GitHub has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, such as dependency graph and Dependabot alerts. This is a practice quiz for GHAS certification.
Total questions: 30
Time: 50 minutes
Passing score: 70%
Disclaimer: These are practice questions, not dumps.
START QUIZ
#1. Which API endpoint can be used to retrieve a list of all dependabot alerts for an enterprise?
#2. Which API endpoint can be used to retrieve a list of all secret scanning alerts for an organization?
#3. Which API endpoint can be used to retrieve a list of all code scanning alerts for a repository?
#4. Which of these statements best defines a vulnerable dependency?
#5. What CodeQL CLI command is used to create a CodeQL database?
#6. What is the purpose of the `codeql database analyze` command in CodeQL CLI?
#7. As part of your Jenkins CI pipeline, you've successfully created and then analyzed a CodeQL database, therefore producing a SARIF file. How can you upload the SARIF file to GitHub? (Choose two)
Select all that apply:
#8. What details can you find on a code scanning alert page? (Choose three)
Select all that apply:
#9. Which of these statements regarding viewing the results of a CodeQL analysis are true? (Choose two)
Select all that apply:
#10. When a CodeQL analysis GitHub Actions workflow detects a new vulnerability on a pull request, where can you find the information about that vulnerability?
#11. When viewing a code scanning alert what is the `Show paths` option used for?
#12. What does it mean to dismiss a code scanning alert?
#13. Which of these is NOT a valid approach one can take to reduce the time it takes for CodeQL analysis workflow to complete?
#14. What is the purpose of defining a SARIF category?
#15. Which of these statements are true regarding running CodeQL analysis on codebases with multiple programming languages? (Choose two)
Select all that apply:
#16. What are the differences when running CodeQL database creation for compiled and interpreted languages? (Choose two)
Select all that apply:
#17. Where can you see when the last CodeQL analysis was run when using the default code scanning setup?
#18. Which of the following statements about enabling CodeQL scanning default setup are true? (Choose two)
Select all that apply:
#19. How can you customize your advanced CodeQL scanning setup with additional CodeQL query suites? (Choose two)
Select all that apply:
#20. When running CodeQL analysis in GitHub Actions, what Actions should you use? (Choose three)
Select all that apply:
#21. What is the simplest method to execute CodeQL analysis concurrently for each language in a multi-language repository using GitHub Actions?
#22. How can you use a custom CodeQL configuration file in a GitHub Actions workflow?
#23. Where can you specify the CodeQL queries to run in a GitHub Actions workflow? (Choose two)
Select all that apply:
#24. What is the purpose of the `external-repository-token` parameter in `github/codeql-action/init` GitHub Action?
#25. What is extraction in the context of CodeQL code analysis?
#26. What are the steps of CodeQL analysis workflow?
#27. What is a CodeQL query pack?
#28. What are the different types of CodeQL packs? (Choose three)
Select all that apply:
#29. What is a CodeQL query suite?
#30. What is QL?
Finish
Post Views: 15