Online Access Free GitHub-Advanced-Security Practice Test

What step is required to run a SARIF-compatible (Static Analysis Results Interchange Format) tool on GitHub Actions?

• A.The CodeQL action uploads the SARIF file automatically when it completes analysis.
• B.By default, the CodeQL runner automatically uploads results to GitHub on completion.
• C.Update the workflow to include a final step that uploads the results.
• D.Use the CLI to upload results to GitHub.

Which patterns are secret scanning validity checks available to?

• A.Custom patterns
• B.Push protection patterns
• C.Partner patterns
• D.High entropy strings

What is required to trigger code scanning on a specified branch?

• A.The workflow file must exist in that branch.
• B.Developers must actively maintain the repository.
• C.Secret scanning must be enabled on the repository.
• D.The repository must be private.

Which of the following tasks can be performed by a security team as a proactive measure to help address secret scanning alerts? (Each answer presents a complete solution. Choose two.)

• A.Dismiss alerts that are older than 90 days.
• B.Configure a webhook to monitor for secret scanning alert events.
• C.Enable system for cross-domain identity management (SCIM) provisioning for the enterprise.
• D.Document alternatives to storing secrets in the source code.

What should you do after receiving an alert about a dependency added in a pull request?

• A.Disable Dependabot alerts for all repositories owned by your organization
• B.Deploy the code to your default branch
• C.Update the vulnerable dependencies before the branch is merged
• D.Fork the branch and deploy the new fork