GHAS Certification Exam Prep: Week Two - Scanning #138220
Replies: 12 comments 10 replies
-
I am very sorry for not being able to participate in the first week of the course at the designated time. I believe these are the answers for this week's questions:
Thank you very much for this excellent initiative! |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
I think the answers are :
|
Beta Was this translation helpful? Give feedback.
-
I see, a bit tricky questions this time. Well I think the correct answers are,
I might have to refer to those resources to be 100% sure, but I am confident. |
Beta Was this translation helpful? Give feedback.
-
Hello everyone! Here's my breakdown for this week's topics (Feel free to add more stuff in the comments or correct me): Domain 2: Configure and use secret scanningEnable and use secret scanning
Warning Remember, you should not ignore alerts. Whenever option you choose as the closing reason, it is recorded for security logs.
Note I'm a little confused in this part. Cause I've read that the one person that commited the secret will receive a notification regardless of the notification preference. Does it mean they have access to the alert in the security tab also? Or are they just notified they messed up? Customize default secret scanning behavior
paths-ignore:
- "docs/*.md" Warning
Domain 4: Configure and use code scanningDescribe and enable code scanning
Use code scanning with third-party tools
Configure code scanning
Note I'm not sure if I understood this topic... I mean, it is about editing the workflow file, but what exactly does it want? Anybody knows? Hope you like it! Test answers:
Footnotes
|
Beta Was this translation helpful? Give feedback.
-
The first question is a tricky one. Initially, I thought the answer was option B, but after reviewing some public repositories, I didn’t find any option for changing the secret scanning settings. Therefore, I believe we need admin permissions to modify the settings. |
Beta Was this translation helpful? Give feedback.
-
Question 1: What do you need to do if you want to change the settings for secret scanning on a public repository? |
Beta Was this translation helpful? Give feedback.
-
C) Get admin permissions on the repository. |
Beta Was this translation helpful? Give feedback.
-
The answers are... (feel free to skip over this comment if you still want to post) Question 1: What do you need to do if you want to change the settings for secret scanning on a public repository? Question 2: Where can you configure the recipients of secret scanning alerts? Question 3: How many custom patterns can you create for an organization? Question 4: Which tool is primarily used for code scanning in GitHub Actions? Question 5: How can third-party analysis tools be integrated with GitHub code scanning? Have any questions on this week's topics - ask them in this discussion! |
Beta Was this translation helpful? Give feedback.
-
Keep the momentum going and join Week Three's Discussion on CodeQL! |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
Last week, we got started and prepped to cover the basics of the GHAS certification exam. This week we’re going to focus on all things scanning. This week, one of secret scanning’s Product Managers @courtneycl will be joining us to answer questions so ask away!
Plus, prep materials and test questions to continue on studying. As a reminder, we'll be selecting five participants to receive a free GitHub Certifications exam voucher 🎫 .
Step One: Prep 📚
Use these materials to study before answering this week’s prep questions.
Step Two: Test Your Knowledge ⚡
Question 1: What do you need to do if you want to change the settings for secret scanning on a public repository?
A) Enable secret scanning on the repository.
B) Switch the repository to a private one with GitHub Advanced Security.
C) Get admin permissions on the repository.
Question 2: Where can you configure the recipients of secret scanning alerts?
A) In the Code security and analysis settings of a repository
B) In the Manage Access settings of a repository
C) In the Watch settings of a repository
Question 3: How many custom patterns can you create for an organization?
A) 100
B) 5000
C) 500
D) 1000
Question 4: Which tool is primarily used for code scanning in GitHub Actions?
A) ESLint
B) CodeQL
C) JSHint
D) Prettier
Question 5: How can third-party analysis tools be integrated with GitHub code scanning?
A) By installing browser extensions
B) By using GitHub Marketplace actions
C) By modifying the .gitignore file
D) By creating a new GitHub repository
We’ll be sharing the answers in the comments on Friday 🧠
Use the discussion below to share additional study resources, ask questions for our team to answer, and respond to our prep questions
Beta Was this translation helpful? Give feedback.
All reactions