GitHub-Advanced-Security試験無料問題集（77題）「GitHub Advanced Security GHAS 認定」

出題：1

What is a prerequisite to define a custom pattern for a repository?

A. Change the repository visibility to Internal

B. Enable secret scanning

C. Specify additional match criteria

D. Close other secret scanning alerts

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which syntax in a query suite tells CodeQL to look for one or more specified .ql files?

A. qls

B. query

C. qlpack

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which of the following steps should you follow to integrate CodeQL into a third-party continuous integration system? (Each answer presents part of the solution. Choose three.)

A. Analyze code

B. Process alerts

C. Upload scan results

D. Write queries

E. Install the CLI

正解：A,C,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

When using CodeQL, how does extraction for compiled languages work?

A. By running directly on the source code

B. By monitoring the normal build process

C. By resolving dependencies to give an accurate representation of the codebase

D. By generating one language at a time

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

As a developer, you need to configure a code scanning workflow for a repository where GitHub Advanced Security is enabled. What minimum repository permission do you need?

A. None

B. Write

C. Admin

D. Read

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Assuming that notification and alert recipients are not customized, what does GitHub do when it identifies a vulnerable dependency in a repository where Dependabot alerts are enabled? (Each answer presents part of the solution. Choose two.)

A. It generates a Dependabot alert and displays it on the Security tab for the repository.

B. It consults with a security service and conducts a thorough vulnerability review.

C. It notifies the repository administrators about the new alert.

D. It generates Dependabot alerts by default for all private repositories.

正解：A,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

What kind of repository permissions do you need to request a Common Vulnerabilities and Exposures (CVE) identification number for a security advisory?

A. Write

B. Maintain

C. Admin

D. Triage

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which of the following formats are used to describe a Dependabot alert? (Each answer presents a complete solution. Choose two.)

A. Common Weakness Enumeration (CWE)

B. Exploit Prediction Scoring System (EPSS)

C. Common Vulnerabilities and Exposures (CVE)

D. Vulnerability Exploitability exchange (VEX)

正解：A,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

GitHub-Advanced-Security試験無料問題集「GitHub Advanced Security GHAS 認定」