Free Jun-2026 312-97 Dumps are Available for Instant Access
View All 312-97 Actual Exam Questions Answers and Explanations for Free
ECCouncil 312-97 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
NEW QUESTION # 57
(Katie Holmes is working as a DevSecOps engineer at SeCSafe Anti-virus. The DevOps team of her organization has developed a distributed application with multiple microservices. Katie deployed all the microservices to the Kubernetes nodes successfully. The DevOps team approached Katie and informed her that the application is not working. Katie wants to check whether the Kubernetes cluster is working or not.
Which of the following commands should Katie run step by step to verify that the Kubernetes is working?)
- A. kubectl version kubectl cluster-info.
- B. kube version kube cluster-info.
- C. kube-etcd version kube-etcd cluster-info.
- D. kubernetes version kubebernetes cluster-info.
Answer: A
Explanation:
Kubernetes clusters are managed and inspected using the kubectl command-line tool. To verify whether a Kubernetes cluster is functioning correctly, administrators commonly run kubectl version to confirm that both the client and server components are reachable and operational. This is followed by kubectl cluster-info, which displays information about the cluster's control plane and core services. These commands together confirm API server availability, cluster connectivity, and basic health status. The other options list invalid command names such as kube, kubernetes, or kube-etcd, which are not used for standard cluster validation.
Performing these checks during the Operate and Monitor stage helps quickly identify whether application issues stem from cluster-level problems or application-level misconfigurations. This supports faster troubleshooting and more reliable production operations.
========
NEW QUESTION # 58
(Charlotte Flair is a DevSecOps engineer at Egma Soft Solution Pvt. Ltd. Her organization develops software and applications related to supply chain management. Charlotte would like to integrate Sqreen RASP tool with Slack to monitor the application at runtime for malicious activities and block them before they can damage the application. Therefore, she created a Sqreen account and installed Sqreen Microagent. Now, she would like to install the PHP microagent. To do so, she reviewed the PHP microagent's compatibility, then she signed in to Sqreen account and noted the token in Notepad. Which of the following commands should Charlotte run in the terminal to install the PHP extension and the Sqreen daemon?.)
- A. curl -shttps://download.sqreen.com/php/install.sh> sqreen-install.sh \ && bash sqreen-install.sh
[CHARLOTTE'S ORG TOKEN HERE] "[ CHARLOTTE'S APP NAME HERE]". - B. curl -ihttps://download.sqreen.com/php/install.sh< sqreen-install.sh \ && bash sqreen-install.sh
[CHARLOTTE'S ORG TOKEN HERE] "[ CHARLOTTE'S APP NAME HERE]". - C. curl -shttps://download.sqreen.com/php/install.sh< sqreen-install.sh \ && bash sqreen-install.sh
[CHARLOTTE'S ORG TOKEN HERE] "[ CHARLOTTE'S APP NAME HERE]". - D. curl -ihttps://download.sqreen.com/php/install.sh> sqreen-install.sh \ && bash sqreen-install.sh
[CHARLOTTE'S ORG TOKEN HERE] "[ CHARLOTTE'S APP NAME HERE]".
Answer: A
Explanation:
The correct installation procedure for the Sqreen PHP microagent involves downloading the installer script and executing it with the organization token and application name. The curl -s option downloads the script silently, while the > redirection operator saves it locally as sqreen-install.sh. The script is then executed using bash, passing the required token and app name as parameters. Options using input redirection (<) are incorrect because they do not save the downloaded script to a file. The -i option includes HTTP headers in the output, which is unnecessary and could corrupt the script. Installing the microagent correctly enables runtime monitoring, attack detection, and automatic blocking, supporting strong runtime security during the Operate and Monitor stage.
========
NEW QUESTION # 59
(William Scott, after completing his graduation in computer science, joined an IT company as a DevSecOps engineer. His team leader has asked him to use GitHub Code Scanning for evaluating the source code in his organization's GitHub repository to detect security issues and coding errors. How can William set up coding scanning in GitHub repository?)
- A. By using Gauntlt.
- B. By using GitMiner.
- C. By using CodeQL.
- D. By using OWASP ZAP.
Answer: C
Explanation:
GitHub Code Scanning is a built-in security capability designed to automatically analyze source code for security vulnerabilities and coding errors. The primary and officially supported engine for GitHub Code Scanning isCodeQL. CodeQL works by converting source code into a database and running security queries to detect issues such as injection flaws, insecure coding patterns, and logic errors. William can enable CodeQL by configuring GitHub Actions with either the default or advanced CodeQL workflow. Once enabled, CodeQL scans are triggered on events such as code pushes and pull requests, and the results appear as code scanning alerts in the repository's Security tab. Gauntlt is a security testing harness used mainly for infrastructure and application testing, GitMiner is used to discover sensitive data like secrets in repositories, and OWASP ZAP is a dynamic application security testing tool used against running applications. None of these tools configure GitHub's native Code Scanning feature. Therefore, CodeQL is the correct tool to set up GitHub Code Scanning in the Code stage of a DevSecOps pipeline.
========
NEW QUESTION # 60
(Thomas Gibson has been working as a DevSecOps engineer in an IT company that develops software products and web applications related to law enforcement. To automatically execute a scan against the web apps, he would like to integrate InsightAppSec plugin with Jenkins. Therefore, Thomas generated a new API Key in the Insight platform. Now, he wants to install the plugin manually. How can Thomas install the InsightAppSec plugin manually in Jenkins?)
- A. By creating a .hpi file and uploading to his Jenkins installation.
- B. By creating a .conf file and uploading to his Jenkins installation.
- C. By creating a .war file and uploading to his Jenkins installation.
- D. By creating a .zip file and uploading to his Jenkins installation.
Answer: A
Explanation:
Jenkins plugins are distributed and installed as .hpi files. To manually install a plugin, administrators upload the .hpi file through the Jenkins Plugin Manager using the "Upload Plugin" option. This approach is commonly used in environments with restricted internet access or when custom plugin versions are required. .
war files are used for deploying the Jenkins application itself, not plugins, while .zip and .conf files are not recognized plugin formats. Installing the InsightAppSec plugin allows Jenkins pipelines to automatically trigger dynamic application security scans during the Build and Test stage. This integration ensures that web applications are continuously evaluated for vulnerabilities before deployment, supporting proactive security testing and risk reduction.
========
NEW QUESTION # 61
(Patrick Fisher is a DevSecOps engineer in an IT company that develops software products and web applications. He is using IAST to analyze code for security vulnerabilities and to view real-time reports of the security issues. Patrick is using IAST in development, QA, and production stages to detect the vulnerabilities from the early stage of development, reduce the remediation cost, and keep the application secure. How can IAST perform SAST on every line of code and DAST on every request and response?.)
- A. Because IAST has access to internal and external agents.
- B. Because IAST has access to offline and runtime environment.
- C. Because IAST has access to the code and HTTP traffic.
- D. Because IAST has access to server and local machine.
Answer: C
Explanation:
Interactive Application Security Testing (IAST) works by instrumenting the application at runtime, allowing it to observe both thesource code execution pathsand theHTTP requests and responsesflowing through the application. Because of this dual visibility, IAST can analyze every executed line of code (similar to SAST) while also monitoring real-time application behavior (similar to DAST). This unique capability enables highly accurate vulnerability detection with fewer false positives. The other options do not correctly explain how IAST achieves this hybrid analysis. Access to both code and HTTP traffic is what allows IAST to bridge static and dynamic testing techniques, making it highly effective across development, QA, and production environments.
========
NEW QUESTION # 62
(Peter Dinklage has been working as a senior DevSecOps engineer at SacramentSoft Solution Pvt. Ltd. He has deployed applications in docker containers. His team leader asked him to check the exposure of unnecessary ports. Which of the following commands should Peter use to check all the containers and the exposed ports?)
- A. docker ps --quiet | xargs docker inspect --all --format : Ports=.
- B. docker ps --quiet | xargs docker inspect --all --format ': Ports='.
- C. docker ps --quiet | xargs docker inspect --format ': Ports='.
- D. docker ps --quiet | xargs docker inspect --format : Ports.
Answer: C
Explanation:
To inspect exposed ports for running Docker containers, the recommended approach is to first retrieve container IDs using docker ps --quiet and then pass them to docker inspect. The --format option allows selective output of container configuration details, including port mappings. The command docker ps --quiet | xargs docker inspect --format ': Ports=' correctly extracts port information for each container. Options that include the --all flag or incorrect formatting are not valid for this inspection use case. Checking exposed ports is an important activity in the Operate and Monitor stage because unnecessary open ports increase the attack surface and may violate container security best practices. Regular inspection helps ensure that only required ports are exposed, supporting secure runtime operations.
========
NEW QUESTION # 63
(Richard Harris carries an experience of 5 years as a DevSecOps engineer. On February 1, 2022, he got the job of senior DevSecOps engineer in an IT company located Raleigh, North Carolina. He would like to trigger scan on each build in Jenkins, run customize scans for some specific vulnerabilities, fail the build process if a particular threat-level is reached, and generate reports automatically by integrating Acunetix DAST Tool with Jenkins. Richard installed Acunetix plugin successfully in Jenkins, after which he restarted Jenkins. He would like to find the path and install the certificate in Linux. Which of the following commands should Richard execute to find out the currently running Java binary in the Jenkins service?.)
- A. pc - aux | grep Jenkins.
- B. ac - aux | grep Jenkins.
- C. ps - aux | grep Jenkins.
- D. as - aux | grep Jenkins.
Answer: C
Explanation:
To identify the currently running Java binary used by Jenkins, administrators typically inspect the running processes on the Linux system. The command ps -aux | grep Jenkins lists all active processes and filters those related to Jenkins. This output includes details such as the user, process ID, and the full command line used to start Jenkins, which often contains the path to the Java executable. The other options reference invalid or nonexistent commands (pc, as, ac). Locating the Java binary is necessary when installing certificates into the correct Java keystore, which is required for secure communication between Jenkins and tools like Acunetix.
Performing this setup during the Build and Test stage ensures that DAST scans can run securely and reliably as part of automated pipelines.
========
NEW QUESTION # 64
(Jeremy Renner has been working as a senior DevSecOps engineer at an IT company that develops customized software to various customers stretched across the globe. His organization is using Microsoft Azure DevOps Services. Using an IaC tool, Jeremey deployed the infrastructure in Azure. He would like to integrate Chef InSpec with Azure to ensure that the deployed infrastructure is in accordance with the architecture and industrial standards and the security policies are appropriately implemented. Therefore, he downloaded and installed Chef InSpec. He used Azure CLI command for creating an Azure Service Principal with reader permission to the Azure resources, then he exported the generated credentials. After installation and configuration of Chef InSpec, he would like to create the structure and profile. Which of the following commands should Jeremy use to create a new folder jyren-azureTests with all the required artifacts for InSpec tests?)
- A. chef inspec init profile jyren-azureTests.
- B. chef inspec init profile jyren-azureTests.
- C. inspec init profile jyren-azureTests.
- D. inspec init prof jyren-azureTests.
Answer: C
Explanation:
Chef InSpec provides a command-line interface for creating and executing compliance profiles. To initialize a new profile with the required directory structure, metadata file, and example controls, the correct command is inspec init profile <profile-name>. In Jeremy's case, running inspec init profile jyren-azureTests creates a new folder with all required artifacts needed to write and run Azure compliance tests. Options using prof are invalid abbreviations, and prefixing the command with chef is incorrect when using the InSpec CLI directly.
Creating a structured InSpec profile during the Build and Test stage enables automated validation of infrastructure against architectural standards and security policies, supporting Infrastructure as Code security and continuous compliance practices.
========
NEW QUESTION # 65
(Terry Crews has been working as a DevSecOps engineer at an IT company that develops software products and web applications related to IoT devices. She integrated Sqreen RASP tool with Slack for sending notifications related to security issues to her team. How can Sqreen send notification alerts to Slack?)
- A. By creating a cookbook, defining a trigger, security response, and notification.
- B. By creating a playbook, defining a trigger, Alert a response, and notification.
- C. By creating a playbook, defining a trigger, security response, and notification.
- D. By creating a cookbook, defining a trigger, Alert a response, and notification.
Answer: C
Explanation:
Sqreen provides runtime application self-protection (RASP) capabilities that allow teams to detect and respond to security threats in real time. Sqreen uses a structured automation mechanism called aplaybookto define how security events are handled. A playbook consists of three key components: atriggerthat detects suspicious or malicious behavior, asecurity responsethat defines what action Sqreen should take (such as blocking a request or flagging an attack), and anotificationthat sends alerts to external systems like Slack.
The term "cookbook" is not used in Sqreen's alerting and response model, making options A and B incorrect.
Option C incorrectly uses the phrase "Alert a response" instead of "security response," which does not accurately describe Sqreen's configuration model. By using playbooks, Sqreen enables automated detection, response, and team notification during the Operate and Monitor stage, ensuring rapid awareness and collaboration when security incidents occur.
========
NEW QUESTION # 66
(Richard Branson has been working as a DevSecOps engineer in an IT company that develops apps for Android mobiles. To manage the secret information of an application in various phases of development lifecycle and to provide fine-grained access to each secret, he would like to integrate HashiCorp Vault with Jenkins. To access the vault from Jenkins, Richard installed hashicorp-vault-plugin and ran a vault instance; he then selected the AppRole authentication method, which allows apps to access vault with a predefined role.
Which of the following commands should Richard use to enable AppRole authentication?)
- A. auth vault enable approle.
- B. vault auth enable approle.
- C. enable vault auth approle.
- D. enable auth vault approle.
Answer: B
Explanation:
HashiCorp Vault enables authentication mechanisms using the vault auth enable command followed by the name of the authentication method. To enable AppRole authentication, the correct command is vault auth enable approle. AppRole is specifically designed for machine-to-machine authentication, making it ideal for CI/CD tools like Jenkins. It allows applications to authenticate securely using role IDs and secret IDs instead of static credentials. The other options do not follow Vault CLI syntax and would result in command errors.
Enabling AppRole during the Build and Test stage ensures that secrets are accessed securely and dynamically, supporting least-privilege access control and reducing the risk of credential leakage across the DevSecOps pipeline.
NEW QUESTION # 67
(Richard Branson has been working as a DevSecOps engineer in an IT company since the past 7 years. He has launched an application in a container one month ago. Recently, he modified the container and would like to commit the changes to a new image. Which of the following commands should Branson use to save the current state of the container as a new image?.)
- A. container push.
- B. docker push.
- C. container commit.
- D. docker commit.
Answer: D
Explanation:
The docker commit command is used to create a new Docker image from the current state of a running or stopped container. This is useful when changes have been made interactively inside a container and need to be preserved as a reusable image. Commands such as docker push are used to upload images to a registry, not to create them, and container commit or container push are not valid Docker CLI commands. While docker commit can be helpful for quick snapshots or debugging, it is generally recommended to use Dockerfiles for reproducible builds in production pipelines. In the Build and Test stage, understanding docker commit helps DevSecOps engineers capture container changes for analysis, testing, or troubleshooting.
========
NEW QUESTION # 68
(Curtis Morgan has been working as a software developer in an MNC company. His team has developed a NodeJS application. While doing peer review of the NodeJS application, he observed that there are insecure libraries in the application. Therefore, he approached, Teresa Lisbon, who is working as a DevSecOps engineer, to detect the insecure libraries in the NodeJS application. Teresa used a SCA tool to find known vulnerabilities in JavaScript libraries for Node.JS applications and detected all the insecure libraries in the application. Which of the following tools did Teresa use for detecting insecure libraries in the NodeJS application?)
- A. Retire.js.
- B. Tenable.io.
- C. Bundler-Audit.
- D. Bandit.
Answer: A
Explanation:
Retire.js is a Software Composition Analysis (SCA) tool designed specifically to identify known vulnerabilities in JavaScript libraries used in web and NodeJS applications. It scans dependencies and compares detected versions against a vulnerability database to identify insecure libraries. Bandit is a static analysis tool for Python, Bundler-Audit is used for Ruby dependencies, and Tenable.io focuses on infrastructure and vulnerability management rather than JavaScript libraries. Using Retire.js during the Code stage allows DevSecOps teams to identify insecure third-party dependencies early, reducing the likelihood of vulnerable libraries being deployed into production. This supports shift-left security and strengthens the application's overall security posture.
========
NEW QUESTION # 69
(Frances Fisher joined TerraWolt Pvt. Ltd. as a DevSecOps engineer in 2020. On February 1, 2022, his organization became a victim of cyber security attack. The attacker targeted the network and application vulnerabilities and compromised some important functionality of the application. To secure the organization against similar types of attacks, Franches used a flexible, accurate, low maintenance vulnerability management and assessment solution that continuously scans the network and application vulnerabilities and provides daily updates and specialized testing methodologies to catch maximum detectable vulnerabilities.
Based on the above-mentioned information, which of the following tools is Frances using?)
- A. SonarQube.
- B. Black Duck.
- C. Shadow Daemon.
- D. BeSECURE.
Answer: D
Explanation:
BeSECURE is a vulnerability management and assessment solution designed for continuous scanning of both network and application vulnerabilities. It emphasizes flexibility, accuracy, low maintenance overhead, and frequent updates to vulnerability detection mechanisms. These characteristics align directly with the scenario described, where the organization requires continuous scanning, daily updates, and specialized testing methodologies to detect a wide range of vulnerabilities. SonarQube focuses on static code quality and security analysis during development, Black Duck is primarily used for open-source software composition analysis, and Shadow Daemon is a web application firewall rather than a comprehensive vulnerability management solution. Using BeSECURE during the Operate and Monitor stage allows organizations to maintain ongoing visibility into their security posture, detect new vulnerabilities as they emerge, and reduce the likelihood of repeat attacks by addressing weaknesses proactively.
========
NEW QUESTION # 70
(Timothy Dalton has been working as a senior DevSecOps engineer in an IT company located in Auburn, New York. He would like to use Jenkins for CI and Azure Pipelines for CD to deploy a Java-based app to an Azure Container Service (AKS) Kubernetes cluster. Before deploying Azure Kubernetes Service (AKS) Cluster, Timothy wants to create a Resource group named Jenkins in southindia location. Which of the following commands should Timothy run?.)
- A. az group create --name Jenkins --location southindia.
- B. azure group create --n Jenkins --loc southindia.
- C. azure group create --name Jenkins --location southindia.
- D. az grp create --n Jenkins --loc southindia.
Answer: A
Explanation:
Azure resource groups are created using the Azure CLI command az group create. The --name parameter specifies the resource group name, and --location defines the Azure region. Option A uses the correct CLI prefix (az), command group (group create), and valid parameters. Options B, C, and D are incorrect due to invalid command abbreviations or incorrect CLI prefixes (azure instead of az). Creating a resource group is a foundational step in the Release and Deploy stage, as it provides a logical container for AKS clusters, networking components, and related resources, enabling organized, secure, and manageable deployments.
NEW QUESTION # 71
(Dustin Hoffman has been working as a DevSecOps engineer in an IT company located in San Diego, California. For detecting new security vulnerabilities at the beginning of the source code development, he would like to integrate Checkmarx SCA tool with GitLab. The Checkmarx template has all the jobs defined for pipeline. Where should Dustin incorporate the Checkmarx template file 'https://raw.githubusercontent.com
/checkmarx-ltd/cx-flow/develop/templates/gitlab/v3/Checkmarx.gitlab-ci.yml'?)
- A. gitlab-ci/cd.yml root directory.
- B. gitlab.yml root directory.
- C. gitlab-cd.yml root directory.
- D. gitlab-ci.yml root directory.
Answer: D
Explanation:
GitLab CI/CD pipelines are defined using a configuration file namedgitlab-ci.yml, which must be placed in the root directory of the repository. This file controls pipeline stages, jobs, and template inclusions. To integrate Checkmarx SCA using a predefined template, the template reference must be included in the root- level gitlab-ci.yml file so GitLab can load and execute the defined jobs automatically. The other filenames listed in the options are not recognized by GitLab as valid pipeline configuration files. Integrating SCA at the Code stage allows early detection of vulnerable open-source dependencies, reducing remediation cost and preventing insecure components from progressing further in the DevSecOps pipeline.
NEW QUESTION # 72
(Helena Luke has been working as a DevSecOps engineer in an IT company located in Denver, Colorado. To seamlessly secure source code during build time and enhance the runtime protection functionalities to the source code, she would like to integrate Jscrambler with GitLab. Therefore, she selected a predefined template and successfully downloaded the Jscrambler configuration file. She then placed the file in the project's root folder and renamed it as .jscramblerrc. To prevent the exposure of sensitive information, she opened the Jscrambler configuration file and removed the access and secret keys from it. In which of the following formats does the Jscrambler configuration file exist?.)
- A. XML.
- B. YAML.
- C. JSON.
- D. HTML.
Answer: C
Explanation:
The Jscrambler configuration file .jscramblerrc is written inJSON format. JSON is widely used for configuration because it is lightweight, human-readable, and easily parsed by tools in CI/CD pipelines.
Removing access and secret keys from this file is a recommended security practice to prevent credential leakage when the repository is shared or stored in version control. Instead, credentials are typically injected through environment variables or secure CI/CD secrets. XML, YAML, and HTML are not the formats used by Jscrambler for its primary configuration file. Using JSON-based configuration during the Code stage allows consistent integration with GitLab pipelines while maintaining secure handling of sensitive data.
========
NEW QUESTION # 73
......
The Most In-Demand 312-97 Pass Guaranteed Quiz : https://itcertspass.itcertmagic.com/ECCouncil/real-312-97-exam-prep-dumps.html