Which key is required in the update settings of the Dependabot configuration file?

A. rebase-strategy

B. commit-message

C. assignees

D. package-ecosystem

The autobuild step in the CodeQL workflow has failed. What should you do?

A. Remove specific build steps

B. Compile the source code.

C. Remove the autobuild step from your code scanning workflow and add specific build steps.

D. Use CodeQL, which implicitly detects the supported languages in your code base.

When does Dependabot alert you of a vulnerability in your software development process?

A. When a pull request adding a vulnerable dependency is opened

B. As soon as a vulnerable dependency is detected

C. As soon as a pull request is opened by a contributor

D. When Dependabot opens a pull request to update a vulnerable dependency

Where can you use CodeQL analysis for code scanning? (Each answer presents part of the solution. Choose two.)

A. In a third-party Git repository

B. In a workflow

C. In an external continuous integration (CI) system

D. In the Files changed tab of the pull request

Assuming that notification and alert recipients are not customized, what does GitHub do when it identifies a vulnerable dependency in a repository where Dependabot alerts are enabled? (Each answer presents part of the solution. Choose two.)

A. It generates a Dependabot alert and displays it on the Security tab for the repository.

B. It notifies the repository administrators about the new alert.

C. It generates Dependabot alerts by default for all private repositories.

D. It consults with a security service and conducts a thorough vulnerability review

Which of the following features helps to prioritize secret scanning alerts that present an immediate risk?

A. Non-provider patterns

B. Push protection

C. Custom pattern dry runs

D. Secret validation

Which CodeQL query suite provides queries of lower severity than the default query suite?

A. github/codeql-go/ql/src@main

B. github/codeql/cpp/ql/src@main

C. security-extended

Which Dependabot configuration fields are required? (Each answer presents part of the solution. Choose three.)

A. directory

B. package-ecosystem

C. milestone

D. schedule.interval

E. allow

You have enabled security updates for a repository. When does GitHub mark a Dependabot alert as resolved for that repository?

A. When Dependabot creates a pull request to update dependencies

B. When you dismiss the Dependabot alert

C. When the pull request checks are successful

D. When you merge a pull request that contains a security update

Which of the following tasks can be performed by a security team as a proactive measure to help address secret scanning alerts? (Each answer presents a complete solution. Choose two.)

A. Dismiss alerts that are older than 90 days.

B. Configure a webhook to monitor for secret scanning alert events.

C. Enable system for cross-domain identity management (SCIM) provisioning for the enterprise.

D. Document alternatives to storing secrets in the source code.

What role is required to change a repository's code scanning severity threshold that fails a pull request status check?

A. Maintain

B. Write

C. Triage

D. Admin

What is a security policy?

A. An automatic detection of security vulnerabilities and coding errors in new or modified code

B. A security alert issued to a community in response to a vulnerability

C. A file in a GitHub repository that provides instructions to users about how to report a security vulnerability

D. An alert about dependencies that are known to contain security vulnerabilities