Online Access Free GitHub-Advanced-Security Exam Questions

Which key is required in the update settings of the Dependabot configuration file?

• A.rebase-strategy
• B.assignees
• C.package-ecosystem
• D.commit-message

When using CodeQL, how does extraction for compiled languages work?

• A.By monitoring the normal build process
• B.By resolving dependencies to give an accurate representation of the codebase
• C.By running directly on the source code
• D.By generating one language at a time

Which of the following statements best describes secret scanning push protection?

• A.Buttons for sensitive actions in the GitHub UI are disabled.
• B.Secret scanning alerts must be closed before a branch can be merged into the repository.
• C.Users need to reply to a 2FA challenge before any push events.
• D.Commits that contain secrets are blocked before code is added to the repository.

What is the first step you should take to fix an alert in secret scanning?

• A.Remove the secret in a commit to the main branch.
• B.Update your dependencies.
• C.Revoke the alert if the secret is still valid.
• D.Archive the repository.

Where can you view code scanning results from CodeQL analysis?

• A.A CodeQL query pack
• B.At Security advisories
• C.The repository's code scanning alerts
• D.A CodeQL database