GitHub Advanced Security Exam, Exams of Technology

Certification validating knowledge of security features in GitHub. Topics: code scanning, secret scanning, dependency review, security advisories, and DevSecOps integration.

Typology: Exams

2024/2025

Available from 08/29/2025

BookVenture
BookVenture 🇮🇳

3.2

(20)

26K documents

1 / 175

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
GitHub Advanced Security Exam
Question 1. What is the primary purpose of code scanning in GitHub
Advanced Security?
A) To optimize code performance
B) To identify vulnerabilities and errors in code
C) To automate deployment
D) To manage repository permissions
Answer: B
Explanation: Code scanning analyzes code to detect potential security
vulnerabilities and errors, helping developers fix issues before
deployment.
Question 2. Which engine powers the default code scanning feature in
GitHub Advanced Security?
A) SonarQube
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download GitHub Advanced Security Exam and more Exams Technology in PDF only on Docsity!

Question 1. What is the primary purpose of code scanning in GitHub Advanced Security? A) To optimize code performance B) To identify vulnerabilities and errors in code C) To automate deployment D) To manage repository permissions Answer: B Explanation: Code scanning analyzes code to detect potential security vulnerabilities and errors, helping developers fix issues before deployment. Question 2. Which engine powers the default code scanning feature in GitHub Advanced Security? A) SonarQube

B) CodeQL C) ESLint D) Dependabot Answer: B Explanation: CodeQL is the primary engine used by GitHub Advanced Security for code scanning to detect vulnerabilities. Question 3. In GitHub, what is a CodeQL query used for? A) Sorting pull requests B) Searching for security vulnerabilities in code C) Automating merge conflicts D) Reviewing commit history Answer: B

Question 5. What action should you take when a valid code scanning alert is detected? A) Ignore it B) Resolve the vulnerability in code C) Delete the repository D) Disable code scanning Answer: B Explanation: Valid alerts should be remediated by fixing the underlying code vulnerability. Question 6. Which GitHub feature allows you to automate code scanning in your CI/CD pipeline? A) GitHub Actions B) GitHub Pages

C) GitHub Projects D) GitHub Wiki Answer: A Explanation: GitHub Actions can be used to automate code scanning as part of the CI/CD workflow. Question 7. What is the benefit of integrating code scanning with GitHub Actions workflows? A) Reduces repository size B) Automatically checks for vulnerabilities on every push and pull request C) Increases merge conflicts D) Disables branch protection Answer: B

A) API keys B) Code comments C) Markdown files D) Unused variables Answer: A Explanation: Secret scanning detects API keys and similar secrets present in code. Question 10. How can you enable secret scanning for all repositories in an organization? A) Organization security settings B) Pull request template C) README file

D) GitHub Discussions Answer: A Explanation: Secret scanning can be enabled across all repositories from the organization’s security settings. Question 11. What is push protection in GitHub secret scanning? A) Prevents pushes with new secrets from being committed B) Disables all pushes C) Pushes code only during working hours D) Allows only admins to push Answer: A Explanation: Push protection blocks commits containing secrets before they reach the repository.

B) Branch naming conventions C) Pull request labels D) Merge strategies Answer: A Explanation: Custom patterns let you define new types of secrets to scan for using regex. Question 14. Which feature allows integration of GitHub secret scanning with third-party service providers? A) Partner Integrations B) Issue Templates C) Pages Deployment D) GitHub Sponsors

Answer: A Explanation: Partner Integrations enable third-party services to provide patterns and remediation steps. Question 15. Dependency review in GitHub Advanced Security focuses on what aspect? A) Analyzing code formatting B) Identifying security vulnerabilities in dependencies C) Merging pull requests D) Tagging releases Answer: B Explanation: Dependency review checks for vulnerabilities in new or updated dependencies.

C) Project boards D) Release notes Answer: A Explanation: Dependency review findings appear as status checks in pull requests. Question 18. What is the first step to resolve a dependency vulnerability detected in a pull request? A) Update the vulnerable dependency to a secure version B) Delete the pull request C) Disable dependency review D) Add more maintainers Answer: A

Explanation: Upgrading the impacted dependency is the primary remediation method. Question 19. What does the security overview dashboard provide at the repository level? A) Insights into code, secret, and dependency vulnerabilities B) Issue assignment statistics C) List of open pull requests D) Commit history Answer: A Explanation: The security overview summarizes all detected vulnerabilities in a repository.

C) Markdown rendering D) Spell checking Answer: A Explanation: Dependency confusion attacks exploit the use of public and private dependencies in the supply chain. Question 22. What is build provenance in the context of software supply chain security? A) Record of origin and process used to create an artifact B) List of code reviewers C) Deployment environment D) Branch naming convention Answer: A

Explanation: Build provenance verifies where and how software was built, ensuring artifact integrity. Question 23. What is an artifact attestation in GitHub workflows? A) Verifiable statement about how an artifact was produced B) A project milestone C) A pull request label D) A deployment script Answer: A Explanation: Artifact attestations provide cryptographic proof of an artifact’s source and build process. Question 24. Which practice helps harden GitHub Actions workflows?

Answer: A Explanation: Code signing verifies that software has not been tampered with and is from a trusted source. Question 26. How can container images be secured in GitHub Actions workflows? A) By scanning images for vulnerabilities B) By using only public registries C) By disabling image caching D) By enabling auto-merge Answer: A Explanation: Vulnerability scanning ensures containers do not include known security issues.

Question 27. What is the role of the dependency graph in GitHub? A) Visualize and manage project dependencies B) Track code contributors C) List open issues D) Show repository clones Answer: A Explanation: The dependency graph maps out all dependencies used in a repository. Question 28. What does SBOM stand for? A) Software Bill of Materials B) Secure Build of Modules C) Static Binary Operations Map