Question 1

(Jason Barry has been working as a DevSecOps engineer in an IT company that develops software products and applications for ecommerce companies. During the build-time check, Jason discovered SQL injection and XXS security issues in the application code. What action does the build-time check perform on the application code?.)

Options :

A : It will ignore the security issue and continue the build process.

B : It will send a message to issue and project management tool and continue with deploy-time check.

C : It will send an alert to SIEM and continue with test-time check.

D : It will stop the build process.

Answer: D

Question 2

(Jordon Garrett is working as a DevSecOps engineer in an IT company situated in Chicago, Illinois. His team prefers to use PowerShell for utilizing Git hooks because Bash and Windows are not compatible for advanced executions. For calling PowerShell script from Bash shell, Jordon wrote a PowerShell script using pre-commit logic such as pre-commit.ps1 and then executed the following commands #!C:/Program\ Files/Git/usr/bin/sh.exe exec powershell.exe -NoProfile -ExecutionPolicy Bypass -File "..git\hooks\pre-commit.ps1" How would Jordon know that the commit is successful?.)

Options :

A : If the code exits with 0, then the commit is successful.

B : If the code exits with 1, then the commit is successful.

C : If the code exits with 3, then the commit is successful.

D : If the code exits with 2, then the commit is successful.

Answer: A

Question 3

(Charles Rettig has been working as a DevSecOps engineer in an IT company that develops software and web applications for IoT devices. He integrated Burp Suite with Jenkins to detect vulnerabilities and evaluate attack vectors compromising web applications. Which of the following features offered by Burp Suite minimizes false positives and helps detect invisible vulnerabilities?)

Options :

A : OAST.

B : QAST.

C : MAST.

D : NAST.

Answer: A

Question 4

(Matt LeBlanc has been working as a DevSecOps engineer in an IT company that develops software products and web applications for IoT devices. His team leader has asked him to use GitRob tool to find sensitive data in the organizational public GitHub repository. To install GitRob, Matt ensured that he has correctly configured Go >= 1.8 environment and that $GOPATH/bin is in his $PATH. The GitHub repository URL from which he is supposed to install the tool is https://github.com/michenriksen/gitrob. Which of the following command should Matt use to install GitRob?.)

Options :

A : $ go get github.com/michenriksen/gitrob.

B : $ go get gitrob github.com/michenriksen/gitrob.

C : $ go git github.com/michenriksen/gitrob.

D : $ go git gitrob github.com/michenriksen/gitrob.

Answer: A

Question 5

(SinCaire is a software development company that develops web applications for various clients. To measure the successful implementation of DevSecOps, the organization enforced U.S. General Service Administrator (GSA) high-value DevSecOps metrics. Which of the following metrics implemented by SinCaire can measure the time between the code commit and production, and tracks the bug fix and new features throughout the development, testing, and production phases?)

Options :

A : Mean time to recovery (for applications).

B : Change volume (for application).

C : Time to value.

D : Change lead time (for application).

Answer: D

Higher Test Marks with Free Online ECDE Exam Practice

Buying Options: