Online 312-97 Questions Video

Syft is used by Anchore to generate Software Bill of Materials (SBOMs) from container images and directories. By default, Syft may only analyze the squashed image view. Using the --scope all-layers flag instructs Syft to include software components fromall image layers, ensuring comprehensive visibility into dependencies introduced at every stage of image creation. The other options use invalid syntax or unsupported flags. Including all layers during SBOM generation improves vulnerability detection accuracy and supports compliance requirements, making it a critical practice during the Build and Test stage.

ThreatPlaybook uses the playbook apply feature command to push user-story–driven threat models to the server. The -f flag specifies the path to the YAML file containing the defined user stories, abuser stories, and threat scenarios, while the -p flag specifies the target project. Option C correctly combines these parameters. The -y flag is invalid in this context, and options that misuse -t instead of -p do not correctly identify the project destination. Executing this command during the Plan stage enables teams to integrate threat modeling early, ensuring security risks are identified and addressed before development and deployment proceed.

HashiCorp Vault enables authentication mechanisms using the vault auth enable command followed by the name of the authentication method. To enable AppRole authentication, the correct command is vault auth enable approle. AppRole is specifically designed for machine-to-machine authentication, making it ideal for CI/CD tools like Jenkins. It allows applications to authenticate securely using role IDs and secret IDs instead of static credentials. The other options do not follow Vault CLI syntax and would result in command errors. Enabling AppRole during the Build and Test stage ensures that secrets are accessed securely and dynamically, supporting least-privilege access control and reducing the risk of credential leakage across the DevSecOps pipeline.

ThreatPlaybook CLI is configured using the ThreatPlaybook configure command, which initializes the CLI with the required connection and user details. The -e option is used to specify the user’s email address, the -h option defines the host information such as IP address or hostname, and the -p option specifies the port number. This configuration enables the CLI to securely communicate with the ThreatPlaybook service for orchestrating threat modeling and application security testing workflows. Options that use playbook configure are incorrect because the executable name is explicitly ThreatPlaybook. Options using -u instead of -h do not correctly specify host information. Configuring ThreatPlaybook during the Plan stage helps teams adopt an attacker’s mindset early, embedding security into the organization’s culture and ensuring threats are identified and addressed before development and deployment activities begin.

========