Contributed Questions
Info
This page contains all the questions that were contributed by the community when studying for the exam.
- What are the possible GitHub account types? (Select three.)
- Which of these GitHub features serves the purpose of an adaptable spreadsheet, task board and a roadmap that integrates with issues and pull requests on GitHub to plan and track your work effectively?
- How does the synchronization between GitHub projects and issues and pull requests work?
- Which of these is true regarding custom fields for items in GitHub Projects?
- What are the different available options for adding issues and pull requests to a GitHub Project board?
- Which of these layouts are available in GitHub Projects? (Choose three.)
- Which GitHub Project layout would best serve as a Kanban board?
- Which of these workflows are built-in automations in GitHub Projects? (Choose two.)
- What are the different options that allow you to automate operations in your GitHub Project? (Choose three.)
- What is the difference between GitHub projects and GitHub projects classic?
- What are the use cases for labels?
- Why would a repository owner want to use milestones? (Choose two.)
- How can you assign a person to an issue or pull request?
- If you face yourself often writing the same set of comments on issues or pull requests, what GitHub feature would you use to save time?
- Which of these statements about `saved replies` are true? (Choose two.)
- What are some actions you can do in regards to Repository Templates? (Choose two.)
- Which feature in GitHub Projects enables you to effortlessly generate graphs and charts for visualizing the current status and historical progression of your project?
- What is the name of GitHub's continuous integration and continuous delivery (CI/CD) platform?
- Which of these is a common use case for GitHub Actions?
- GitHub Action workflows are triggered by events. Which of these are valid events that GitHub Actions support? (Choose two.)
- Where can you find publicly available GitHub Actions?
- Which of these tools serves as an AI pair programmer that offers autocomplete-style suggestions as you code?
- Is GitHub Copilot free to use?
- What are the differences between GitHub Copilot Individual and GitHub Copilot Business?
- How can you start using GitHub Copilot after activating the GitHub Copilot subscription?
- What is a GitHub Codespace?
- What GitHub feature allows the creation of preconfigured development environments where all necessary tools and dependencies to contribute to a repository are installed?
- What GitHub features allow repository contributors to work on simple code changes directly through the web browser? (Choose two.)
- What are the different possible lifecycle phases for a GitHub Codespace?
- If you stop your GitHub Codespace environment can you come back to the changes later if you haven't committed them?
- Which of these statements regarding GitHub Codespaces lifecycle are true? (Choose three.)
- Your project requires appropriate hardware to run. Can you customize the amount of CPU cores that will be allocated to your GitHub Codespace environment?
- How can you customize the environment that is run in GitHub Codespaces?
- What is a GitHub Codespace deep link?
- Who should have 2 Factor Authentication enabled on GitHub?
- What are Enterprise Managed Users?
- What are the different permission levels for a repository owned by a personal account? (Choose two.)
- Which of these is NOT a role in a GitHub Organization?
- Can you disable the issues tab on a repository?
- Where can you disable repository features such as issues, wikis or projects on a repository that you own?
- What are the different repository visibility options?
- What is the purpose of a `CODEOWNERS` file?
- How can you enforce status checks passing before merging a pull request to the `main` branch?
- Which of these actions will make sure that prior to any push to the `main` branch, the changes have been approved by at least two people? (Choose three.)
- What can you find in the security tab of a repository?
- What is CodeQL?
- Which tool helps you keep the repository dependencies up to date?
- What are Repository Insights?
- Who are repository collaborators?
- How can you work together with a friend of yours on a repository that you have created on your personal GitHub account?
- What are GitHub teams?
- What is the role of an organization moderator?
- What is the role of an organization security manager?
- Which of these definitions best describes open source software?
- What is the GitHub Sponsors program?
- On your personal GitHub dashboard you received a notification that user `octocat` has created a new repository `octocat/my-repo`. Why did you receive that notification?
- What are the effects of you following a user on GitHub?
- What is the GitHub Marketplace?
- What is InnerSource?
- Which of these is a practice that encourages collaboration, visibility and sharing of code among different teams within an organization?
- What is a fork in GitHub?
- Which of these can make a repository more discoverable? (Choose three.)
- How can you define guiding protocols for users intending to submit bug reports or propose new features in your repository so they know what information to fill-in?
- What is a pull request template?
- Which of these statements best describes a version control system?
- What is the meaning of the word `distributed` in distributed version control system?
- Which of these best describes git?
- Which of these statements best describes what GitHub is?
- What is the relation between Git and GitHub?
- What is a repository in GitHub?
- What is a git commit?
- Which git feature allows developers to concurrently work on the same codebase without causing conflicts with each other?
- What is the GitHub Flow?
- What is a GitHub Pro plan?
- Is there a free version of GitHub for organizations?
- What are the different GitHub pricing plans for organization accounts? (Select three.)
- Which GitHub pricing plan offers self-hosted deployment of GitHub?
- Under which GitHub pricing plan can you create an unlimited number of public repositories?
- What are the different deployment options for GitHub Enterprise? (Select two.)
- Which of these statements about GitHub Enterprise deployment options are true? (Select two.)
- What are pinned repositories on GitHub?
- Which of these files can customize your GitHub profile?
- What language is used to write comments on GitHub issues and pull requests?
- What are GitHub's slash commands?
- How does GitHub help people that want to write proper issue and pull request comments but don't know Markdown syntax?
- What is GitHub Desktop?
- What is GitHub Mobile?
- How can you link a pull request to an issue? (Choose two.)
- What improvement do issue forms bring over issue templates?
- Which of these is a repository feature that is used as a community forum to have conversations, ask questions, post announcements and share ideas?
- What is the effect of adding a line `Closes #11` to the pull request's description?
- In GitHub a proposal to merge a set of changes from one branch into another branch is called a:
- You want to merge changes from branch `feature-a` into `main` and you are creating a pull request. Which branch should be the `base` branch and which branch should be the `compare` branch?
- What are draft pull requests?
- What are the possible statuses for a pull request review? (Choose three.)
- Which of these statements about the differences of issues and discussions is true?
- Which of the GitHub features best serves as a simple way to share small code snippets with others?
- What are GitHub Wikis?
- What are the two available options when you no longer need to use a Project?
- Can you change a gist from public to secret after creating it?
- What happens when you choose to close a Project?
- If there are multiple Readme.md files in a GitHub repository, what is the priority order to show them?
- Which of the following Git commands allow you to create a new branch and start working on it in one line? (Select two.)
- If a GitHub Discussion is converted into an Issue and the issue is closed or referred to using its corresponding # number, will the discussion be modified?
- Which information can be found in the Pulse section in the Insights tab of a repository? (Choose four)
- What are the different levels of GitHub organizational hierarchy? (Choose three.)
- Who can setup billing or assign billing managers for an organization? (Select three.)
- What is one of the main benefits for using a Personal Access Token (PAT) instead of a standard username and password for GitHub authentication?
- What are the different forms of two-factor or multi-factor authentication supported by GitHub? (Choose five.)
- What are the different GitHub pricing plans for personal accounts? (Select two)
- What is/are the common GitHub pricing plan(s) for both personal and organization accounts?
- What syntax is used in GitHub Markdown to create a task list?
- Which Markdown element is not correctly paired with its syntax?
- What feature is unique to GitHub Desktop compared to github.com?
- Which of the following actions cannot be performed directly from GitHub Desktop?
- What are some actions you can do in regards to Project Templates in your organization? (Choose three.)
- Which statement is correct regarding passing permissions to reusable workflows?
- What are the different permission levels you can assign to `GITHUB_TOKEN` in the `permissions` block?
- You can use `permissions` to modify the `GITHUB_TOKEN` permissions on: (Select two.)
- Are GitHub Actions free for public repositories?
- Which of these is not a valid event that could trigger a workflow?
- Which is true about workflows? (Select three.)
- Which components are required for a workflow? (Select two.)
- Which event is triggered by a webhook action from outside of the repository?
- Workflows are defined in which format
- Where should you store sensitive data such as passwords or certificates that will be used in workflows
- In a workflow with multiple jobs the default behavior is:
- If job B requires job A to be finished you have to:
- In a workflow with multiple jobs, if job A fails then:
- This code will launch 6 different jobs in parallel using the matrix strategy. Can you use the matrix strategy to parallelize entire workflows?
- Which matrix job definition is syntactically correct?
- How do you access matrix variables in a matrix strategy job?
- When using the `pull_request` and `pull_request_target` events, how do you configure the workflow to run only when targeting the `prod` branch?
- This workflow will run on all pull requests where:
- Fill in the blank: When using `push` event trigger filters you can use <____> patterns to target multiple branches
- Which event allows you to manually trigger a workflow from the GitHub UI?
- What are the possible types of an input variable for a manually triggered workflow? (Select five.)
- A workflow that has only `workflow_dispatch` event trigger can be triggered using GitHub's REST API
- To stop a workflow from running temporarily without modifying the source code you should
- What are `activity types` of an event used for ?
- You want to create a reusable workflow `CI` that runs some quality checks, linting and tests on code changes. What event trigger should the `CI` workflow define to allow reusing it in other workflows?
- A reusable workflow named `build` creates zip file artifacts. How do you pass the zip file location to the caller workflow that is calling the `build` workflow? (Select three.)
- What are the valid use cases for using **defaults**? (Select two.)
- How can you ensure that a workflow called `Deploy Prod` is always running at most one at a time?
- Your Pull Request analysis workflow uses multiple code analysis tools and takes about 20minutes to fully complete. It is triggered on `pull_request` event with `branches` filter set to `master`. Therefore if a developer pushes multiple commits within few minutes multiple workflows are running in parallel. How can you stop all previous workflow runs and only run the one with latest changes?
- When will job3 run?
- What `jobs.job_id.if` conditional will make sure that job `production-deploy` is triggered only on `my-org/my-repo` repository? (Select two.)
- What GitHub-hosted runner types are available to use? (Select three.)
- Is this statement true? `Not all steps run actions, but all actions run as a step`
- For any action published in GitHub Marketplace, you can often use it in multiple versions, which approach is the most stable and secure?
- To prevent a job from failure when one of the steps fails you can include:
- You defined a matrix job `example_matrix`. How can limit the matrix to run a maximum of 2 jobs at a time?
- Which of these is a proper way of setting an output parameter `PET` with a value of `DOG` in a `step`.
- Which of these is a way of using `action_state` in `step_two`?
- Is this statement true? `Workflows can be reused, but a reusable workflow cannot call another reusable workflow.`
- In the following example, `workflow A` passes all of its secrets to `workflow B`, by using the inherit keyword. Then `workflow B` calls `workflow C`. Which statement regarding `secrets` is true for that example?
- When should you use `caching`?
- When should you use `artifacts`? (Select two.)
- If a workflow runs on a `feature-a` branch, can it restore `caches` created in the default `main` branch?
- To access an `artifact` that was created in another, previously triggered workflow run you can:
- What should you use to store coverage reports or screenshots generated during a workflow that runs automated testing for a repository?
- You can only upload a single file at a time when using `actions/upload-artifact` action
- In job `deploy`, if you want to access binaries (containing your application) that were created in job `build` you should
- A job called `job2` is using artifacts created in `job1`. Therefore it's important to make sure `job1` finishes before `job2` starts looking for the artifacts. How should you create that dependency?
- Which is true about `Starter Workflows` ? (Select three.)
- Secrets and configuration variables can be scoped to: (Select three.)
- What are the three types of Actions?
- Is this statement true? `Docker container actions are usually slower than JavaScript actions`
- When creating a custom GitHub Action you have to store the source code in `.github/workflows` directory
- When creating custom GitHub Actions - in what file does all the action `metadata` have to be defined?
- A workflow was initially run on `commit A` and failed. You fixed the workflow with the subsequent `commit B`. When you re-run that workflow it will run with code from which commit?
- How can you require manual approvals by a maintainer if the workflow run is targeting the `production` environment?
- Which is true about environments?
- When using GitHub Actions to access resources in one of the cloud providers (such as AWS, Azure or GCP) the safest and recommended way to authenticate is
- Your open-source publicly available repository contains a workflow with a `pull_request` event trigger. How can you require approvals for workflow runs triggered from forks of your repository?
- Which of the following default environment variables contains the name of the person or app that initiated the workflow run?
- Which of the following are default environment variables in GitHub Actions? (Select three.)
- Your organization defines a secret `SomeSecret`, however when you reference that secret in a workflow using `${{ secrets.SomeSecret }}` it provides a different value than expected. What may be the reason for that?
- Which is a correct way to print a debug message?
- How can organizations which are using GitHub Enterprise Server enable automatic syncing of third party GitHub Actions hosted on GitHub.com to their GitHub Enterprise Server instance?
- Where can you find network connectivity logs for a GitHub self-hosted-runner?
- How can you validate that your GitHub self-hosted-runner can access all required GitHub services?
- Which is the correct way of triggering a job only if configuration variable `MY_VAR` has the value of `MY_VALUE`?
- To run a `step` only if the secret `MY_SECRET` has been set, you can:
- How can you use the GitHub API to download workflow run logs?
- How can you use the GitHub API to create or update a repository secret?
- How can you override an organization-level GitHub Secret `API_KEY` with a different value when working within a repository? (Select two.)
- What components can be reused within a GitHub Organization? (Select four.)
- How many jobs will be executed in the following workflow?
- Which of the following default environment variables contains the full name (e.g `octocat/hello-world`) of the repository where the workflow is running?
- In a workflow that has multiple jobs, all running on GitHub-hosted runners, is it true that all jobs are guaranteed to run on the same runner machine?
- What's the maximum amount of reusable workflows that can be called from a single workflow file?
- What is a self-hosted runner?
- Which of the following is a correct statement about GitHub Workflows and Actions?
- On which commit and branch do scheduled workflows run in GitHub Actions?
- What is the correct syntax for setting the directory for all `run` commands in a workflow?
- How can you reuse a defined workflow in multiple repositories? (Choose two.)
- How can you ensure a job runs only on a specific branch?
- What does the `needs` keyword do in a GitHub Actions workflow?
- Which keyword allows you to define environment variables in a GitHub Actions workflow?
- What is the purpose of the `with` keyword in a GitHub Actions workflow?
- Which of the following GitHub Actions syntax is used to run multiple commands in a single step?
- How can you cache dependencies to speed up workflow execution?
- What does the `matrix` keyword do in a GitHub Actions workflow?
- Which of the following can be used to limit the number of concurrent jobs running in a GitHub Actions workflow?
- What is the default timeout for a GitHub Actions job?
- How can you specify the operating system for a job in GitHub Actions?
- In a GitHub Actions workflow, how do you specify a specific version of Node.js to use in a job?
- How do you reference a secret stored in GitHub Secrets in a workflow?
- What is the default shell used by GitHub Actions on Windows runners?
- Which of the following statements are true about adding a self-hosted runner in GitHub Actions? (Choose three.)
- Select the default environment variable that contains the operating system of the runner executing the job
- How does the `actions/cache` action in GitHub Actions handle a cache miss?
- How can you specify the schedule of a GitHub actions workflow to run on weekdays only?
- What is the recommended approach for storing secrets larger than 48 KB?
- Select status check functions in GitHub Actions
- How do you ensure that `Upload Failure test report` step is executed only if `Run Tests` step fails?
- Which context holds information about the event that triggered a workflow run?
- In GitHub Actions, if you define both branches and paths filter, what is the effect on the workflow execution?
- What is the recommended practice for treating environment variables in GitHub Actions, regardless of the operating system and shell used?
- Which of the following statements accurately describes the behavior of workflow jobs referencing an environment's protection rules?
- What is the purpose of the `restore-keys` parameter in `actions/cache` in GitHub Actions?
- Which variable would you set to `true` in order to enable step debug logging?
- Which configuration is appropriate for triggering a workflow to run on webhook events related to check_run actions?
- What is the purpose of the `timeout-minutes` keyword in a step?
- Dave is creating a templated workflow for his organization. Where must Dave store the workflow files and associated metadata files for the templated workflow?
- Dave wants to be notified when a comment is created on an issue within a GitHub repository. Which event trigger should be used within the workflow configuration?
- What level of access is required on a GitHub repository in order to delete log files from workflow runs?
- What is true about the following workflow configuration if triggered against the `octo/my-dev-repo` repository?
- How can you access the current values of variables in a matrix within a job in the example below:
- What level of permission is required to re-run the workflows
- When can you delete workflow runs?
- Who can bypass configured deployment protection rules to force deployment (by default)
- How can you skip the following workflow run when you commit or create a PR?
- How can you determine if an action is a container action by looking at its action.yml file?
- What is the correct syntax for specifying a cleanup script in a container action?
- What’s true about default variables? (choose three)
- What are the scopes defined for custom variables in a workflow? (choose three)
- As a GitHub Organization administrator, you want users to authenticate using a corporate identity provider. Which of the following is a way to achieve this?
- What is the GitHub dependency graph?
- Which is the minimum level of support that provides help with installing and using Advanced Security?
- Which of the following issues can GitHub Support help resolve? (Choose four.)
- Which of the following are correct methods to generate and share a diagnostic file for GitHub Enterprise Server? (Choose two.)
- Which of the following is the correct procedure for generating a support bundle in GitHub Enterprise Server? (Choose two.)
- Which endpoints does the GitHub API provide to administer your enterprise? (Choose six.)
- What are the steps to install a GitHub App from GitHub Marketplace for an organization?
- What are the benefits and risks of using apps and actions from the GitHub Marketplace?
- What are the key implications of enabling SAML single sign-on (SSO) for an organization in GitHub Enterprise Cloud?
- What is a key difference between enabling SAML Single Sign-On (SSO) for all organizations in an enterprise account versus enabling it for a single organization in GitHub Enterprise Cloud?
- Which GitHub Support level provides SLA and written support in English 24/7?
- What are the steps to enable and enforce SAML SSO for a single organization?
- Which of the following identity providers (IdPs) is NOT officially supported and internally tested by GitHub Enterprise Cloud for SAML SSO?
- How do you require two-factor authentication (2FA) for an organization?
- Which identity providers (IdPs) support GitHub Enterprise Cloud SCIM API for organizations? (Choose three.)
- What is the primary function of Enterprise Managed Users in GitHub?
- How are user accounts provisioned with Enterprise Managed Users?
- What is required for a user to authenticate with an Enterprise Managed Users account?
- Which statement is true regarding usernames and profile information for Enterprise Managed Users?
- What are the implications of a managed user needing to contribute to resources outside of the enterprise?
- What is SCIM in the context of GitHub?
- What's the purpose of SCIM and team synchronization in GitHub?
- What are valid authentication methods available in GitHub? (choose six.)
- How does GitHub Enterprise Cloud differ from GitHub Enterprise Server?
- Which of the following are extra features provided by GitHub Enterprise Cloud over GitHub Free plan? (choose four.)
- What is the purpose of enterprise accounts in GitHub Enterprise Cloud?
- Which of the following is a management option exclusive to GitHub Enterprise Cloud?
- Which is the main restriction of Enterprise Managed User accounts in GitHub Enterprise Cloud?
- What is GitHub Enterprise Server primarily designed for?
- Which environments can GitHub Enterprise Server be deployed to?
- Which of the following is a key feature of GitHub Enterprise Server?
- How can GitHub Enterprise Server's administration be handled?
- What does GitHub recommend for safeguarding against data loss in GitHub Enterprise Server?
- What's the usage cost of GitHub Actions for public repositories?
- How are minutes calculated for jobs that run on different operating systems in GitHub Actions?
- What is the default spending limit for GitHub Actions on monthly-billed accounts?
- How can an organization owner find statistics on license usage for their GitHub Enterprise Server?
- How can an organization admin set default permissions for new members in a GitHub organization?
- How does team synchronization with Microsoft Entra ID (previously Azure AD) benefit GitHub Enterprise Cloud organizations?
- What is the primary purpose of a GitHub organization?
- Which role in a GitHub organization has the authority to manage access to the organization's resources?
- How can access management and collaboration be simplified within a GitHub organization?
- Which GitHub plan allows to use secret scanning in private repositories?
- What is the advantage of having an enterprise account on GitHub Enterprise Cloud for an organization?
- How can an organization enhance the security of their GitHub Actions workflows?
- Which of the following are recognized roles within a GitHub organization?
- Which role in a GitHub organization has the highest level of access?
- What are the default permissions of a member in a GitHub organization?
- What is the primary responsibility of a billing manager in a GitHub organization?
- How does the role of an outside collaborator differ from that of a member within a GitHub organization?
- How can an organization owner change the role of a member within the organization?
- How can you give a user the minimum required permissions necessary for accessing a specific repository within a GitHub organization?
- What are the key features and functionalities of teams within a GitHub organization?
- What distinguishes a visible team from a secret team in a GitHub organization?
- How do nested teams benefit an organization's structure within GitHub?
- What can be found on a team’s page within a GitHub organization?
- What is the role of a Security Manager within a GitHub organization?
- What permissions does a GitHub App manager have within an organization?
- What roles can a team member hold within a GitHub team?
- Which repository role in a GitHub organization is recommended for contributors who need to proactively manage issues and pull requests without having write access?
- What are the repository roles available in a GitHub organization? (Choose five.)
- What functionality does the audit log provide to organization admins within a GitHub organization?
- Which formats are available for exporting the audit log from a GitHub organization?
- How can an organization admin search the audit log for events related to webhook modifications?
- Why might webhooks be considered an efficient alternative to the audit log or API polling in certain use cases within GitHub organizations?
- Which tools can be used to remove sensitive data from a Git repository's history?
- What should you do before running git filter-repo or BFG Repo-Cleaner to remove sensitive data from your repository?
- After sensitive data is removed from a repository's history and pushed to GitHub, what is a necessary step to fully remove the data from GitHub?
- Which of these practices can help avoid committing sensitive data or files to a git repository?
- Which of these best defines GitHub Enterprise Policies?
- What are enterprise policies in the context of GitHub Enterprise Cloud?
- What steps should organization admins follow to access audit logs of actions performed within their GitHub organization?
- Which of the following are types of access tokens supported by GitHub? (Choose three.)
- What is the primary rate limit for authenticated personal users making REST API requests to GitHub API?
- What's the difference between GitHub Apps and OAuth apps?
- How can GitHub Apps react to specific events, and what are some examples of these events?
- How can enterprises track their usage of GitHub Actions?
- Who can configure IP allow lists for an enterprise on GitHub?
- Can organization owners manage IP allow list entries inherited from the enterprise account's allow list?
- Which runners must you use with GitHub Actions when an IP allow list is enabled on your enterprise?
- How can you ensure your self-hosted or larger hosted runners can communicate with GitHub when using an IP allow list?
- When an Enterprise IP allow list is in place, what happens when you try publish your GitHub Pages site from a branch instead of using a custom GitHub Actions workflow?
- What are some potential abuse vectors of enabling self-hosted runners on public repositories? (Choose four.)
- How should you select appropriate runners to support your workflow's specific workloads?
- How do you add a self-hosted runner to a GitHub repository?
- What is required to add a self-hosted runner to an organization on GitHub?
- How can you manage access to self-hosted runners in an organization using runner groups?
- What steps are involved in creating a self-hosted runner group for an organization on GitHub?
- How do you change which repositories can access a specific runner group in an organization?
- How can you use 3rd party vaults to manage secrets for GitHub Actions?
- Which package managers and formats are supported by GitHub Packages? (Choose five.)
- How can one authenticate to GitHub Packages?
- What is required to download or publish a GitHub Package within workflows, such as with GitHub Actions or other CI/CD tools?
- What are the differences and use cases between GitHub Packages and releases?
- By which header can you check the number of requests you have made in the current rate limit window when using the GitHub REST API?
- What is CodeQL?
- What does `shifting left` mean in the context of Security?
- What are Repository Security Advisories?
- Which tool helps you keep the repository dependencies up to date?
- Which of the following is a curated list of security vulnerabilities found in open source projects?
- Which of these GitHub security features are available for FREE for both public and private personal repositories? (Choose four.)
- Which of these best describes secret scanning?
- Which parts of the repository are scanned by secret scanning? (Choose two.)
- What's the purpose of the Secret scanning partner program?
- Public repositories owned by personal users as well as public repositories owned by organizations can use secret scanning for free.
- How can you prevent commits containing cloud provider credentials from being pushed to GitHub?
- Which of these is true about the GitHub secret scanning partner program? (Choose three.)
- How can you exclude certain directories or files from secret scanning?
- You have included some fake secrets in your test code and they have been picked up by GitHub's secret scanning. What can you do to tell GitHub that these are fake secrets used in tests and can be ignored by secret scanning? (Choose two.)
- You have accidentally committed your GitHub personal access token to a public repository. What actions should you take to prevent your account from being compromised?
- What is the behavior when a new secret pattern is added or updated in the GitHub secret scanning partner program?
- Who will be notified when a NEW secret is pushed and detected in a repository? (Choose five.)
- When GitHub runs a scan of all historical code in enterprise repositories what is the notification behavior? (Select two.)
- Does GitHub use the same set of secret scanning patterns for both user alerts and push protection alerts?
- What are the three different sets of secret scanning patterns that GitHub maintains? (Select three.)
- Multiple public repositories that you are contributing to do not have secret scanning push protection option enabled. What can you do to protect yourself from accidentally pushing secrets to these repositories?
- Your company has internal secrets that should not be pushed to GitHub repositories. The pattern of these secrets is not known by GitHub and therefore is not detected by secret scanning. What can companies do to protect their developers from accidentally pushing these secrets to repositories in their GitHub Organization?
- What information do Dependabot alerts provide?
- What is the GitHub dependency graph?
- Is GitHub dependency graph available for free to all repositories?
- How does GitHub Dependency graph know what dependencies your project is using? (Choose two.)
- When will the GitHub Dependency graph for your repository be updated? (Choose two.)
- In what format can you export the GitHub Dependency graph of your repository?
- Can your repository use Dependency Graph without using Dependabot Alerts?
- Which feature is a pre-requisite for using Dependabot Alerts on a repository?
- Which of these statements about Dependabot Alerts are true? (Choose three.)
- What are the primary benefits of the Security Overview feature in GitHub?
- What is CodeQL?
- What do Dependabot alerts indicate in GitHub?
- What is the purpose of code scanning in GitHub?
- Is secret scanning available for both public and private repositories on GitHub?
- What does the default CodeQL analysis setup in GitHub do?
- What is the main purpose of using the CodeQL CLI?
- Which of the following languages is NOT supported by CodeQL for code scanning?
- How does CodeQL analyze code in GitHub?
- How can CodeQL be used in an external CI system together with GitHub repositories?
- Which of these statements isn't true about secret scanning on GitHub?
- Which top-level keys are required in the `dependabot.yml` file?
- Which GitHub Action can be used to upload a third-party SARIF file?
- Which tool can be used in a third-party CI system to upload code analysis results to GitHub?
- What is required for a CI server to upload SARIF results to GitHub?
- What happens when a second SARIF results file is uploaded to GitHub for a single commit?
- How can users exclude specific directories from secret scanning alerts on GitHub?
- Which key should be used in a `secret_scanning.yml` file to exclude directories from secret scanning alerts in GitHub?
- What is the maximum number of custom patterns that can be defined for secret scanning on GitHub?
- Fill in the blank: `GitHub __________ is a feature that you can use to analyze code in a GitHub repository to find security vulnerabilities and coding errors.`
- Which GitHub Advanced Security feature allows you to find, triage, and prioritize fixes for new and existing problems in your code?
- How can you enable code scanning for a repository?
- How can you configure your GitHub repository to run CodeQL analysis on a schedule? (Choose two.)
- An organization has recently started using CodeQL analysis for all pull requests on their repositories as well as running the analysis on an hourly schedule. Since then they are experiencing larger than usual GitHub Actions bills. What is the most likely cause of this?
- If you don't want to use GitHub Actions, you can run code scanning in an external CI system, then upload the results to GitHub.
- When using a third party CI system to run code scanning, what GitHub tool do you need to analyze the codebase?
- When using GitHub Actions as your CI system and a third party tool to run code scanning, how can you upload the SARIF results to GitHub?
- Can you use CodeQL analysis with third party CI systems?
- Which of these is true about code scanning? (Choose two.)
- When using CodeQL analysis in your GitHub Actions workflow, how often is the scan triggered?
- What is the effect of adding the `paths-ignore` keyword to your code scanning GitHub Actions workflow?
- CodeQL scanning supports:
- What are CodeQL queries used for?
- What is QL?
- What is a CodeQL query suite?
- What are the different types of CodeQL packs? (Choose three.)
- What is a CodeQL query pack?
- What are the steps of CodeQL analysis workflow?
- What is extraction in the context of CodeQL code analysis?
- Which of these statements are true regarding running CodeQL analysis on codebases with multiple programming languages? (Choose two.)
- What are the differences when running CodeQL database creation for compiled and interpreted languages? (Choose two.)
- Where can you see when the last CodeQL analysis was run when using the default code scanning setup?
- Which of the following statements about enabling CodeQL scanning default setup are true? (Choose three.)
- How can you customize your advanced CodeQL scanning setup with additional CodeQL query suites? (Choose two.)
- When running CodeQL analysis in GitHub Actions, what Actions should you use? (Choose three.)
- What is the simplest method to execute CodeQL analysis concurrently for each language in a multi-language repository using GitHub Actions?
- How can you use a custom CodeQL configuration file in a GitHub Actions workflow?
- Where can you specify the CodeQL queries to run in a GitHub Actions workflow? (Choose two.)
- What is the purpose of the `external-repository-token` parameter in `github/codeql-action/init` GitHub Action?
- What CodeQL CLI command is used to create a CodeQL database?
- What is the purpose of the `codeql database analyze` command in CodeQL CLI?
- As part of your Jenkins CI pipeline you've successfully created and then analyzed a CodeQL database, therefore producing a SARIF file. How can you upload the SARIF file to GitHub? (Choose two.)
- What details can you find on a code scanning alert page? (Choose three.)
- Which of these statements regarding viewing the results of a CodeQL analysis are true? (Choose two.)
- When a CodeQL analysis GitHub Actions workflow detects a new vulnerability on a pull request, where can you find the information about that vulnerability?
- When viewing a code scanning alert what is the `Show paths` option used for?
- What does it mean to dismiss a code scanning alert?
- Which of these is NOT a valid approach one can take to reduce the time it takes for CodeQL analysis workflow to complete?
- What is the purpose of defining a SARIF category?
- How can you enable GitHub Advanced Security features on GitHub Enterprise Server? (Choose two.)
- How can you enable GitHub Advanced Security features for all repositories in an organization in GitHub Enterprise Cloud?
- As a repository maintainer where should you put instructions on how to report a security vulnerability in your codebase?
- What is a GitHub security policy?
- How can you set a default security policy for all repositories in `my-org` GitHub Organization?
- Which API endpoint can be used to retrieve a list of all Dependabot alerts for an enterprise?
- Which API endpoint can be used to retrieve a list of all secret scanning alerts for an organization?
- Which API endpoint can be used to retrieve a list of all code scanning alerts for a repository?
- Which of these statements best defines a vulnerable dependency?
- What are Dependabot security updates?
- Dependabot Alerts are enabled by default on:
- Who can enable Dependabot alerts on a repository?
- What's the lowest access level needed to see Dependabot alerts in a repository within an organization?
- To enable Dependabot Alerts on all repositories in an organization you should:
- Which of these is a valid `dependabot.yml` configuration file?
- Which of these is not a GitHub supported channel for receiving Dependabot alerts?
- What are Dependabot auto-triage rules?
- How can you automate dismissing low severity Dependabot alerts?
- To enable Dependabot security updates on all repositories in an organization you should:
- The tool that checks if a pull request introduces any dependencies with security vulnerabilities is called:
- You need GitHub Actions enabled for
- What does `CVSS` stand for?
- What does `CVE` stand for?
- What does `CWE` stand for?
- Which Dependabot comment command will get a pull request successfully completed?
- Jobs that run on macOS runners that GitHub hosts consume minutes at __ rate as Linux runners consume