Assume you neglected to manage permissions and access control to GitHub, and a hacker has obtained access to your code repository. What Git feature can you use to discern which code commits were authorized by you and your team, and which ones were uploaded by the hacker?
Group of answer choices
If you know what time the hacker obtained access to your repository, you can assume that all commits made after that time must have been made by the hacker.
If you signed and tagged your commits with a PGP key, you can check which commits were signed by a trusted key, indicating that they were made by an authorized user.
GitHub will show you what IP address made a commit. You can check what your current IP address is against the IP address the commits were made from, and assume that any mismatches were commits that you did not authorize.
GitHub tells you which user made a commit. If the commit says it was made by your username, it must have been made by you.
Ans: b)If you signed and tagged your commits with a PGP key, you can check which commits were signed by a trusted key, indicating that they were made by an authorized user.
Explanation :
We can use PGP to sign commits with a PGP key that we generate ourselves.
GitHub uses OpenPGP libraries to confirm that our locally signed commits and tags are cryptographically verifiable against a public key we have added to our GitHub account.
If we see other options, it is easy to see that these methods can be faked or could be bypassed. For eg : If we can track IP address, the hacker might use some VPN or maybe the time the hacker has the access to repository, someone else from the team make a commit(legit person). So it is hard to tell in these cases.
Get Answers For Free
Most questions answered within 1 hours.