Practice Code Scanning Questions Now

Start a timed practice session focusing on Code Scanning with CodeQL topics from the GH-SECURITY question bank.

GH-SECURITY Code Scanning Question Bank (5 Questions)

Browse all 5 practice questions covering Code Scanning with CodeQL for the GH-SECURITY certification exam. Each question includes the full answer and a detailed explanation to help you understand the concepts.

Question 1Code Scanning with CodeQL
What does a code scanning alert indicate?
AA failed workflow run in GitHub Actions
BA potential security vulnerability or code quality issue found in the codebase✓
CAn expired personal access token
DA merge conflict in a pull request
Show Answer & Explanation
Correct Answer: B
Explanation:
Code scanning alerts appear in the Security tab and on PRs, showing potential vulnerabilities found by CodeQL or third-party tools.
Question 2GitHub Security Features
What is the difference between code scanning alerts and CodeQL queries?
ASame thing
BCode scanning alerts are the results (findings) surfaced to developers. CodeQL queries are the analysis rules (written in QL language) that detect vulnerability patterns in code.✓
CAlerts run queries
DQueries are alerts
Show Answer & Explanation
Correct Answer: B
Explanation:
CodeQL queries: rules written in QL language. Types: default queries (maintained by GitHub), extended queries (more rules, more findings), and custom queries (user-written for org-specific patterns). Query suites: security-extended, security-and-quality. Code scanning alerts: findings from queries. Workflow: queries analyze code → results become alerts → developers review/fix. Alert states: open, dismissed (false positive, won't fix, used in tests), and fixed (code changed). Custom queries: create .ql files in codeql/ directory or query packs.
Question 3Code Scanning with CodeQL
Which programming languages does CodeQL natively support for code scanning?
AOnly Python and JavaScript
BC/C++, C#, Java/Kotlin, JavaScript/TypeScript, Python, Ruby, Swift, and Go among others✓
CAll languages supported by the GitHub Linguist project
DOnly compiled languages like C, C++, and Java
Show Answer & Explanation
Correct Answer: B
Explanation:
CodeQL supports major languages including C/C++, C#, Java, Kotlin, JavaScript, TypeScript, Python, Ruby, Go, and Swift.
Question 4GitHub Security Features
What are the default CodeQL query suites?
AOnly custom queries
BDefault suite (security + quality), Security-extended (more checks, may have higher false positives), and Security-and-quality (comprehensive)✓
CNo query suites available
DOnly basic checks
Show Answer & Explanation
Correct Answer: B
Explanation:
CodeQL provides query suites: 'default' (balanced security + maintainability), 'security-extended' (additional security queries), and 'security-and-quality' (comprehensive analysis).
Question 5GitHub Security Features
What are CodeQL query suites?
ADatabase queries
BPredefined collections of CodeQL queries: 'security-extended' (security-focused) and 'security-and-quality' (broader checks including code quality, maintainability, and reliability)✓
CSQL query files
DAPI queries
Show Answer & Explanation
Correct Answer: B
Explanation:
Query suites: 'default' (balanced, recommended), 'security-extended' (more security queries, may have false positives), 'security-and-quality' (security + code quality + reliability). Custom: create query packs with specific queries. Configure in workflow or default setup.

Key Code Scanning Concepts for GH-SECURITY

codeqlcode scanningsaststatic analysisqueryalert

GH-SECURITY Code Scanning Exam Tips

Code Scanning with CodeQL questions in GH-SECURITY are typically scenario-based. Focus on service-level decision making aligned to official exam objectives. Priority concepts: codeql, code scanning, sast, static analysis, query, alert.

What GH-SECURITY Expects

Anchor your answer in select the most practical, secure, and scalable answer for the stated scenario.
Code Scanning scenarios for GH-SECURITY are frequently mapped to Domain 1 (10%), so read the objective carefully before picking controls or architecture.
Expect multi-service scenarios where Code Scanning interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated service question.
When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Advanced) and managed-service best practices.

High-Value Code Scanning Concepts

Know the core Code Scanning building blocks cold: codeql, code scanning, sast, static analysis.
Review the edge-case features and limits for query, alert; these details are commonly used to differentiate answer choices.
Practice service-integration reasoning: how Code Scanning pairs with Secret Scanning, Supply Chain Security in real deployment patterns.
For GH-SECURITY, explain why the chosen Code Scanning design meets reliability, security, and cost expectations better than the alternatives.

Common GH-SECURITY Traps

Watch for answers that partially solve the requirement but miss operational constraints.
Questions in Describe GHAS often include distractors that look correct for Code Scanning but violate least-privilege, durability, or availability requirements.
Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

Can you compare at least two Code Scanning implementation paths and justify which one best fits the scenario?
Can you map the chosen answer back to Describe GHAS (10%) outcomes for GH-SECURITY?
Can you explain security and access boundaries for Code Scanning without relying on default-open assumptions?
Can you describe how Code Scanning integrates with Secret Scanning and Supply Chain Security during failure, scaling, and monitoring events?

Exam Domains Covering Code Scanning

Domain 1Describe GHAS10%

Related Resources

🎯 Free GH-SECURITY Mock Exam 📝 Secret Scanning Questions 📝 Supply Chain Security Questions

More GH-SECURITY Study Resources

← GH-SECURITY Study Hub 30-Day Study Plan Full Practice Exam

🔍 Code Scanning with CodeQL - GH-SECURITY Practice Questions