What happens when you enable secret scanning on a private repository?
ARepository administrators can view Dependabot alerts.
BDependency review, secret scanning, and code scanning are enabled.
CYour team is subscribed to security alerts.
DGitHub performs a read-only analysis on the repository.
You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed? (Each answer presents part of the solution. Choose two.)
Ain the National Vulnerability Database
Bin the dependency graph
Cin security advisories reported on GitHub
Din manifest and lock files
Which of the following tasks can be performed by a security team as a proactive measure to help address secret scanning alerts? Each answer presents a complete solution. (Choose two.)
AEnable system for cross-domain identity management (SCIM) provisioning for the enterprise.
BDocument alternatives to storing secrets in the source code.
CDismiss alerts that are older than 90 days.
DConfigure a webhook to monitor for secret scanning alert events.
Which of the following statements most accurately describes push protection for secret scanning custom patterns?
APush protection is enabled by default for new custom patterns.
BPush protection must be enabled for all, or none, of a repository’s custom patterns.
CPush protection is not available for custom patterns.
DPush protection is an opt-in experience for each custom pattern.
Question 6
Configure and use secret scanning
0
Question 7
Configure and use code scanning
Question 8
Configure and use secret scanning
Question 9
Configure and use code scanning
Question 10
Configure and use secret scanning
Question 11
Configure and use dependency management
Question 12
Configure and use secret scanning
Question 13
Configure and use code scanning
Question 14
Configure and use dependency management
Question 15
Configure and use code scanning
Question 16
Configure and use secret scanning
Question 17
Configure and use dependency management
Question 18
Configure and use secret scanning
Question 19
Configure and use code scanning
Question 20
Use code scanning with CodeQL
Question 21
Configure and use dependency management
Question 22
Configure and use secret scanning
Question 23
Configure and use dependency management
Question 24
Configure and use dependency management
Question 25
Configure and use dependency management
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Which of the following features helps to prioritize secret scanning alerts that present an immediate risk?
Anon-provider patterns
Bpush protection
Csecret validation
Dcustom pattern dry runs
What role is required to change a repository’s code scanning severity threshold that fails a pull request status check?
AMaintain
BWrite
CAdmin
DTriage
By default, where will secret scanning look in a repository in order to execute its job? Each correct answer presents part of the solution. (Choose three.)
Aall files in the repository
Bdependencies
Cselected files in the repository
Dfull commit history
Eall branches
Which of the following pre-defined roles is required to manage code scanning alerts in a repository?
AMaintain
BView
CRead
DTriage
Where can you find a deleted line of code that contained a secret value?
AIssues
BDependency graph
CCommits
DInsights
Assuming that default security and analysis settings have not been changed at the repository, organization, or enterprise level, which scenario would generate a dependency graph for the repository?
Awhen a public repository has a new dependency added to its manifest file
Bwhen a private repository is forked to be used as a dependent
Cwhen a private repository has a new dependency added to its manifest file
Dwhen a public repository is forked to be used as a dependent
What is the minimum role needed in order to view the secret scanning alerts list within the Security tab of a repository?
ARead
BWrite
Crepository owner
DAdmin
As a developer with write access, you navigate to a code scanning alert in your repository. When will GitHub close this alert?
Aafter you triage the pull request containing the alert
Bafter you fix the code by committing within the pull request
Cwhen you use data-flow analysis to find potential security issues in code
Dafter you find the code and click the alert within the pull request
Which of the following formats are used to describe a Dependabot alert? Each answer presents a complete solution. (Choose two.)
AVulnerability Exploitability eXchange (VEX)
BCommon Vulnerabilities and Exposures (CVE)
CCommon Weakness Enumeration (CWE)
DExploit Prediction Scoring System (EPSS)
Where can a user change a repository’s code scanning severity threshold that fails a pull request status check?
ASettings tab
BActions tab
CSecurity tab
DPull Requests tab
What is the first step you should take to fix an alert in secret scanning?
ARemove the secret in a commit to the main branch.
BArchive the repository.
CUpdate your dependencies.
DRevoke the alert if the secret is still valid.
What scenario demonstrates the use of Dependabot security updates?
AAn alert is created for a vulnerable dependency.
BAn alert is created for a secret that’s been exposed in the codebase.
CA pull request is opened that fixes a vulnerable dependency.
DA pull request is opened that updates a dependency to the most recent version.
When secret scanning detects a set of credentials on a public repository, what does GitHub do?
AIt sends a notification to repository members.
BIt displays a public alert in the Security tab of the repository.
CIt notifies the service provider who issued the secret.
DIt scans the contents of the commits for additional secrets.
Which of the following options are code scanning application programming interface (API) endpoints? Each answer presents part of the solution. (Choose two.)
ADelete all open code scanning alerts.
BList all open code scanning alerts for the default branch.
CModify the severity of an open code scanning alert.
DGet a single code scanning alert.
What is a benefit of using a custom CodeQL configuration file?
AIt allows you to schedule the scan.
BIt allows configuration options for multiple repositories in a single place.
CIt disables packs from running the default query suite.
DIt specifies a token that has access to the private repository.
If default code security settings have not been changed at the repository, organization, or enterprise level, which repositories receive Dependabot alerts?
Aprivate repositories
Bnone
Crepositories owned by an organization
Drepositories owned by an enterprise account
By default, what is the minimum role needed to bypass push protection in a repository?
AMaintain
BAdmin
CTriage
DWrite
In a private repository, what minimum requirements does GitHub need to generate a dependency graph? (Each answer presents part of the solution. Choose two.)
Aread-only access to all the repository’s files
Bdependency graph enabled at the organization level for all new private repositories
Cwrite access to the dependency manifest and lock files for an enterprise
Dread-only access to the dependency manifest and lock files for a repository
Assuming that notification and alert recipients are not customized, what does GitHub do when it identifies a vulnerable dependency in a repository where Dependabot alerts are enabled? (Each answer presents part of the solution. Choose two.)
AIt generates a Dependabot alert and displays it on the Security tab for the repository.
BIt consults with a security service and conducts a thorough vulnerability review.
CIt generates Dependabot alerts by default for all private repositories.
DIt notifies the repository administrators about the new alert.
If notification and alert recipients are not customized, which users receive notifications about new Dependabot alerts in an affected repository?
