Continuous Code Quality with SonarQube - Quiz#
No. |
Training Unit |
Lecture |
Training content |
Question |
Level |
Mark |
Answer |
Answer Option A |
Answer Option B |
Answer Option C |
Answer Option D |
Explanation |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 |
Unit 3: SonarQube |
Lec3 |
Introduction |
What type of analysis does SonarQube perform? |
Easy |
1 |
B |
Dynamic analysis |
Static analysis |
Runtime analysis |
Performance analysis |
SonarQube performs automatic reviews with static analysis to detect bugs, code smells, and security vulnerabilities without executing the code. |
2 |
Unit 3: SonarQube |
Lec3 |
Introduction |
How many programming languages does SonarQube support? |
Easy |
1 |
C |
10+ |
20+ |
30+ |
50+ |
SonarQube supports static analysis for over 30 programming languages including Python, Java, JavaScript, TypeScript, and more. |
3 |
Unit 3: SonarQube |
Lec3 |
2026.1 Features |
What is the MCP Server integration in SonarQube 2026.1 used for? |
Medium |
2 |
A |
Connecting AI agents directly to SonarQube |
Managing container platforms |
Multi-cloud provisioning |
Memory cache pooling |
The MCP Server allows AI coding assistants like Claude and Cursor to connect directly to SonarQube for quality verification. |
4 |
Unit 3: SonarQube |
Lec3 |
Edition Comparison |
Which SonarQube edition supports Branch Analysis? |
Easy |
1 |
B |
Community only |
Developer and above |
Enterprise only |
All editions |
Branch Analysis is available in Developer edition and above, allowing analysis of feature branches and pull requests. |
5 |
Unit 3: SonarQube |
Lec3 |
Architecture |
What component of SonarQube processes analysis reports? |
Medium |
2 |
D |
Web Server |
Database |
Elasticsearch |
Compute Engine |
The Compute Engine processes analysis reports submitted by scanners and updates the database with findings. |
6 |
Unit 3: SonarQube |
Lec3 |
Architecture |
What is the purpose of the Scanner in SonarQube architecture? |
Easy |
1 |
A |
CLI tool that analyzes code in CI |
UI for viewing results |
Database storage |
Report generation |
The Scanner is a CLI tool that runs in CI/CD pipelines to analyze code and send results to the SonarQube server. |
7 |
Unit 3: SonarQube |
Lec3 |
Quality Metrics |
What are the four main quality metrics in SonarQube quality gates? |
Medium |
2 |
C |
Speed, Size, Cost, Time |
Bugs, Errors, Warnings, Info |
Bugs, Vulnerabilities, Code Smells, Coverage |
Lines, Files, Functions, Classes |
The four main metrics are Bugs (failures), Vulnerabilities (security), Code Smells (maintainability), and Coverage (test coverage). |
8 |
Unit 3: SonarQube |
Lec3 |
Quality Metrics |
What is the recommended minimum test coverage for new code in SonarQube? |
Medium |
2 |
B |
60% |
80% |
90% |
100% |
The default Sonar Way quality gate recommends at least 80% test coverage on new code. |
9 |
Unit 3: SonarQube |
Lec3 |
Quality Metrics |
What does a “Code Smell” indicate in SonarQube? |
Easy |
1 |
D |
A security vulnerability |
A runtime bug |
A compilation error |
A maintainability issue |
Code Smells are maintainability issues like high complexity, code duplication, or poor structure that make code harder to maintain. |
10 |
Unit 3: SonarQube |
Lec3 |
Quality Gates |
What is the “Sonar Way” in SonarQube? |
Easy |
1 |
A |
The default recommended quality gate |
A deployment methodology |
A coding standard |
A scanning technique |
Sonar Way is the default quality gate configuration that focuses on new code metrics with balanced conditions. |
11 |
Unit 3: SonarQube |
Lec3 |
CI Integration |
What does |
Medium |
2 |
B |
Skips the quality gate check |
Makes the pipeline wait and fail if quality gate fails |
Sends notifications |
Caches the results |
This setting makes the CI pipeline wait for SonarQube analysis and fail the build if the quality gate is not passed. |
12 |
Unit 3: SonarQube |
Lec3 |
CI Integration |
Why is |
Medium |
2 |
C |
To reduce checkout time |
To save storage space |
To provide full git history for accurate blame information |
To enable caching |
Full git history ( |
13 |
Unit 3: SonarQube |
Lec3 |
Python Analysis |
What new Python version is supported in SonarQube 2026.1? |
Easy |
1 |
D |
Python 3.11 |
Python 3.12 |
Python 3.13 |
Python 3.14 |
SonarQube 2026.1 adds support for Python 3.14 in addition to Python 3.9-3.13. |
14 |
Unit 3: SonarQube |
Lec3 |
Python Analysis |
What new feature in SonarQube 2026.1 is useful for ML projects? |
Medium |
2 |
A |
Jupyter Notebook analysis |
GPU profiling |
Model versioning |
Dataset validation |
SonarQube 2026.1 can analyze Jupyter Notebooks, which is essential for ML/data science projects. |
15 |
Unit 3: SonarQube |
Lec3 |
Security |
What does SCA stand for in SonarQube context? |
Easy |
1 |
B |
Static Code Analyzer |
Software Composition Analysis |
Security Compliance Audit |
Source Code Assessment |
SCA (Software Composition Analysis) detects vulnerabilities in third-party dependencies and libraries. |
16 |
Unit 3: SonarQube |
Lec3 |
Security 2026.1 |
What new security feature in SonarQube 2026.1 helps protect against supply chain attacks? |
Medium |
2 |
C |
Code encryption |
Access control |
Malicious package detection |
Two-factor authentication |
SonarQube 2026.1 can detect compromised dependencies (malicious packages) in your software supply chain. |
17 |
Unit 3: SonarQube |
Lec3 |
Best Practices |
What is the “Clean as You Code” methodology? |
Medium |
2 |
D |
Refactoring all code before release |
Writing code without bugs |
Deleting unused code |
Enforcing quality standards only on new code |
Clean as You Code focuses enforcement on new code, preventing new issues while gradually addressing legacy issues over time. |
18 |
Unit 3: SonarQube |
Lec3 |
Best Practices |
What is the purpose of the Sandbox feature in SonarQube 2026.1? |
Medium |
2 |
A |
Test upgrades safely before applying to production |
Create isolated development environments |
Run experimental analyses |
Store temporary results |
The Sandbox feature allows you to test SonarQube version upgrades safely before applying changes to production. |
19 |
Unit 3: SonarQube |
Lec3 |
IDE Integration |
What is SonarLint? |
Easy |
1 |
B |
A command-line scanner |
An IDE plugin for real-time code analysis |
A CI/CD tool |
A code formatter |
SonarLint is an IDE plugin that provides real-time feedback on code quality issues as you write code. |
20 |
Unit 3: SonarQube |
Lec3 |
Security |
What does OWASP Top 10 for LLM compliance help protect against? |
Hard |
3 |
C |
General web vulnerabilities |
SQL injection only |
Vulnerabilities specific to AI/LLM applications |
Cross-site scripting |
OWASP Top 10 for LLM addresses security risks specific to AI/LLM applications like prompt injection and insecure output handling. |