Month End Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

GitHub-Advanced-Security GitHub Advanced Security GHAS Exam Questions and Answers

Questions 4

Assuming that notification settings and Dependabot alert recipients have not been customized, which user account setting should you use to get an alert when a vulnerability is detected in one of your repositories?

Options:

A.

Enable all in existing repositories

B.

Enable by default for new public repositories

C.

Enable all for Dependabot alerts

D.

Enable all for Dependency graph

Buy Now
Questions 5

Which Dependabot configuration fields are required? (Each answer presents part of the solution. Choose three.)

Options:

A.

directory

B.

package-ecosystem

C.

milestone

D.

schedule.interval

E.

allow

Buy Now
Questions 6

Why should you dismiss a code scanning alert?

Options:

A.

If you fix the code that triggered the alert

B.

To prevent developers from introducing new problems

C.

If it includes an error in code that is used only for testing

D.

If there is a production error in your code

Buy Now
Questions 7

How would you build your code within the CodeQL analysis workflow? (Each answer presents a complete solution. Choose two.)​

Options:

A.

Upload compiled binaries.

B.

Use CodeQL's init action.

C.

Ignore paths.

D.

Implement custom build steps.

E.

Use jobs.analyze.runs-on.

F.

Use CodeQL's autobuild action.

Buy Now
Questions 8

Which of the following formats are used to describe a Dependabot alert? (Each answer presents a complete solution. Choose two.)​

Options:

A.

Common Weakness Enumeration (CWE)

B.

Exploit Prediction Scoring System (EPSS)

C.

Common Vulnerabilities and Exposures (CVE)

D.

Vulnerability Exploitability exchange (VEX)​

Buy Now
Questions 9

Which details do you have to provide to create a custom pattern for secret scanning? (Each answer presents part of the solution. Choose two.)

Options:

A.

The secret format

B.

The name of the pattern

C.

A list of repositories to scan

D.

Additional match requirements for the secret format

Buy Now
Questions 10

Assuming that notification and alert recipients are not customized, what does GitHub do when it identifies a vulnerable dependency in a repository where Dependabot alerts are enabled? (Each answer presents part of the solution. Choose two.)​

Options:

A.

It generates a Dependabot alert and displays it on the Security tab for the repository.

B.

It notifies the repository administrators about the new alert.

C.

It generates Dependabot alerts by default for all private repositories.

D.

It consults with a security service and conducts a thorough vulnerability review.​

Buy Now
Questions 11

As a repository owner, you want to receive specific notifications, including security alerts, for an individual repository. Which repository notification setting should you use?

Options:

A.

Ignore

B.

Participating and @mentions

C.

All Activity

D.

Custom

Buy Now
Questions 12

If notification and alert recipients are not customized, which users receive notifications about new Dependabot alerts in an affected repository?

Options:

A.

Users with Write permissions to the repository

B.

Users with Admin privileges to the repository

C.

Users with Maintain privileges to the repository

D.

Users with Read permissions to the repository

Buy Now
Questions 13

When using CodeQL, how does extraction for compiled languages work?

Options:

A.

By generating one language at a time

B.

By resolving dependencies to give an accurate representation of the codebase

C.

By monitoring the normal build process

D.

By running directly on the source code

Buy Now
Questions 14

When configuring code scanning with CodeQL, what are your options for specifying additional queries? (Each answer presents part of the solution. Choose two.)

Options:

A.

Packs

B.

github/codeql

C.

Scope

D.

Queries

Buy Now
Questions 15

When does Dependabot alert you of a vulnerability in your software development process?

Options:

A.

When a pull request adding a vulnerable dependency is opened

B.

As soon as a vulnerable dependency is detected

C.

As soon as a pull request is opened by a contributor

D.

When Dependabot opens a pull request to update a vulnerable dependency

Buy Now
Questions 16

If default code security settings have not been changed at the repository, organization, or enterprise level, which repositories receive Dependabot alerts?

Options:

A.

Repositories owned by an enterprise account

B.

Private repositories

C.

None

D.

Repositories owned by an organization

Buy Now
Questions 17

Where can you use CodeQL analysis for code scanning? (Each answer presents part of the solution. Choose two.)

Options:

A.

In a third-party Git repository

B.

In a workflow

C.

In an external continuous integration (CI) system

D.

In the Files changed tab of the pull request

Buy Now
Questions 18

You are managing code scanning alerts for your repository. You receive an alert highlighting a problem with data flow. What do you click for additional context on the alert?​

Options:

A.

Show paths

B.

Security

C.

Code scanning alerts​

Buy Now
Questions 19

Which of the following Watch settings could you use to get Dependabot alert notifications? (Each answer presents part of the solution. Choose two.)

Options:

A.

The Custom setting

B.

The Participating and @mentions setting

C.

The All Activity setting

D.

The Ignore setting

Buy Now
Questions 20

The autobuild step in the CodeQL workflow has failed. What should you do?

Options:

A.

Remove specific build steps.

B.

Compile the source code.

C.

Remove the autobuild step from your code scanning workflow and add specific build steps.

D.

Use CodeQL, which implicitly detects the supported languages in your code base.

Buy Now
Questions 21

A secret scanning alert should be closed as "used in tests" when a secret is:

Options:

A.

In the readme.md file.

B.

In a test file.

C.

Solely used for tests.

D.

Not a secret in the production environment.

Buy Now
Questions 22

In a private repository, what minimum requirements does GitHub need to generate a dependencygraph? (Each answer presents part of the solution. Choose two.)​

Options:

A.

Read-only access to all the repository's files

B.

Dependency graph enabled at the organization level for all new private repositories

C.

Write access to the dependency manifest and lock files for an enterprise

D.

Read-only access to the dependency manifest and lock files for a repository​

Buy Now
Exam Name: GitHub Advanced Security GHAS Exam
Last Update: Apr 29, 2025
Questions: 75

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now GitHub-Advanced-Security testing engine

PDF (Q&A)

$36.75  $104.99
buy now GitHub-Advanced-Security pdf