Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
GitHub
GitHub Certification
GitHub-Advanced-Security
GitHub Advanced Security GHAS Exam Questions and Answers

Pass the GitHub Certification GitHub-Advanced-Security Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam GitHub-Advanced-Security Premium Access

View all detail and faqs for the GitHub-Advanced-Security exam

Go to Exam

848 Students Passed

85% Average Score

97% Same Questions

Viewing page 2 out of 3 pages

Viewing questions 11-20 out of questions

Questions # 11:

As a developer with write access, you navigate to a code scanning alert in your repository. When will GitHub close this alert?

Options:

After you triage the pull request containing the alert

When you use data-flow analysis to find potential security issues in code

After you find the code and click the alert within the pull request

After you fix the code by committing within the pull request

Answer

Explanation

GitHub automatically closes a code scanning alert when the vulnerable code is fixedin the same branch where the alert was generated, usually via acommit inside a pull request. Simply clicking or triaging an alert does not resolve it. The alert is re-evaluated after each push to the branch, and if the issue no longer exists, it is marked as resolved.

[: GitHub Docs – Code Scanning Alerts Lifecycle, ==========]

Questions # 12:

As a repository owner, you want to receive specific notifications, including security alerts, for an individual repository. Which repository notification setting should you use?

Options:

Ignore

Participating and @mentions

All Activity

Custom

Answer

Explanation

Using theCustomsetting allows you to subscribe to specific event types, such as Dependabot alerts or vulnerability notifications, without being overwhelmed by all repository activity. This is essential for repository maintainers who need fine-grained control over what kinds of events trigger notifications.

This setting is configurable per repository and allows users to stay aware of critical issues while minimizing notification noise.

[: GitHub Docs – Configuring notifications; Managing security alerts, , ]

Questions # 13:

Where can you view code scanning results from CodeQL analysis?

Options:

The repository's code scanning alerts

A CodeQL database

A CodeQL query pack

At Security advisories

Answer

Explanation

All results from CodeQL analysis appear under therepository’s code scanning alertstab. This section is part of theSecuritytab and provides a list of all current, fixed, and dismissed alerts found by CodeQL.

A CodeQL database is used internally during scanning but does not display results. Query packs contain rules, not results. Security advisories are for published vulnerabilities, not per-repo findings.

[: GitHub Docs – Viewing code scanning alerts, , , ]

Questions # 14:

What does a CodeQL database of your repository contain?

Options:

A build for Go projects to set up the project

A build of the code and extracted data

Build commands for C/C++, C#, and Java

A representation of all of the source code

GitHub

Agentic AI for AppSec Teams

Answer

Explanation

Comprehensive and Detailed Explanation:

A CodeQL database contains a representation of your codebase, including the build of the code and extracted data. This database is used to run CodeQL queries to analyze your code for potential vulnerabilities and errors.

GitHub Docs

[References: GitHub Docs – Preparing your code for CodeQL analysis, , , ]

Questions # 15:

Which security feature shows a vulnerable dependency in a pull request?

Options:

Dependency graph

Dependency review

Dependabot alert

The repository's Security tab

Answer

Explanation

Dependency reviewruns as part of a pull request and showswhich dependencies are being added, removed, or changed— andhighlights vulnerabilitiesassociated with any added packages.

It works in real-time and is specifically designed for use during pull request workflows.

Thedependency graphis an overview,Dependabot alertsnotify post-merge, and theSecurity tabshows the aggregated alert list.

[: GitHub Docs – About Dependency Review, ==========]

Questions # 16:

What role is required to change a repository's code scanning severity threshold that fails a pull request status check?

Options:

Maintain

Write

Triage

Admin

Answer

Explanation

To change the threshold that defines whether a pull request fails due to code scanning alerts (such as blocking merges based on severity), the user must haveAdminaccess on the repository. This is because modifying these settings falls under repository configuration privileges.

Users with Write, Maintain, or Triage roles do not have the required access to modify rulesets or status check policies.

[: GitHub Docs – Repository Role Permissions, ==========]

Questions # 17:

What is required to trigger code scanning on a specified branch?

Options:

The repository must be private.

Secret scanning must be enabled on the repository.

Developers must actively maintain the repository.

The workflow file must exist in that branch.

Answer

Explanation

Comprehensive and Detailed Explanation:

For code scanning to be triggered on a specific branch, the branch must contain the appropriate workflow file, typically located in the .github/workflows directory. This YAML file defines the code scanning configuration and specifies the events that trigger the scan (e.g., push, pull_request).

Without the workflow file in the branch, GitHub Actions will not execute the code scanning process for that branch. The repository's visibility (private or public), the status of secret scanning, or the activity level of developers do not directly influence the triggering of code scanning.

[References: GitHub Docs – About workflows; About code scanning alerts, , ]

Questions # 18:

You are managing code scanning alerts for your repository. You receive an alert highlighting a problem with data flow. What do you click for additional context on the alert?

Options:

Show paths

Security

Code scanning alerts

Answer

Explanation

When dealing with a data flow issue in a code scanning alert, clicking on "Show paths" provides a detailed view of the data's journey through the code. This includes the source of the data, the path it takes, and where it ends up (the sink). This information is crucial for understanding how untrusted data might reach sensitive parts of your application and helps in identifying where to implement proper validation or sanitization.

[: GitHub Docs – Assessing code scanning alerts for your repositoryGitHub Docs+1GitHub Docs+1, ]

Questions # 19:

When secret scanning detects a set of credentials on a public repository, what does GitHub do?

Options:

It notifies the service provider who issued the secret.

It displays a public alert in the Security tab of the repository.

It scans the contents of the commits for additional secrets.

It sends a notification to repository members.

Answer

Explanation

When apublic repositorycontains credentials that match known secret formats, GitHub willautomatically notify the service providerthat issued the secret. This process is known as"secret scanning partner notification". The provider may then revoke the secret or contact the userdirectly.

GitHub doesnotpublicly display the alert and does not send internal repository notifications for public detections.

[: GitHub Docs – Secret Scanning for Public Repositories, ==========]

Questions # 20:

Secret scanning will scan:

Options:

A continuous integration system.

Any Git repository.

The GitHub repository.

External services.

Answer

Explanation

Secret scanning is a feature provided by GitHub that scans the contents of your GitHub repositories for known types of secrets, such as API keys and tokens. It operates within the GitHub environment and does not scan external systems, services, or repositories outside of GitHub. Its primary function is to prevent the accidental exposure of sensitive information within your GitHub-hosted code.

[: GitHub Docs – About secret scanning, ]

Viewing page 2 out of 3 pages

Viewing questions 11-20 out of questions