Question 1

Which of the following options are code scanning application programming interface (API) endpoints? (Each answer presents part of the solution. Choose two.)

Options :

A : List all open code scanning alerts for the default branch

B : Modify the severity of an open code scanning alert

C : Get a single code scanning alert

D : Delete all open code scanning alerts

Answer: A,C

Question 2

Which of these is a recommended practice for managing sensitive data in GitHub?

Options :

A : Regularly pushing sensitive data to private branches

B : Using git-secrets or similar tools to prevent accidental commits of sensitive data

C : Storing all sensitive data in a separate repository

D : Encrypting sensitive data before pushing to GitHub

Answer: B

Question 3

What is a challenge in interpreting CodeQL analysis results?

Options :

A : All of the above

B : Translating technical findings to business risks

C : Understanding the context of the findings

D : Determining the false positive rate

Answer: A

Question 4

What factors should be considered when scrubbing sensitive data from a repository?

Options :

A : The age of the data

B : The type of sensitive data

C : The impact on repository history

D : The size of the repository

E : User access levels

F : Backup availability

Answer: B,C,E

Question 5

What is a key advantage of using CodeQL for security analysis?

Options :

A : It is faster than manual code review

B : It reduces the need for code testing

C : It automatically fixes vulnerabilities

D : It can detect complex security vulnerabilities

Answer: D