What happens when you click the "Enable all" button next to Secret scanning for an organization, and check " Enable for eligible repositories "

b) Secret scanning is enabled for all existing and new repositories in the organization.

a) Secret scanning is only enabled for new repositories in the organization.

c) Secret scanning is disabled for all repositories in the organization.

d) Secret scanning can only be enabled for specific branches in the organization's repositories.

Mod 3 - How can you exclude certain files from being scanned by secret scanning?

c) Create a .github/secret_scanning.yml file and use paths-ignore to specify the files to exclude.

a) Create a .secret_scanning.yml file and list the files to be excluded.

b) Exclude files directly in the repository's settings.

d) Secret scanning cannot exclude specific files from being scanned.

Mod 3 - What happens if the secret_scanning.yml file is larger than 1 MB?

d) Secret scanning will ignore the entire file and not apply any exclusions.

a) Secret scanning will still scan the entire file, but it will take longer to complete.

d) Secret scanning will prompt the user to split the file into smaller parts.

c) Secret scanning will exclude the first 1,000 directories from the scans.

Mod 3 - Who will receive secret scanning alerts on a repository by default?

c) Repository administrators, organization owners, and authors of commits that trigger alerts.

a) All users who have access to the repository, regardless of their permissions.

b) Only users who have enabled notifications for all the activity on the repository.

d) Secret scanning alerts are only sent to GitHub support staff.

mod 3 - How can repository administrators and organization owners give view access to security alerts to other users or teams?

d) They can grant access under Settings > Security & analysis, using the Access to alerts section.

a) They can only grant access to users who have write access to the repository.

b) Repository administrators and organization owners cannot give access to security alerts to other users.

c) They must manually edit the secret_scanning.yml file to add the names of the recipients.

Mod 3 - What action should you take if a secret is committed to GitHub and you suspect it may be compromised?

b) Verify the secret's validity, create a new secret, and update services using the old secret.

a) Delete the secret immediately without verification.

c) Wait for GitHub to automatically resolve the issue.

d) Mark the secret as hidden so it won't appear in future scans.

Mod 3 - In what section can you find the alerts that need to be resolved after taking action on compromised secrets?

c) Security > Secret scanning alerts.

a) Security > Compromised Secrets.

b) Settings > Security & analysis.

Mod 3 - Where can you create a custom pattern for a private repository?

b) Settings > Code security & analysis.

a) Settings > Security & analysis.

Mod 3 - What information do you need to provide for a custom pattern?

c) The name of the pattern, the pattern itself as Hyperscan regex, and a sample test string.

a) The repository's owner and name.

b) The pattern's color and font size.

d) The repository's URL and description.

Mod 4 - What are the two main ways to use CodeQL analysis for code scanning in a GitHub repository?

c) Adding the CodeQL workflow or using an external CI system.

a) Using manual scanning and automated scanning.

b) Using the GitHub API and the CodeQL CLI.

d) Using GitHub Actions and GitHub Connect.

mod 4 - What additional data does the response include when using the custom media type for the code scanning REST API?

c) The properties github/alertNumber and github/alertUrl.

a) The analysis ID and summary.

b) The list of code scanning alerts.

d) The organization name and repository details.

Mod 4 - Where can you download the CodeQL bundle?

https://github.com/github/codeql-action/releases

https://github.com/github/codeql

https://github.com/codeql-cli/releases

https://github.com/github/codeql-action

Mod 4 - Which repositories can use the CodeQL CLI for free?

a) Public repositories maintained on GitHub.com .

b) Private repositories with an Advanced Security license.

c) Public and private repositories without any license.

d) Only public repositories owned by customers.

Mod 4 - What does the CodeQL bundle contain?

b) CodeQL queries and libraries.

What does the CodeQL bundle contain?

c) Only the CodeQL CLI product.

d) Precompiled versions of all queries from GitHub.com .

Mod 4 - How does GitHub prevent duplicate alerts for the same problem in code scanning?

a) By matching results across various runs using fingerprints.

b) By filtering out results with the same rule or query name.

c) By ignoring results that have partialFingerprints.

d) By grouping results based on the most important rules.

Mod 4 - What does the partialFingerprints field in a SARIF file contain?

c) Data for matching duplicate alerts.

d) Source code used in static analysis.

Mod 4 - What does SARIF mean?

b) Static Analysis Results Interchange Format

a) Secure Automated Results Integration Format

c) Systematic Analysis Reporting and Integration Format

d) Source and Artifact Results Information Format

Mod 4 - What are the default severity levels that cause a pull request check failure?

b) Error or security severity level of Critical or High

What are the default severity levels that cause a pull request check failure?

d) Error or security severity level of Low or Medium

mod 4 - How can you specify the file paths to be ignored in the code scanning workflow?

b) Use the "on:pull_request:paths-ignore" parameter and list the file paths to be ignored.

a) Use the "ignore" parameter under "code_scan".

c) Use the "on:pull_request:paths" parameter and list the file paths to be scanned.

d) Use the "exclude" parameter under "code_scan".

Mod 4 - By default, how often does the default CodeQL analysis workflow scan the code in a repository?

By default, how often does the default CodeQL analysis workflow scan the code in a repository?

Mod7 - What additional features does a GitHub Advanced Security LICENSE provide for private and internal repositories?

b) Code scanning, secret scanning, dependency review, and security overview

c) Advanced user access controls

d) Unlimited custom patterns for secret scanning

mod7 - What is the consequence of enabling GitHub Advanced Security at the organization level?

b) It automatically turns on GitHub Advanced Security for all private and internal repositories in the organization.

a) It provides additional features for public repositories.

c) It allows committers to use GitHub Advanced Security without any limitations.

d) It enables access to GitHub Advanced Security for free GitHub accounts.

Mod 7 - Before enabling GitHub Advanced Security for all repositories in an organization on GitHub Enterprise Server, what must be done first?

d) Enable Advanced Security for the GitHub Enterprise Server instance.

a) Upgrade the GitHub Enterprise Server instance to the latest version.

b) Enable GitHub Advanced Security for each repository individually.

c) Upload the GitHub Advanced Security license to the organization's settings.

Mod 7 - How can you enable GitHub Advanced Security features on GitHub Enterprise Server via the GitHub user interface?

d) By selecting the desired features in the Management Console under Site admin.

a) By navigating to the Security & analysis settings for each repository.

b) By contacting GitHub Enterprise Server support.

c) By using SSH to access the administrative shell.

Mod 7 - Which feature is enabled using the command ghe-config app.dependency-graph.enabled true ?

a) Dependency reviewa) Dependency review

Mod 7 - To enable secret scanning, which command should be used?

c) ghe-config app.secret-scanning.enabled true

a) ghe-config app.minio.enabled true

b) ghe-config app.code-scanning.enabled true

d) ghe-config app.dependency-graph.enabled true

Mod 7 - What roles and permissions are required to view code scanning alerts in the repository's Security tab?

b) Write permission on repository

a) Read permission on repository

c) Admin permission on repository

d) Owner permission on repository

Mod 7 - Who can view secret scanning alerts in the repository's Security tab ?

b) Repository administrators and organization owners

c) Users with read permission on repository

d) Users with write permission on repository

Mod 7 - What is the purpose of the SECURITY.md file in a GitHub project repository?

c) It provides information about the project's security vulnerabilities and how to report them.

a) It enables Advanced Security features for the repository.

b) It allows administrators to set up security policies.

d) It automatically reports security vulnerabilities to GitHub support.

mod 7 - 2. Where can you enable GitHub Advanced Security for all the private and internal repositories in an organization?

In the organization's Code and security settings

In the Site admin page of your enterprise account

In the organization's Security tab

Mod 8 - What happens when settings are changed at the enterprise level?

a) The settings apply to all repositories owned by any organization within the enterprise

b) The settings apply only to repositories owned by the enterprise itself

c) The settings only apply to public repositories, not private repositories

d) The settings only apply to repositories with Advanced Security enabled

GHAS - MOD 3+MOD4+MOD7+MOD8

Authored by Sara S

Computers

Professional Development

Used 3+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

51 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Mod 3 - What happens when secret scanning detects a secret in a repository?

a) It automatically revokes the secret

b) It notifies all repository administrators about the commit

c) It deletes the repository

d) It encrypts the secret for added security

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Mod 3 - When does secret scanning send a notification to repository administrators?

a) When a public repository is created

b) When a secret with a known pattern is committed

c) When a security incident is detected

d) When a branch is deleted

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Mod 3 - What does secret scanning do in GitHub Advanced Security?

a) Scans repositories for known types of secrets

b) Analyzes code for vulnerabilities

c) Generates automated pull requests for dependency updates

d) Audits user access and permissions

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Mod 3 - What is required to enable secret scanning on private repositories owned by organizations on an enterprise plan?

a) A GitHub Actions workflow must be created.

b) The repository must be made public.

c) GitHub Advanced Security must be enabled for the organization.

d) The repository must have at least 100 stars.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Mod 3 - Who is secret scanning available to in GitHub?

a) Only users with a paid GitHub subscription

b) All public repositories and private repositories owned by organizations on an enterprise plan with GitHub Advanced Security

c) Only repository owners and administrators

d) Only developers using GitHub Actions

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Mod 3 - How can you enable secret scanning on a private repository?

a) It is automatically enabled for all private repositories.

b) Navigate to Settings > Security & analysis and click the Enable button next to Secret scanning.

c) Secret scanning cannot be enabled on private repositories.

d) Secret scanning is only available for public repositories.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Mod 3 - How can you enable secret scanning for an organization?

a) Secret scanning is automatically enabled for all organizations.

b) Navigate to Settings > Security & analysis in the organization, and click the Enable all button next to Secret scanning.

c) Secret scanning cannot be enabled for organizations.

d) Secret scanning can only be enabled on an organization if GitHub Advanced Security is disabled.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

52 questions

GM Calibration

Quiz

•

Professional Development

50 questions

CompTIAA+ 220-1101 BurningIce (Part 1)

Quiz

•

Professional Development

50 questions

COMPTIA IT 2

Quiz

•

Professional Development

47 questions

unit20_Diploma Software CBT

Quiz

•

Professional Development

50 questions

AI-102

Quiz

•

Professional Development

50 questions

Test Mendix 5

Quiz

•

Professional Development

50 questions

Skill Test Fullstack MEVN

Quiz

•

University - Professi...

50 questions

Android development ( 51 - 100)

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

10 questions

How to Email your Teacher

Quiz

•

Professional Development

6 questions

3RD GRADE DECLARATION OF INDEPENDENCE EXIT TICKET

Quiz

•

Professional Development

19 questions

Black History Month Trivia

Quiz

•

6th Grade - Professio...

22 questions

Multiplying Exponents with the Same Base

Quiz

•

9th Grade - Professio...

40 questions

Flags of the World

Quiz

•

KG - Professional Dev...

GHAS - MOD 3+MOD4+MOD7+MOD8

Mod 3 - What happens when secret scanning detects a secret in a repository?

Mod 3 - When does secret scanning send a notification to repository administrators?

Mod 3 - What does secret scanning do in GitHub Advanced Security?

Mod 3 - What is required to enable secret scanning on private repositories owned by organizations on an enterprise plan?

Mod 3 - Who is secret scanning available to in GitHub?

Mod 3 - How can you enable secret scanning on a private repository?

Mod 3 - How can you enable secret scanning for an organization?

What happens when you click the "Enable all" button next to Secret scanning for an organization, and check "Enable for eligible repositories"

Mod 3 - How can you exclude certain files from being scanned by secret scanning?

Mod 3 - What happens if the secret_scanning.yml file is larger than 1 MB?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers