GH-500無料問題集「Microsoft GitHub Advanced Security」

質問 1

What happens when you enable secret scanning on a private repository?

（A）Repository administrators can view Dependabot alerts.

（B）GitHub performs a read-only analysis on the repository.

（C）Dependency review, secret scanning, and code scanning are enabled.

（D）Your team is subscribed to security alerts.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

When does Dependabot alert you of a vulnerability in your software development process?

（A）As soon as a pull request is opened by a contributor

（B）When a pull request adding a vulnerable dependency is opened

（C）When Dependabot opens a pull request to update a vulnerable dependency

（D）As soon as a vulnerable dependency is detected

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

How do I configure a webhook to monitor key scan alert events? What are the steps of this operation?

（A）Enable system for cross-domain identity management (SCIM) provisioning for the enterprise.

（B）Dismiss alerts that are older than 90 days.

（C）Configure a webhook to monitor for secret scanning alert events.

（D）Document alternatives to storing secrets in the source code.

正解：C、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

As a repository owner, you want to receive specific notifications, including security alerts, for an individual repository. Which repository notification setting should you use?

（A）Ignore

（B）Participating and @mentions

（C）Custom

（D）All Activity

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which of the following formats are used to describe a Dependabot alert? (Each answer presents a complete solution. Choose two.)

（A）Exploit Prediction Scoring System (EPSS)

（B）Common Weakness Enumeration (CWE)

（C）Vulnerability Exploitability exchange (VEX)

（D）Common Vulnerabilities and Exposures (CVE)

正解：B、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

You have enabled security updates for a repository. When does GitHub mark a Dependabot alert as resolved for that repository?

（A）When the pull request checks are successful

（B）When Dependabot creates a pull request to update dependencies

（C）When you dismiss the Dependabot alert

（D）When you merge a pull request that contains a security update

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Assuming that notification and alert recipients are not customized, what does GitHub do when it identifies a vulnerable dependency in a repository where Dependabot alerts are enabled? (Each answer presents part of the solution. Choose two.)

（A）It notifies the repository administrators about the new alert.

（B）It consults with a security service and conducts a thorough vulnerability review.

（C）It generates a Dependabot alert and displays it on the Security tab for the repository.

（D）It generates Dependabot alerts by default for all private repositories.

正解：A、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

When secret scanning detects a set of credentials on a public repository, what does GitHub do?

（A）It notifies the service provider who issued the secret.

（B）It scans the contents of the commits for additional secrets.

（C）It displays a public alert in the Security tab of the repository.

（D）It sends a notification to repository members.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

GH-500 無料問題集「Microsoft GitHub Advanced Security」

弊社を連絡する

関連リンク

トップ試験