Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free GitHub GitHub-Advanced-Security Practice Exam with Questions & Answers | Set: 2

Questions 11

Which of the following Watch settings could you use to get Dependabot alert notifications? (Each answer presents part of the solution. Choose two.)

Options:
A.

The Custom setting

B.

The Participating and @mentions setting

C.

The All Activity setting

D.

The Ignore setting

GitHub GitHub-Advanced-Security Premium Access
Questions 12

Where can you find a deleted line of code that contained a secret value?

Options:
A.

Insights

B.

Issues

C.

Commits

D.

Dependency graph

Questions 13

What does code scanning do?

Options:
A.

It contacts maintainers to ask them to create security advisories if a vulnerability is found

B.

It prevents code pushes with vulnerabilities as a pre-receive hook

C.

It analyzes a GitHub repository to find security vulnerabilities

D.

It scans your entire Git history on branches present in your GitHub repository for any secrets

Questions 14

Which of the following statements best describes secret scanning push protection?​

Options:
A.

Commits that contain secrets are blocked before code is added to the repository.

B.

Secret scanning alerts must be closed before a branch can be merged into the repository.

C.

Buttons for sensitive actions in the GitHub UI are disabled.

D.

Users need to reply to a 2FA challenge before any push events.​

Questions 15

What does a CodeQL database of your repository contain?​

Options:
A.

A build for Go projects to set up the project

B.

A build of the code and extracted data

C.

Build commands for C/C++, C#, and Java

D.

A representation of all of the source code​

GitHub

Agentic AI for AppSec Teams

Questions 16

You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed? (Each answer presents part of the solution. Choose two.)​

Options:
A.

In the National Vulnerability Database

B.

In the dependency graph

C.

In security advisories reported on GitHub

D.

In manifest and lock files

Questions 17

Which of the following statements most accurately describes push protection for secret scanning custom patterns?​

Options:
A.

Push protection must be enabled for all, or none, of a repository's custom patterns.

B.

Push protection is an opt-in experience for each custom pattern.

C.

Push protection is not available for custom patterns.

D.

Push protection is enabled by default for new custom patterns.​

Questions 18

Which of the following secret scanning features can verify whether a secret is still active?

Options:
A.

Push protection

B.

Validity checks

C.

Branch protection

D.

Custom patterns

Questions 19

What step is required to run a SARIF-compatible (Static Analysis Results Interchange Format) tool on GitHub Actions?​

Options:
A.

Update the workflow to include a final step that uploads the results.

B.

By default, the CodeQL runner automatically uploads results to GitHub on completion.

C.

The CodeQL action uploads the SARIF file automatically when it completes analysis.

D.

Use the CLI to upload results to GitHub.​

Questions 20

After investigating a code scanning alert related to injection, you determine that the input is properly sanitized using custom logic. What should be your next step?

Options:
A.

Draft a pull request to update the open-source query.

B.

Ignore the alert.

C.

Open an issue in the CodeQL repository.

D.

Dismiss the alert with the reason "false positive."

Certification Provider: GitHub
Exam Name: GitHub Advanced Security GHAS Exam
Last Update: Jul 15, 2025
Questions: 75

GitHub Related Exams

How to pass GitHub GitHub-Foundations - GitHub FoundationsExam Exam

GitHub Free Exams

GitHub Free Exams