Question 1

You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed? (Each answer presents part of the solution. Choose two.)

Options :

A : In the National Vulnerability Database

B : In the dependency graph

C : In security advisories reported on GitHub

D : In manifest and lock files

Answer: A,C

Question 2

What is the purpose of a SECURITY.md file in a GitHub repository?

Options :

A : To provide a history of security updates

B : To outline the security policies and reporting procedures

C : To automate security scanning

D : To list the security roles and responsibilities

Answer: B

Question 3

How does GitHub Advanced Security aid in responding to security alerts?

Options :

A : By automatically resolving all alerts

B : By providing tools to assess and address the alerts

C : By outsourcing alert management to a third party

D : By ignoring insignificant alerts

Answer: B

Question 4

What challenge might arise when configuring code scanning for a large and complex codebase?

Options :

A : All of the above

B : Difficulty in integrating with the existing build system

C : A high number of false positives

D : Longer time to complete scans

Answer: A

Question 5

What is the main function of the QL language in CodeQL?

Options :

A : To define database schemas

B : To manage repository settings

C : To automate build processes

D : To write queries for code analysis

Answer: D