最新的ECCouncil EC-Council Certified DevSecOps Engineer (ECDE) - 312-97免費考試真題
(Rockmond Dunbar is a senior DevSecOps engineer in a software development company. His organization develops customized software for retail industries. Rockmond would like to avoid setting mount propagation mode to share until it is required because when a volume is mounted in shared mode, it does not limit other containers to mount and modify that volume. If mounted volume is sensitive to changes, then it would be a serious security concern. Which of the following commands should Rockmond run to list out the propagation mode for mounted volumes?.)
正確答案: C
說明:(僅 Fast2test 成員可見)
(Cindy Williams has recently joined an IT company as a DevSecOps engineer. She configured Bundle-Audit in Travis CI. Cindy detected vulnerability in Gemfile dependencies and resolved it by adding some line of codes. How does Bundler scan Gemfile.lock for insecure versions of gems?)
正確答案: B
說明:(僅 Fast2test 成員可見)
(Steven Gerrard has been working as a DevSecOps engineer at an IT company that develops software products and applications related to the healthcare industry. His organization has been using Azure DevOps services to securely and quickly develop software products. To ensure that the deployed infrastructure is in accordance with the architecture and industrial standards and the security policies are appropriately implemented, she would like to integrate InSpec with Azure. Therefore, after installation and configuration of InSpec, she created InSpec profile file and upgraded it with personal metadata and Azure resource pack information; then she wrote the InSpec tests. Which of the following commands should Steven use to run InSpec tests to check the compliance of Azure infrastructure?)
正確答案: C
說明:(僅 Fast2test 成員可見)
(Jason Barry has been working as a DevSecOps engineer in an IT company that develops software products and applications for ecommerce companies. During the build-time check, Jason discovered SQL injection and XXS security issues in the application code. What action does the build-time check perform on the application code?.)
正確答案: B
說明:(僅 Fast2test 成員可見)
(Sofia Coppola has been working as a senior DevSecOps engineer in an MNC company located in Denver, Colorado. In January of 2020, her organization migrated all the workloads from on-prem to AWS cloud environment due to the robust security feature and cost-effective services offered by AWS. Which of the following is an Amazon Web Services-hosted version control tool that Sofia can use to manage and store assets in the AWS cloud?.)
正確答案: A
說明:(僅 Fast2test 成員可見)
(Alex Hales has been working as a DevSecOps in an IT company that develops software products and web applications for visualizing scientific data. He would like to trigger a Jenkins build job using Git post commit script or hooks that helps his team in saving time by automating commit. Therefore, before triggering the build job, Alex made changes and saved the code in the respective IDE under Git repository and added the changes in the master branch using git add command and ran the post commit script to check the status of the build. Then, he navigated to the Jenkins project and selected the "Trigger build remotely from Build triggers" radio button. It would automate the trigger every time a change gets committed to the project. Alex navigated back to Bash terminal to trigger the build job. Which of the following commands should Alex use in Bash terminal to trigger the build job?)
正確答案: D
說明:(僅 Fast2test 成員可見)
(Debra Aniston has recently joined an MNC company as a DevSecOps engineer. Her organization develops various types of software products and web applications. The DevSecOps team leader provided an application code and asked Debra to detect and mitigate security issues. Debra used w3af tool and detected cross-site scripting and SQL injection vulnerability in the source code. Based on this information, which category of security testing tools is represented by w3af?.)
正確答案: D
說明:(僅 Fast2test 成員可見)
(Katie Holmes is working as a DevSecOps engineer at SeCSafe Anti-virus. The DevOps team of her organization has developed a distributed application with multiple microservices. Katie deployed all the microservices to the Kubernetes nodes successfully. The DevOps team approached Katie and informed her that the application is not working. Katie wants to check whether the Kubernetes cluster is working or not.
Which of the following commands should Katie run step by step to verify that the Kubernetes is working?)
Which of the following commands should Katie run step by step to verify that the Kubernetes is working?)
正確答案: D
說明:(僅 Fast2test 成員可見)
(Craig Kelly has been working as a software development team leader in an IT company over the past 8 years.
His team is working on the development of an Android application product. Sandra Oliver, a DevSecOps engineer, used DAST tools and fuzz testing to perform advanced checks on the Android application product and detected critical and high severity issues. She provided the information about the security issues and the recommendations to mitigate them to Craig's team. Which type of security checks performed by Sandra involve detection of critical and high severity issues using DAST tools and fuzz testing?)
His team is working on the development of an Android application product. Sandra Oliver, a DevSecOps engineer, used DAST tools and fuzz testing to perform advanced checks on the Android application product and detected critical and high severity issues. She provided the information about the security issues and the recommendations to mitigate them to Craig's team. Which type of security checks performed by Sandra involve detection of critical and high severity issues using DAST tools and fuzz testing?)
正確答案: A
說明:(僅 Fast2test 成員可見)
(Robert Wheeler has been working as a DevSecOps engineer in an IT company for the past 5 years. His organization develops software products and web applications related to AutoCAD. Rob would like to integrate Rapid7 tCell Next-Gen Cloud WAF and RASP Tool with AWS CloudFront to protect application by identifying suspicious actors, enforcing content security policies (CSPs), and securing against unvalidated HTTP redirections on web applications. How can Rob deploy the tCell agent as a CloudFormation stack into his organization AWS account?.)
正確答案: A
說明:(僅 Fast2test 成員可見)