ECDE

William Scott, after completing his graduation in computer science, joined an IT company as a DevSecOps engineer. His team leader has asked him to use GitHub Code Scanning for evaluating the source code in his organization’s GitHub repository to detect security issues and coding errors. How can William set up coding scanning in GitHub repository?. By using Gauntlt. By using GitMiner. By using OWASP ZAP. By using CodeQL.

Brett Ryan has been working as a senior DevSecOps engineer in an IT company in Charleston, South Carolina. He is using git-mutimail tool to send email notification for every push to git repository. By default, the tool will send one output email providing details about the reference change and one output email for every new commit due to a reference change. How can Brett ensure that git-multimail is set up appropriately?. Running the environmental variable GITHUB_MULTIMAIL_CHECK_SETUP by setting it to non-empty string. Running the environmental variable GIT_MULTIMAIL_CHECK_SETUP by setting it to empty string. Running the environmental variable GIT_MULTIMAIL_CHECK_SETUP by setting it to non-empty string. Running the environmental variable GITHUB_MULTIMAIL_CHECK_SETUP by setting it to empty string.

BVR Pvt. Ltd. is an IT company that develops software products and applications related to IoT devices. The software development team of the organization is using Bitbucket repository to plan projects, collaborate on code, test, and deploy. The repository provides teams a single place for projects planning and collaboration on coding, testing, and deploying the software application. Which of the following is offered by Bitbucket to BVR Pvt. Ltd.?. Free limited public repositories. Free unlimited private repositories. Free limited private repositories. Free unlimited public repositories.

Erica Mena has been working as a DevSecOps engineer in an IT company that provides customize software solutions to various clients across United States. To protect serverless and container applications with RASP, she would like to create an Azure container instance using Azure CLI in Microsoft PowerShell. She created the Azure container instance and loaded the container image to it. She then reviewed the deployment of the container instance. Which of the following commands should Erica run to get the logging information from the Azure container instance? (Assume the resource group name as ACI and container name as aci-test-closh.). az get container logs -resource-group ACI --name aci-test-closh. az get container logs --resource-group ACI --name aci-test-closh. az container logs -resource-group ACI -name aci-test-closh. az container logs --resource-group ACI --name aci-test-closh.

Walter O’Brien recently joined as a junior DevSecOps engineer in an IT company located in Lansing, Michigan. His organization develops robotic process automation software for various clients stretched across the globe. Walter’s team leader asked him to configure username and user email for git in VS Code. Therefore, he opened Visual Studio Code IDE console, then clicked on Terminal tab and selected New terminal. Which of the following command should Walter execute in the terminal to configure username and user email for git in VS Code?. get config --global user-name “walter username for git” get config -–global user-email “walter email address used for git”. get config --global user.name “walter username for git” get config –global user.email “walter email address used for git”. get git config --global user.name “walter username for git” get git config –global user.email “walter email address used for git”. get config --global user_name “walter username for git” get config -–global user_email “walter email address used for git”.

Debra Aniston is a DevSecOps engineer in an IT company that develops software products and web applications. Her team has found various coding issues in the application code. Debra would like to fix coding issues before they exist. She recommended a DevSecOps tool to the software developer team that highlights bugs and security vulnerabilities with clear remediation guidance, which helps in fixing security issues before the code is committed. Based on the information given, which of the following tools has Debra recommended to the software development team?. SonarLint. Arachni. OWASP ZAP. Tenable.io.

Terry Diab has been working as a DevSecOps engineer in an IT company that develops software products and web applications for a call center. She would like to integrate Snyk with AWS CodeCommit to monitor and remediate vulnerabilities in the code repository. Terry pushed code to AWS CodeCommit; this triggered Amazon EventBridge Rule, which then triggered AWS CodePipeline. AWS CodePipeline passed code to Snyk CLI run. Who among the following interacts with Snyk CLI and sends the results to Snyk UI?. AWS CodeDeploy. AWS CodeCommit. AWS Pipeline. AWS CodeBuild.

William McDougall has been working as a DevSecOps engineer in an IT company located in Sacramento, California. His organization has been using Microsoft Azure DevOps service to develop software products securely and quickly. To take proactive decisions related to security issues and to reduce the overall security risk, William would like to integrate ThreatModeler with Azure Pipelines. How can ThreatModeler be integrated with Azure Pipelines and made a part of William’s organization DevSecOps pipeline?. By using a bidirectional API. By using a unidirectional AP. By using a unidirectional UI. By using a bidirectional UI.

Peter Dinklage has been working as a senior DevSecOps engineer at SacramentSoft Solution Pvt. Ltd. He has deployed applications in docker containers. His team leader asked him to check the exposure of unnecessary ports. Which of the following commands should Peter use to check all the containers and the exposed ports?. docker ps --quiet | xargs docker inspect --all --format : Ports=. docker ps --quiet | xargs docker inspect --format ': Ports=’. docker ps --quiet | xargs docker inspect --format : Ports. docker ps --quiet | xargs docker inspect --all --format ': Ports=’.

Jason Wylie has been working as a DevSecOps engineer in an IT company located in Sacramento, California. He would like to use Jenkins for CI and Azure Pipelines for CD to deploy a Spring Boot app to an Azure Container Service (AKS) Kubernetes cluster. He created a namespace for deploying the Jenkins in AKS, and then deployed the Jenkins app to the Pod. Which of the following commands should Jason run to see the pods that have been spun up and running?. kubectl get pods -k Jenkins. kubectl get pods -s jenkins. kubectl get pods -n jenkins. kubectl get pods -p jenkins.

Steven Smith has been working as a DevSecOps engineer in an IT company that develops software products related to the financial sector. His team leader asked him to integrate Conjur with Jenkins to secure the secret credentials. Therefore, Steven downloaded Conjur.hpi file and uploaded it in the Upload Plugin section of Jenkins. He declared host and layers, and declared the variables. Which of the following commands should Steven use to set the value of variables?. $ conjur variable set -i < policy-path-of-variable-name > -v < secret-value >. $ conjur variable set -p < policy-path-of-variable-name > -s < secret-value >. $ conjur variable set -s < policy-path-of-variable-name > -p < secret-value >. $ conjur variable set -v < policy-path-of-variable-name > -i < secret-value >.

Charles Drew has been working as a DevSecOps team leader in an IT company located in Nashville, Tennessee. He would like to look at the applications from an attacker’s perspective and make security a part of the organizations’ culture. Imagine, you are working under Charles as a DevSecOps engineer. Charles has asked you to install ThreatPlaybook, which is a unified DevSecOps Framework that allows you to go from iterative, collaborative threat modeling to application security testing orchestration. After installation, you must configure ThreatPlaybook CLI; therefore, you have created a directory for the project and then you go to the current directory where you would like to configure ThreatPlaybook. Which of the following commands will you use to configure ThreatPlaybook? (Here, <your-email> represents your email id; <host info> represents IP address; and <port> represents the nginx port.). playbook configure -e < your-email > -h < host-info > -p < port >. ThreatPlaybook configure -e < your-email > -u < host-info > -p < port >. ThreatPlaybook configure -e < your-email > -h < host-info > -p < port >. playbook configure -e < your-email > -u < host-info > -p < port >.

Brett Ryan has been working as a senior DevSecOps engineer in a multinational company that develops web applications. The team leader of the software development team requested Brett to detect insecure JavaScript libraries in the web application code. Brett would like to perform the vulnerability scanning on web application with grunt-retire. Which of the following commands would enable grunt plugin?. grunt-loadNpmTasks('grunt-retire');. grunt-loadNpmTask('grunt-retire');. grunt.loadNpmTasks('grunt-retire');. grunt.loadNpmTask('grunt-retire');.

Jayson Smith is working as a DevSecOps engineer in an MNC company located in Tampa, Florida. The senior software developer of his company, Sandra Oliver, has uploaded an application in her GitHub repository that might contain security vulnerabilities and has provided the URL to the DevSecOps team. Jayson would like to analyze the application developed by Sandra to detect and mitigate the security issues in the application code; therefore, he would like to clone Sandra’s GitHub repository to his computer. Which of the following commands should Jayson use to clone the repository of another user to his computer?. $ git clone https://github.com/REPOSITORY/USERNAME.git. $ git clone https://github.com/USERNAME/REPOSITORY.git. $ github clone https://github.com/USERNAME/REPOSITORY.git. $ github clone https://github.com/ REPOSITORY/USERNAME.git.

Patricia Cornwell has been working as a DevSecOps engineer in an IT company that provides custom software solutions. She would like to use GitMiner to mine the secret credentials such as usernames and passwords, API credentials, and other sensitive data from GitHub. Therefore, to start the scanning, she cloned the repo to the local machine by using the git clone http://github.com/UnkL4b/GitMiner command; then, she moved to the current directory using $ cd GitMiner command. Which of the following commands should Patricia use to install the dependencies?. pip3 install –m requirement.txt. pip3 install –d requirement.txt. pip3 install –q requirement.txt. pip3 install –r requirement.txt.

Sandra Oliver joined SinClare Soft Pvt. Ltd. as a DevSecOps engineer in January of 2010. Her organization develops software and web applications related to the healthcare industry. Using IAST runtime security testing technology, she is detecting and diagnosing security issues in applications and APIs. The IAST solution used by Sandra encompasses a web scanner with an agent that works inside the server that hosts the application to provide additional analysis details such as the location of the vulnerability in the application code. Based on the given information, which of the following IAST solutions is Sandra using?. Active IAST. Semi-passive IAST. Semi-active IAST. Passive IAST.

Judi Dench has recently joined an IT company as a DevSecOps engineer. Her organization develops software products and web applications related to electrical engineering. Judi would like to use Anchore tool for container vulnerability scanning and Software Bill of Materials (SBOM) generation. Using Anchore grype, she would like to scan the container images and file systems for known vulnerabilities, and would like to find vulnerabilities in major operating system packages such as Alpine, CentOS, Ubuntu, etc. as well as language specific packages such as Ruby, Java, etc. Which of the following commands should Judi run to scan for vulnerabilities in the image using grype?. grype < image > --scope all-layers. grype packages < image > --scope all-layers. grype packages < image >. grype < image >.

Jeremy Renner has been working as a senior DevSecOps engineer at an IT company that develops customized software to various customers stretched across the globe. His organization is using Microsoft Azure DevOps Services. Using an IaC tool, Jeremey deployed the infrastructure in Azure. He would like to integrate Chef InSpec with Azure to ensure that the deployed infrastructure is in accordance with the architecture and industrial standards and the security policies are appropriately implemented. Therefore, he downloaded and installed Chef InSpec. He used Azure CLI command for creating an Azure Service Principal with reader permission to the Azure resources, then he exported the generated credentials. After installation and configuration of Chef InSpec, he would like to create the structure and profile. Which of the following commands should Jeremy use to create a new folder jyren-azureTests with all the required artifacts for InSpec tests?. inspec init prof jyren-azureTests. inspec init profile jyren-azureTests. chef inspec init profile jyren-azureTests. chef inspec init profile jyren-azureTests.

Brady Coleman is a senior DevSecOps engineer at CloudVac Security Private Ltd. He has created a new container named “eccbrad” from the centos:7 image using the command docker run -i -t --name geeklab centos:7 /bin/bash. Now, Brady wants to install the httpd package inside the eccbrad container. Which of the following commands should Brady use to install the httpd package inside the container?. sudo install-httpd. sudo install httpd. yum install-httpd. yum install httpd.

Elizabeth Moss has been working as a DevSecOps engineer in an IT company located in San Diego, California. Due to the robust security and cost-effective service provided by AWS, her organization transferred all the workloads from on-prem to AWS cloud in 2017. Elizabeth would like to prevent committing AWS keys into repositories; therefore, she created a global git-templates directory using command line. Then, she created another directory, named it as hooks, wherein she created a file named pre-commit. In the pre-commit file, Elizabeth pasted the script that would prevent committing AWS keys into the repositories. She would like to ensure that the hook is executable. Which of the following command should Elizabeth run to make sure that the pre-commit hook is executable?. chmod a+x ~/.git-templates/hooks/pre-commit. chmod a+e ~/.git-templates/hooks/pre-commit. chmod a+x ~/.hooks/git-templates/pre-commit. chmod a+e ~/.hooks/git-templates/pre-commit.

Christopher Brown has been working as a DevSecOps engineer in an IT company that develops software and web applications for an ecommerce company. To automatically detect common security issues and coding error in the C++ code, she performed code scanning using CodeQL in GitHub. Which of the following entries will Christopher find for CodeQL analysis of C++ code?. CodeQL/Analyze (cp) (pull-request). CodeQL/Analyze (cp) (push-request). CodeQL/Analyze (cpp) (push-request). CodeQL/Analyze (cpp) (pull-request).

Evan Peters has been working as a DevSecOps engineer in an IT company located in Denver, Colorado. His organization has deployed various applications on Docker containers. Evan has been running SSH service inside the containers, and handling of SSH keys and access policies is a major security concern for him. What will be the solution for Evan security concern?. Run SSH on the registry and utilize docker exec for interacting with the container. Run SSH on the docker build and utilize docker exec for interacting with the container. Run SSH on the client and utilize docker exec for interacting with the container. Run SSH on the host and utilize docker exec for interacting with the container.

Craig Kelly has been working as a software development team leader in an IT company over the past 8 years. His team is working on the development of an Android application product. Sandra Oliver, a DevSecOps engineer, used DAST tools and fuzz testing to perform advanced checks on the Android application product and detected critical and high severity issues. She provided the information about the security issues and the recommendations to mitigate them to Craig’s team. Which type of security checks performed by Sandra involve detection of critical and high severity issues using DAST tools and fuzz testing?. Commit-time checks. Build-time checks. Deploy-time checks. Test-time checks.

SinCaire is a software development company that develops web applications for various clients. To measure the successful implementation of DevSecOps, the organization enforced U.S. General Service Administrator (GSA) high-value DevSecOps metrics. Which of the following metrics implemented by SinCaire can measure the time between the code commit and production, and tracks the bug fix and new features throughout the development, testing, and production phases?. Mean time to recovery (for applications). Change volume (for application). Time to value. Change lead time (for application).

Dustin Hoffman has been working as a DevSecOps engineer in an IT company located in San Diego, California. For detecting new security vulnerabilities at the beginning of the source code development, he would like to integrate Checkmarx SCA tool with GitLab. The Checkmarx template has all the jobs defined for pipeline. Where should Dustin incorporate the Checkmarx template file 'https://raw.githubusercontent.com/checkmarx-ltd/cx-flow/develop/templates/gitlab/v3/Checkmarx.gitlab-ci.yml’?. gitlab-cd.yml root directory. gitlab-ci/cd.yml root directory. gitlab.yml root directory. gitlab-ci.yml root directory.

Terry Crews has been working as a DevSecOps engineer at an IT company that develops software products and web applications related to IoT devices. She integrated Sqreen RASP tool with Slack for sending notifications related to security issues to her team. How can Sqreen send notification alerts to Slack?. By creating a cookbook, defining a trigger, security response, and notification. By creating a cookbook, defining a trigger, Alert a response, and notification. By creating a playbook, defining a trigger, Alert a response, and notification. By creating a playbook, defining a trigger, security response, and notification.

Scott Adkins has recently joined an IT company located in New Orleans, Louisiana, as a DevSecOps engineer. He would like to build docker infrastructure using Terraform; therefore, he has created a directory named terraform-docker-container. He then changed into the directory using the command: cd terraform-docker-container. Now, Scott wants to create a file to define the infrastructure. Which of the following commands should Scott use to create a file to define the infrastructure?. cat main.tf. echo main.tf. touch main.tf. sudo main.tf.

Frances Fisher joined TerraWolt Pvt. Ltd. as a DevSecOps engineer in 2020. On February 1, 2022, his organization became a victim of cyber security attack. The attacker targeted the network and application vulnerabilities and compromised some important functionality of the application. To secure the organization against similar types of attacks, Franches used a flexible, accurate, low maintenance vulnerability management and assessment solution that continuously scans the network and application vulnerabilities and provides daily updates and specialized testing methodologies to catch maximum detectable vulnerabilities. Based on the above-mentioned information, which of the following tools is Frances using?. SonarQube. Black Duck. BeSECURE. Shadow Daemon.

Paul McCartney has been working as a senior DevSecOps engineer in an IT company over the past 5 years. He would like to integrate Conjur secret management tool into the CI/CD pipeline to secure the secret credentials in various phases of development. To integrate Conjur with Jenkins, Paul downloaded Conjur.hpi file and uploaded it to the Upload Plugin section of Jenkins. Paul declared a policy branch using a code and saved it as a .yml file. Which of the following commands should Paul use to load this policy in Conjur root?. $ conjur policy load -f root -p < file-name >. $ conjur policy load -f root -b < file-name >. $ conjur policy load -p root -f < file-name >. $ conjur policy load -b root -f < file-name >.

Rachel McAdams applied for the position of DevSecOps engineer at TetraSoft Pvt. Ltd. She gave her interview on February 23, 2022, and was selected as a DevSecOps engineer. Her team is working on securing Ruby on Rails application. Rachel’s team leader asked her to integrate Brakeman SAST tool with Jenkins. To perform the integration, she navigated to Jenkins Plugin Manager and installed Warnings Next Generation Plugin. To run the tool in Jenkins, she invoked Brakeman as part of an Execute shell build step. In the Execute shell column, she wrote the following commands with brakeman options bash -l -c ‘ rvm install 3.0.0 && \ rvm use 3.0.0@brakeman –create && \ gem install brakeman && \ brakeman –no-progress –no-pager –no-exit-on-warn -o brakeman-output.json What is the function of the –no-exit-on-warn option in the above-mentioned command?. It tells Brakeman to return a 1 exit code even if warnings are found. It tells Brakeman to return a 3 exit code even if warnings are found. It tells Brakeman to return a 0 exit code even if warnings are found. It tells Brakeman to return a 2 exit code even if warnings are found.

William Friedkin has been working as a DevSecOps engineer in an IT company for the past 3 years. His team leader has asked him to validate the host configuration that runs the Docker containers and perform security checks at the container level by implementing Docker’s CIS Benchmark Recommendations. Therefore, William would like to integrate Docker Bench with Jenkins to incorporate security testing in DevOps workflow and secure the Docker Container. Before starting the procedure, he would like to install openssh on Ubuntu. Which of the following command should William run to install openssh on Ubuntu?. sudo apt-get -s install openssh-server. sudo apt.get install openssh-server. sudo apt-get install openssh-server. sudo apt.get -s install openssh-server.

Steven Gerrard has been working as a DevSecOps engineer at an IT company that develops software products and applications related to the healthcare industry. His organization has been using Azure DevOps services to securely and quickly develop software products. To ensure that the deployed infrastructure is in accordance with the architecture and industrial standards and the security policies are appropriately implemented, she would like to integrate InSpec with Azure. Therefore, after installation and configuration of InSpec, she created InSpec profile file and upgraded it with personal metadata and Azure resource pack information; then she wrote the InSpec tests. Which of the following commands should Steven use to run InSpec tests to check the compliance of Azure infrastructure?. inspec exe inspec-tests/integration/ -t azure://. inspec exec inspec-tests/integration/ -it azure://. inspec exec inspec-tests/integration/ -t azure://. inspec exe inspec-tests/integration/ -it azure://.

Thomas Gibson has been working as a DevSecOps engineer in an IT company that develops software products and web applications related to law enforcement. To automatically execute a scan against the web apps, he would like to integrate InsightAppSec plugin with Jenkins. Therefore, Thomas generated a new API Key in the Insight platform. Now, he wants to install the plugin manually. How can Thomas install the InsightAppSec plugin manually in Jenkins?. By creating a .conf file and uploading to his Jenkins installation. By creating a .war file and uploading to his Jenkins installation. By creating a .zip file and uploading to his Jenkins installation. By creating a .hpi file and uploading to his Jenkins installation.

PentaByte is a software product development company located in Austin, Texas. The organization would like to secure communication methods to maintain confidentiality and security. How can PentaByte achieve secure by communication secure coding principle?. By preventing cyber security breach. By maintaining defense by depth and reducing attack surface area. By balancing the default configuration settings. By maintaining secure trust relationships.

Richard Branson has been working as a DevSecOps engineer in an IT company that develops apps for Android mobiles. To manage the secret information of an application in various phases of development lifecycle and to provide fine-grained access to each secret, he would like to integrate HashiCorp Vault with Jenkins. To access the vault from Jenkins, Richard installed hashicorp-vault-plugin and ran a vault instance; he then selected the AppRole authentication method, which allows apps to access vault with a predefined role. Which of the following commands should Richard use to enable AppRole authentication?. enable vault auth approle. auth vault enable approle. vault auth enable approle. enable auth vault approle.

Robin Tunney has been working as a DevSecOps engineer in an IT company located in Charleston, South Carolina. She would like to build a customized docker image using HashiCorp Packer. Therefore, she installed Packer and created a file docker-ubuntu.pkr.hcl; she then added HCL block to it and saved the file. Which of the following commands should Robin execute to build the Docker image using Packer?. packer build docker-ubuntu.pkr.hcl. packer -b docker-ubuntu.pkr.hcl. packer b docker-ubuntu.pkr.hcl. packer -build docker-ubuntu.pkr.hcl.

Katie Holmes is working as a DevSecOps engineer at SeCSafe Anti-virus. The DevOps team of her organization has developed a distributed application with multiple microservices. Katie deployed all the microservices to the Kubernetes nodes successfully. The DevOps team approached Katie and informed her that the application is not working. Katie wants to check whether the Kubernetes cluster is working or not. Which of the following commands should Katie run step by step to verify that the Kubernetes is working?. kube-etcd version kube-etcd cluster-info. kubernetes version kubebernetes cluster-info. kube version kube cluster-info. kubectl version kubectl cluster-info.

Thomas McInerney has been working as a senior DevSecOps engineer in an IT company that develops software products and web applications related to the healthcare sector. His organization deployed various applications in Docker containers. Thomas’ team leader would like to prevent a container from gaining new privileges. Therefore, he asked Thomas to set no_new_priv bit, which functions across clone, execve, and fork to prevent a container from gaining new privileges. Which of the following commands should Thomas use to list out security options for all the containers?. docker ps --quiet --all | xargs docker inspect --format ': SecurityOpt'. docker ps -quiet -all | xargs docker inspect --format ': SecurityOpt='. docker ps -quiet -all | xargs docker inspect --format ': SecurityOpt'. docker ps --quiet --all | xargs docker inspect --format ': SecurityOpt='.

Alex Hales has been working as a DevSecOps in an IT company that develops software products and web applications for visualizing scientific data. He would like to trigger a Jenkins build job using Git post commit script or hooks that helps his team in saving time by automating commit. Therefore, before triggering the build job, Alex made changes and saved the code in the respective IDE under Git repository and added the changes in the master branch using git add command and ran the post commit script to check the status of the build. Then, he navigated to the Jenkins project and selected the “Trigger build remotely from Build triggers” radio button. It would automate the trigger every time a change gets committed to the project. Alex navigated back to Bash terminal to trigger the build job. Which of the following commands should Alex use in Bash terminal to trigger the build job?. git commit -m “commit from terminal”. github commit -b “commit from terminal”. github commit -m “commit from terminal”. git commit -b “commit from terminal”.

Michael Rady recently joined an IT company as a DevSecOps engineer. His organization develops software products and web applications related to online marketing. Michael deployed a web application on Apache server. He would like to safeguard the deployed application from diverse types of web attacks by deploying ModSecurity WAF on Apache server. Which of the following command should Michael run to install ModSecurity WAF?. sudo apt install libapache2-mod-security2 –y. sudo apt install libapache2-mod-security2 –x. sudo apt install libapache2-mod-security2 –w. sudo apt install libapache2-mod-security2 –z.

Cindy Williams has recently joined an IT company as a DevSecOps engineer. She configured Bundle-Audit in Travis CI. Cindy detected vulnerability in Gemfile dependencies and resolved it by adding some line of codes. How does Bundler scan Gemfile.lock for insecure versions of gems?. By taking the information from the travis.yml file and comparing it with the known vulnerabilities. By taking the information from the Gemfile and comparing it with the unknown vulnerabilities. By taking the information from the Gemfile and comparing it with the known vulnerabilities. By taking the information from the travis.yml and comparing it with the unknown vulnerabilities.

Gabriel Jarret has been working as a senior DevSecOps engineer in an IT company located in Houston, Texas. He is using Vault to manage secrets and protect sensitive data. On February 1, 2022, Gabriel wrote the secret using vault kv put secret/wejskt command. On February 10, 2022, his team detected a brute-force attack using Splunk monitoring tool. Gabriel would like to delete the secrets in the vault that he wrote on February 1, 2022. Which of the following commands should Gabriel use to delete a secret in Vault secret management tool?. vault kv -delete secret/wejskt. vault kv del secret/wejskt. vault kv -del secret/wejskt. vault kv delete secret/wejskt.

Kevin Williamson is working as a DevSecOps engineer in an IT company located in Los Angles, California. His team has integrated Jira with Jenkins to view every issue on Jira, including the status of the latest build or successful deployment of the work to an environment. Which of the following can Kevin use to search issues on Jira?. Java query language. Structured query language. Atlassian query language. Jira query language.

Charles Rettig has been working as a DevSecOps engineer in an IT company that develops software and web applications for IoT devices. He integrated Burp Suite with Jenkins to detect vulnerabilities and evaluate attack vectors compromising web applications. Which of the following features offered by Burp Suite minimizes false positives and helps detect invisible vulnerabilities?. OAST. QAST. MAST. NAST.

Cheryl Hines has been working as a senior DevSecOps engineer over the past 5 years in an IT company. Due to the robust features offered by Keywhiz secret management tool such as compatibility with all software, untraceable secrets, no impact of power cut or server outage, etc., Cheryl’s organization is using it for managing and distributing secrets. To add a secret using Keywhiz CLI, which of the following commands should Cheryl use?. $ keywhiz.cli --devTrustStore --user keywhizAdmin login $ keywhiz.cli add secret --name mySecretName < mySecretFile. $ keywhiz.cli --devsecTrustStore --admin keywhizAdmin login $ keywhiz.cli add secret --name mySecretName < mySecretFile. $ keywhiz.cli --devTrustStore --admin keywhizAdmin login $ keywhiz.cli add secret --name mySecretName < mySecretFile. $ keywhiz.cli --DevSecTrustStore --user keywhizAdmin login $ keywhiz.cli add secret --name mySecretName < mySecretFile.

SNF Pvt. Ltd. is a software development company located in Denver, Colorado. The organization is using pytm, which is a Pythonic Framework for threat modeling, to detect security issues and mitigate them in advance. James Harden has been working as a DevSecOps engineer at SNF Pvt. Ltd. for the past 3 years. He has created a tm.py file that describes an application in which the user logs the app and posts the comments on the applications. These comments are stored by the application server in the database and AWS lambda cleans the database. Which of the following command James can use to generate a sequence diagram?. tm.py --seq | java -Djava.awt.headless=true -jar plantuml.jar -tpng -pipe > seq.png. tm.py --seq | java -djava.awt.headless=true -jar plantuml.jar -tpng -pipe > seq.png. tm.py --seq | java -Djava.awt.headless=true -jar plantum.jar -tpng -pipe > seq.png. tm.py --seq | java -djava.awt.headless=true -jar plantum.jar -tpng -pipe > seq.png.

Sarah Wright has recently joined a multinational company as a DevSecOps engineer. She has created a container and deployed a web application in it. Sarah would like to stop this container. Which of the following commands stop the running container created by Sarah Wright?. [root@574bac18f89d /]# kill. [root@574bac18f89d /]# exit. [root@574bac18f89d /]# clear. [root@574bac18f89d /]# stop.

Curtis Morgan has been working as a software developer in an MNC company. His team has developed a NodeJS application. While doing peer review of the NodeJS application, he observed that there are insecure libraries in the application. Therefore, he approached, Teresa Lisbon, who is working as a DevSecOps engineer, to detect the insecure libraries in the NodeJS application. Teresa used a SCA tool to find known vulnerabilities in JavaScript libraries for Node.JS applications and detected all the insecure libraries in the application. Which of the following tools did Teresa use for detecting insecure libraries in the NodeJS application?. Bandit. Bundler-Audit. Retire.js. Tenable.io.

Lisa Kramer carries an experience of 4 years as a DevSecOps engineer in an IT company. The software development team of her organization has developed a Ruby on Rails web application and would like to find vulnerabilities in Ruby dependencies. Therefore, the team leader of the software development team approached Lisa for help in this regard. Which of the following SCA tool should Lisa use to detect vulnerabilities in Ruby dependencies?. Bandit. Bundler-Audit. Retire.js. Tenable.io.

Gabriel Bateman has been working as a DevSecOps engineer in an IT company that develops virtual classroom software for online teaching. He would like to clone the BDD security framework on his local machine using the following URL, https://github.com/continuumsecurity/bdd-security.git. Which of the following command should Gabriel use to clone the BBD security framework?. github clone https://github.com/continumsecurity/bdd-security.git. git clone https://github.com/continuumsecurity/bdd-security.git. git clone https://github.com/continumsecurity/bdd-security.git. github clone https://github.com/continuumsecurity/bdd-security.git.