Eccouncil 312-97 Exam Questions Instant Access

Question 1

(Rahul Mehta is working as a DevSecOps engineer in an IT company that develops cloud-native web applications. His organization follows a strict DevSecOps practice and wants to ensure that third-party open-source dependencies used in the application do not introduce known security vulnerabilities. Rahul decided to integrate a Software Composition Analysis (SCA) tool into the CI pipeline so that every build is automatically scanned. During one of the builds, the SCA tool detects a critical vulnerability in a transitive dependency. What should ideally happen in a mature DevSecOps pipeline when such a critical vulnerability is detected at build time?.)

AThe pipeline should log the vulnerability details and continue the build to avoid delivery delays.

BThe pipeline should notify the security team and continue with deploy-time checks.

CThe pipeline should fail the build and prevent the artifact from progressing further.

DThe pipeline should ignore transitive dependencies and only scan direct dependencies.

Answer : C

In a mature DevSecOps pipeline, security controls are enforced as gates, not merely as informational checks. When an SCA tool detects a critical vulnerability in a dependency---whether direct or transitive---the correct response at the Build and Test stage is to fail the build. This prevents vulnerable artifacts from moving forward into later stages such as deployment or production, where remediation would be more expensive and risky. Allowing the build to continue, even with notifications, contradicts the shift-left security principle. Ignoring transitive dependencies is also dangerous, as many real-world vulnerabilities originate from indirect libraries. Failing the build forces developers to remediate the issue immediately by upgrading, replacing, or mitigating the vulnerable dependency. This approach reduces attack surface, enforces accountability, and ensures that only secure artifacts are released. Therefore, stopping the pipeline upon detection of critical vulnerabilities reflects a strong DevSecOps maturity model and effective security governance.

Question 2

(Joe Adler has recently been offered a job as a DevSecOps engineer in an IT company that develops software products and web applications for the healthcare industry. He would like to implement DevSec Hardening Framework to add a layer into the automation framework that configures operating systems and services and takes care of difficult settings, compliance guidelines, cryptography recommendations, and secure defaults. To apply DevSec Hardening Framework to the machine, he scanned the machine using Nessus scanning tool; he then checked the compliance results before using DevSec Hardening Framework. Which of the following commands should Joe use to run DevSec Hardening Framework?.)

AChef-solo -c solo.rb -j solo.json.

BChef-solo -m solo.rb -h solo.json.

CChef-solo -j solo.rb -c solo.json.

DChef-solo -h solo.rb -m solo.json.

Answer : A

The DevSec Hardening Framework is commonly implemented using Chef, and it is executed locally using the chef-solo command. The -c flag specifies the configuration file (solo.rb), and the -j flag specifies the JSON attributes file (solo.json). Option A correctly uses both required parameters in the proper format. The other options incorrectly swap or misuse flags that are not supported by Chef-solo. Running this command applies secure configurations, compliance controls, and cryptographic standards to the target system. Executing DevSec Hardening Framework during the Operate and Monitor stage ensures that systems remain secure, compliant, and resilient against misconfiguration-based attacks.

Question 3

(Sarah Wright has recently joined a multinational company as a DevSecOps engineer. She has created a container and deployed a web application in it. Sarah would like to stop this container. Which of the following commands stop the running container created by Sarah Wright?)

A[root@574bac18f89d /]# kill.

B[root@574bac18f89d /]# exit.

C[root@574bac18f89d /]# clear.

D[root@574bac18f89d /]# stop.

Answer : B

When working inside an interactive Docker container session, the container continues running as long as its primary foreground process is active. Executing the exit command terminates the shell session, which in turn stops the container if no other foreground processes are running. The kill command requires a process identifier and is not used in this context, while clear simply clears the terminal screen and does not affect container execution. The stop command is not a valid shell command inside a container. Properly stopping containers during the Operate and Monitor stage helps free system resources, prevent unintended service exposure, and maintain a clean runtime environment. This practice aligns with container lifecycle management best practices and reduces operational risk.

Question 4

(Brett Ryan has been working as a senior DevSecOps engineer in an IT company in Charleston, South Carolin

a. He is using git-mutimail tool to send email notification for every push to git repository. By default, the tool will send one output email providing details about the reference change and one output email for every new commit due to a reference change. How can Brett ensure that git-multimail is set up appropriately?)

ARunning the environmental variable GITHUB_MULTIMAIL_CHECK_SETUP by setting it to non-empty string.

BRunning the environmental variable GIT_MULTIMAIL_CHECK_SETUP by setting it to empty string.

CRunning the environmental variable GIT_MULTIMAIL_CHECK_SETUP by setting it to non-empty string.

DRunning the environmental variable GITHUB_MULTIMAIL_CHECK_SETUP by setting it to empty string.

Answer : C

The git-multimail tool provides a mechanism to verify whether it has been installed and configured correctly before being relied upon for production notifications. This verification is done using an environment variable named GIT_MULTIMAIL_CHECK_SETUP. When this variable is set to a non-empty string, git-multimail performs a setup validation and outputs diagnostic information to confirm that configuration values, hooks, and parameters are correctly defined. This helps prevent silent failures where commits occur but email notifications are not sent. Options that reference GITHUB_MULTIMAIL_CHECK_SETUP are incorrect because git-multimail is not limited to GitHub and does not use that variable name. Additionally, setting the variable to an empty string does not trigger the setup check. Ensuring proper configuration during the Code stage is important because it supports auditability, traceability, and timely communication among development and security teams. Therefore, Brett must run the environment variable GIT_MULTIMAIL_CHECK_SETUP with a non-empty value to ensure the tool is set up appropriately.

Question 5

(William Friedkin has been working as a DevSecOps engineer in an IT company for the past 3 years. His team leader has asked him to validate the host configuration that runs the Docker containers and perform security checks at the container level by implementing Docker's CIS Benchmark Recommendations. Therefore, William would like to integrate Docker Bench with Jenkins to incorporate security testing in DevOps workflow and secure the Docker Container. Before starting the procedure, he would like to install openssh on Ubuntu. Which of the following command should William run to install openssh on Ubuntu?)

Asudo apt-get -s install openssh-server.

Bsudo apt.get install openssh-server.

Csudo apt-get install openssh-server.

Dsudo apt.get -s install openssh-server.

Answer : C

Ubuntu systems use the Advanced Package Tool (APT) for installing and managing software packages. The correct syntax for installing a package is sudo apt-get install . In this case, the OpenSSH server package required for secure remote access is named openssh-server, making sudo apt-get install openssh-server the correct command. Options using apt.get are invalid because the command syntax is incorrect. Options that include the -s flag only simulate the installation process and do not actually install the package. Installing OpenSSH is often required when integrating Docker Bench with Jenkins, as it enables secure communication and remote execution of compliance checks. Performing this setup during the Build and Test stage ensures that container hosts comply with Docker CIS Benchmark recommendations, helping organizations identify misconfigurations and security weaknesses early in the pipeline.

Question 6

(Peter McCarthy is working in TetraVerse Soft Solution Pvt. Ltd. as a DevSecOps engineer. His organization develops customized software products and web applications. To develop software products quickly and securely, his organization has been using AWS cloud-based services, including AWS DevOps services. Peter would like to use CloudMapper to examine the AWS cloud environment and perform auditing for security issues. Which of the following privileges should Peter possess in order to collect information about the AWS account?.)

Aarn:aws:iam::aws:policy/SecurityAudit arn:aws:iam::aws:policy/job-function/ViewOnlyAccess.

Barn:aws:iam::aws:policy/SecurityCheck arn:aws:iam::aws:policy/job-function/ViewOnlyAccess:: EditOnlyAccess.

Carn:aws:iam::aws:policy/SecurityAudit::SecurityCheck arn:aws:iam::aws:policy/job-role/ViewOnlyAccess:: EditOnlyAccess.

Darn:aws:iam::aws:policy/AWSLambdaFullAccess arn:aws:iam::aws:policy/job-role/ViewOnlyAccess.

Answer : A

CloudMapper requires read-only access to AWS resources in order to collect metadata, visualize architectures, and perform security analysis without modifying infrastructure. The AWS-managed policy SecurityAudit provides permissions to view security-related configuration across services, while ViewOnlyAccess allows read-only access to AWS resources more broadly. Together, these policies enable CloudMapper to gather comprehensive information about the AWS environment without granting write privileges. The other options either reference invalid policy names, incorrect formatting, or excessive permissions such as AWSLambdaFullAccess, which are unnecessary and violate least-privilege principles. Granting SecurityAudit and ViewOnlyAccess aligns with secure auditing practices during the Operate and Monitor stage.

Question 7

(Lisa Kramer carries an experience of 4 years as a DevSecOps engineer in an IT company. The software development team of her organization has developed a Ruby on Rails web application and would like to find vulnerabilities in Ruby dependencies. Therefore, the team leader of the software development team approached Lisa for help in this regard. Which of the following SCA tool should Lisa use to detect vulnerabilities in Ruby dependencies?)

ABandit.

BBundler-Audit.

CRetire.js.

DTenable.io.

Answer : B

Bundler-Audit is an SCA tool designed specifically for Ruby applications. It analyzes the Gemfile and Gemfile.lock to identify dependencies and checks them against known vulnerability databases. Bandit is intended for Python code analysis, Retire.js targets JavaScript libraries, and Tenable.io focuses on infrastructure-level vulnerabilities. By using Bundler-Audit during the Code stage, DevSecOps teams can detect vulnerable Ruby gems early and ensure that only secure dependencies are used. This reduces the risk of exploiting known vulnerabilities in third-party libraries and supports secure dependency management throughout the development lifecycle.

Eccouncil EC-Council Certified DevSecOps Engineer (ECDE) 312-97 Exam Questions