최신ECCouncil EC-Council Certified DevSecOps Engineer (ECDE) - 312-97무료샘플문제
(Steven Smith has been working as a DevSecOps engineer in an IT company that develops software products related to the financial sector. His team leader asked him to integrate Conjur with Jenkins to secure the secret credentials. Therefore, Steven downloaded Conjur.hpi file and uploaded it in the Upload Plugin section of Jenkins. He declared host and layers, and declared the variables. Which of the following commands should Steven use to set the value of variables?)
(SNF Pvt. Ltd. is a software development company located in Denver, Colorado. The organization is using pytm, which is a Pythonic Framework for threat modeling, to detect security issues and mitigate them in advance. James Harden has been working as a DevSecOps engineer at SNF Pvt. Ltd. for the past 3 years. He has created a tm.py file that describes an application in which the user logs the app and posts the comments on the applications. These comments are stored by the application server in the database and AWS lambda cleans the database. Which of the following command James can use to generate a sequence diagram?)
(Scott Adkins has recently joined an IT company located in New Orleans, Louisiana, as a DevSecOps engineer. He would like to build docker infrastructure using Terraform; therefore, he has created a directory named terraform-docker-container. He then changed into the directory using the command: cd terraform- docker-container. Now, Scott wants to create a file to define the infrastructure. Which of the following commands should Scott use to create a file to define the infrastructure?)
(DWART is an IT company that develops cyber security software and web applications. The organization ensures that all users should be identified and authorized, enforces proper auditing, secures data at rest, ensures that the attacker cannot bypass the security layers, implements multiple layers of defense, maintains proper data integrity, and performs proper input validation for the application. Based on the above-mentioned information, which of the following secure coding principles is achieved by DWART?.)
(Frances Fisher joined TerraWolt Pvt. Ltd. as a DevSecOps engineer in 2020. On February 1, 2022, his organization became a victim of cyber security attack. The attacker targeted the network and application vulnerabilities and compromised some important functionality of the application. To secure the organization against similar types of attacks, Franches used a flexible, accurate, low maintenance vulnerability management and assessment solution that continuously scans the network and application vulnerabilities and provides daily updates and specialized testing methodologies to catch maximum detectable vulnerabilities.
Based on the above-mentioned information, which of the following tools is Frances using?)
(Steven Gerrard has been working as a DevSecOps engineer at an IT company that develops software products and applications related to the healthcare industry. His organization has been using Azure DevOps services to securely and quickly develop software products. To ensure that the deployed infrastructure is in accordance with the architecture and industrial standards and the security policies are appropriately implemented, she would like to integrate InSpec with Azure. Therefore, after installation and configuration of InSpec, she created InSpec profile file and upgraded it with personal metadata and Azure resource pack information; then she wrote the InSpec tests. Which of the following commands should Steven use to run InSpec tests to check the compliance of Azure infrastructure?)
(Paul McCartney has been working as a senior DevSecOps engineer in an IT company over the past 5 years.
He would like to integrate Conjur secret management tool into the CI/CD pipeline to secure the secret credentials in various phases of development. To integrate Conjur with Jenkins, Paul downloaded Conjur.hpi file and uploaded it to the Upload Plugin section of Jenkins. Paul declared a policy branch using a code and saved it as a .yml file. Which of the following commands should Paul use to load this policy in Conjur root?)
(Judi Dench has recently joined an IT company as a DevSecOps engineer. Her organization develops software products and web applications related to electrical engineering. Judi would like to use Anchore tool for container vulnerability scanning and Software Bill of Materials (SBOM) generation. Using Anchore grype, she would like to scan the container images and file systems for known vulnerabilities, and would like to find vulnerabilities in major operating system packages such as Alpine, CentOS, Ubuntu, etc. as well as language specific packages such as Ruby, Java, etc. Which of the following commands should Judi run to scan for vulnerabilities in the image using grype?)
(Cheryl Hines has been working as a senior DevSecOps engineer over the past 5 years in an IT company. Due to the robust features offered by Keywhiz secret management tool such as compatibility with all software, untraceable secrets, no impact of power cut or server outage, etc., Cheryl's organization is using it for managing and distributing secrets. To add a secret using Keywhiz CLI, which of the following commands should Cheryl use?)
(Cindy Williams has recently joined an IT company as a DevSecOps engineer. She configured Bundle-Audit in Travis CI. Cindy detected vulnerability in Gemfile dependencies and resolved it by adding some line of codes. How does Bundler scan Gemfile.lock for insecure versions of gems?)