(Alexander Hamilton has been working as a senior DevSecOps engineer in an IT company located in Greenville, South Carolina. In January of 2012, his organization because a victim of a cyber security attack and incurred a tremendous loss. Alexander’s organization immediately adopted AWS cloud-based services after the attack to develop robust software products securely and quickly. To detect security issues in code review, Alexander would like to integrate SonarQube with AWS Pipeline; therefore, he created a pipeline in AWS using CloudFormation pipeline template. Then, he selected SonarQube tool from the tools dropdown, provided the required stack parameters, and also provided email address for receiving email notifications of changes in pipeline status and approvals. He deployed the pipeline after entering the required information. What will happen when changes are committed in the application repository?.)

(William Scott, after completing his graduation in computer science, joined an IT company as a DevSecOps engineer. His team leader has asked him to use GitHub Code Scanning for evaluating the source code in his organization’s GitHub repository to detect security issues and coding errors. How can William set up coding scanning in GitHub repository?)

(Kevin Ryan has been working as a DevSecOps engineer in an MNC company that develops various software products and web applications. For easy management of secret credentials in CI/CD pipeline, he would like to integrate Azure Key Vault with Jenkins. Therefore, he created an Azure Key Vault, noted down the credentials displayed on the screen, and created a secret in Azure Key Vault. Then, he used the secret key from the credentials obtained from creating the vault. Kevin went back to Jenkins and installed Azure Key Vault plugin. Then, he navigated to Configure System under Manage Jenkins and added the URL for Azure Key Vault. How can Kevin complete the integration of Azure Key Vault with Jenkins?.)

(Sandra Oliver joined SinClare Soft Pvt. Ltd. as a DevSecOps engineer in January of 2010. Her organization develops software and web applications related to the healthcare industry. Using IAST runtime security testing technology, she is detecting and diagnosing security issues in applications and APIs. The IAST solution used by Sandra encompasses a web scanner with an agent that works inside the server that hosts the application to provide additional analysis details such as the location of the vulnerability in the application code. Based on the given information, which of the following IAST solutions is Sandra using?)

(Richard Harris carries an experience of 5 years as a DevSecOps engineer. On February 1, 2022, he got the job of senior DevSecOps engineer in an IT company located Raleigh, North Carolina. He would like to trigger scan on each build in Jenkins, run customize scans for some specific vulnerabilities, fail the build process if a particular threat-level is reached, and generate reports automatically by integrating Acunetix DAST Tool with Jenkins. Richard installed Acunetix plugin successfully in Jenkins, after which he restarted Jenkins. He would like to find the path and install the certificate in Linux. Which of the following commands should Richard execute to find out the currently running Java binary in the Jenkins service?.)

(Robin Tunney has been working as a DevSecOps engineer in an IT company located in Charleston, South Carolina. She would like to build a customized docker image using HashiCorp Packer. Therefore, she installed Packer and created a file docker-ubuntu.pkr.hcl; she then added HCL block to it and saved the file. Which of the following commands should Robin execute to build the Docker image using Packer?)

(Joe Adler has recently been offered a job as a DevSecOps engineer in an IT company that develops software products and web applications for the healthcare industry. He would like to implement DevSec Hardening Framework to add a layer into the automation framework that configures operating systems and services and takes care of difficult settings, compliance guidelines, cryptography recommendations, and secure defaults. To apply DevSec Hardening Framework to the machine, he scanned the machine using Nessus scanning tool; he then checked the compliance results before using DevSec Hardening Framework. Which of the following commands should Joe use to run DevSec Hardening Framework?.)

(Sarah Wheeler is an experienced DevSecOps engineer. She recently joined an IT company that develops software products for customers stretched across the globe. Sarah would like to use a security testing tool that protects the application from false positives, network sniffing, tampering with code, etc. The tool should monitor the incoming traffic to the server and APIs for suspicious activities and help her team in remediating them during runtime. Which of the following tools should Sarah select that will help her team in precisely detecting and remediating the security issues in the application code during runtime?.)

(Bruce Altman is a DevSecOps engineer at a web application development company named TechSoft Pvt. Ltd. Due to robust security features provided by Microsoft Azure, in January of 2020, his organization migrated all the workloads from on-prem to Azure. Using Terraform configuration management tool, Bruce created a resource group and virtual machine (VM) in Azure; he then deployed a web application in the VM. Within an hour, Bruce’s team leader informed him that he detected various security issues in the application code and asked him to destroy the infrastructure that he has created in Microsoft Azure using Terraform. Which of the following commands can Bruce use to destroy the infrastructure created using Terraform?.)

(Rachel McAdams has been working as a senior DevSecOps engineer in an IT company for the past 5 years. Her organization embraced AWS cloud service due to robust security and cost-effective features offered by it. To take proactive decisions related to the security issues and to minimize the overall security risk, Rachel integrated ThreatModeler with AWS. ThreatModeler utilizes various services in AWS to produce a robust threat model. How can Rachel automatically generate the threat model of her organization’s current AWS environment in ThreatModeler?.)

(George Lennon is working as at InfoWorld Pvt. Solution as a DevSecOps engineer. His colleague, Sarah Mitchell, is a senior software developer. George told her to participate in a bug bounty program conducted by AWS for python and Java code developers. He informed Sarah that the challenge is a fun-based solution for bashing bugs, encouraging team building, and bringing friendly competition to enhance the quality of the code and application performance. Acting on George’s advice, Sarah participated in the bug bounty program and scored the highest points in the challenge, and she received a reward of $10,000. Based on the given information, which of the following bug bounty programs did Sarah participate?.)

(Rachel Maddow has been working at RuizSoft Solution Pvt. Ltd. for the past 7 years as a senior DevSecOps engineer. To develop software products quickly and securely, her organization has been using AWS DevOps services. On January 1, 2022, the software development team of her organization developed a spring boot application with microservices and deployed it in AWS EC2 instance. Which of the following AWS services should Rachel use to scan the AWS workloads in EC2 instance for security issues and unintended network exposures?.)

(Alex Hales recently joined TAVR Software Solution Pvt. Ltd. As a DevSecOps engineer. To automatically detect security loopholes in the web applications while building and testing them, he integrated OWASP ZAP DAST Plugin with Jenkins. How can Alex uniquely identify every build in the project?.)

(Peter McCarthy is working in TetraVerse Soft Solution Pvt. Ltd. as a DevSecOps engineer. His organization develops customized software products and web applications. To develop software products quickly and securely, his organization has been using AWS cloud-based services, including AWS DevOps services. Peter would like to use CloudMapper to examine the AWS cloud environment and perform auditing for security issues. Which of the following privileges should Peter possess in order to collect information about the AWS account?.)

(Jordon Garrett is working as a DevSecOps engineer in an IT company situated in Chicago, Illinois. His team prefers to use PowerShell for utilizing Git hooks because Bash and Windows are not compatible for advanced executions. For calling PowerShell script from Bash shell, Jordon wrote a PowerShell script using pre-commit logic such as pre-commit.ps1 and then executed the following commands

#!C:/Program\ Files/Git/usr/bin/sh.exe

exec powershell.exe -NoProfile -ExecutionPolicy Bypass -File "..git\hooks\pre-commit.ps1"

How would Jordon know that the commit is successful?.)

(Terry Diab has been working as a DevSecOps engineer in an IT company that develops software products and web applications for a call center. She would like to integrate Snyk with AWS CodeCommit to monitor and remediate vulnerabilities in the code repository. Terry pushed code to AWS CodeCommit; this triggered Amazon EventBridge Rule, which then triggered AWS CodePipeline. AWS CodePipeline passed code to Snyk CLI run. Who among the following interacts with Snyk CLI and sends the results to Snyk UI?)

(Matt LeBlanc has been working as a DevSecOps engineer in an IT company that develops software products and web applications for IoT devices. His team leader has asked him to use GitRob tool to find sensitive data in the organizational public GitHub repository. To install GitRob, Matt ensured that he has correctly configured Go >= 1.8 environment and that $GOPATH/bin is in his $PATH. The GitHub repository URL from which he is supposed to install the tool ishttps://github.com/michenriksen/gitrob . Which of the following command should Matt use to install GitRob?.)

(Judi Dench has recently joined an IT company as a DevSecOps engineer. Her organization develops software products and web applications related to electrical engineering. Judi would like to use Anchore tool for container vulnerability scanning and Software Bill of Materials (SBOM) generation. Using Anchore grype, she would like to scan the container images and file systems for known vulnerabilities, and would like to find vulnerabilities in major operating system packages such as Alpine, CentOS, Ubuntu, etc. as well as language specific packages such as Ruby, Java, etc. Which of the following commands should Judi run to scan for vulnerabilities in the image using grype?)

(Terry Crews has been working as a DevSecOps engineer at an IT company that develops software products and web applications related to IoT devices. She integrated Sqreen RASP tool with Slack for sending notifications related to security issues to her team. How can Sqreen send notification alerts to Slack?)

(Curtis Morgan is working as a DevSecOps engineer at Orchid Pvt. Ltd. His organization develops online teaching software. Beth McCarthy is working in a software development team, and she requested Curtis to help her in making pre-commit hooks executable on her local machine. Curtis went through the “repo.git\hooks” directory and removed the “.sample” extension from “pre-commit.sample” file by using “chmod +x filename” command and made the pre-commit hook executable on Beth’s local machine. On the next day while developing the code for the software product, Beth accidentally committed the code with sensitive information. What will be the result of this commit?.)

(Scott Adkins has recently joined an IT company located in New Orleans, Louisiana, as a DevSecOps engineer. He would like to build docker infrastructure using Terraform; therefore, he has created a directory named terraform-docker-container. He then changed into the directory using the command: cd terraform-docker-container. Now, Scott wants to create a file to define the infrastructure. Which of the following commands should Scott use to create a file to define the infrastructure?)

(Erica Mena has been working as a DevSecOps engineer in an IT company that provides customize software solutions to various clients across United States. To protect serverless and container applications with RASP, she would like to create an Azure container instance using Azure CLI in Microsoft PowerShell. She created the Azure container instance and loaded the container image to it. She then reviewed the deployment of the container instance. Which of the following commands should Erica run to get the logging information from the Azure container instance? (Assume the resource group name as ACI and container name as aci-test-closh.))

(Peter Dinklage has been working as a senior DevSecOps engineer at SacramentSoft Solution Pvt. Ltd. He has deployed applications in docker containers. His team leader asked him to check the exposure of unnecessary ports. Which of the following commands should Peter use to check all the containers and the exposed ports?)

(Dustin Hoffman has been working as a DevSecOps engineer in an IT company located in San Diego, California. For detecting new security vulnerabilities at the beginning of the source code development, he would like to integrate Checkmarx SCA tool with GitLab. The Checkmarx template has all the jobs defined for pipeline. Where should Dustin incorporate the Checkmarx template file ‘https://raw.githubusercontent.com/checkmarx-ltd/cx-flow/develop/templates/gitlab/v3/Checkmarx.gitlab-ci.yml’?)

(Orange International Pvt. Ltd. is an IT company that develops software products and web applications for Android phones. The organization recognizes the importance of secure coding principles and would like to enforce it. Therefore, Orange International Pvt. Ltd. established access management, avoided reinventing the wheel, secured the weak links, implemented in-depth defense, and reduced third-party involvement in the application. Based on the above-mentioned information, which of the following secure coding principles is achieved by the organization?.)

(Debra Aniston is a DevSecOps engineer in an IT company that develops software products and web applications. Her team has found various coding issues in the application code. Debra would like to fix coding issues before they exist. She recommended a DevSecOps tool to the software developer team that highlights bugs and security vulnerabilities with clear remediation guidance, which helps in fixing security issues before the code is committed. Based on the information given, which of the following tools has Debra recommended to the software development team?)

(Sofia Coppola has been working as a senior DevSecOps engineer in an MNC company located in Denver, Colorado. In January of 2020, her organization migrated all the workloads from on-prem to AWS cloud environment due to the robust security feature and cost-effective services offered by AWS. Which of the following is an Amazon Web Services-hosted version control tool that Sofia can use to manage and store assets in the AWS cloud?.)

(Richard Branson has been working as a DevSecOps engineer in an IT company that develops apps for Android mobiles. To manage the secret information of an application in various phases of development lifecycle and to provide fine-grained access to each secret, he would like to integrate HashiCorp Vault with Jenkins. To access the vault from Jenkins, Richard installed hashicorp-vault-plugin and ran a vault instance; he then selected the AppRole authentication method, which allows apps to access vault with a predefined role. Which of the following commands should Richard use to enable AppRole authentication?)

(DWART is an IT company that develops cyber security software and web applications. The organization ensures that all users should be identified and authorized, enforces proper auditing, secures data at rest, ensures that the attacker cannot bypass the security layers, implements multiple layers of defense, maintains proper data integrity, and performs proper input validation for the application. Based on the above-mentioned information, which of the following secure coding principles is achieved by DWART?.)

(Steven Gerrard has been working as a DevSecOps engineer at an IT company that develops software products and applications related to the healthcare industry. His organization has been using Azure DevOps services to securely and quickly develop software products. To ensure that the deployed infrastructure is in accordance with the architecture and industrial standards and the security policies are appropriately implemented, she would like to integrate InSpec with Azure. Therefore, after installation and configuration of InSpec, she created InSpec profile file and upgraded it with personal metadata and Azure resource pack information; then she wrote the InSpec tests. Which of the following commands should Steven use to run InSpec tests to check the compliance of Azure infrastructure?)