Skip to main content
DevOps ⭐ Premium

GitHub Advanced Security (GHAS) Certification - 340 Questions

By Webmaster Certland English ❤️ 0 likes

Practice exam for the GitHub Advanced Security certification. Covers code scanning, CodeQL, secret scanning, dependency review, supply chain security, security policies, and reporting.

⭐ Premium Updated Mar 2026

Unlock all 340 GitHub Advanced Security (GHAS) Certification - 340 Questions questions

Full simulation · Detailed explanations · Unlimited attempts

  • 340 questions — ~5 full-length simulations
  • Detailed explanations — why each answer is right or wrong
  • Unlimited attempts — retake as many times as needed
  • Smart Practice + Focus Mode + no ads
340
Questions
All certifications
from $4.90/mo
⭐ Get Premium — $4.90/mo ▶ Try 5 questions free

Sample Questions — GitHub Advanced Security (GHAS) Certification - 340 Questions

5 free sample questions from this practice exam. Correct answers are highlighted.

1. A developer is new to CodeQL and asks what type of language it is. Which statement best describes CodeQL?

A An imperative programming language used to write custom static analysis rules
B A declarative, object-oriented query language that treats source code as a database ✓ Correct
C A scripting language for automating CI/CD pipeline security checks
D A markup language for defining security policies in GitHub repositories

2. A developer wants to write a custom CodeQL query to detect a specific insecure coding pattern in a Java repository. After writing the query in VS Code, which file extension should the query file use?

A .ql ✓ Correct
B .cql
C .qry
D .qlx

3. A security team wants to enable code scanning on a public GitHub repository without writing any custom YAML workflows. Which setup option should they choose?

A Default setup, configured directly from the repository Security tab ✓ Correct
B Advanced setup, by adding a CodeQL workflow YAML file to the repository
C Third-party SARIF upload, by configuring an external scanner to push results
D Dependabot, by enabling it in the repository settings

4. A security engineer has written a custom CodeQL query and wants to test it locally before publishing it to GitHub. Which VS Code extension feature allows them to run the query directly against a CodeQL database?

A Use the GitHub CLI to submit the query to a remote repository for analysis
B Right-click the .ql file and select 'CodeQL: Run Query on Selected Database' in VS Code ✓ Correct
C Push the query to GitHub and trigger a GitHub Actions workflow to validate it
D Use the CodeQL CLI database analyze command from the VS Code integrated terminal

5. Which file format does CodeQL use to store the analyzed snapshot of a codebase?

A SARIF (Static Analysis Results Interchange Format)
B JSON (JavaScript Object Notation)
C A proprietary relational database format specific to CodeQL ✓ Correct
D XML (Extensible Markup Language)

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium Premium
  • All 340 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Get Premium

Information

Questions 340
Time 2h
Difficulty Medium
Minimum Score 70.00%
▶ Try 5 questions — no account needed ⭐ Unlock all questions — Premium 🤍 Like

Related Exams

Free

HashiCorp Certified: Terraform Associate (003) - 100 Questions

100 questions · English
Free

Certified Kubernetes Administrator (CKA) - 100 Questions

100 questions · English
⭐ Premium

CNCF Certified Kubernetes Application Developer (CKAD) - 340 Questions

340 questions · English
Free

CNCF Certified Kubernetes Administrator (CKA) - 340 Questions

340 questions · English

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.