Confidently Practice Online with Free ECDE Exam Cram

(Charles Drew has been working as a DevSecOps team leader in an IT company located in Nashville, Tennessee. He would like to look at the applications from an attackers perspective and make security a part of the organizations culture. Imagine, you are working under Charles as a DevSecOps engineer. Charles has asked you to install ThreatPlaybook, which is a unified DevSecOps Framework that allows you to go from iterative, collaborative threat modeling to application security testing orchestration. After installation, you must configure ThreatPlaybook CLI; therefore, you have created a directory for the project and then you go to the current directory where you would like to configure ThreatPlaybook. Which of the following commands will you use to configure ThreatPlaybook? (the nginx port.))

(Orange International Pvt. Ltd. is an IT company that develops software products and web applications for Android phones. The organization recognizes the importance of secure coding principles and would like to enforce it. Therefore, Orange International Pvt. Ltd. established access management, avoided reinventing the wheel, secured the weak links, implemented in-depth defense, and reduced third-party involvement in the application. Based on the above-mentioned information, which of the following secure coding principles is achieved by the organization?.)

(Jason Barry has been working as a DevSecOps engineer in an IT company that develops software products and applications for ecommerce companies. During the build-time check, Jason discovered SQL injection and XXS security issues in the application code. What action does the build-time check perform on the application code?.) 

(Charles Rettig has been working as a DevSecOps engineer in an IT company that develops software and web applications for IoT devices. He integrated Burp Suite with Jenkins to detect vulnerabilities and evaluate attack vectors compromising web applications. Which of the following features offered by Burp Suite minimizes false positives and helps detect invisible vulnerabilities?)

(Matt LeBlanc has been working as a DevSecOps engineer in an IT company that develops software products and web applications for IoT devices. His team leader has asked him to use GitRob tool to find sensitive data in the organizational public GitHub repository. To install GitRob, Matt ensured that he has correctly configured Go >= 1.8 environment and that $GOPATH/bin is in his $PATH. The GitHub repository URL from which he is supposed to install the tool is https://github.com/michenriksen/gitrob. Which of the following command should Matt use to install GitRob?.)