commit?.)
git\hooks" directory and removed the ".sample" extension from "pre-commit.sample" file by using "chmod
+x filename" command and made the pre-commit hook executable on Beth's local machine. On the next day while developing the code for the software product, Beth accidentally committed the code with sensitive information. What will be the result of this commit?.)
正確答案: D
說明:(僅 VCESoft 成員可見)
問題6
(Charles Drew has been working as a DevSecOps team leader in an IT company located in Nashville, Tennessee. He would like to look at the applications from an attacker's perspective and make security a part of the organizations' culture. Imagine, you are working under Charles as a DevSecOps engineer. Charles has asked you to install ThreatPlaybook, which is a unified DevSecOps Framework that allows you to go from iterative, collaborative threat modeling to application security testing orchestration. After installation, you must configure ThreatPlaybook CLI; therefore, you have created a directory for the project and then you go to the current directory where you would like to configure ThreatPlaybook. Which of the following commands will you use to configure ThreatPlaybook? (Here, < your-email > represents your email id; < host info > represents IP address; and < port > represents the nginx port.))
正確答案: C
說明:(僅 VCESoft 成員可見)

