GitHub Advanced Security v1.0

Page:    1 / 8   
Exam contains 113 questions
Expand All

Which of the following is the most proactive and practical way to prevent new secret scanning alerts?

  • A. Scan for non-provider patterns
  • B. Use feature branches
  • C. Configure a secret scanning Actions workflow.
  • D. Enable push protection.


Answer : D

By default, where will secret scanning look in a repository in order to execute its job? Each correct answer presents part of the solution. (Choose three.)

  • A. all files in the repository
  • B. dependencies
  • C. selected files in the repository
  • D. full commit history
  • E. all branches


Answer : CDE

Which of the following would raise secret scanning alerts?

  • A. GitHub personal access token
  • B. server-side request forgery
  • C. cross site scripting (XSS)
  • D. structured query language (SQL) injection


Answer : A

What is the purpose of push protection?

  • A. to scan and block the code that contains vulnerabilities before it reaches the repository
  • B. to validate the push by the code owner
  • C. to define license requirements for the repository
  • D. to scan and block the code that contains secrets before it reaches the repository


Answer : D

Which of the following pre-defined roles is required to manage code scanning alerts in a repository?

  • A. Maintain
  • B. View
  • C. Read
  • D. Triage


Answer : C

Where is secret scanning enabled on a private repository?

  • A. within a secret.yml file in the repository
  • B. in the code scanning default set up settings
  • C. within a repository ruleset
  • D. in the code security settings


Answer : D

Which of the following is the most complete method for Dependabot to find vulnerabilities in third-party dependencies?

  • A. CodeQL analyzes the code and raises vulnerabilities in third-party dependencies.
  • B. Dependabot reviews manifest files in the repository.
  • C. The build tool finds the vulnerable dependencies and calls the Dependabot API.
  • D. A dependency graph is created, and Dependabot compares the graph to the GitHub Advisory database.


Answer : D

In a private repository, what minimum requirements does GitHub need to generate a dependency graph? (Each answer presents part of the solution. Choose two.)

  • A. read-only access to all the repository’s files
  • B. dependency graph enabled at the organization level for all new private repositories
  • C. write access to the dependency manifest and lock files for an enterprise
  • D. read-only access to the dependency manifest and lock files for a repository


Answer : BD

You have enabled security updates for a repository. When does GitHub mark a Dependabot alert as resolved for that repository?

  • A. when you merge a pull request that contains a security update
  • B. when Dependabot creates a pull request to update dependencies
  • C. when you dismiss the Dependabot alert
  • D. when the pull request checks are successful


Answer : A

Assuming that notification settings and Dependabot alert recipients have not been customized, which user account setting should you use to get an alert when a vulnerability is detected in one of your repositories?

  • A. enable all in existing repositories
  • B. enable all for Dependabot alerts
  • C. enable all for Dependency graph
  • D. enable by default for new public repositories


Answer : B

What are Dependabot security updates?

  • A. compatibility scores to let you know whether updating a dependency could cause breaking changes to your project
  • B. automated pull requests that keep your dependencies updated, even when they don’t have any vulnerabilities
  • C. automated pull requests to update the manifest to the latest version of the dependency
  • D. automated pull requests that help you update dependencies that have known vulnerabilities


Answer : D

Which of the following Watch settings could you use to get Dependabot alert notifications? Each answer presents part of the solution. (Choose two.)

  • A. the Participating and @mentions setting
  • B. the Custom setting
  • C. the Ignore setting
  • D. the All Activity setting


Answer : BD

If default code security settings have not been changed at the repository, organization, or enterprise level, which repositories receive Dependabot alerts?

  • A. private repositories
  • B. none
  • C. repositories owned by an organization
  • D. repositories owned by an enterprise account


Answer : B

Who can fix a code scanning alert on a private repository?

  • A. users who have the security manager role within the repository
  • B. users who have Write access to the repository
  • C. users who have the Triage role within the repository
  • D. users who have Read permissions within the repository


Answer : B

Assuming that no custom Dependabot behavior is configured, who has the ability to merge a pull request created via Dependabot security updates?

  • A. a repository member of an enterprise organization
  • B. an enterprise administrator
  • C. a user who has read access to the repository
  • D. a user who has write access to the repository


Answer : D

Page:    1 / 8   
Exam contains 113 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy | Amazon Exams | Cisco Exams | CompTIA Exams | Databricks Exams | Fortinet Exams | Google Exams | Microsoft Exams | VMware Exams