ECCouncil 312-97 - EC-Council Certified DevSecOps Engineer (ECDE)

GitHub Code Scanning is a built-in security capability designed to automatically analyze source code for security vulnerabilities and coding errors. The primary and officially supported engine for GitHub Code Scanning isCodeQL. CodeQL works by converting source code into a database and running security queries to detect issues such as injection flaws, insecure coding patterns, and logic errors. William can enable CodeQL by configuring GitHub Actions with either the default or advanced CodeQL workflow. Once enabled, CodeQL scans are triggered on events such as code pushes and pull requests, and the results appear as code scanning alerts in the repository’s Security tab. Gauntlt is a security testing harness used mainly for infrastructure and application testing, GitMiner is used to discover sensitive data like secrets in repositories, and OWASP ZAP is a dynamic application security testing tool used against running applications. None of these tools configure GitHub’s native Code Scanning feature. Therefore, CodeQL is the correct tool to set up GitHub Code Scanning in the Code stage of a DevSecOps pipeline.

========

To complete Azure Key Vault integration with Jenkins, Kevin must createnew credentialsin Jenkins underGlobal Credentials (unrestricted). These credentials store the Azure client ID, client secret, tenant ID, and subscription details required by the Azure Key Vault plugin to authenticate securely. Modifying old credentials can lead to misconfiguration or credential reuse risks, while restricted credentials may prevent the plugin from accessing secrets across pipelines. Creating new unrestricted credentials ensures proper authentication and controlled access to secrets during the Code stage, supporting secure secret management across CI/CD workflows.

Interactive Application Security Testing (IAST) solutions are classified based on how they interact with the application and runtime environment. In this scenario, the solution uses aweb scannerto actively send requests to the application while also deploying anagent inside the application serverto observe runtime behavior and map vulnerabilities directly to source code locations. This combined approach is known assemi-active IAST. It is considered “semi-active” because it actively drives traffic through the application using a scanner, while the agent passively observes execution paths, data flows, and method calls. Passive IAST solutions rely only on observing existing traffic and do not use scanners, while active IAST solutions do not typically rely on deep runtime agents in the same manner. Semi-active IAST significantly reduces false positives and provides precise remediation details, making it highly effective during the Build and Test stage, where applications are actively exercised and security issues can be identified and fixed before release.

========

To identify the currently running Java binary used by Jenkins, administrators typically inspect the running processes on the Linux system. The command ps -aux | grep Jenkins lists all active processes and filters those related to Jenkins. This output includes details such as the user, process ID, and the full command line used to start Jenkins, which often contains the path to the Java executable. The other options reference invalid or nonexistent commands (pc, as, ac). Locating the Java binary is necessary when installing certificates into the correct Java keystore, which is required for secure communication between Jenkins and tools like Acunetix. Performing this setup during the Build and Test stage ensures that DAST scans can run securely and reliably as part of automated pipelines.

========

HashiCorp Packer is an image automation tool that uses the packer build command to create machine images from configuration files written in HCL or JSON. When Robin defines her Docker image configuration in the file docker-ubuntu.pkr.hcl, the correct way to initiate the build process is by running packer build docker-ubuntu.pkr.hcl. This command reads the configuration file, initializes required plugins, executes defined builders and provisioners, and produces the final Docker image. The other options are syntactically incorrect because Packer does not support abbreviated flags such as -b or alternative verbs like -build. Building container images during the Build and Test stage ensures that images are reproducible, standardized, and compliant with organizational security requirements before deployment. Using Packer also supports immutability and reduces configuration drift, which are key principles in secure DevSecOps pipelines.

========

The DevSec Hardening Framework is commonly implemented usingChef, and it is executed locally using the chef-solo command. The -c flag specifies the configuration file (solo.rb), and the -j flag specifies the JSON attributes file (solo.json). Option A correctly uses both required parameters in the proper format. The other options incorrectly swap or misuse flags that are not supported by Chef-solo. Running this command applies secure configurations, compliance controls, and cryptographic standards to the target system. Executing DevSec Hardening Framework during the Operate and Monitor stage ensures that systems remain secure, compliant, and resilient against misconfiguration-based attacks.

========

Runtime Application Self-Protection (RASP) operates from within the application runtime environment, monitoring incoming traffic, API calls, and execution behavior in real time. Because it has deep visibility into application logic and execution context, RASP can accurately detect attacks such as injection, tampering, and abnormal behavior while minimizing false positives. SAST analyzes source code statically, DAST tests running applications externally, and IAST combines some runtime insight with testing but does not actively block threats. RASP’s ability to detect and remediate attacks during runtime makes it ideal for protecting applications in production environments, aligning with the Operate and Monitor stage of the DevSecOps pipeline.

Terraform provides the terraform destroy command to remove all infrastructure resources defined in the Terraform configuration files. This command safely tears down resources such as virtual machines, networks, and resource groups by consulting the state file and executing destruction in the correct dependency order. Commands like terraform kill, terraform kill-infra, and terraform destroy-infra do not exist in Terraform’s CLI. Using terraform destroy during the Release and Deploy stage allows DevSecOps teams to quickly remediate risk by removing insecure or non-compliant infrastructure, reinforcing the importance of Infrastructure as Code and controlled lifecycle management.

========

ThreatModeler’sAcceleratorcapability allows automatic generation of threat models directly from an organization’s live AWS environment. It connects to AWS services, analyzes deployed resources, and converts them into architectural diagrams and threat models without manual input. YAML-based orchestration tools and STRIDE per Element are methodologies used for modeling but do not automatically ingest live cloud configurations. Architect is a design construct, not an automation engine. Using Accelerator during the Plan stage enables proactive, continuous threat modeling, ensuring that evolving cloud infrastructure is always assessed for risk and security gaps.

========