Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Microsoft GH-500 GitHub Advanced Security Exam Exam Practice Test

Demo: 22 questions
Total 75 questions

GitHub Advanced Security Exam Questions and Answers

Question 1

What YAML syntax do you use to exclude certain files from secret scanning?

Options:

A.

decrypt_secret.sh

B.

paths-ignore:

C.

branches-ignore:

D.

secret scanning.yml

Question 2

Which Dependabot configuration fields are required? (Each answer presents part of the solution. Choose three.)

Options:

A.

directory

B.

package-ecosystem

C.

milestone

D.

schedule.interval

E.

allow

Question 3

When using CodeQL, how does extraction for compiled languages work?

Options:

A.

By generating one language at a time

B.

By resolving dependencies to give an accurate representation of the codebase

C.

By monitoring the normal build process

D.

By running directly on the source code

Question 4

Which of the following options are code scanning application programming interface (API) endpoints? (Each answer presents part of the solution. Choose two.)

Options:

A.

List all open code scanning alerts for the default branch

B.

Modify the severity of an open code scanning alert

C.

Get a single code scanning alert

D.

Delete all open code scanning alerts

Question 5

When secret scanning detects a set of credentials on a public repository, what does GitHub do?

Options:

A.

It notifies the service provider who issued the secret.

B.

It displays a public alert in the Security tab of the repository.

C.

It scans the contents of the commits for additional secrets.

D.

It sends a notification to repository members.

Question 6

As a developer, you need to configure a code scanning workflow for a repository where GitHub Advanced Security is enabled. What minimum repository permission do you need?

Options:

A.

Write

B.

None

C.

Admin

D.

Read

Question 7

Where can you view code scanning results from CodeQL analysis?

Options:

A.

The repository's code scanning alerts

B.

A CodeQL database

C.

A CodeQL query pack

D.

At Security advisories

Question 8

You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed? (Each answer presents part of the solution. Choose two.)​

Options:

A.

In the National Vulnerability Database

B.

In the dependency graph

C.

In security advisories reported on GitHub

D.

In manifest and lock files

Question 9

Which CodeQL query suite provides queries of lower severity than the default query suite?

Options:

A.

github/codeql-go/ql/src@main

B.

github/codeql/cpp/ql/src@main

C.

security-extended

Question 10

Which alerts do you see in the repository's Security tab? (Each answer presents part of the solution. Choose three.)

Options:

A.

Repository permissions

B.

Secret scanning alerts

C.

Dependabot alerts

D.

Security status alerts

E.

Code scanning alerts

Question 11

A secret scanning alert should be closed as "used in tests" when a secret is:

Options:

A.

In the readme.md file.

B.

In a test file.

C.

Solely used for tests.

D.

Not a secret in the production environment.

Question 12

What do you need to do before you can define a custom pattern for a repository?​

Options:

A.

Provide a regular expression for the format of your secret pattern.

B.

Add a secret scanning custom pattern.

C.

Enable secret scanning on the repository.

D.

Provide match requirements for the secret format.​

Stack Overflow

Question 13

When using the advanced CodeQL code scanning setup, what is the name of the workflow file?​

Options:

A.

codeql-config.yml

B.

codeql-scan.yml

C.

codeql-workflow.yml

D.

codeql-analysis.yml

Question 14

Which of the following information can be found in a repository's Security tab?

Options:

A.

Number of alerts per GHAS feature

B.

Two-factor authentication (2FA) options

C.

Access management

D.

GHAS settings

Question 15

What does a CodeQL database of your repository contain?​

Options:

A.

A build for Go projects to set up the project

B.

A build of the code and extracted data

C.

Build commands for C/C++, C#, and Java

D.

A representation of all of the source code​

GitHub

Agentic AI for AppSec Teams

Question 16

Which of the following is the best way to prevent developers from adding secrets to the repository?

Options:

A.

Create a CODEOWNERS file

B.

Make the repository public

C.

Configure a security manager

D.

Enable push protection

Question 17

When does Dependabot alert you of a vulnerability in your software development process?

Options:

A.

When a pull request adding a vulnerable dependency is opened

B.

As soon as a vulnerable dependency is detected

C.

As soon as a pull request is opened by a contributor

D.

When Dependabot opens a pull request to update a vulnerable dependency

Question 18

How many alerts are created when two instances of the same secret value are in the same repository?

Options:

A.

1

B.

2

C.

3

D.

4

Question 19

Which of the following statements best describes secret scanning push protection?​

Options:

A.

Commits that contain secrets are blocked before code is added to the repository.

B.

Secret scanning alerts must be closed before a branch can be merged into the repository.

C.

Buttons for sensitive actions in the GitHub UI are disabled.

D.

Users need to reply to a 2FA challenge before any push events.​

Question 20

Where can you use CodeQL analysis for code scanning? (Each answer presents part of the solution. Choose two.)

Options:

A.

In a third-party Git repository

B.

In a workflow

C.

In an external continuous integration (CI) system

D.

In the Files changed tab of the pull request

Question 21

What role is required to change a repository's code scanning severity threshold that fails a pull request status check?

Options:

A.

Maintain

B.

Write

C.

Triage

D.

Admin

Question 22

Assuming there is no custom Dependabot behavior configured, where possible, what does Dependabot do after sending an alert about a vulnerable dependency in a repository?

Options:

A.

Creates a pull request to upgrade the vulnerable dependency to the minimum possible secure version

B.

Scans repositories for vulnerable dependencies on a schedule and adds those files to a manifest

C.

Constructs a graph of all the repository's dependencies and public dependents for the default branch

D.

Scans any push to all branches and generates an alert for each vulnerable repository

Demo: 22 questions
Total 75 questions