Eccouncil 312-97 Exam Questions Instant Access

Question 1

(Bruce Altman is a DevSecOps engineer at a web application development company named TechSoft Pvt. Ltd. Due to robust security features provided by Microsoft Azure, in January of 2020, his organization migrated all the workloads from on-prem to Azure. Using Terraform configuration management tool, Bruce created a resource group and virtual machine (VM) in Azure; he then deployed a web application in the VM. Within an hour, Bruce's team leader informed him that he detected various security issues in the application code and asked him to destroy the infrastructure that he has created in Microsoft Azure using Terraform. Which of the following commands can Bruce use to destroy the infrastructure created using Terraform?.)

Aterraform kill.

Bterraform destroy.

Cterraform kill-infra.

Dterraform destroy-infra.

Answer : B

Terraform provides the terraform destroy command to remove all infrastructure resources defined in the Terraform configuration files. This command safely tears down resources such as virtual machines, networks, and resource groups by consulting the state file and executing destruction in the correct dependency order. Commands like terraform kill, terraform kill-infra, and terraform destroy-infra do not exist in Terraform's CLI. Using terraform destroy during the Release and Deploy stage allows DevSecOps teams to quickly remediate risk by removing insecure or non-compliant infrastructure, reinforcing the importance of Infrastructure as Code and controlled lifecycle management.

Question 2

(Kevin Williamson has been working as a DevSecOps engineer in an MNC company for the past 5 years. In January of 2017, his organization migrated all the applications and data from on-prem to AWS cloud due to the robust security feature and cost-effective services provided by Amazon. His organization is using Amazon DevOps services to develop software products securely and quickly. To detect errors in the code and to catch bugs in the application code, Kevin integrated PHPStan into the AWS pipeline for static code analysis. What will happen if security issues are detected in the application code?.)

AThe integrated PHPStan into the AWS pipeline will invoke AWS CloudFormation to parse and send result to the security hub.

BThe integrated PHPStan into the AWS pipeline will invoke AWS Config to parse and send result to the security hub.

CThe integrated PHPStan into the AWS pipeline will invoke AWS Elastic BeanStalk to parse and send result to the security hub.

DThe integrated PHPStan into the AWS pipeline will invoke the AWS Lambda function to parse and send result to the security hub.

Answer : D

In AWS-based DevSecOps pipelines, static analysis tools such as PHPStan commonly send their results to AWS services through event-driven processing. When PHPStan detects security issues, the results are typically parsed and processed by an AWS Lambda function, which can transform findings and forward them to AWS Security Hub. CloudFormation is used for infrastructure provisioning, AWS Config evaluates configuration compliance, and Elastic Beanstalk is an application deployment service---none of these are suited for parsing and relaying scan results. Lambda functions provide a scalable and serverless way to handle scan outputs automatically. This integration ensures that security findings are centralized, visible, and actionable, aligning with secure automation practices during the Code stage.

Question 3

(Erica Mena has been working as a DevSecOps engineer in an IT company that provides customize software solutions to various clients across United States. To protect serverless and container applications with RASP, she would like to create an Azure container instance using Azure CLI in Microsoft PowerShell. She created the Azure container instance and loaded the container image to it. She then reviewed the deployment of the container instance. Which of the following commands should Erica run to get the logging information from the Azure container instance? (Assume the resource group name as ACI and container name as aci-test-closh.))

Aaz get container logs -resource-group ACI --name aci-test-closh.

Baz get container logs --resource-group ACI --name aci-test-closh.

Caz container logs -resource-group ACI -name aci-test-closh.

Daz container logs --resource-group ACI --name aci-test-closh.

Answer : D

Azure Container Instances provide built-in logging capabilities that can be accessed using the Azure CLI. To retrieve logs from a deployed container instance, the correct command is az container logs followed by the resource group and container name. The proper syntax requires double-dash parameters: --resource-group and --name. In Erica's case, the correct command is az container logs --resource-group ACI --name aci-test-closh. Options that use ''az get container logs'' are invalid because ''get'' is not a supported verb in this context. Option C uses incorrect single-dash flags, which do not match Azure CLI standards. Accessing container logs during the Code stage helps engineers validate application behavior, identify runtime errors, and ensure that security instrumentation such as RASP agents are functioning correctly before progressing further in the pipeline.

Question 4

(Scott Morrison is working as a senior DevSecOps engineer at SUTRE SOFT Pvt. Ltd. His organization develops software and applications for IoT devices. Scott created a user story; he then created abuser stories under the user story. After that, he created threat scenarios under the abuser story, and then he created test cases for the threat scenarios. After defining the YAML, Scott would like to push the user-story driven threat model to the ThreatPlaybook server. Which of the following command Scott should use?.)

Aplaybook apply feature -f < path to the yaml file > -t test-project.

Bplaybook apply feature -y < path to the yaml file > -p test-project.

Cplaybook apply feature -f < path to the yaml file > -p test-project.

Dplaybook apply feature -p < path to the yaml file > -t test-project.

Answer : C

ThreatPlaybook uses the playbook apply feature command to push user-story--driven threat models to the server. The -f flag specifies the path to the YAML file containing the defined user stories, abuser stories, and threat scenarios, while the -p flag specifies the target project. Option C correctly combines these parameters. The -y flag is invalid in this context, and options that misuse -t instead of -p do not correctly identify the project destination. Executing this command during the Plan stage enables teams to integrate threat modeling early, ensuring security risks are identified and addressed before development and deployment proceed.

Question 5

(William Scott has been working as a senior DevSecOps engineer at GlobalSec Pvt. Ltd. His organization develops software products related to mobile apps. William would like to exploit Jenkins using Metasploit framework; therefore, he downloaded Metasploit. He would like to initiate an Nmap scan by specifying the target IP to find the version of Jenkins running on the machine. Which of the following commands should William use to find the version of Jenkins running on his machine using Nmap?.)

ANmap -sN -sJ ''Target IP''.

BNmap -sJ -sN ''Target IP''.

CNmap -sS -sV ''Target IP''.

DNmap -sV -sS ''Target IP''.

Answer : D

To identify the version of a service running on a target system, Nmap uses the -sV option, which enables service version detection. The -sS flag specifies a TCP SYN scan, which is a common and efficient scanning method. Combining these two flags allows Nmap to discover open ports and accurately identify the service versions running on those ports, such as Jenkins. Options A and B reference invalid scan types (-sJ) and do not enable version detection. Option C includes the correct flags but places them in a less conventional order; however, the commonly accepted and documented usage is -sV -sS. Running this scan during the Operate and Monitor stage helps security teams understand exposed services and assess potential attack surfaces.

Question 6

(Jeremy Renner has been working as a senior DevSecOps engineer at an IT company that develops customized software to various customers stretched across the globe. His organization is using Microsoft Azure DevOps Services. Using an IaC tool, Jeremey deployed the infrastructure in Azure. He would like to integrate Chef InSpec with Azure to ensure that the deployed infrastructure is in accordance with the architecture and industrial standards and the security policies are appropriately implemented. Therefore, he downloaded and installed Chef InSpec. He used Azure CLI command for creating an Azure Service Principal with reader permission to the Azure resources, then he exported the generated credentials. After installation and configuration of Chef InSpec, he would like to create the structure and profile. Which of the following commands should Jeremy use to create a new folder jyren-azureTests with all the required artifacts for InSpec tests?)

Ainspec init prof jyren-azureTests.

Binspec init profile jyren-azureTests.

Cchef inspec init profile jyren-azureTests.

Dchef inspec init profile jyren-azureTests.

Answer : B

Chef InSpec provides a command-line interface for creating and executing compliance profiles. To initialize a new profile with the required directory structure, metadata file, and example controls, the correct command is inspec init profile . In Jeremy's case, running inspec init profile jyren-azureTests creates a new folder with all required artifacts needed to write and run Azure compliance tests. Options using prof are invalid abbreviations, and prefixing the command with chef is incorrect when using the InSpec CLI directly. Creating a structured InSpec profile during the Build and Test stage enables automated validation of infrastructure against architectural standards and security policies, supporting Infrastructure as Code security and continuous compliance practices.

Question 7

(Jordon Garrett is working as a DevSecOps engineer in an IT company situated in Chicago, Illinois. His team prefers to use PowerShell for utilizing Git hooks because Bash and Windows are not compatible for advanced executions. For calling PowerShell script from Bash shell, Jordon wrote a PowerShell script using pre-commit logic such as pre-commit.ps1 and then executed the following commands

#!C:/Program\ Files/Git/usr/bin/sh.exe

exec powershell.exe -NoProfile -ExecutionPolicy Bypass -File "..git\hooks\pre-commit.ps1"

How would Jordon know that the commit is successful?.)

AIf the code exits with 0, then the commit is successful.

BIf the code exits with 1, then the commit is successful.

CIf the code exits with 3, then the commit is successful.

DIf the code exits with 2, then the commit is successful.

Answer : A

Git hooks determine success or failure based on the exit code of the executed script. An exit code of 0 indicates successful execution, while any non-zero value signals failure and causes Git to abort the commit. In Jordon's setup, a Bash shell calls a PowerShell script to perform pre-commit checks. If the PowerShell script exits with code 0, Git interprets this as a successful hook execution and allows the commit to proceed. Exit codes such as 1, 2, or 3 indicate errors or policy violations and will block the commit. This mechanism ensures that security or quality checks enforced by the pre-commit hook must pass before code is committed. Using exit codes in this way is a standard and reliable approach in cross-platform DevSecOps automation during the Code stage.

Eccouncil EC-Council Certified DevSecOps Engineer (ECDE) 312-97 Exam Questions