GitHub has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, such as dependency graph and Dependabot alerts. This is a practice quiz for GHAS certification.
Total questions: 30
Time: 50 minutes
Passing score: 70%
Disclaimer: These are practice questions, not dumps.
START QUIZ
#1. When using CodeQL analysis in your GitHub Actions workflow, how often is the scan triggered?
#2. What is the effect of adding the `paths-ignore` keyword to your code scanning GitHub Actions workflow?
#3. CodeQL scanning supports?
#4. What are CodeQL queries used for?
#5. Fill in the blank: `GitHub __________ is a feature that you can use to analyze code in a GitHub repository to find security vulnerabilities and coding errors.`
#6. Which GitHub Advanced Security feature allows you to find, triage, and prioritize fixes for new and existing problems in your code?
#7. How can you enable code scanning for a repository?
#8. How can you configure your GitHub repository to run CodeQL analysis on a schedule? (Choose two)
Select all that apply:
#9. An organization has recently started using CodeQL analysis for all pull requests on their repositories as well as running the analysis on an hourly schedule. Since then they are experiencing larger than usual GitHub Actions bills. What is the most likely cause of this?
#10. If you don't want to use GitHub Actions, you can run code scanning in an external CI system, then upload the results to GitHub.
#11. When using a third party CI system to run code scanning, what GitHub tool do you need to analyze the codebase?
#12. When using GitHub Actions as your CI system and a third-party tool to run code scanning, how can you upload the SARIF results to GitHub?
#13. Can you use CodeQL analysis with third party CI systems?
#14. Which of these is true about code scanning? (Choose two)
Select all that apply:
#15. How can CodeQL be used in an external CI system together with GitHub repositories?
#16. Which of these statements isn't true about secret scanning on GitHub?
#17. Which top-level keys are required in the `dependabot.yml` file?
#18. Which GitHub Action can be used to upload a third-party SARIF file?
#19. Which tool can be used in a third-party CI system to upload code analysis results to GitHub?
#20. What is required for a CI server to upload SARIF results to GitHub?
#21. What happens when a second SARIF results file is uploaded to GitHub for a single commit?
#22. How can users exclude specific directories from secret scanning alerts on GitHub?
#23. Which key should be used in a `secret_scanning.yml` file to exclude directories from secret scanning alerts in GitHub?
#24. What is the maximum number of custom patterns that can be defined for secret scanning on GitHub?
#25. What is the purpose of code scanning in GitHub?
#26. Is secret scanning available for both public and private repositories on GitHub?
#27. What does the default CodeQL analysis setup in GitHub do?
#28. What is the main purpose of using the CodeQL CLI?
#29. Which of the following languages is NOT supported by CodeQL for code scanning?
#30. How does CodeQL analyze code in GitHub?
Finish
Post Views: 7