Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. GitHub
  3. GitHub-Advanced-Security

GitHub GitHub-Advanced-Security Exam (page: 2)
GitHub Advanced Security GHAS
Updated on: 12-Feb-2026

Viewing Page 2 of 16
GitHub-Advanced-Security PDF 75 Questions

­ [Configure GitHub Advanced Security Tools in GitHub Enterprise]

Which of the following Watch settings could you use to get Dependabot alert notifications? (Each answer presents part of the solution. Choose two.)

  1. The Custom setting
  2. The Participating and @mentions setting
  3. The All Activity setting
  4. The Ignore setting

Answer(s): A,C

Explanation:

Comprehensive and Detailed Explanation;
To receive Dependabot alert notifications for a repository, you can utilize the following Watch settings:

Custom setting: Allows you to tailor your notifications, enabling you to subscribe specifically to security alerts, including those from Dependabot.

All Activity setting: Subscribes you to all notifications for the repository, encompassing issues, pull requests, and security alerts like those from Dependabot.

The Participating and @mentions setting limits notifications to conversations you're directly involved in or mentioned, which may not include security alerts. The Ignore setting unsubscribes you from all notifications, including critical security alerts.

GitHub Docs

+1

GitHub Docs

+1


Reference:

GitHub Docs ­ Configuring notifications; Managing security alerts



­ [Configure and Use Dependency Management]

Which Dependabot configuration fields are required? (Each answer presents part of the solution.
Choose three.)

  1. directory
  2. package-ecosystem
  3. milestone
  4. schedule.interval
  5. allow

Answer(s): A,B,D

Explanation:

Comprehensive and Detailed Explanation;
When configuring Dependabot via the dependabot.yml file, the following fields are mandatory for each update configuration:

directory: Specifies the location of the package manifest within the repository. This tells Dependabot where to look for dependency files.

package-ecosystem: Indicates the type of package manager (e.g., npm, pip, maven) used in the specified directory.

schedule.interval: Defines how frequently Dependabot checks for updates (e.g., daily, weekly). This ensures regular scanning for outdated or vulnerable dependencies.

The milestone field is optional and used for associating pull requests with milestones. The allow field is also optional and used to specify which dependencies to update.

GitLab


Reference:

GitHub Docs ­ Configuration options for dependency updates



­ [Configure and Use Code Scanning]

What is required to trigger code scanning on a specified branch?

  1. The repository must be private.
  2. Secret scanning must be enabled on the repository.
  3. Developers must actively maintain the repository.
  4. The workflow file must exist in that branch.

Answer(s): D

Explanation:

Comprehensive and Detailed Explanation;
For code scanning to be triggered on a specific branch, the branch must contain the appropriate workflow file, typically located in the .github/workflows directory. This YAML file defines the code scanning configuration and specifies the events that trigger the scan (e.g., push, pull_request).

Without the workflow file in the branch, GitHub Actions will not execute the code scanning process for that branch. The repository's visibility (private or public), the status of secret scanning, or the activity level of developers do not directly influence the triggering of code scanning.


Reference:

GitHub Docs ­ About workflows; About code scanning alerts



­ [Describe GitHub Advanced Security Best Practices]

As a contributor, you discovered a vulnerability in a repository.
Where should you look for the instructions on how to report the vulnerability?

  1. support.md
  2. readme.md
  3. contributing.md
  4. security.md

Answer(s): D

Explanation:

The correct place to look is the SECURITY.md file. This file provides contributors and security researchers with instructions on how to responsibly report vulnerabilities. It may include contact methods, preferred communication channels (e.g., security team email), and disclosure guidelines.

This file is considered a GitHub best practice and, when present, activates a "Report a vulnerability" button in the repository's Security tab.


Reference:

GitHub Docs ­ Adding a security policy to your repository



­ [Configure and Use Dependency Management]

Assuming there is no custom Dependabot behavior configured, where possible, what does Dependabot do after sending an alert about a vulnerable dependency in a repository?

  1. Creates a pull request to upgrade the vulnerable dependency to the minimum possible secure version
  2. Scans repositories for vulnerable dependencies on a schedule and adds those files to a manifest
  3. Constructs a graph of all the repository's dependencies and public dependents for the default branch
  4. Scans any push to all branches and generates an alert for each vulnerable repository

Answer(s): A

Explanation:

After generating an alert for a vulnerable dependency, Dependabot automatically attempts to create a pull request to upgrade that dependency to the minimum required secure version--if a fix is available and compatible with your project.

This automated PR helps teams fix vulnerabilities quickly with minimal manual intervention. You can also configure update behaviors using dependabot.yml, but in the default state, PR creation is automatic.


Reference:

GitHub Docs ­ About Dependabot alerts; About Dependabot security updates



Viewing Page 2 of 16



Share your comments for GitHub GitHub-Advanced-Security exam with other users:

Agathenta 12/16/2023 1:36:00 PM

q35 should be a
Anonymous


MD. SAIFUL ISLAM 6/22/2023 5:21:00 AM

sap c_ts450_2021
Anonymous


Satya 7/24/2023 3:18:00 AM

nice questions
UNITED STATES


sk 5/13/2023 2:10:00 AM

ecellent materil for unserstanding
INDIA


Gerard 6/29/2023 11:14:00 AM

good so far
Anonymous


Limbo 10/9/2023 3:08:00 AM

this is way too informative
BOTSWANA


Tejasree 8/26/2023 1:46:00 AM

very helpfull
UNITED STATES


Yolostar Again 10/12/2023 3:02:00 PM

q.189 - answers are incorrect.
Anonymous


Shikha Bakra 9/10/2023 5:16:00 PM

awesome job in getting these questions
AUSTRALIA


Kevin 10/20/2023 2:01:00 AM

i cant find aws certified practitioner clf-c01 exam in aws website but i found aws certified practitioner clf-c02 exam. can everyone please verify the difference between the two clf-c01 and clf-c02? thank you
UNITED STATES


D Mario 6/19/2023 10:38:00 PM

grazie mille. i got a satisfactory mark in my exam test today because of this exam dumps. sorry for my english.
ITALY


Bharat Kumar Saraf 10/31/2023 4:36:00 AM

some of the answers are incorrect. need to be reviewed.
HONG KONG


JP 7/13/2023 12:21:00 PM

so far so good
Anonymous


Kiky V 8/8/2023 6:32:00 PM

i am really liking it
Anonymous


trying 7/28/2023 12:37:00 PM

thanks good stuff
UNITED STATES


exampei 10/4/2023 2:40:00 PM

need dump c_tadm_23
Anonymous


Eman Sawalha 6/10/2023 6:18:00 AM

next time i will write a full review
GREECE


johnpaul 11/15/2023 7:55:00 AM

first time using this site
ROMANIA


omiornil@gmail.com 7/25/2023 9:36:00 AM

please sent me oracle 1z0-1105-22 pdf
BANGLADESH


John 8/29/2023 8:59:00 PM

very helpful
Anonymous


Kvana 9/28/2023 12:08:00 PM

good info about oml
UNITED STATES


Checo Lee 7/3/2023 5:45:00 PM

very useful to practice
UNITED STATES


dixitdnoh@gmail.com 8/27/2023 2:58:00 PM

this website is very helpful.
UNITED STATES


Sanjay 8/14/2023 8:07:00 AM

good content
INDIA


Blessious Phiri 8/12/2023 2:19:00 PM

so challenging
Anonymous


PAYAL 10/17/2023 7:14:00 AM

17 should be d ,for morequery its scale out
Anonymous


Karthik 10/12/2023 10:51:00 AM

nice question
Anonymous


Godmode 5/7/2023 10:52:00 AM

yes.
NETHERLANDS


Bhuddhiman 7/30/2023 1:18:00 AM

good mateial
Anonymous


KJ 11/17/2023 3:50:00 PM

good practice exam
Anonymous


sowm 10/29/2023 2:44:00 PM

impressivre qustion
Anonymous


CW 7/6/2023 7:06:00 PM

questions seem helpful
Anonymous


luke 9/26/2023 10:52:00 AM

good content
Anonymous


zazza 6/16/2023 9:08:00 AM

question 21 answer is alerts
ITALY