Free 312-97 Practice Test Questions and Answers (2026) | Cert Empire

(George Lennon is working as at InfoWorld Pvt. Solution as a DevSecOps engineer. His colleague, Sarah Mitchell, is a senior software developer. George told her to participate in a bug bounty program conducted by AWS for python and Java code developers. He informed Sarah that the challenge is a fun-based solution for bashing bugs, encouraging team building, and bringing friendly competition to enhance the quality of the code and application performance. Acting on George’s advice, Sarah participated in the bug bounty program and scored the highest points in the challenge, and she received a reward of $10,000. Based on the given information, which of the following bug bounty programs did Sarah participate?.)

(William McDougall has been working as a DevSecOps engineer in an IT company located in Sacramento, Californi a. His organization has been using Microsoft Azure DevOps service to develop software products securely and quickly. To take proactive decisions related to security issues and to reduce the overall security risk, William would like to integrate ThreatModeler with Azure Pipelines. How can ThreatModeler be integrated with Azure Pipelines and made a part of William’s organization DevSecOps pipeline?)

(Charles Rettig has been working as a DevSecOps engineer in an IT company that develops software and web applications for IoT devices. He integrated Burp Suite with Jenkins to detect vulnerabilities and evaluate attack vectors compromising web applications. Which of the following features offered by Burp Suite minimizes false positives and helps detect invisible vulnerabilities?)

(Dustin Hoffman has been working as a DevSecOps engineer in an IT company located in San Diego, Californi a. For detecting new security vulnerabilities at the beginning of the source code development, he would like to integrate Checkmarx SCA tool with GitLab. The Checkmarx template has all the jobs defined for pipeline. Where should Dustin incorporate the Checkmarx template file ‘https://raw.githubusercontent.com/checkmarx-ltd/cxflow/develop/templates/gitlab/v3/Checkmarx.gitlab-ci.yml’?)

(Brady Coleman is a senior DevSecOps engineer at CloudVac Security Private Ltd. He has created a new container named “eccbrad” from the centos:7 image using the command docker run -i -t --name geeklab centos:7 /bin/bash. Now, Brady wants to install the httpd package inside the eccbrad container. Which of the following commands should Brady use to install the httpd package inside the container?)

(Brett Ryan has been working as a senior DevSecOps engineer in a multinational company that develops web applications. The team leader of the software development team requested Brett to detect insecure JavaScript libraries in the web application code. Brett would like to perform the vulnerability scanning on web application with grunt-retire. Which of the following commands would enable grunt plugin?)

(Kevin Williamson is working as a DevSecOps engineer in an IT company located in Los Angles, Californi a. His team has integrated Jira with Jenkins to view every issue on Jira, including the status of the latest build or successful deployment of the work to an environment. Which of the following can Kevin use to search issues on Jira?)

(Lisa Kramer carries an experience of 4 years as a DevSecOps engineer in an IT company. The software development team of her organization has developed a Ruby on Rails web application and would like to find vulnerabilities in Ruby dependencies. Therefore, the team leader of the software development team approached Lisa for help in this regard. Which of the following SCA tool should Lisa use to detect vulnerabilities in Ruby dependencies?)

(Thomas Gibson has been working as a DevSecOps engineer in an IT company that develops software products and web applications related to law enforcement. To automatically execute a scan against the web apps, he would like to integrate InsightAppSec plugin with Jenkins. Therefore, Thomas generated a new API Key in the Insight platform. Now, he wants to install the plugin manually. How can Thomas install the InsightAppSec plugin manually in Jenkins?)

(Steven Gerrard has been working as a DevSecOps engineer at an IT company that develops software products and applications related to the healthcare industry. His organization has been using Azure DevOps services to securely and quickly develop software products. To ensure that the deployed infrastructure is in accordance with the architecture and industrial standards and the security policies are appropriately implemented, she would like to integrate InSpec with Azure. Therefore, after installation and configuration of InSpec, she created InSpec profile file and upgraded it with personal metadata and Azure resource pack information; then she wrote the InSpec tests. Which of the following commands should Steven use to run InSpec tests to check the compliance of Azure infrastructure?)