Microsoft GH-500 Exam Questions Simulate Actual GH-500 Exam

GH-500 exam dumps questions are designed to simulate the actual exam. This means that you will get a feel for the types of questions you can expect to see on the exam, as well as the format and difficulty level. In addition, GitHub Advanced Security GH-500 dumps are often accompanied by detailed explanations and answers. This means that if you get a question wrong, you can learn from your mistake and understand why the correct answer is the right one. Test free online GH-500 exam dumps below.

Page 1 of 3

1. After investigating a code scanning alert related to injection, you determine that the input is properly sanitized using custom logic.

What should be your next step?

Draft a pull request to update the open-source query.

Ignore the alert.

Open an issue in the CodeQL repository.

Dismiss the alert with the reason "false positive."

 Loading...

2. Which of the following statements best describes secret scanning push protection?

Commits that contain secrets are blocked before code is added to the repository.

Secret scanning alerts must be closed before a branch can be merged into the repository.

Buttons for sensitive actions in the GitHub UI are disabled.

Users need to reply to a 2FA challenge before any push events.

 Loading...

3. Secret scanning will scan:

A continuous integration system.

Any Git repository.

The GitHub repository.

External services.

 Loading...

4. Who can fix a code scanning alert on a private repository?

Users who have the Triage role within the repository

Users who have Read permissions within the repository

Users who have Write access to the repository

Users who have the security manager role within the repository

 Loading...

5. In a private repository, what minimum requirements does GitHub need to generate a dependency graph? (Each answer presents part of the solution. Choose two.)

Read-only access to all the repository's files

Dependency graph enabled at the organization level for all new private repositories

Write access to the dependency manifest and lock files for an enterprise

Read-only access to the dependency manifest and lock files for a repository

 Loading...

6. Where can you view code scanning results from CodeQL analysis?

The repository's code scanning alerts

A CodeQL database

A CodeQL query pack

At Security advisories

 Loading...

7. You are managing code scanning alerts for your repository. You receive an alert highlighting a problem with data flow.

What do you click for additional context on the alert?

Show paths

Security

Code scanning alerts

 Loading...

8. When does Dependabot alert you of a vulnerability in your software development process?

When a pull request adding a vulnerable dependency is opened

As soon as a vulnerable dependency is detected

As soon as a pull request is opened by a contributor

When Dependabot opens a pull request to update a vulnerable dependency

 Loading...

9. What does a CodeQL database of your repository contain?

A build for Go projects to set up the project

A build of the code and extracted data

Build commands for C/C++, C#, and Java

A representation of all of the source code GitHub Agentic AI for AppSec Teams

 Loading...

10. Which of the following tasks can be performed by a security team as a proactive measure to help address secret scanning alerts? (Each answer presents a complete solution. Choose two.)

Dismiss alerts that are older than 90 days.

Configure a webhook to monitor for secret scanning alert events.

Enable system for cross-domain identity management (SCIM) provisioning for the enterprise.

Document alternatives to storing secrets in the source code.

 Loading...

Page 2 of 3

11. Which of the following statements most accurately describes push protection for secret scanning custom patterns?

Push protection must be enabled for all, or none, of a repository's custom patterns.

Push protection is an opt-in experience for each custom pattern.

Push protection is not available for custom patterns.

Push protection is enabled by default for new custom patterns.

 Loading...

12. Which of the following options are code scanning application programming interface (API)

endpoints? (Each answer presents part of the solution. Choose two.)

List all open code scanning alerts for the default branch

Modify the severity of an open code scanning alert

Get a single code scanning alert

Delete all open code scanning alerts

 Loading...

13. Which of the following workflow events would trigger a dependency review? (Each answer presents a complete solution. Choose two.)

pull_request

workflow_dispatch

trigger

commit

 Loading...

14. As a repository owner, you want to receive specific notifications, including security alerts, for an individual repository.

Which repository notification setting should you use?

Ignore

Participating and @mentions

All Activity

Custom

 Loading...

15. What do you need to do before you can define a custom pattern for a repository?

Provide a regular expression for the format of your secret pattern.

Add a secret scanning custom pattern.

Enable secret scanning on the repository.

Provide match requirements for the secret format. Stack Overflow

 Loading...

16. In the pull request, how can developers avoid adding new dependencies with known vulnerabilities?

Enable Dependabot alerts.

Add Dependabot rules.

Add a workflow with the dependency review action.

Enable Dependabot security updates.

 Loading...

17. As a developer with write access, you navigate to a code scanning alert in your repository. When will GitHub close this alert?

After you triage the pull request containing the alert

When you use data-flow analysis to find potential security issues in code

After you find the code and click the alert within the pull request

After you fix the code by committing within the pull request

 Loading...

18. You are a maintainer of a repository and Dependabot notifies you of a vulnerability.

Where could the vulnerability have been disclosed? (Each answer presents part of the solution. Choose two.)

In the National Vulnerability Database

In the dependency graph

In security advisories reported on GitHub

In manifest and lock files

 Loading...

19. Which Dependabot configuration fields are required? (Each answer presents part of the solution. Choose three.)

directory

package-ecosystem

milestone

schedule.interval

allow

 Loading...

20. When using CodeQL, what extension stores query suite definitions?

.yml

.ql

.qll

.qls

 Loading...

Page 3 of 3

21. Which of the following options would close a Dependabot alert?

Creating a pull request to resolve the vulnerability that will be approved and merged

Viewing the Dependabot alert on the Dependabot alerts tab of your repository

Viewing the dependency graph

Leaving the repository in its current state

 Loading...

22. Which of the following is the most complete method for Dependabot to find vulnerabilities in third-party dependencies?

Dependabot reviews manifest files in the repository

CodeQL analyzes the code and raises vulnerabilities in third-party dependencies

A dependency graph is created, and Dependabot compares the graph to the GitHub Advisory database

The build tool finds the vulnerable dependencies and calls the Dependabot API

 Loading...

23. As a contributor, you discovered a vulnerability in a repository.

Where should you look for the instructions on how to report the vulnerability?

support.md

readme.md

contributing.md

security.md

 Loading...

 Loading...