




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Certification validating knowledge of security features in GitHub. Topics: code scanning, secret scanning, dependency review, security advisories, and DevSecOps integration.
Typology: Exams
1 / 175
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. What is the primary purpose of code scanning in GitHub Advanced Security? A) To optimize code performance B) To identify vulnerabilities and errors in code C) To automate deployment D) To manage repository permissions Answer: B Explanation: Code scanning analyzes code to detect potential security vulnerabilities and errors, helping developers fix issues before deployment. Question 2. Which engine powers the default code scanning feature in GitHub Advanced Security? A) SonarQube
B) CodeQL C) ESLint D) Dependabot Answer: B Explanation: CodeQL is the primary engine used by GitHub Advanced Security for code scanning to detect vulnerabilities. Question 3. In GitHub, what is a CodeQL query used for? A) Sorting pull requests B) Searching for security vulnerabilities in code C) Automating merge conflicts D) Reviewing commit history Answer: B
Question 5. What action should you take when a valid code scanning alert is detected? A) Ignore it B) Resolve the vulnerability in code C) Delete the repository D) Disable code scanning Answer: B Explanation: Valid alerts should be remediated by fixing the underlying code vulnerability. Question 6. Which GitHub feature allows you to automate code scanning in your CI/CD pipeline? A) GitHub Actions B) GitHub Pages
C) GitHub Projects D) GitHub Wiki Answer: A Explanation: GitHub Actions can be used to automate code scanning as part of the CI/CD workflow. Question 7. What is the benefit of integrating code scanning with GitHub Actions workflows? A) Reduces repository size B) Automatically checks for vulnerabilities on every push and pull request C) Increases merge conflicts D) Disables branch protection Answer: B
A) API keys B) Code comments C) Markdown files D) Unused variables Answer: A Explanation: Secret scanning detects API keys and similar secrets present in code. Question 10. How can you enable secret scanning for all repositories in an organization? A) Organization security settings B) Pull request template C) README file
D) GitHub Discussions Answer: A Explanation: Secret scanning can be enabled across all repositories from the organization’s security settings. Question 11. What is push protection in GitHub secret scanning? A) Prevents pushes with new secrets from being committed B) Disables all pushes C) Pushes code only during working hours D) Allows only admins to push Answer: A Explanation: Push protection blocks commits containing secrets before they reach the repository.
B) Branch naming conventions C) Pull request labels D) Merge strategies Answer: A Explanation: Custom patterns let you define new types of secrets to scan for using regex. Question 14. Which feature allows integration of GitHub secret scanning with third-party service providers? A) Partner Integrations B) Issue Templates C) Pages Deployment D) GitHub Sponsors
Answer: A Explanation: Partner Integrations enable third-party services to provide patterns and remediation steps. Question 15. Dependency review in GitHub Advanced Security focuses on what aspect? A) Analyzing code formatting B) Identifying security vulnerabilities in dependencies C) Merging pull requests D) Tagging releases Answer: B Explanation: Dependency review checks for vulnerabilities in new or updated dependencies.
C) Project boards D) Release notes Answer: A Explanation: Dependency review findings appear as status checks in pull requests. Question 18. What is the first step to resolve a dependency vulnerability detected in a pull request? A) Update the vulnerable dependency to a secure version B) Delete the pull request C) Disable dependency review D) Add more maintainers Answer: A
Explanation: Upgrading the impacted dependency is the primary remediation method. Question 19. What does the security overview dashboard provide at the repository level? A) Insights into code, secret, and dependency vulnerabilities B) Issue assignment statistics C) List of open pull requests D) Commit history Answer: A Explanation: The security overview summarizes all detected vulnerabilities in a repository.
C) Markdown rendering D) Spell checking Answer: A Explanation: Dependency confusion attacks exploit the use of public and private dependencies in the supply chain. Question 22. What is build provenance in the context of software supply chain security? A) Record of origin and process used to create an artifact B) List of code reviewers C) Deployment environment D) Branch naming convention Answer: A
Explanation: Build provenance verifies where and how software was built, ensuring artifact integrity. Question 23. What is an artifact attestation in GitHub workflows? A) Verifiable statement about how an artifact was produced B) A project milestone C) A pull request label D) A deployment script Answer: A Explanation: Artifact attestations provide cryptographic proof of an artifact’s source and build process. Question 24. Which practice helps harden GitHub Actions workflows?
Answer: A Explanation: Code signing verifies that software has not been tampered with and is from a trusted source. Question 26. How can container images be secured in GitHub Actions workflows? A) By scanning images for vulnerabilities B) By using only public registries C) By disabling image caching D) By enabling auto-merge Answer: A Explanation: Vulnerability scanning ensures containers do not include known security issues.
Question 27. What is the role of the dependency graph in GitHub? A) Visualize and manage project dependencies B) Track code contributors C) List open issues D) Show repository clones Answer: A Explanation: The dependency graph maps out all dependencies used in a repository. Question 28. What does SBOM stand for? A) Software Bill of Materials B) Secure Build of Modules C) Static Binary Operations Map