GitHub has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, such as dependency graph and Dependabot alerts. This is a practice quiz for GHAS certification.
Total questions: 30
Time: 50 minutes
Passing score: 70%
Disclaimer: These are practice questions, not dumps.
START QUIZ
#1. Which of these statements about Dependabot Alerts are true? (Choose three)
Select all that apply:
#2. What are the primary benefits of the Security Overview feature in GitHub?
#3. What do Dependabot alerts indicate in GitHub?
#4. Multiple public repositories that you are contributing to do not have secret scanning push protection option enabled. What can you do to protect yourself from accidentally pushing secrets to these repositories?
#5. Your company has internal secrets that should not be pushed to GitHub repositories. The pattern of these secrets is not known by GitHub and therefore is not detected by secret scanning. What can companies do to protect their developers from accidentally pushing these secrets to repositories in their GitHub Organization?
#6. What information do Dependabot alerts provide?
#7. What is the GitHub dependency graph?
#8. How does GitHub Dependency graph know what dependencies your project is using? (Choose two)
Select all that apply:
#9. When will the GitHub Dependency graph for your repository be updated? (Choose two)
Select all that apply:
#10. In what format can you export the GitHub Dependency graph of your repository?
#11. Which feature is a pre-requisite for using Dependabot Alerts on a repository?
#12. How can you prevent commits containing cloud provider credentials from being pushed to GitHub?
#13. Which of these is true about the GitHub secret scanning partner program? (Choose three)
Select all that apply:
#14. How can you exclude certain directories or files from secret scanning?
#15. You have included some fake secrets in your test code and they have been picked up by GitHub's secret scanning. What can you do to tell GitHub that these are fake secrets used in tests and can be ignored by secret scanning? (Choose two)
Select all that apply:
#16. You have accidentally committed your GitHub personal access token to a public repository. What actions should you take to prevent your account from being compromised?
#17. What is the behavior when a new secret pattern is added or updated in the GitHub secret scanning partner program?
#18. Who will be notified when a NEW secret is pushed and detected in a repository? (Choose four)
Select all that apply:
#19. When GitHub runs a scan of all historical code in enterprise repositories what is the notification behavior? (Select two)
Select all that apply:
#20. Does GitHub use the same set of secret scanning patterns for both user alerts and push protection alerts?
#21. What are the three different sets of secret scanning patterns that GitHub maintains? (Select three)
Select all that apply:
#22. What does `shifting left` mean in the context of Security?
#23. What are Repository Security Advisories?
#24. Which tool helps you keep the repository dependencies up to date?
#25. Which of the following is a curated list of security vulnerabilities found in open-source projects?
#26. Which of these GitHub security features are available for FREE for both public and private personal repositories? (Choose four)
Select all that apply:
#27. Which of these best describes secret scanning?
#28. Which parts of the repository are scanned by secret scanning? (Choose two)
Select all that apply:
#29. What's the purpose of the Secret scanning partner program?
#30. Public repositories owned by personal users as well as public repositories owned by organizations can use secret scanning for free.
Finish
Post Views: 15